Unknown · CVSS Not scored
Digi-Net Technologies DigiChat 3.5 allows chat users to obtain the IP addresses of other chat users via a "Showip" parameter in the chat applet.
Published Nov 16, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Check Point FireWall-1 4.1 and Next Generation (NG), with UserAuth configured to proxy HTTP traffic only, allows remote attackers to pass unauthorized HTTPS, FTP and possibly other traffic through the firewall.
Published Nov 1, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
site_searcher.cgi in Super Site Searcher allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter.
Published Nov 1, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
acWEB 1.14 allows remote attackers to cause a denial of service (crash) via an HTTP request for a MS-DOS device name such as COM2.
Published Nov 1, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERY_BASEDIR parameter to reference a URL on a remote web server that contains the code.
Published Nov 16, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Format string vulnerability in the error handling of IRC invite responses for Trillian 0.725 and 0.73 allows remote IRC servers to execute arbitrary code via an invite to a channel with format string specifiers in the name.
Published Nov 16, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
InterScan VirusWall 3.6 for Linux and 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 chunked transfer encoding.
Published Nov 1, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Perception LiteServe 2.0.1 allows remote attackers to execute arbitrary web script via (1) a Host: header when DNS wildcards are supported or (2) the query string in a "dir" request to indexed folders.
Published Nov 16, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in function_foot_1.inc.php for Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences terminated by a null character in the $designNo variable, which is part of an "include" function call.
Published Nov 16, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Lotus Domino 5.0.9a and earlier, even when configured with the 'DominoNoBanner=1' option, allows remote attackers to obtain potential sensitive information such as the version via a request for a non-existent .nsf database, which leaks the version in the HTTP banner.
Published Nov 16, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Buffer overflow in the version update check for Winamp 2.80 and earlier allows remote attackers who can spoof www.winamp.com to execute arbitrary code via a long server response.
Published Nov 16, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unknown "file disclosure" vulnerability in Macromedia JRun 3.0, 3.1, and 4.0, related to a log file or jrun.ini, with unknown impact.
Published Nov 16, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Buffer overflow in HTTP server in LiteServe 2.0, 2.0.1 and 2.0.2 allows remote attackers to cause a denial of service (hang) via a large number of percent characters (%) in an HTTP GET request.
Published Nov 1, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
SonicWall Content Filtering allows local users to access prohibited web sites via requests to the web site's IP address instead of the domain name.
Published Nov 16, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Perl-HTTPd before 1.0.2 allows remote attackers to view arbitrary files via a .. (dot dot) in an unknown argument.
Published Nov 16, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The Printer Administration module for Webmin 0.990 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the printer name.
Published Nov 16, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
editform.php in w-Agora 4.1.5 allows local users to execute arbitrary PHP code via .. (dot dot) sequences in the file parameter.
Published Nov 16, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not properly check certain arguments, which allows local users to write to kernel memory and possibly gain root privileges, possibly via an integer signedness error.
Published Nov 16, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The Telnet proxy of 602Pro LAN SUITE 2002 does not restrict the number of outstanding connections to the local host, which allows remote attackers to create a denial of service (memory consumption) via a large number of connections.
Published Nov 16, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and 4.7 for MacOS and Windows allows remote attackers to conduct unauthorized activities, such as adding buddies and groups to a user's buddy list, via a URL with a META HTTP-EQUIV="refresh" tag to an aim: URL.
Published Nov 16, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in FuseTalk 2.0 and 3.0 allows remote attackers to insert arbitrary HTML and web script.
Published Nov 16, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Buffer overflow in Seunghyun Seo's MSN666 MSN Sniffer 1.0 and 1.0.1 allows remote attackers to execute arbitrary code via a long MSN packet.
Published Nov 16, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Firewalls from multiple vendors empty state tables more slowly than they are filled, which allows remote attackers to flood state tables with packet flooding attacks such as (1) TCP SYN flood, (2) UDP flood, or (3) Crikey CRC Flood, which causes the firewall to refuse any new connections.
Published Nov 16, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 characters, which allows remote attackers to prevent the IP address from being logged via a long IDENT response.
Published Nov 1, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in ActiveXperts Software ActiveWebserver allows remote attackers to execute arbitrary web script via a link.
Published Nov 16, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences.
Published Nov 16, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to execute arbitrary SQL queries via various programs including function_describe_item1.inc.php.
Published Nov 16, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a long <A HREF> link.
Published Nov 16, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The dynamic initialization feature of the ClearPath MCP environment allows remote attackers to cause a denial of service (crash) via a TCP port scan using a tool such as nmap.
Published Nov 16, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in BearShare 4.0.5 and 4.0.6 allows remote attackers to read files outside of the web root by hex-encoding the "/" (forward slash) or "." (dot) characters.
Published Nov 16, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not verify user execution permissions for 16-bit executable files, which allows local users to bypass the loader and execute arbitrary programs.
Published Nov 1, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero (null) bytes sent via UDP to a running service.
Published Nov 1, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Compaq Insight Management Agents 2.0, 2.1, 3.6.0, 4.2 and 4.3.7 allows remote attackers to inject arbitrary web script or HTML via a URL, which inserts the script into the resulting error message.
Published Nov 1, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information.
Published Nov 20, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
acFTP 1.4 does not properly handle when an invalid password is provided by the user during authentication, which allows remote attackers to hide or misrepresent certain activity from log files and possibly gain privileges.
Published Nov 1, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in acFreeProxy (aka acFP) 1.33 beta 7 allows remote attackers to inject arbitrary web script or HTML via the URL, which is inserted into an error page.
Published Nov 1, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash).
Published Nov 1, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in badmin.c in BannerWheel 1.0 allows remote attackers to execute arbitrary code via a long rcmd command.
Published Nov 1, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The new thread posting page in APBoard 2.02 and 2.03 allows remote attackers to post messages to protected forums by modifying the insertinto parameter.
Published Nov 1, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the httpdProcessRequest function in LibHTTPD 1.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP POST request.
Published Nov 1, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SURECOM broadband router EP-4501 uses a default SNMP read community string of "public" and a default SNMP read/write community string of "secret," which allows remote attackers to read and modify router configuration information.
Published Nov 1, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in KeyFocus web server 1.0.8 allows remote attackers to read arbitrary files for recognized MIME type files via "...", "....", ".....", and other multiple dot sequences.
Published Nov 1, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in IISPop email server 1.161 and 1.181 allows remote attackers to cause a denial of service (crash) via a long request to the POP3 port (TCP port 110).
Published Nov 1, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote attackers to remotely include and execute malicious PHP files via the "subpath" variablein (1) entete.php, (2) enteteacceuil.php, (3) index.php, or (4) newtopic.php.
Published Nov 16, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in acWEB 1.8 and 1.14 allows remote attackers to insert arbitrary HTML and web script via a URL, possibly via a "%db" request in a URL.
Published Nov 16, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in ssldump 0.9b2 and earlier, when running in decryption mode, allows remote attackers to execute arbitrary code via a long RSA PreMasterSecret.
Published Nov 16, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Samba before 2.2.5 does not properly terminate the enum_csc_policy data structure, which may allow remote attackers to execute arbitrary code via a buffer overflow attack.
Published Nov 16, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
haut.php in PEEL 1.0b allows remote attackers to execute arbitrary PHP code by modifying the dirroot parameter to reference a URL on a remote web server that contains the code in a lang.php file.
Published Nov 16, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 through 7.0.0.1, does not prepend a "/" character in certain URL patterns, which prevents the proper enforcement of role mappings and policies in applications that use the extension.
Published Nov 16, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network.
Published Nov 16, 2005 · Updated Aug 8, 2024