Internet Security Systems
1. Date Reported: 05/14/2004
Brief Description: libtASN1 DER parsing issue
Risk Factor: Medium
Attack Type: Network Based
Platforms: libtANS1 0.1.x prior to 0.1.2, libtASN1 0.2.x prior
to 0.2.7, Linux Any version, Unix Any version
Vulnerability: libtasn1-der-parsing
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16157
2. Date Reported: 05/14/2004
Brief Description: Linux Kernel e1000 driver buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: Linux Any version, Linux kernel 2.4 - 2.4.26
Vulnerability: linux-e1000-bo
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16159
3. Date Reported: 05/14/2004
Brief Description: BusyBox netlink message spoofing
Risk Factor: Medium
Attack Type: Host Based
Platforms: BusyBox Any version, SuSE Linux 8.0, SuSE Linux
8.1, SuSE Linux 8.2, SuSE Linux 9.0, SuSE Linux 9.1
Vulnerability: busybox-netlink-message-spoofing
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16162
4. Date Reported: 05/17/2004
Brief Description: KDE URL handler allows attacker unauthorized access
Risk Factor: High
Attack Type: Network Based
Platforms: Gentoo Linux Any version, K Desktop Environment
(KDE) 3.2.2 and prior, Red Hat Advanced Workstation
2.1AS, Red Hat Enterprise Linux 2.1AS, Red Hat
Hat Enterprise Linux 2.1ES, Red Hat Enterprise
Linux 2.1WS, Red Hat Enterprise Linux 3AS, Red
Hat Enterprise Linux 3ES, Red Hat Enterprise Linux
3WS, Red Hat Linux Desktop 3, Slackware Linux 9.0,
Slackware Linux 9.1, Slackware Linux current, Unix
Any version
Vulnerability: kde-url-handler-gain-access
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16163
5. Date Reported: 05/16/2004
Brief Description: Turbo Traffic Trader C multiple scripts cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Turbo Traffic Trader C Any version
Vulnerability: turbotraffictraderc-multiple-xss
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16164
6. Date Reported: 05/16/2004
Brief Description: wget lock race condition
Risk Factor: Medium
Attack Type: Host Based
Platforms: Linux Any version, wget 1.9 and 1.9.1
Vulnerability: wget-lock-race-condition
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16167
7. Date Reported: 05/17/2004
Brief Description: Php-Nuke show weblink path disclosure
Risk Factor: Low
Attack Type: Network Based
Platforms: Any operating system Any version, PHP-Nuke 6.x through 7.3
Vulnerability: phpnuke-show-weblink-path-disclosure
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16170
8. Date Reported: 05/17/2004
Brief Description: Php-Nuke multiple cross-site scipting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, PHP-Nuke 6.x through 7.3
Vulnerability: phpnuke-multi-xss
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16172
9. Date Reported: 05/17/2004
Brief Description: osCommerce "dot dot" directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, osCommerce Any version, Unix Any
version, Windows Any version
Vulnerability: oscommerce-dotdot-directory-traversal
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16174
10. Date Reported: 05/17/2004
Brief Description: Zen Cart login allows SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, Zen Cart 1.1.2d
Vulnerability: zencart-login-sql-injection
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16176
11. Date Reported: 05/17/2004
Brief Description: passwd stdin option off-by-one buffer overflow
Risk Factor: Medium
Attack Type: Host Based
Platforms: Mandrake Linux 10.0, Mandrake Linux 9.1, Mandrake
Linux 9.2, Mandrake Linux Corporate Server 2.1,
Mandrake Multi Network Firewall 8.2, passwd 0.68
Vulnerability: passwd-stdin-offbyone-bo
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16178
12. Date Reported: 05/17/2004
Brief Description: passwd improper validation of pam_start
Risk Factor: Medium
Attack Type: Host Based
Platforms: Mandrake Linux 10.0, Mandrake Linux 9.1, Mandrake
Linux 9.2, Mandrake Linux Corporate Server 2.1,
Mandrake Multi Network Firewall 8.2, passwd 0.68
Vulnerability: passwd-pamstart-improper-validation
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16179
13. Date Reported: 05/17/2004
Brief Description: passwd memory leak
Risk Factor: Medium
Attack Type: Host Based
Platforms: Mandrake Linux 10.0, Mandrake Linux 9.1, Mandrake
Linux 9.2, Mandrake Linux Corporate Server 2.1,
Mandrake Multi Network Firewall 8.2, passwd 0.68
Vulnerability: passwd-memory-leak
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16180
14. Date Reported: 05/17/2004
Brief Description: libuser denial of service
Risk Factor: Medium
Attack Type: Host Based / Network Based
Platforms: libuser 0.51.7, Mandrake Linux 10.0, Mandrake Linux
9.1, Mandrake Linux 9.2, Mandrake Linux Corporate Server 2.1
Vulnerability: libuser-dos
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16188
15. Date Reported: 05/19/2004
Brief Description: Subversion date parsing allows command execution
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, Subversion 1.0.2 and prior,Unix Any version
Vulnerability: subversion-date-parsing-command-execution
