LQ security report - Mar 10th 2004
Mar 08th 2004
22 of 56 issues handled (ISS) Invision Power Board search.php SQL injection FreeBSD jail_attach allows elevated privileges Anubis IDENT buffer overflow Anubis format string error xboing buffer overflow phpBB viewtopic.php script allows cross-site free-BB couleur or img HTML tags allow cross-site Red Faction buffer overflow YaBB SE multiple modules allow SQL injection iG Shop page.php cross-site scripting iG Shop SQL injection XBoard -icshost buffer overflow Hot Open Tickets allows attacker to obtain elevated Squid url_regex ACL bypass FreeBSD memory buffers (mbufs) denial of service SandSurfer cross-site scripting GWeb HTTP Server directory traversal Adobe Acrobat Reader XFDF buffer overflow qmail RELAYCLIENT buffer overflow Coreutils dir -W integer overflow ProFTPD off-by-one _xlate_ascii_write function Invision Power Board invalid character could Mar 8th 2004 29 of 48 issues handled (SF) 2. Calife Password Heap Overrun Vulnerability 3. Sun Solaris Unspecified Passwd Local Root Compromise Vulnera... 5. Sun Solaris conv_fix Unspecified File Overwrite Vulnerabilit... 7. FreeBSD Unauthorized Jailed Process Attaching Vulnerability 9. xboing Local Buffer Overflow Vulnerabilities 10. PHPBB ViewTopic.PHP "postorder" Cross-Site Scripting Vulnera... 11. Invision Power Board Search.PHP "st" SQL Injection Vulnerabi... 13. Invision Power Board Multiple Cross-Site Scripting Vulnerabi... 15. IGeneric Free Shopping Cart SQL Injection Vulnerability 16. GNU Anubis Multiple Remote Buffer Overflow and Format String... 17. IGeneric Free Shopping Cart Cross-Site Scripting Vulnerabili... 18. YABB SE Multiple Input Validation Vulnerabilities 19. Volition Red Faction Game Client Remote Buffer Overflow Vuln... 20. Calife Local Memory Corruption Vulnerability 22. Squid Proxy NULL URL Character Unauthorized Access Vulnerabi... 26. ProFTPD _xlate_ascii_write() Buffer Overrun Vulnerability 27. ignitionServer Global IRC Operator Privilege Escalation Vuln... 29. Volition Freespace 2 Game Client Remote Buffer Overflow Vuln... 33. Hot Open Tickets Unspecified Privilege Escalation Vulnerabil... 35. FreeBSD Out Of Sequence Packets Remote Denial Of Service Vul... 36. Coreutils DIR Width Argument Integer Overflow Vulnerability 37. 1st Class Internet Solutions 1st Class Mail Server Remote Bu... 39. QMail-QMTPD RELAYCLIENT Environment Variable Integer Overflo... 40. SpiderSales Shopping Cart Multiple Vulnerabilities 42. SandSurfer Multiple Undisclosed Cross-Site Scripting Vulnera... 43. Adobe Acrobat Reader XFDF File Handler Buffer Overflow Vulne... 45. Multiple Vendor HTTP Response Splitting Vulnerability 46. SmarterTools SmarterMail Multiple Vulnerabilities 48. DAWKCo POP3 with WebMAIL Extension Session Timeout Unauthori... |
Mar 8th 2004 (SF)
SecurityFocus
2. Calife Password Heap Overrun Vulnerability BugTraq ID: 9756 Remote: No Date Published: Feb 27 2004 Relevant URL: http://www.securityfocus.com/bid/9756 Summary: Calife is reportedly prone to a locally exploitable heap overrun vulnerability. This issue is due to insufficient bounds checking of password input. If this issue was successfully exploited to execute arbitrary code, it could potentially allow an unprivileged local user to gain root access. It has been reported that this issue may actually be indicative of a more serious problem in the glibc implementation of the getpass() function. This has not been confirmed. This BID will be updated as more information is provided. 3. Sun Solaris Unspecified Passwd Local Root Compromise Vulnera... BugTraq ID: 9757 Remote: No Date Published: Feb 27 2004 Relevant URL: http://www.securityfocus.com/bid/9757 Summary: Sun has reported an unspecified vulnerability in the passwd utility on Solaris that may permit local attackers to gain unauthorized root privileges. 