Unknown · CVSS Not scored
Magic Notebook 1.0b and 1.1b allows remote attackers to cause a denial of service (crash) via an invalid username during login.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Perlbot 1.0 beta allows remote attackers to execute arbitrary commands via shell metacharacters in (1) a word that is being spell checked or (2) an e-mail address.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
UTStarcom BAS 1000 3.1.10 creates several default or back door accounts and passwords, which allows remote attackers to gain access via (1) field account with a password of "*field", (2) guru account with a password of "*3noguru", (3) snmp account with a password of "snmp", or (4) dbase account with a password of "dbase".
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read arbitrary files via a full pathname in the filnavn variable.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Virgil CGI Scanner 0.9 allows remote attackers to execute arbitrary commands via the (1) tar (TARGET) or (2) zielport (ZIELPORT) parameters.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The default configuration of Xerox DocuTech 6110 and DocuTech 6115 exports certain NFS shares to the world with world writable permissions, which may allow remote attackers to modify sensitive files.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
TightVNC before 1.2.4 running on Windows stores unencrypted passwords in the password text control of the WinVNC Properties dialog, which could allow local users to access passwords.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in TinyHTTPD 0.1 .0 allows remote attackers to read or execute arbitrary files via a ".." (dot dot) in the URL.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell commands via certain form fields.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Click2Learn Ingenium Learning Management System 5.1 and 6.1 stores the hashed administrative password in a config.txt file under the htdocs directory, which allows remote attackers to obtain the administrative password.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
iSMTP 5.0.1 allows remote attackers to cause a denial of service via a long "MAIL FROM" command, possibly triggering a buffer overflow.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Off-by-one buffer overflow in the context_action function in context.c of Logsurfer 1.41 through 1.5a allows remote attackers to cause a denial of service (crash) via a malformed log entry.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in index.php in Yet Another Bulletin Board (YaBB) 1.40 and 1.41 allows remote attackers to inject arbitrary web script or HTML via the password (passwrd) parameter.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Simple Web Server (SWS) 0.0.4 through 0.1.0 does not properly handle when the recv function call fails, which may allow remote attackers to overwrite program data or perform actions on an uninitialized heap, leading to a denial of service and possibly code execution.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The default configuration of Xerox DocuTech 6110 and DocuTech 6115 allows remote attackers to connect to the web server and (1) submit print jobs directly into the "print now" queue or (2) read the scanner job history.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software 1.2.000, when the "Save Password" option is used, stores the password with a weak encryption scheme (one-to-one mapping) in a registry key, which allows local users to obtain and decrypt the password.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
ParaChat Server 4.0 does not log users off if the browser's back button is used, which allows remote attackers to cause a denial of service by repeatedly logging into a chat room, hitting the back button, then logging into the same chat room as a different user, which fills the chat room with invalid users.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Savant Webserver 3.1 allows remote attackers to cause a denial of service (crash) via an HTTP GET request with a negative Content-Length value.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Nagios 1.0b1 through 1.0b3 allows remote attackers to execute arbitrary commands via shell metacharacters in plugin output.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Drupal 4.0.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in ArGoSoft Mail Server Pro 1.8.1.9 allows remote attackers to inject arbitrary web script or HTML via the e-mail message.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
TelCondex SimpleWebServer 2.06.20817 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords (reversible algorithm), which allows attackers to obtain passwords.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with a Host header that contains a large number of "/" (forward slash) characters.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
SafeTP 1.46, when network address translation (NAT) is being used, leaks the internal IP address of the FTP server in a response to a passive mode (PASV) file transfer request.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Cybozu Share360 1.1 allows remote attackers to inject arbitrary web script or HTML via an HTML link.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
ROX Filer 1.1.9 and 1.2 is installed with world writable permissions, which allows local users to write to arbitrary files.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote attackers to cause a denial of service (web browser crash) via malformed content in a Flash Shockwave (.SWF) file, as demonstrated by by ROT13 encoding the body of the file but not the headers.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attackers to inject arbitrary web script or HTML via the (1) Javascript events, as demonstrated via an onerror event in an IMG SRC tag or (2) User-Agent field in an HTTP GET request.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Iomega Network Attached Storage (NAS) A300U, and possibly other models, does not allow the FTP service to be disabled, which allows local users to access home directories via FTP even when access to all shared directories have been disabled.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote attackers to inject arbitrary web script or HTML via the (1) the email parameter of add.php or (2) the banner URL (banurl parameter) in the main list.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a telnet:// link, which is executed by Terminal.app window.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Network Associates PGP 7.0.4 and 7.1 does not time out according to the value set in the "Passphrase Cache" option, which could allow attackers to open encrypted files without providing a passphrase.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
grsecurity 1.9.4 for Linux kernel 2.4.18 allows local users to bypass read-only permissions by using mmap to directly map /dev/mem or /dev/kmem to kernel memory.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Meunity Community System 1.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag when creating a topic.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Imatix Xitami 2.5 b5 does not properly terminate certain Keep-Alive connections that have been broken or closed early, which allows remote attackers to cause a denial of service (crash) via a large number of concurrent sessions.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Buffer overflow in uux in eoe.sw.uucp package of SGI IRIX 6.5 through 6.5.17 allows local users to execute arbitrary code via unknown attack vectors.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie, which allows remote attackers to retrieve the administrative password.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Zeus Administration Server in Zeus Web Server 4.0 through 4.1r2 allows remote authenticated users to inject arbitrary web script or HTML via the section parameter to index.fcgi.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php.
Published Jun 28, 2005 · Updated Sep 16, 2024