Unknown · CVSS Not scored
Format string vulnerability in the awp_log function in apt-www-proxy 0.1 allows remote attackers to execute arbitrary code.
Published Oct 14, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Format string vulnerability in Kaffe OpenVM 1.0.6 and earlier allows local users to execute arbitrary code, when a java.lang.NoClassDefFoundError is thrown, via format specifiers in the forName attribute.
Published Jul 14, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Buffer overflow in Borland InterBase 6.0 allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_drop, (2) gds_lock_mgr, or (3) gds_inet_server.
Published Aug 5, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Resin 2.1.1 allows remote attackers to cause a denial of service (memory consumption and hang) via a URL with long variables for non-existent resources.
Published Jul 14, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cisco IOS 11.2.x and 12.0.x does not limit the size of its redirect table, which allows remote attackers to cause a denial of service (memory consumption) via spoofed ICMP redirect packets to the router.
Published Oct 26, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Charities.cron 1.0.2 through 1.6.0 allows local users to write to arbitrary files via a symlink attack on temporary files.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Format string vulnerability in Deception Finger Daemon, decfingerd, 0.7 may allow remote attackers to execute arbitrary code via the username of a finger request.
Published Aug 5, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access.
Published Oct 29, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Iomega NAS A300U uses cleartext LANMAN authentication when mounting CIFS/SMB drives, which allows remote attackers to perform a man-in-the-middle attack.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Buffer overflow in Pedro Lineu Orso chetcpasswd before 1.12, when configured for access from 0.0.0.0, allows local users to gain privileges via unspecified vectors.
Published Dec 21, 2006 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the FTP view feature in Opera 6.0 and 6.01 through 6.04 allows remote attackers to inject arbitrary web script or HTML via the title tag of an FTP URL.
Published Oct 29, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Falcon web server 2.0.0.1009 through 2.0.0.1021 allows remote attackers to inject arbitrary web script or HTML via the URI, which is inserted into 301 error messages and executed by 404 error messages.
Published Oct 26, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.
Published May 23, 2006 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." (dot).
Published Oct 29, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Magic Notebook 1.0b and 1.1b allows remote attackers to cause a denial of service (crash) via an invalid username during login.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Check Point FireWall-1 4.1 and Next Generation (NG), with UserAuth configured to proxy HTTP traffic only, allows remote attackers to pass unauthorized HTTPS, FTP and possibly other traffic through the firewall.
Published Nov 1, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows remote authenticated users to cause a denial of service (abend) via a crafted ABOR command.
Published Apr 5, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in index.php of Portix 0.4.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) l and (2) topic parameters.
Published Jul 14, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Pointsec before 1.2 for PalmOS stores a user's PIN number in memory in plaintext, which allows a local attacker who steals an unlocked Palm to retrieve the PIN by dumping memory.
Published Aug 5, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Perlbot 1.0 beta allows remote attackers to execute arbitrary commands via shell metacharacters in (1) a word that is being spell checked or (2) an e-mail address.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a digit in response to a STAT command for a filename that contains a carriage return followed by a digit, which can cause firewalls and other intermediary devices to lose proper track of the FTP session.
Published Oct 14, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociRaptor 1.0 allows remote attackers to cause a denial of service (memory consumption) via an unknown method.
Published Oct 26, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
WebCalendar 0.9.34 and earlier with 'browsing in includes directory' enabled allows remote attackers to read arbitrary include files with .inc extensions from the web root.
Published Jul 14, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Resin 2.1.1 allows remote attackers to cause a denial of service (thread and connection consumption) via multiple URL requests containing the DOS 'CON' device name and a registered file extension such as .jsp or .xtp.
Published Jul 14, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in form_header.php in MyMarket 1.71 allows remote attackers to inject arbitrary web script or HTML via the noticemsg parameter.
Published Oct 29, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The design of the Hot Standby Routing Protocol (HSRP), as implemented on Cisco IOS 12.1, when using IRPAS, allows remote attackers to cause a denial of service (CPU consumption) via a router with the same IP address as the interface on which HSRP is running, which causes a loop.
Published Jul 14, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
UTStarcom BAS 1000 3.1.10 creates several default or back door accounts and passwords, which allows remote attackers to gain access via (1) field account with a password of "*field", (2) guru account with a password of "*3noguru", (3) snmp account with a password of "snmp", or (4) dbase account with a password of "dbase".
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
site_searcher.cgi in Super Site Searcher allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter.
Published Nov 1, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read arbitrary files via a full pathname in the filnavn variable.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the lookup script in Veridis OpenKeyServer (OKS) 1.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
Published Aug 5, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
advserver.exe in Advanced Web Server (AdvServer) Professional 1.030000 allows remote attackers to cause a denial of service via multiple HTTP requests containing a single carriage return/line feed (CRLF) sequence.
Published Jul 14, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
Published Jul 14, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Virgil CGI Scanner 0.9 allows remote attackers to execute arbitrary commands via the (1) tar (TARGET) or (2) zielport (ZIELPORT) parameters.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The default configuration of Xerox DocuTech 6110 and DocuTech 6115 exports certain NFS shares to the world with world writable permissions, which may allow remote attackers to modify sensitive files.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Internet Group Management Protocol (IGMP) of HP Tru64 4.0F through 5.1A allows remote attackers to cause a denial of service via unknown attack vectors. NOTE: this might be the same issue as CVE-2002-2185, but there are insufficient details to be certain.
Published Oct 18, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
SecureClean 3 build 2.0 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
Published Jul 14, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
NWFTPD.nlm before 5.02i in the FTP server in Novell NetWare does not properly listen for data connections, which allows remote attackers to cause a denial of service (abend) via multiple FTP sessions.
Published Apr 5, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
AtGuard 3.2 allows remote attackers to bypass firwall filters and execute prohibited programs by changing the filenames to permitted filenames.
Published Jul 14, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
TightVNC before 1.2.4 running on Windows stores unencrypted passwords in the password text control of the WinVNC Properties dialog, which could allow local users to access passwords.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content.
Published Aug 5, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
acWEB 1.14 allows remote attackers to cause a denial of service (crash) via an HTTP request for a MS-DOS device name such as COM2.
Published Nov 1, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS 1.0, when allowing on-line question development, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the SRC attribute of an IMG tag.
Published Oct 31, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in phptonuke.php for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the filnavn parameter.
Published Jul 14, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in TinyHTTPD 0.1 .0 allows remote attackers to read or execute arbitrary files via a ".." (dot dot) in the URL.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725, 0.73, 0.74 and 1.0 pro allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request.
Published Oct 31, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
Published Jul 14, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
Published Jul 14, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Database of Our Owlish Wisdom (DOOW) 0.1 through 0.2.1 does not properly verify user permissions, which allows remote attackers to perform unauthorized activities.
Published Jul 14, 2005 · Updated Sep 16, 2024