5. Sun Solaris conv_fix Unspecified File Overwrite Vulnerabilit... BugTraq ID: 9759 Remote: No Date Published: Feb 27 2004 Relevant URL: http://www.securityfocus.com/bid/9759 Summary: It has been reported that Sun Solaris may be prone to a vulnerability due to an unspecified erroneous condition resulting from the 'conv_fix' command invoked by conv_lpd(1M) script. This issue will reportedly permit a local attacker to overwrite or create any file on the system. Successful exploitation of this issue may allow a local attacker to gain elevated privileges leading to full compromise of a vulnerable system. The attacker may also cause a denial of service condition on the system. 7. FreeBSD Unauthorized Jailed Process Attaching Vulnerability BugTraq ID: 9762 Remote: No Date Published: Feb 27 2004 Relevant URL: http://www.securityfocus.com/bid/9762 Summary: A vulnerability was reported in FreeBSD that may permit a jailed process with superuser privileges to gain unauthorized access to other jails. This is due to an access validation issue in the jail_attach(2) system call. 9. xboing Local Buffer Overflow Vulnerabilities BugTraq ID: 9764 Remote: No Date Published: Feb 27 2004 Relevant URL: http://www.securityfocus.com/bid/9764 Summary: xboing is prone to multiple buffer overflows that could be exploited to allow a local user to elevate their privileges. 10. PHPBB ViewTopic.PHP "postorder" Cross-Site Scripting Vulnera... BugTraq ID: 9765 Remote: Yes Date Published: Feb 28 2004 Relevant URL: http://www.securityfocus.com/bid/9765 Summary: It has been reported that one of the scripts included with phpBB is prone to a cross-site scripting vulnerability. According to the author of the report, the script "viewtopic.php" returns the value of the HTML variable "postorder" to the client as its output without encoding it or otherwise removing potentially hostile content. This can be exploited by constructing malicious links with the malicious "postorder" variable value embedded as a GET request style HTML variable. If the target user visits such a link, the malicious, externally created content supplied in the link will be rendered (or executed, in the case of script code) as part of the viewtopic.php document and within the context of the vulnerable website (including the phpBB forum). 11. Invision Power Board Search.PHP "st" SQL Injection Vulnerabi... BugTraq ID: 9766 Remote: Yes Date Published: Feb 28 2004 Relevant URL: http://www.securityfocus.com/bid/9766 Summary: It has been reported that an input validation error with the potential for use in a SQL injection attack is present in the "search.php" script. Consequently, malicious users may corrupt the resulting SQL queries (there are at least two) by specially crafting a value for the "st" variable. The impact of this vulnerability depends on the underlying database. It may be possible to corrupt/read sensitive data, execute commands/procedures on the database server or possibly exploit vulnerabilities in the database itself through this condition. 13. Invision Power Board Multiple Cross-Site Scripting Vulnerabi... BugTraq ID: 9768 Remote: Yes Date Published: Mar 01 2004 Relevant URL: http://www.securityfocus.com/bid/9768 Summary: Invision Power Board is prone to multiple cross-site scripting vulnerabilities. These issues are due to insufficient sanitization of input supplied via the 'c', 'f', , 'showuser', and 'username' URI parameters. This input will be included in dynamically generated pages, making it possible for an attacker to create a malicious link to a vulnerable site that includes hostile HTML and script code. This code may be rendered in the browser of a victim user who visits the malicious link, potentially allowing for theft of cookie-based credentials or other attacks. These issues are reported to affect Invision Power Board 1.3 Final. Earlier versions may also be affected. 