Unknown · CVSS Not scored
Macromedia Flash Player 6 does not terminate connections when the user leaves the web page, which allows remote attackers to cause a denial of service (bandwidth, resource, and CPU consumption) via the (1) loadMovie or (2) loadSound commands, which continue to execute until the browser is closed.
Published Mar 26, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in HP Tru64 UNIX allows local users to execute arbitrary code via a long argument to /usr/bin/at.
Published Mar 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in ypmatch in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to execute arbitrary code.
Published Mar 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in quot in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges.
Published Mar 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in traceroute in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to execute arbitrary code.
Published Mar 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the Adobe directory to the CLASSPATH environment variable, which allows applets to run with higher privileges and remote attackers to gain privileges via an HTML e-mail message or a web page.
Published Mar 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
Published Mar 13, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
lserver in SAP DB 7.3 and earlier uses the current working directory to find and execute the lserversrv program, which allows local users to gain privileges with a malicious lserversrv that is called from a directory that has a symlink to the lserver program.
Published Mar 16, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
Published Mar 13, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
AOL Instant Messenger (AIM) 4.7.2480 adds free.aol.com to the Trusted Sites Zone in Internet Explorer without user approval, which could allow code from free.aol.com to bypass intended access restrictions.
Published Mar 13, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Mike Spice's My Classifieds (classifieds.cgi) before 1.3 allows remote attackers to overwrite arbitrary files via the category parameter.
Published Mar 13, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SAP R/3 2.0B to 4.6D installs several clients with default users and passwords, which allows remote attackers to gain privileges via the (1) SAP*, (2) SAPCPIC, (3) DDIC, (4) EARLYWATCH, or (5) TMSADM accounts.
Published Mar 16, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attackers to cause a denial of service (halt) via a fragmented packet to the Gigabit interface.
Published Mar 13, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and earlier may allow local users to execute arbitrary code via long command line arguments to (1) mlclear or (2) mllock.
Published Mar 13, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attackers to cause a denial of service (router crash) via an HTTP request with large headers.
Published Mar 13, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a system as recommended in some AIX documentation, may allow local users to gain privileges via a long command line argument.
Published Mar 13, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
DansGuardian before 2.4.5-1 allows remote attackers to bypass content filtering rules via hex-encoded URLs.
Published Mar 13, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to read configuration files without authorization.
Published Mar 13, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The default installation of SAP R/3, when using Oracle and SQL*net V2 3.x, 4.x, and 6.10, allows remote attackers to obtain arbitrary, sensitive SAP data by directly connecting to the Oracle database and executing queries against the database, which is not password-protected.
Published Mar 16, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference.
Published Mar 26, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
BRS WebWeaver Web Server 1.01 allows remote attackers to bypass password protections for files and directories via an HTTP request containing a "/./" sequence.
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of service (crash) via a connection to a high-numbered port, which generates an "unknown connection data" error.
Published Mar 16, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset to TCC, TCC+, TCCi or XTC) via a malformed HTTP request that does not contain a leading / (slash) character.
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine allows remote attackers to insert arbitrary HTML or script via an HTTP request to a .jsp file whose name contains the malicious script and some encoded linefeed characters (%0a).
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in ion-p.exe (aka ion-p) allows remote attackers to read arbitrary files via (1) C: (drive letter) or (2) .. (dot-dot) sequences in the page parameter.
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" SNMP community string that cannot be changed, which allows remote attackers to obtain sensitive information.
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to cause a denial of service (crash) via a large UDP datagram, possibly triggering a buffer overflow.
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for the VxWorks Operating System in the TCC, TCC+ and XTC that cannot be changed or disabled, which allows remote attackers to gain privileges by connecting to the account via Telnet.
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall 6.5.2 allows remote attackers to identify IP addresses of hosts on the internal network via a CONNECT request, which generates different error messages if the host is present.
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) via a PART message with (1) a missing channel or (2) a channel that the Trillian user is not in.
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows remote attackers to insert arbitrary script or HTML via (1) attached file names in the Read Mail feature, (2) text/html mails that are displayed in a pop-up window, and (3) certain malicious attributes within otherwise safe tags, such as onMouseOver.
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in nslookup in IBM AIX may allow attackers to cause a denial of service or execute arbitrary code.
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Molly IRC bot 0.5 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the $host variable for nslookup.pl, (2) the $to, $from, or $message variables in pop.pl, (3) the $words or $text variables in sms.pl, or (4) the $server or $printer variables in hpled.pl.
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote attackers to modify the system configuration and delete files by establishing an FTP connection to the TCC, TCC+ or XTC using a username and password that does not exist.
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset) via an HTTP request to the TCC, TCC+ or XTC, in which the request contains an invalid CORBA Interoperable Object Reference (IOR).
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in PowerFTP FTP server 2.24, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long USER argument.
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via (1) the authornumber parameter in author.asp, (2) the discussblurbid parameter in discuss.asp, (3) the name parameter in holdcomment.asp, and (4) the email parameter in holdcomment.asp.
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting vulnerability in board.php of endity.com ShoutBOX allows remote attackers to inject arbitrary HTML into the shoutbox page via the site parameter.
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The print_html_to_file function in edit.cgi for Easy Homepage Creator 1.0 does not check user credentials, which allows remote attackers to modify home pages of other users.
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in login.php for phpGB 1.20 and earlier, when magic_quotes_gpc is not enabled, allows remote attackers to gain administrative privileges via SQL code in the password entry.
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames and passwords in cleartext in the image database for the TCC, TCC+ or XTC, which could allow attackers to gain privileges by obtaining the passwords from the image database or a backup.
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in CooolSoft Personal FTP Server 2.24 allows remote attackers to read or modify arbitrary files via .. (dot dot) sequences in the commands (1) LIST (ls), (2) mkdir, (3) put, or (4) get.
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6.0, allows remote attackers to cause a denial of service (crash with an exception in oleaut32.dll) via malicious HTML, possibly related to small width and height parameters or an incorrect call to the Google.Search() function.
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine the full pathname for emumail.cgi via a malformed string containing script, which generates a regular expression matching error that includes the pathname in the resulting error message.
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in mIRC 6.0.2 and earlier allows remote attackers to execute arbitrary code via a long $asctime value.
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability or vulnerabilities in TCP/IP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to cause a denial of service.
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier allows local users to gain privileges via a long MON_WORK_DIR environment variable or -w (workdir) argument to (1) afd, (2) afdcmd, (3) afd_ctrl, (4) init_afd, (5) mafd, (6) mon_ctrl, (7) show_olog, or (8) udc.
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU Webmail 5.0 allows remote attackers to inject arbitrary HTML or script via the email address field.
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Blazix before 1.2.2 allows remote attackers to read source code of JSP scripts or list restricted web directories via an HTTP request that ends in a (1) "+" or (2) "\" (backslash) character.
Published Mar 18, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in ASTAware SearchDisk engine for Sun ONE Starter Kit 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on port (1) 6015 or (2) 6016, or (3) an absolute pathname to port 6017.
Published Mar 18, 2003 · Updated Aug 8, 2024