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16191
16. Date Reported: 05/19/2004
Brief Description: neon library ne_rfc1036_parse function buffer
overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Debian Linux 3.0, Linux Any version, neon 0.24.5
and earlier, Unix Any version
Vulnerability: neon-library-nerfc1036parse-bo
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16192
17. Date Reported: 05/19/2004
Brief Description: CVS entry line buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: CVS (Concurrent Versions System) 1.11.15 and
earlier, CVS (Concurrent Versions System) 1.12.7
and earlier, Debian Linux 3.0, FreeBSD Any version,
Debian Linux 3.0, Linux Any version, Red Hat
Red Hat Advanced Workstation 2.1, Red Hat
Enterprise Linux 2.1AS, Red Hat Enterprise Linux
2.1ES, Red Hat Enterprise Linux 2.1WS, Red Hat
Enterprise Linux 3AS, Red Hat Enterprise Linux 3ES,
Red Hat Enterprise Linux 3WS, Red Hat Linux Desktop
3, Unix Any version
Vulnerability: cvs-entry-line-bo
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16193
18. Date Reported: 05/18/2004
Brief Description: Sun JSSE incorrectly validates digital
certificates
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Solaris Any version, Sun JSSE
1.0.3, Sun JSSE 1.0.3_01, Sun JSSE 1.0.3_02,
Windows Any version
Vulnerability: sun-jsse-improper-validation
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16194
19. Date Reported: 05/15/2004
Brief Description: LHA extract_one buffer overflows
Risk Factor: High
Attack Type: Network Based
Platforms: LHA Any version, Linux Any version
Vulnerability: lha-extractone-bo
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16196
20. Date Reported: 05/19/2004
Brief Description: cPanel Fantastico information disclosure
Risk Factor: Medium
Attack Type: Network Based
Platforms: cPanel 9.3.0-R5, Linux Any version, Unix Any version
Vulnerability: cpanel-fantastico-obtain-information
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16197
21. Date Reported: 05/17/2004
Brief Description: Apache mod_ssl ssl_util_uuencode_binary buffer overflow
Risk Factor: Medium
Attack Type: Network Based
Platforms: Apache HTTP Server Any version, Linux Any version, Unix Any version
Vulnerability: apache-modssl-uuencode-bo
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16214
22. Date Reported: 05/19/2004
Brief Description: Phorum allows attacker to hijack session
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, Phorum 4.3.7
Vulnerability: phorum-session-hijack
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16215
23. Date Reported: 05/17/2004
Brief Description: PHP-Nuke modpath PHP file include
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, PHP-Nuke 6.x through 7.3
Vulnerability: phpnuke-modpath-file-include
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16218
24. Date Reported: 05/21/2004
Brief Description: vsftpd connection denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, Unix Any version, vsftpd prior to 1.2.2
Vulnerability: vsftpd-connection-dos
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16222
25. Date Reported: 05/17/2004
Brief Description: Perl and ActivePerl duplication operator integer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: ActivePerl Any version, Any operating system Any version
Vulnerability: perl-duplication-bo
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16224
26. Date Reported: 05/13/2004
Brief Description: Mozilla JavaScript denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Any operating system Any version, Mozilla Any version
Vulnerability: mozilla-javascript-dos
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16225
27. Date Reported: 05/13/2004
Brief Description: OpenBSD procfs allows elevated privileges
Risk Factor: High
Attack Type: Host Based
Platforms: OpenBSD 3.4, OpenBSD 3.5, OpenBSD Packet Filter3.5
Vulnerability: openbsd-procfs-gain-privileges
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16226
28. Date Reported: 05/23/2004
Brief Description: Firebird database name buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Debian Linux Any version, Firebird 1.0
Vulnerability: firebird-database-name-bo
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16229
29. Date Reported: 05/23/2004
Brief Description: Apache HTTP Server PHP denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Any operating system Any version, Apache HTTP
Server Any version
Vulnerability: apache-php-dos
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16230
30. Date Reported: 05/21/2004
Brief Description: e107 log.php cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, e107 Any version
Vulnerability: e107-log-xss
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16231
31. Date Reported: 05/22/2004
Brief Description: Liferay Enterprise Portal message cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, Liferay
Enterprise Portal Any version
Vulnerability: liferay-message-xss
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16232