15. IGeneric Free Shopping Cart SQL Injection Vulnerability BugTraq ID: 9771 Remote: Yes Date Published: Mar 01 2004 Relevant URL: http://www.securityfocus.com/bid/9771 Summary: It has been reported that iGeneric Free Shopping Cart is prone to an SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI parameters As a result of this issue a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database. It has been conjectured that an attacker may be able to disclose user password hashes by exploiting this issue. This issue may also be leveraged to exploit latent vulnerabilities within the database itself. 16. GNU Anubis Multiple Remote Buffer Overflow and Format String... BugTraq ID: 9772 Remote: Yes Date Published: Mar 01 2004 Relevant URL: http://www.securityfocus.com/bid/9772 Summary: GNU Anubis has been reported prone to multiple buffer overflow and format string vulnerabilities. It has been conjectured that a remote attacker may potentially exploit these vulnerabilities to have arbitrary code executed in the context of the Anubis software. The buffer overflow vulnerabilities exist in the 'auth_ident' function in 'auth.c'. The format string vulnerabilities are reported to affect the 'info' function in 'log.c', the 'anubis_error' function in 'errs.c' and the 'ssl_error' function in 'ssl.c'. These vulnerabilities have been reported to exist in GNU Anubis versions 3.6.0, 3.6.1, 3.6.2, 3.9.92, and 3.9.93. It is possible that other versions are affected as well. These issues are undergiong further analysis, they will be divided into separate BIDs as analysis is completed. 17. IGeneric Free Shopping Cart Cross-Site Scripting Vulnerabili... BugTraq ID: 9773 Remote: Yes Date Published: Mar 01 2004 Relevant URL: http://www.securityfocus.com/bid/9773 Summary: It has been reported that iGeneric Free Shopping Cart is prone to a cross-site vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI parameters Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible. 18. YABB SE Multiple Input Validation Vulnerabilities BugTraq ID: 9774 Remote: Yes Date Published: Mar 01 2004 Relevant URL: http://www.securityfocus.com/bid/9774 Summary: It has been reported that YaBB SE may be prone to multiple vulnerabilities due to improper input validation. The issues may allow an attacker to carry out SQL injection and directory traversal attacks. Successful exploitation of these issues may allow an attacker to gain access to sensitive information that may be used to mount further attacks against a vulnerable system. The SQL injection vulnerabilities can be exploited to gain access to user authentication credentials and corrupt user information in the underlying database. YaBB SE versions 1.5.4, 1.5.5, and 1.5.5b are reported to be affected by these issues, however it is possible that other versions are vulnerable as well. 19. Volition Red Faction Game Client Remote Buffer Overflow Vuln... BugTraq ID: 9775 Remote: Yes Date Published: Mar 01 2004 Relevant URL: http://www.securityfocus.com/bid/9775 Summary: It has been reported that Red Faction game client may be prone to a remote buffer overflow vulnerability that could allow remote attackers to execute arbitrary code in a vulnerable system in order to gain unauthorized access. It has been reported that this vulnerability can be reproduced by sending a server name of 260 characters or more to a vulnerable client. When the client reads in the string, sensitive regions of memory may be corrupted with attacker-supplied values. Red Faction versions 1.20 and prior are reported to be affected by this issue. 20. Calife Local Memory Corruption Vulnerability BugTraq ID: 9776 Remote: No Date Published: Mar 01 2004 Relevant URL: http://www.securityfocus.com/bid/9776 Summary: Calife has been reported prone to a local memory corruption vulnerability. The issue is likely due to a lack of sufficient sanity checks performed on certain sequences of data that is read from the file "/etc/calife.auth". Due to the nature of this vulnerability, it has been conjectured that a local user who has write access to the "/etc/calife.auth" configuration file may potentially leverage this issue to have arbitrary instructions executed in the context of the root user. 22. Squid