Unknown · CVSS Not scored
Multiple buffer overflows in QNX RTOS 4.25 may allow attackers to execute arbitrary code via long filename arguments to (1) Watcom or (2) int10.
Published Aug 5, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Hyper NIKKI System (HNS) Lite before 0.9 and HNS before 2.10-pl2 allows remote attackers to inject arbitrary web script or HTML.
Published Aug 5, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag.
Published Aug 5, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
Published Aug 5, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass the HTTP_REFERER check and conduct unauthorized activities via (1) a blank referer, (2) a spoofed referer with a trusted domain/URL after the beginning of the referer, or (3) a spoofed referer with a trusted domain/URL in the beginning (hostname) portion of the referer.
Published Aug 5, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
InfBlocks.java in JCraft JZlib before 0.0.7 allow remote attackers to cause a denial of service (NullPointerException) via an invalid block of deflated data.
Published Aug 5, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Microsoft Windows XP allows remote attackers to cause a denial of service (CPU consumption) by flooding UDP port 500 (ISAKMP).
Published Aug 5, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Database 6.0 and 7.0 allows local users to execute arbitrary code via a long username that is read from a file descriptor argument.
Published Aug 20, 2004 · Updated Sep 17, 2024
Unknown · CVSS Not scored
search.cgi in AGH HTMLsearch 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the template parameter.
Published Aug 5, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Joe Testa hellbent 01 allows remote attackers to determine the full path of the web root directory via a GET request with a relative path that includes the root's parent, which generates a 403 error message if the parent is incorrect, but a normal response if the parent is correct.
Published Aug 5, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers to obtain server's root path via requests for MS-DOS device names such as lpt9.xtp.
Published Aug 5, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Buffer overflow in Borland InterBase 6.0 allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_drop, (2) gds_lock_mgr, or (3) gds_inet_server.
Published Aug 5, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Format string vulnerability in Deception Finger Daemon, decfingerd, 0.7 may allow remote attackers to execute arbitrary code via the username of a finger request.
Published Aug 5, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Pointsec before 1.2 for PalmOS stores a user's PIN number in memory in plaintext, which allows a local attacker who steals an unlocked Palm to retrieve the PIN by dumping memory.
Published Aug 5, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the lookup script in Veridis OpenKeyServer (OKS) 1.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
Published Aug 5, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content.
Published Aug 5, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The MOSIX Project clump/os 5.4 creates a default VNC account without a password, which allows remote attackers to gain root access.
Published Aug 5, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Buffer overflow in Novell Remote Manager module, httpstk.nlm, in NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary code via a long (1) username or (2) password.
Published Aug 5, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Buffer overflow in rcp in Solaris 9.0 allows local users to execute arbitrary code via a long command line argument.
Published Aug 5, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The RCA Digital Cable Modems DCM225 and DCM225E allow remote attackers to cause a denial of service (modem device reset) by connecting to port 80 on the 10.0.0.0/8 device.
Published Aug 5, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
RCA Digital Cable Modem DCM225 and DCM225E, and other modems that must conform to the Data-over-Cable Service Interface Specifications DOCSIS standard, uses the "public" community string for SNMP access, which allows remote attackers to read or write MIB information.
Published Aug 5, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Joe Testa hellbent 01 webserver allows attackers to read files that are specified in the hellbent.prefs file by creating a file with a similar name in the web root, as demonstrated using (1) index.webroot and (2) index.ipallow.
Published Aug 5, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Netgear RM-356 and RT-338 series SOHO routers allow remote attackers to cause a denial of service (crash) via a UDP port scan, as demonstrated using nmap.
Published Aug 5, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unknown vulnerability in the "VAIO Manual" software in certain Sony VAIO personal computers sold from November 2001 to January 2002, allows remote attackers to modify data via a web page or HTML e-mail.
Published Aug 5, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remote attackers to conduct brute force password guessing.
