Medium · CVSS 5.5
Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods.
Published Jun 28, 2005 · Updated Jan 16, 2025
Critical · CVSS 9.8
Off-by-one buffer overflow in the sock_gets function in sockhelp.c for ATPhttpd 0.4b and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
Published Jun 28, 2005 · Updated Jan 16, 2025
High · CVSS 7.8
ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services.
Published Jun 28, 2005 · Updated Jan 16, 2025
High · CVSS 7.8
Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access.
Published Jun 25, 2002 · Updated Jan 16, 2025
High · CVSS 7.5
Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some mail clients.
Published Jun 11, 2002 · Updated Jan 16, 2025
Unknown · CVSS Not scored
Belkin F5D6130 Wireless Network Access Point running firmware AP14G8 allows remote attackers to cause a denial of service (connection loss) by sending several SNMP GetNextRequest requests.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in the goim handler of AOL Instant Messenger (AIM) 4.4 through 4.8.2616 allows remote attackers to cause a denial of service (crash) via escaping of the screen name parameter, which triggers the overflow when the user selects "Get Info" on the buddy.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Pirch and RusPirch, when auto-log is enabled, allows remote attackers to cause a denial of service (crash) via a nickname containing an MS-DOS device name such as AUX, which is inserted into a filename for saving queries.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Perception LiteServe 2.0 through 2.0.1 allows remote attackers to obtain the source code of CGI scripts via an HTTP request with a trailing dot (".").
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in IceWarp Web Mail 3.3.3 and 3.4.5 allows remote attackers to inject arbitrary web script or HTML via the "Full Name" (addressname) parameter.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid root if the pkgmap file contains a "?" (question mark) in the (1) mode, (2) owner, or (3) group fields, which allows attackers to elevate privileges.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unknown vulnerability in WesMo phpEventCalendar 1.1 allows remote attackers to execute arbitrary commands via unknown attack vectors.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, allows local users to execute arbitrary code via a long (1) -f or (2) -o command line argument.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The web server for Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (CPU consumption) by sending incomplete HTTP requests and leaving the connections open.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The default configuration of Xerox DocuTech 6110 and DocuTech 6115 running Solaris 8.0 has a large number of unnecessary services enabled such as RPC and sprayd, which could allow remote attackers to obtain access to the device.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
index.php in Py-Membres 3.1 allows remote attackers to log in as an administrator by setting the pymembs parameter to "admin".
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Trend Micro InterScan VirusWall for Windows NT 3.52 does not record the sender's IP address in the headers for a mail message when it is passed from VirusWall to the MTA, which allows remote attackers to hide the origin of the message.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Pramati Server 3.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The "block fragmented IP Packets" option in Symantec Norton Personal Firewall 2002 (NPW) does not properly protect against certain attacks on Windows vulnerabilities such as jolt2 (CVE-2000-0305).
Published Jun 21, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences.
Published Jun 21, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in the HttpGetRequest function in Zeroo HTTP server 1.5 allows remote attackers to execute arbitrary code via a long HTTP request.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to the CommonName organization and possibly other web servers for name resolution, which allows those organizations to obtain internal server names.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
FlashFXP 1.4 prints FTP passwords in plaintext when there are transfers in the queue, which allows attackers to obtain FTP passwords of other users by editing the queue properties.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in IRCIT 0.3.1 IRC client allows remote attackers to execute arbitrary code via a long invite request.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The FTP service in Zaurus PDAs SL-5000D and SL-5500 does not require authentication, which allows remote attackers to access the file system as root.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of SYN packets (SYN flood). NOTE: the vendor was not able to reproduce the issue.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Entercept Agent 2.5 agent for Windows, released before May 21, 2002, allows local administrative users to obtain the entercept agent password, which could allow the administrators to log on as the entercept_agent account and conceal their identity.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
irssi IRC client 0.8.4, when downloaded after 14-March-2002, could contain a backdoor in the configuration file, which allows remote attackers to access the system.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
LCC-Win32 3.2 compiler, when running on Windows 95, 98, or ME, writes portions of previously used memory after the import table, which could allow attackers to gain sensitive information. NOTE: it has been reported that this problem is due to the OS and not the application.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) a parameter to test2.pl.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Com21 DOXport 1100 series cable modem running firmware 2.1.1.106, and possibly other versions before 2.1.1.108.003, downloads a DOCSIS configuration file from a TFTP server running on the internal network, which allows local users to modify configuration of the modem via a malicious TFTP server.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in the Embedded HTTP server, as used in (1) D-Link DI-804 4.68, Dl-704 V2.56b6, and Dl-704 V2.56b5 and (2) Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.2 through 1.42.7 and Linksys WAP11 1.3 and 1.4, allows remote attackers to cause a denial of service (crash) via a long header, as demonstrated using the Host header.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Pinboard 1.0 allows remote attackers to inject arbitrary web script or HTML via tasklists.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to cause a denial of service (crash) by via SYN, UDP, ICMP and TCP portscans when the administrator selects the Log tab of the Personal Firewall Agent module.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in LokwaBB 1.2.2 allows remote attackers to execute arbitrary SQL commands via the (1) member parameter to member.php or (2) loser parameter to misc.php.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded from the Designer, opens port 7358 for interprocess communication, which allows remote attackers to open arbitrary HTML pages and cause a denial of service.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in magiccard.cgi in My Postcards Platinum 5.0 and 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Orion Application Server 1.5.3, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Simple Web Server (SWS) 0.0.4 through 0.1.0 does not close file descriptors for 404 error messages, which could allow remote attackers to cause a denial of service (file descriptor exhaustion) via multiple requests for pages that do not exist.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in NPDS 4.8 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in lscfg of unknown versions of AIX has unknown impact.
Published Jun 21, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in MyNewsGroups 0.4 and 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the subject of a newsgroup post, which is not properly handled by (1) myarticles.php, (2) search.php, (3) stats.php, or (4) standard.lib.php.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote attackers to inject arbitrary web script or HTML via the (1) email parameter to add.php or (2) banurl parameter.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in Gringotts 0.5.9 allows local users to execute arbitrary commands via unknown attack vectors.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
ezhttpbench.php in eZ httpbench 1.1 allows remote attackers to read arbitrary files via a full pathname in the AnalyseSite parameter.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
602Pro LAN SUITE 2002 allows remote attackers to view the directory tree via an HTTP GET request with a trailing "~" (tilde) or ".bak" extension.
Published Jun 28, 2005 · Updated Sep 17, 2024