Proxy NULL URL Character Unauthorized Access Vulnerabi... BugTraq ID: 9778 Remote: Yes Date Published: Mar 01 2004 Relevant URL: http://www.securityfocus.com/bid/9778 Summary: It has been reported that Squid Proxy may be prone to an unauthorized access vulnerability that may allow remote users to bypass access controls resulting in unauthorized access to attacker-specified resources. The vulnerability presents itself when a URI that is designed to access a specific location with a supplied username, contains '%00' characters. This sequence may be placed as part of the username value prior to the @ symbol in the malicious URI. Squid Proxy versions 2.0 to 2.5 STABLE4 are reported to be prone to this vulnerability. 26. ProFTPD _xlate_ascii_write() Buffer Overrun Vulnerability BugTraq ID: 9782 Remote: Yes Date Published: Mar 02 2004 Relevant URL: http://www.securityfocus.com/bid/9782 Summary: A remotely exploitable buffer overrun was reported in ProFTPD. This issue is due to insufficient bounds checking of user-supplied data in the _xlate_ascii_write() function, permitting an attacker to overwrite two bytes memory adjacent to the affected buffer. This may potentially be exploited to execute arbitrary code in the context of the server. This issue may be triggered when submitting a RETR command to the server. 27. ignitionServer Global IRC Operator Privilege Escalation Vuln... BugTraq ID: 9783 Remote: Yes Date Published: Feb 29 2004 Relevant URL: http://www.securityfocus.com/bid/9783 Summary: ignitionServer is prone to a vulnerability that may permit a local IRC operator to escalate their privileges to that of a global IRC operator through the use of an undocumented command. 29. Volition Freespace 2 Game Client Remote Buffer Overflow Vuln... BugTraq ID: 9785 Remote: Yes Date Published: Mar 02 2004 Relevant URL: http://www.securityfocus.com/bid/9785 Summary: It has been reported that Freespace 2 game client may be prone to a remote buffer overflow vulnerability that could allow remote attackers to execute arbitrary code in a vulnerable system in order to gain unauthorized access. It has been reported that this vulnerability can be reproduced by sending a server name of 180 characters or more to a vulnerable client. When the client reads in the string, sensitive regions of memory may be corrupted with attacker-supplied values. Freespace 2 versions 1.20 and prior are reported to be affected by this issue. 33. Hot Open Tickets Unspecified Privilege Escalation Vulnerabil... BugTraq ID: 9790 Remote: Yes Date Published: Mar 02 2004 Relevant URL: http://www.securityfocus.com/bid/9790 Summary: Hot Open Tickets is prone to an unspecified privilege escalation vulnerability. This issue may allow a registered user to leverage a vulnerability to escalate their privilege to administrator levels. 35. FreeBSD Out Of Sequence Packets Remote Denial Of Service Vul... BugTraq ID: 9792 Remote: Yes Date Published: Mar 02 2004 Relevant URL: http://www.securityfocus.com/bid/9792 Summary: A problem in the handling of out-of-sequence packets has been identified in FreeBSD. Because of this, it may be possible for remote attackers to deny service to legitimate users of vulnerable systems. 36. Coreutils DIR Width Argument Integer Overflow Vulnerability BugTraq ID: 9793 Remote: Unknown Date Published: Mar 02 2004 Relevant URL: http://www.securityfocus.com/bid/9793 Summary: Coreutils 'dir' has been reported prone to an integer overflow vulnerability. The issue reportedly presents itself when handling large integer value '-w' (width) command line arguments passed to the vulnerable application. Due to the nature of this issue it may possibly be leveraged to deny service to applications that use the 'dir' utility. It has been conjectured that when invoked by an application with a malicious integer value passed via the '-w' argument, the affected application may hang while waiting for the utility to return output. 37. 