Published Aug 5, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
GE Healthcare Millennium MG, NC, and MyoSIGHT has a default password of (1) root.genie for the root user, (2) "service." for the service user, (3) admin.genie for the admin user, (4) reboot for the reboot user, and (5) shutdown for the shutdown user, which has unspecified impact and attack vectors.
Published Aug 4, 2015 · Updated Aug 8, 2024
Unknown · CVSS Not scored
GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite account that cannot be changed without disabling product functionality for remote InSite support, which has unspecified impact and attack vectors.
Published Aug 4, 2015 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Soft3304 04WebServer before 1.20 does not properly process URL strings, which allows remote attackers to obtain unspecified sensitive information.
Published Aug 17, 2006 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The compression code in MaraDNS before 0.9.01 allows remote attackers to cause a denial of service via crafted DNS packets.
Published Aug 5, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in publish_xp_docs.php for Gallery 1.3.2 allows remote attackers to inject arbitrary PHP code by specifying a URL to an init.php file in the GALLERY_BASEDIR parameter.
Published Aug 16, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in axspawn.c in Axspawn-pam before 0.2.1a allows remote attackers to execute arbitrary code via large packets.
Published Aug 5, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Artekopia Netjuke before 1.0 b7 allows remote attackers to execute arbitrary code on the web server, possibly via the section parameter, which is passed to an eval call.
Published Aug 5, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in WikkiTikkiTavi before 0.21 allows remote attackers to execute arbitrary PHP code via the TemplateDir variable, as demonstrated using conflict.php.
Published Aug 5, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Video Control Panel on SGI O2/IRIX 6.5, when the Default Input is set to "Output Video", allows attackers to access a console session by running videoout then videoin.
Published Aug 5, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Fwmon before 1.0.10 allows remote attackers to cause a denial of service (crash) by causing the kernel to return a large packet.
Published Aug 5, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SurfControl SuperScout Email filter for SMTP 3.5.1 allows remote attackers to cause a denial of service (crash) via a long SMTP (1) HELO or (2) RCPT TO command, possibly due to a buffer overflow.
Published Aug 5, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.
Published Aug 5, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
graph.php in Ganglia PHP RRD Web Client 1.0.2 allows remote attackers to execute arbitrary commands via the command parameter, which is provided to the passthru function.
Published Aug 5, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows local users to execute arbitrary code and possibly gain privileges via a long HOME environment variable. NOTE: since DDD is not installed setuid or setgid, perhaps this issue should not be included in CVE.
Published Aug 5, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Windows XP allows local users to prevent the system from booting via a corrupt explorer.exe.manifest file.
Published Aug 5, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows remote attackers to cause a denial of service via a long URL.
Published Aug 5, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
netris 0.5, and possibly other versions before 0.52, when running with the -w (wait) option, allows remote attackers to cause a denial of service (crash) via a long string to port 9284.
Published Aug 15, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS device names in HTTP requests to (1) cause a denial of service using the "con" device, or (2) obtain the physical path of the server using two requests to the "aux" device.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Subject field.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
IPSwitch IMail Web Calendaring service (iwebcal) allows remote attackers to cause a denial of service (crash) via an HTTP POST request without a Content-Length field.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
none.php for SunPS iRunbook 2.5.2 allows remote attackers to read arbitrary files via an absolute pathname in the argument.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, does not restrict the number of unsuccessful login attempts, which makes it easier for remote attackers to gain privileges via brute force username and password guessing.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Administration console for Abyss Web Server 1.0.3 before Patch 2 allows remote attackers to gain privileges and modify server configuration via direct requests to CHL files such as (1) srvstatus.chl, (2) consport.chl, (3) general.chl, (4) srvparam.chl, and (5) advanced.chl.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allows remote attackers to upload or download arbitrary files to arbitrary locations via a man-in-the-middle attack with modified TGT and TGN parameters in a call to the "Persist" function.
Published Aug 23, 2002 · Updated Aug 8, 2024