Unknown · CVSS Not scored
The default configuration of BizDesign ImageFolio 2.23 through 2.26 does not control access to (1) admin/setup.cgi, which allows remote attackers to create an administrative account, or (2) admin/nph-build.cgi, which allows remote attackers to cause a denial of service (CPU consumption).
Published Jun 28, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of service by obtaining an exclusive lock on the (1) alias, (2) map, (3) statistics, and (4) pid files.
Published Jun 28, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
Published Jun 28, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in the "ipopts decode" functionality in Firestorm IDS 0.4.0 through 0.4.2 allows remote attackers to cause a denial of service (crash) via certain IP options.
Published Jun 28, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote attackers to bypass authentication and access modifier options via a direct request to moderator.php with the action and ismod parameters.
Published Jun 28, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for WindowsNT, Cluster Server 1.3.0 for Solaris, and Cluster Server 1.3.1 for HP-UX allows attackers to gain privileges via unknown attack vectors.
Published Jun 28, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
jo! jo Webserver 1.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
Published Jun 28, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the path to the web root directory and other sensitive information, which is leaked in an error mesage when a request is made for a non-existent Java Server Page (JSP).
Published Jun 28, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in gdam123 0.933 and 0.942 allows local users to execute arbitrary code via a long filename parameter.
Published Jun 28, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in pam_authz in the LDAP-UX Integration product on HP-UX 11.00 and 11.11 allows remote attackers to execute r-commands with privileges of other users.
Published Jun 28, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 allows remote attackers to view source code and determine the existence of arbitrary files via a hex-encoded "%c0%ae%c0%ae" string, which is the Unicode representation for ".." (dot dot).
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus (NAV) 2002 allows remote attackers to bypass the initial virus scan and cause NAV to prematurely stop scanning by using a non-RFC compliant MIME header. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the AutoProtect feature would detect the virus before it is executed
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in the nn_exitmsg function in nn 6.6.0 through 6.6.3 allows remote NNTP servers to execute arbitrary code via format strings in server responses.
Published Jun 28, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Composer in Netscape 4.77 allows local users to overwrite process memory and execute arbitrary code via a font tag with a long face attribute.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Symantec Norton Personal Firewall 2002 allows remote attackers to bypass the portscan protection by using a (1) SYN/FIN, (2) SYN/FIN/URG, (3) SYN/FIN/PUSH, or (4) SYN/FIN/URG/PUSH scan.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote attackers to execute arbitrary code, as demonstrated using a long USER command to the POP proxy.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
AOL ICQ 2002a Build 3722 allows remote attackers to cause a denial of service (crash) via a malformed .hpf file.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
acroread in Adobe Acrobat Reader 4.05 on Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The dtscreen Sun Solaris 8 CDE screensaver crashes when the "Shift" and "Return" keys are pressed repeatedly and quickly, which allows local users to access the current session.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 allow remote attackers to execute arbitrary SQL commands via the unknown attack vectors.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in WorldClient.cgi in WorldClient in Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to execute arbitrary code via a long folder name (NewFolder parameter).
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Windows 2000 Terminal Services, when using the disconnect feature of the client, does not properly lock itself if it is left idle until the screen saver activates and the user disconnects, which could allow attackers to gain administrator privileges.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the web-based message board in Prospero Technologies allows remote attackers to inject arbitrary web script or HTML via a message board post.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a denial of service (memory consumption and crash) via an email with a malformed MIME header.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The upload function in PHProjekt 2.0 through 3.1 does not properly verify certain variables related to uploaded data, which allows remote attackers to cause PHProjekt to process arbitrary files.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ChaiVM for HP color LaserJet 4500 and 4550 or HP LaserJet 4100 and 8150 does not properly enforce access control restrictions, which could allow local users to add, delete, or modify any services hosted by the ChaiServer.
Published Jun 28, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Fake Identd 0.9 through 1.4 allows remote attackers to execute arbitrary code as root via a long request that is split into multiple packets.
Published Jun 28, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to admin/credit_card_info.php.
Published Jun 28, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vtun 2.5b1 allows remote attackers to inject data into user sessions by sniffing and replaying packets.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Matt Wright FormMail 1.9 and earlier allows remote attackers to send spam or anonymous e-mail by injecting a newline character followed by CC:, BCC:, or additional TO: fields in the email and realname CGI variables.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_Anonymous, with a default password of LdapPassword_1, which allows remote attackers the "Log on locally" privilege.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default MDaemon mail account with a password of MServer, which could allow remote attackers to send anonymous email.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in WorldClient.cgi in WorldClient for Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to delete arbitrary files via a ".." (dot dot) in the Attachments parameter.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows remote attackers to cause a denial of service (CPU consumption) via randomly sized UDP packets to the Hot Standby Routing Protocol (HSRP) port 1985.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to send viruses that bypass the e-mail scanning via a NULL character in the MIME header before the virus. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the AutoProtect feature would detect the virus before it is executed
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for Linux allows local users to execute arbitrary code as the oracle user via a long command line argument.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with "sms" in the URL, which is included in the PATH_INFO portion of the $PHP_SELF variable, as demonstrated using "mail_send.php/sms".
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Logitech iTouch keyboards allows attackers with physical access to the system to bypass the screen locking function and execute user-defined commands that have been assigned to a button.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary Perl functions by suppling a non-existent function in a script using a SOAP::Lite module, which causes the AUTOLOAD subroutine to trigger.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
NewsPro 1.01 allows remote attackers to gain unauthorized administrator access by setting their authentication cookie to "logged,true".
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long request.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in Bavo 0.3 allows remote attackers to modify posted messages.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the (1) subject or (2) message fields.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans in a known location C:\Documents and Settings\username\SecurityScans in plaintext, which could allow remote attackers to obtain sensitive information about the system via malicious active content such as ActiveX controls or Java.
Published Jun 21, 2005 · Updated Aug 8, 2024