1st Class Internet Solutions 1st Class Mail Server Remote Bu... BugTraq ID: 9794 Remote: Yes Date Published: Mar 02 2004 Relevant URL: http://www.securityfocus.com/bid/9794 Summary: 1st Class Mail Server has been reported prone to a remote buffer overflow vulnerability. The issue exists due to a lack of sufficient boundary checks performed on user-supplied data. A remote attacker may pass excessive data as an argument for an APOP command passed to the affected server. The attacker may exploit this issue to corrupt a saved instruction pointer and in doing so may potentially influence execution flow of the affected service into attacker-supplied instructions. 39. QMail-QMTPD RELAYCLIENT Environment Variable Integer Overflo... BugTraq ID: 9797 Remote: Yes Date Published: Mar 03 2004 Relevant URL: http://www.securityfocus.com/bid/9797 Summary: An integer overflow vulnerability has been reported in qmail-qmtpd. This issue exists in code that processes values supplied to qmail-qmtpd in RELAYCLIENT data. Though unconfirmed, this issue may be exploitable to execute arbitrary code with elevated privileges. It should be noted that this issue does not exist in the default configuration and is only exposed if mail relaying is enabled by setting the RELAYCLIENT environment variable. 40. SpiderSales Shopping Cart Multiple Vulnerabilities BugTraq ID: 9799 Remote: Yes Date Published: Mar 03 2004 Relevant URL: http://www.securityfocus.com/bid/9799 Summary: Multiple vulnerabilities have been identified in the application that may allow an attacker to obtain the private cryptographic key and gain access to sensitive information. The application is also reported prone to an SQL injection vulnerability that may allow an attacker to gain administrative level access to the underlying database. The issues exist due to improper implementation of the RSA cryptosystem by SpiderSales and failure to sanitize user-supplied input via the 'userId' URI parameter employed by various scripts. SpiderSales version 2.0 is assumed to be vulnerable to these issues, however, other versions could be affected as well. 42. SandSurfer Multiple Undisclosed Cross-Site Scripting Vulnera... BugTraq ID: 9801 Remote: Yes Date Published: Mar 03 2004 Relevant URL: http://www.securityfocus.com/bid/9801 Summary: It has been reported that a number of undisclosed SandSurfer scripts are prone to cross-site scripting vulnerabilities. This could permit a remote attacker to create a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user. 43. Adobe Acrobat Reader XFDF File Handler Buffer Overflow Vulne... BugTraq ID: 9802 Remote: Yes Date Published: Mar 04 2004 Relevant URL: http://www.securityfocus.com/bid/9802 Summary: Acrobat Reader has been reported to be prone to a buffer overflow vulnerability. According to the report, the overflow occurs when a user views a malicious XFDF document. Due to the nature of this vulnerability an attacker may potentially leverage the issue to corrupt values that crucial to controlling program execution flow, if this is the case it is conjectured that this issue may be exploitable to execute arbitrary instructions in the context of the affected software. 45. Multiple Vendor HTTP Response Splitting Vulnerability BugTraq ID: 9804 Remote: Yes Date Published: Mar 04 2004 Relevant URL: http://www.securityfocus.com/bid/9804 Summary: A paper (Divide and Conquer - HTTP Response Splitting, Web Cache Poisoning Attacks, and Related Topics) was released to describe various attacks that target web users through web application, browser, web/application server and proxy implementations. These attacks are described under the general category of HTTP Response Splitting and involve abusing various input validation flaws in these implementations to split HTTP responses into multiple parts in such a way that response data may be misrepresented to client users. Exploitation would occur by injecting variations of CR/LF sequences into parts of HTTP response headers that the attacker may control or influence. The general consequences of exploitation are that an attacker may misrepresent web content to the client, potentially enticing the user to trust the content and take actions based on this false trust. While the various implementations listed in the paper contribute to these attacks, this issue will most likely be exposed through web applications that do not properly account for CR/LF sequences when accepting user-supplied input that may be returned in server responses. This vulnerability could also aid in exploitation of cross-site scripting vulnerabilities. 