Unknown · CVSS Not scored
Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
Published Jul 14, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-site scripting attack.
Published Jul 14, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however the vendor also presents a scenario in which other users could be affected if running on a Terminal Server. Therefore this is a vulnerability.
Published Jul 14, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Buffer overflow in the LDAP naming services library (libsldap) in Sun Solaris 8 allows local users to execute arbitrary code via a long LDAP_OPTIONS environment variable to a privileged program that uses libsldap.
Published Sep 23, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing.
Published Jul 14, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when configured to filter based on MAC addresses, allows remote attackers to bypass packet filters via small packets.
Published Jul 14, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
WebX stores authentication information in the HTTP_REFERER variable, which is included in URL links within bulletin board messages posted by users, which could allow remote attackers to hijack user sessions.
Published Jul 14, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference.
Published Jul 14, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The timed program (in.timed) in UnixWare 7 and OpenUnix 8.0.0 does not properly terminate certain strings with a null, which allows remote attackers to cause a denial of service.
Published Aug 5, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information
Published Jul 14, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Buffer overflow in Embedded Support Partner (ESP) daemon (rpc.espd) in IRIX 6.5.8 and earlier allows remote attackers to execute arbitrary commands.
Published Sep 18, 2001 · Updated Aug 29, 2024
Unknown · CVSS Not scored
Format string vulnerability in nvi before 1.79 allows local users to gain privileges via format string specifiers in a filename.
Published Jul 14, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows local users to overwrite arbitrary files and possibly execute code via a symlink attack on temporary files created by the (1) mkuserproc, (2) mgrnt, and (3) mgdatasrvr.sc scripts.
Published Apr 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in login for AIX 5.1L, when using loadable authentication modules, allows remote attackers to gain access to the system.
Published Apr 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows remote attackers to determine the existence of user accounts by printing random passphrases if the user account does not exist and static passphrases if the user account does exist.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in Allaire JRun 3.1 allows remote attackers to directly access the WEB-INF and META-INF directories and execute arbitrary JavaServer Pages (JSP), a variant of CVE-2000-1050.
Published Jul 14, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in SimpleServer:WWW 1.13 and earlier allows remote attackers to execute arbitrary programs via encoded ../ ("%2E%2E%2F%") sequences in a request to the cgi-bin/ directory, a different vulnerability than CVE-2000-0664.
Published Feb 12, 2010 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in CDE in Caldera OpenUnix 7.1.0, 7.1.1, and 8.0 allows an xterm session to gain privileges when the session is reused.
Published Aug 5, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The IDEA cipher as implemented by SSH1 does not protect the final block of a message against modification, which allows remote attackers to modify the block without detection by changing its cyclic redundancy check (CRC) to match the modifications to the message.
Published Apr 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain duplicate active user session IDs and perform actions as other users via a URL request for the web application directory without the trailing '/' (slash), as demonstrated using ctx.
Published Jul 14, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a malformed WAV file.
Published Mar 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in ScriptEase viewcode.jse for Netware 5.1 before 5.1 SP3 allows remote attackers to read arbitrary files via ".." sequences in the query string.
Published Aug 5, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Cherokee Web Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
Published Mar 24, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 Professional allows remote attackers to execute JavaScript on other clients via the URL, which injects the script in the resulting error message.
Published Apr 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in lpstat in SCO OpenServer 5.0 through 5.0.6a allows local users to execute arbitrary code as group bin via a long command line argument.
Published Jul 14, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
CentraOne 5.2 and Centra ASP with basic authentication enabled creates world-writable base64 encoded log files, which allows local users to obtain cleartext passwords from decoded log files and impersonate users.
Published Jul 14, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in the file system protection subsystem in HP Secure OS Software for Linux 1.0 allows additional user privileges on some files beyond what is specified in the file system protection rules, which allows local users to conduct unauthorized operations on restricted files.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the text editor functionality in HP-UX 10.01 through 11.04 on HP9000 Series 700 and Series 800 allows local users to cause a denial of service ("system availability") via text editors such as (1) e, (2) ex, (3) vi, (4) edit, (5) view, and (6) vedit.
Published Apr 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php.
Published Jul 14, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows untrusted applets to access the system clipboard.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of "+" characters before the .nsf file extension, which are converted to spaces by Domino.
Published Jul 14, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks.
Published Apr 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220.
Published Sep 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords.
Published Apr 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
easyScripts easyNews 1.5 allows remote attackers to obtain the full path of the web root via a view request with a non-integer news message id field, which leaks the path in a PHP error message when the script times out.
Published Apr 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, KHDSAA.132, KHDSBA.133, and KHDSAA.134 has a blank default password, which allows remote attackers to gain unauthorized access.
Published Mar 22, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows remote attackers to execute arbitrary code via a long HTTP_USER_AGENT CGI environment variable.
Published Apr 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Advanced Poll before 1.61, when using a flat file database, allows remote attackers to gain privileges by setting the logged_in parameter.
Published Mar 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Alcatel ADSL modems allow remote attackers to access the Trivial File Transfer Protocol (TFTP) to modify firmware and configuration via a bounce attack from a system on the local area network (LAN) side, which is allowed to access TFTP without authentication.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted text file.
Published Mar 24, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
CardBoard 2.4 greeting card CGI by Michael Barretto allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient field.
Published Oct 6, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests.
Published Apr 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and Kerberos V (Heimdal), does not encrypt authentication and encryption options sent from the server, which allows remote attackers to downgrade authentication and encryption mechanisms via a man-in-the-middle attack.
Published Apr 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file.
Published Apr 5, 2014 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded (1) /.. or (2) \.. sequences.
Published Apr 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter.
Published Apr 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in mod_bf 0.2 allows local users to execute arbitrary commands via a long script.
Published Jun 21, 2005 · Updated Aug 8, 2024