Unknown · CVSS Not scored
HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
Published Oct 26, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The "block fragmented IP Packets" option in Symantec Norton Personal Firewall 2002 (NPW) does not properly protect against certain attacks on Windows vulnerabilities such as jolt2 (CVE-2000-0305).
Published Jun 21, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in athcgi.exe in Authoria HR allows remote attackers to inject arbitrary web script or HTML via the command parameter.
Published Oct 29, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences.
Published Jun 21, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in the HttpGetRequest function in Zeroo HTTP server 1.5 allows remote attackers to execute arbitrary code via a long HTTP request.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to the CommonName organization and possibly other web servers for name resolution, which allows those organizations to obtain internal server names.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
FlashFXP 1.4 prints FTP passwords in plaintext when there are transfers in the queue, which allows attackers to obtain FTP passwords of other users by editing the queue properties.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in IRCIT 0.3.1 IRC client allows remote attackers to execute arbitrary code via a long invite request.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
restrictEnabled in Integrity Protection Driver (IPD) 1.2 delays driver installation for 20 minutes, which allows local users to insert malicious code by setting system clock to an earlier time.
Published Nov 16, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The FTP service in Zaurus PDAs SL-5000D and SL-5500 does not require authentication, which allows remote attackers to access the file system as root.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag with a src parameter that references a non-JavaScript file, then using the onError event handler to monitor the results.
Published Jul 14, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The (1) phrafx and (2) phgrafx-startup programs in QNX realtime operating system (RTOS) 4.25 and 6.1.0 do not properly drop privileges before executing the system command, which allows local users to execute arbitrary commands by modifying the PATH environment variable to reference a malicious crttrap program.
Published Jul 14, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in content blocking in SonicWALL SOHO3 6.3.0.0 allows remote attackers to inject arbitrary web script or HTML via a blocked URL.
Published Oct 29, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Floositek FTGate PRO 1.05 allows remote attackers to cause a denial of service (memory and CPU consumption) via a large number of RCPT TO: messages during an SMTP session.
Published Jul 14, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a skin with a long colors file name in trillian.xml.
Published Oct 31, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Ultimate PHP Board (UPB) 1.0b stores the users.dat data file under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords.
Published Oct 26, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of SYN packets (SYN flood). NOTE: the vendor was not able to reproduce the issue.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in ftp.htt in Internet Explorer 5.5 and 6.0, when running on Windows 2000 with "Enable folder view for FTP sites" and "Enable Web content in folders" selected, allows remote attackers to inject arbitrary web script or HTML via the hostname portion of an FTP URL.
Published Jul 14, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
InfBlocks.java in JCraft JZlib before 0.0.7 allow remote attackers to cause a denial of service (NullPointerException) via an invalid block of deflated data.
Published Aug 5, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Lotus Domino 5.0.8 web server returns different error messages when a valid or invalid user is provided in HTTP requests, which allows remote attackers to determine valid user names and makes it easier to conduct brute force attacks.
Published Jul 14, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The telnet server in Infoprint 21 running controller software before 1.056007 allows remote attackers to cause a denial of service (crash) via a long username, possibly due to a buffer overflow.
Published Oct 31, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause "incorrect behavior" via unknown "malicious code," related to incorrect use of the socketInputBuffered function by sockGen.c.
Published Feb 6, 2009 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Entercept Agent 2.5 agent for Windows, released before May 21, 2002, allows local administrative users to obtain the entercept agent password, which could allow the administrators to log on as the entercept_agent account and conceal their identity.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
irssi IRC client 0.8.4, when downloaded after 14-March-2002, could contain a backdoor in the configuration file, which allows remote attackers to access the system.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
InterScan VirusWall 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 gzip content encoding.
Published Nov 1, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
LCC-Win32 3.2 compiler, when running on Windows 95, 98, or ME, writes portions of previously used memory after the import table, which could allow attackers to gain sensitive information. NOTE: it has been reported that this problem is due to the OS and not the application.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) a parameter to test2.pl.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files.
Published Oct 31, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Netgear FM114P firmware 1.3 wireless firewall, when configured to backup configuration information, stores DDNS (DynDNS) user name and password, MAC address filtering table and possibly other information in cleartext, which could allow local users to obtain sensitive information.
Published Oct 29, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
mosix-protocol-stack in Multicomputer Operating System for UnIX (MOSIX) 1.5.7 allows remote attackers to cause a denial of service via malformed packets.
Published Jul 14, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in Advanced TFTP (atftp) 0.5 and 0.6, if installed setuid or setgid, may allow local users to execute arbitrary code via a long argument to the -g option.
Published Nov 1, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Savant Web Server 3.1 and earlier allows remote attackers to bypass authentication for password protected user folders via a URL with a hex encoded space (%20) and a '.' (%2e) at the end of the filename.
Published Nov 16, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The file preview functionality in Sketch 0.6.12 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an encapsulated Postscript (EPS) file.
Published Jul 14, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Com21 DOXport 1100 series cable modem running firmware 2.1.1.106, and possibly other versions before 2.1.1.108.003, downloads a DOCSIS configuration file from a TFTP server running on the internal network, which allows local users to modify configuration of the modem via a malicious TFTP server.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests.
Published Oct 29, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in the Embedded HTTP server, as used in (1) D-Link DI-804 4.68, Dl-704 V2.56b6, and Dl-704 V2.56b5 and (2) Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.2 through 1.42.7 and Linksys WAP11 1.3 and 1.4, allows remote attackers to cause a denial of service (crash) via a long header, as demonstrated using the Host header.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote attackers to cause a denial of service (no new connections) via a series of MKD commands.
Published Oct 31, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Microsoft Windows XP allows remote attackers to cause a denial of service (CPU consumption) by flooding UDP port 500 (ISAKMP).
Published Aug 5, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the environmental monitoring subsystem in Solaris 8 running on Sun Fire 280R, V480 and V880 allows local users to cause a denial of service by setting volatile properties.
Published Oct 26, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Pinboard 1.0 allows remote attackers to inject arbitrary web script or HTML via tasklists.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
FTGate and FTGate Pro 1.05 lock user mailboxes before authentication succeeds, which allows remote attackers to lock the mailboxes of other users.
Published Jul 14, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to cause a denial of service (crash) by via SYN, UDP, ICMP and TCP portscans when the administrator selects the Log tab of the Personal Firewall Agent module.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in LokwaBB 1.2.2 allows remote attackers to execute arbitrary SQL commands via the (1) member parameter to member.php or (2) loser parameter to misc.php.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded from the Designer, opens port 7358 for interprocess communication, which allows remote attackers to open arbitrary HTML pages and cause a denial of service.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in ZMailer before 2.99.51_1 allows remote attackers to execute arbitrary code during HELO processing from an IPv6 address, possibly using an address that resolves to a long hostname.
Published Nov 16, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use process privileges, which allows attackers to access data.
Published Jul 14, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in magiccard.cgi in My Postcards Platinum 5.0 and 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in NOCC 0.9 through 0.9.5 allows remote attackers to inject arbitrary web script or HTML via email messages.
Published Oct 29, 2007 · Updated Sep 17, 2024