46. SmarterTools SmarterMail Multiple Vulnerabilities BugTraq ID: 9805 Remote: Yes Date Published: Mar 04 2004 Relevant URL: http://www.securityfocus.com/bid/9805 Summary: Multiple vulnerabilities have been identified in the software that may allow an attacker to carry out directory traversal, cross-site scripting, and denial of service attacks. SmarterMail version 3.1 has been reported to be prone to these issues, however, it is possible that other versions are affected as well. 48. DAWKCo POP3 with WebMAIL Extension Session Timeout Unauthori... BugTraq ID: 9807 Remote: No Date Published: Mar 04 2004 Relevant URL: http://www.securityfocus.com/bid/9807 Summary: It has been reported that DAWKCo POP3 Server Hosting Version with WebMAIL Extension does not properly handle timed out sessions. Because of this, it may be possible for a user regain access to a previous session. This could potentially expose sessions, especially in situations where other vulnerabilities facilitate session hijacking. |
Mar 08th 2004 (ISS)
Internet Security Systems
Date Reported: 02/28/2004 Brief Description: Invision Power Board search.php SQL injection Risk Factor: Medium Attack Type: Network Based Platforms: Invision Power Board Any version, Linux Any version, Unix Any version, Windows Any version Vulnerability: invision-search-sql-injection X-Force URL: http://xforce.iss.net/xforce/xfdb/15343 Date Reported: 02/27/2004 Brief Description: FreeBSD jail_attach allows elevated privileges Risk Factor: High Attack Type: Host Based Platforms: FreeBSD 5.1-RELEASE, FreeBSD 5.2-RELEASE Vulnerability: freebsd-jailattach-gain-privileges X-Force URL: http://xforce.iss.net/xforce/xfdb/15344 Date Reported: 03/01/2004 Brief Description: Anubis IDENT buffer overflow Risk Factor: High Attack Type: Network Based Platforms: Anubis 3.6.2, Anubis 3.9.93, Linux Any version Vulnerability: anubis-ident-bo X-Force URL: http://xforce.iss.net/xforce/xfdb/15345 Date Reported: 03/01/2004 Brief Description: Anubis format string error Risk Factor: High Attack Type: Network Based Platforms: Anubis 3.6.2, Anubis 3.9.93, Linux Any version Vulnerability: anubis-format-string X-Force URL: http://xforce.iss.net/xforce/xfdb/15346 Date Reported: 02/27/2004 Brief Description: xboing buffer overflow Risk Factor: High Attack Type: Host Based Platforms: Debian Linux 3.0, xboing Any version Vulnerability: xboing-bo X-Force URL: http://xforce.iss.net/xforce/xfdb/15347 Date Reported: 02/29/2004 Brief Description: phpBB viewtopic.php script allows cross-site scripting Risk Factor: Medium Attack Type: Network Based Platforms: Linux Any version, phpBB 2.0.6c, Unix Any version, Windows Any version Vulnerability: phpbb-viewtopicphp-xss X-Force URL: http://xforce.iss.net/xforce/xfdb/15348 Date Reported: 02/29/2004 Brief Description: free-BB couleur or img HTML tags allow cross-site scripting Risk Factor: Medium Attack Type: Network Based Platforms: Any operating system Any version, free-BB Any version Vulnerability: freebb-html-tags-xss X-Force URL: http://xforce.iss.net/xforce/xfdb/15352 Date Reported: 03/01/2004 Brief Description: Red Faction buffer overflow Risk Factor: High Attack Type: Network Based Platforms: Mac OS Any version, Red Faction 1.2 and earlier, Windows Any version Vulnerability: redfaction-bo X-Force URL: http://xforce.iss.net/xforce/xfdb/15353 Date Reported: 03/01/2004 Brief Description: YaBB SE multiple modules allow SQL injection Risk Factor: Medium Attack Type: Network Based Platforms: Linux Any version, Unix Any version, Windows Any version, YaBB SE 1.5.4, YaBB SE 1.5.5, YaBB SE 1.5.5b Vulnerability: yabb-multiple-sql-injection X-Force URL: http://xforce.iss.net/xforce/xfdb/15354 Date Reported: 02/28/2004 Brief Description: iG Shop page.php cross-site scripting Risk Factor: Medium Attack Type: Network Based Platforms: Any operating system Any version, iG Shop 1.4 Vulnerability: ig-shop-page-xss X-Force URL: http://xforce.iss.net/xforce/xfdb/15355 Date Reported: 02/28/2004 Brief Description: iG Shop SQL injection Risk Factor: Medium Attack Type: Network Based Platforms: Any operating system Any version, iG Shop 1.4 Vulnerability: ig-shop-sql-injection X-Force URL: http://xforce.iss.net/xforce/xfdb/15356 Date Reported: 03/02/2004 Brief Description: XBoard -icshost buffer overflow Risk Factor: High Attack Type: Host Based Platforms: Unix Any version, XBoard 4.2.7 and prior Vulnerability: xboard-icshost-bo X-Force URL: http://xforce.iss.net/xforce/xfdb/15362 Date Reported: 03/02/2004 Brief Description: Hot Open Tickets allows attacker to obtain elevated privileges Risk Factor: High Attack Type: Network Based Platforms: Any operating system Any version, Hot Open Tickets prior 02272004_ver2c Vulnerability: hot-gain-privileges X-Force URL: http://xforce.iss.net/xforce/xfdb/15365 Date Reported: 03/01/2004 Brief Description: Squid url_regex ACL bypass Risk Factor: Medium Attack Type: Network Based Platforms: Squid Web Proxy Cache 2.x to 2.5.STABLE4, Unix Any version Vulnerability: squid-urlregex-acl-bypass X-Force URL: http://xforce.iss.net/xforce/xfdb/15366 Date Reported: 03/01/2004 Brief Description: FreeBSD memory buffers (mbufs) denial of service Risk Factor: Low Attack Type: Network Based Platforms: FreeBSD 4.0-Stable, FreeBSD 5.1 Vulnerability: freebsd-mbuf-dos X-Force URL: http://xforce.iss.net/xforce/xfdb/15369 Date Reported: 03/02/2004 Brief Description: SandSurfer cross-site scripting Risk Factor: Medium Attack Type: Network Based Platforms: Linux Any version, SandSurfer prior to 1.7.1 Vulnerability: sandsurfer-xss X-Force URL: http://xforce.iss.net/xforce/xfdb/15377 Date Reported: 03/03/2004 Brief Description: GWeb HTTP Server directory traversal Risk Factor: Medium Attack Type: Network Based Platforms: Any operating system Any version, GWeb HTTP Server 0.6 Vulnerability: gweb-dotdot-directory-traversal X-Force URL: http://xforce.iss.net/xforce/xfdb/15381 Date Reported: 03/03/2004 Brief Description: Adobe Acrobat Reader XFDF buffer overflow Risk Factor: High Attack Type: Network Based Platforms: Acrobat Reader 5.1, Any operating system Any version Vulnerability: acrobatreader-xfdf-bo X-Force URL: http://xforce.iss.net/xforce/xfdb/15384 Date Reported: 03/03/2004 Brief Description: qmail RELAYCLIENT buffer overflow Risk Factor: High Attack Type: Host Based Platforms: Linux Any version, qmail 1.03, Unix Any version Vulnerability: qmail-relayclient-bo X-Force URL: http://xforce.iss.net/xforce/xfdb/15385 Date Reported: 03/02/2004 Brief Description: Coreutils dir -W integer overflow Risk Factor: High Attack Type: Network Based Platforms: Coreutils prior to 5.2.0, Linux Any version Vulnerability: coreutils-dir-w-bo X-Force URL: http://xforce.iss.net/xforce/xfdb/15386 Date Reported: 03/04/2004 Brief Description: ProFTPD off-by-one _xlate_ascii_write function buffer overflow Risk Factor: High Attack Type: Network Based Platforms: Linux Any version, ProFTPD 1.2.x, Unix Any version Vulnerability: proftpd-offbyone-bo X-Force URL: http://xforce.iss.net/xforce/xfdb/15387 Date Reported: 03/02/2004 Brief Description: Invision Power Board invalid character could disclose path Risk Factor: Low Attack Type: Network Based Platforms: Any operating system Any version, Invision Power Board 1.3 Final Vulnerability: invision-invalid-path-disclosure X-Force URL: http://xforce.iss.net/xforce/xfdb/15400 |
All times are GMT -5. The time now is 05:27 PM. |