Unknown · CVSS Not scored
Centrinity FirstClass 7.1 allows remote attackers to access sensitive information by appending search to the end of the URL and checking all of the search option checkboxes and leaving the text field blank, which will return all files in the searched directory.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via (1) the link parameter in sectionswindow.php, the directory parameter in (2) gallery.php, (3) navigation.php, or (4) uploadimage.php, the path parameter in (5) view.php, (6) the choice parameter in upload.php, (7) the sitename parameter in mambosimple.php, (8) the type parameter in upload.php, or the id parameter in (9) emailarticle.php, (10) emailfaq.php, or (11) emailnews.php.
Published May 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in search.asp for MaxWebPortal 1.30 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the Search parameter.
Published May 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the log viewing interface in Perception LiteServe 1.25 through 2.2 allows remote attackers to execute arbitrary code via a GET request with a long file name.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple PHP remote file inclusion vulnerabilities in Advanced Poll 2.0.2 allow remote attackers to execute arbitrary PHP code via the include_path parameter in (1) booth.php, (2) png.php, (3) poll_ssi.php, or (4) popup.php, the (5) base_path parameter to common.inc.php.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Symantec Norton Internet Security 2003 6.0.4.34 allows remote attackers to inject arbitrary web script or HTML via a URL to a blocked site, which is displayed on the blocked sites error page.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a denial of service (pages fail to load) via HTML in the Name field, which prevents the main.php form from being loaded.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
MaxWebPortal 1.30 allows remote attackers to perform unauthorized actions by modifying hidden form fields, such as the (1) news, (2) lock, or (3) allmem fields in the 'start new topic' HTML page.
Published May 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The default installation of MaxWebPortal 1.30 stores the portal database under the web document root with insecure access control, which allows remote attackers to obtain sensitive information via a direct request to database/db2000.mdb.
Published May 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a denial of service (segmentation fault) via a UDP packet that contains a single-byte name string, which is used as an out-of-bounds array index.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allow remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter to (1) config.inc.php or (2) new-visitor.inc.php in common/visiteurs/include/.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDAP 2.1.12 and earlier, when the slap_passwd_parse function does not return LDAP_SUCCESS, attempts to free an uninitialized pointer, which allows remote attackers to cause a denial of service (segmentation fault).
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in TelCondex SimpleWebServer 2.12.30210 Build3285 allows remote attackers to execute arbitrary code via a long HTTP Referer header.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
connection.c in Cherokee web server before 0.4.6 allows remote attackers to cause a denial of service via an HTTP POST request without a Content-Length header field.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in (1) Openfile.aspx and (2) Html.aspx in HTTP Commander 4.0 allows remote attackers to view arbitrary files via a .. (dot dot) in the file parameter.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in index.php for Ledscripts.com LedForums Beta 1 allows remote attackers to inject arbitrary web script or HTML via the (1) top_message parameter or (2) topic field of a new thread.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta 2.8 and 2.81 allow remote attackers to inject arbitrary web script or HTML via (1) time in board.php, (2) the profile Homepage-Feld, (3) pictures, and (4) other "Diverse XSS Bugs."
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter.
Published May 27, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with a long User-Agent header.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other clients via the ?option parameter.
Published May 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare 6 SP3 and ZenWorks for Desktops 3.2 SP2 through 4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
WebTide 7.04 allows remote attackers to list arbitrary directories via an HTTP request for %3f.jsp (encoded "?").
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
X-CD-Roast 0.98 alpha10 through alpha14 allows local users to overwrite arbitrary files via a symlink attack on an unknown file.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote attackers to execute arbitrary code via a long GET request.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
MAILsweeper for SMTP 4.3 allows remote attackers to bypass virus protection via a mail message with a malformed zip attachment, as exploited by certain MIMAIL virus variants.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows Explorer with SYSTEM privileges, which allows local users to gain privileges.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter.
Published May 27, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Croteam Serious Sam demo test 2 2.1a, Serious Sam: the First Encounter 1.05, and Serious Sam: the Second Encounter 1.05 allow remote attackers to cause a denial of service (crash or freeze) via a TCP packet with an invalid first parameter.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Fastream NETFile Server 6.0.3.588 allows remote attackers to inject arbitrary web script or HTML via the URL, which is displayed on a "404 Not Found" error page.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 allows remote attackers to execute arbitrary PHP code via the (1) id, (2) template_set, or (3) action parameter.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 allow remote attackers to inject arbitrary SQL commands via various vectors including (1) Admin-Center, (2) Announcements, (3) admin/calendar.php, and (4) showevent.php.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to read files or execute arbitrary CGI scripts via a GET request that contains an asterisk (*) wildcard character.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
index.php in Tritanium Bulletin Board 1.2.3 allows remote attackers to read and reply to arbitrary messages by modifying the thread_id, forum_id, and sid parameters.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for critical registry keys, which allows local users to bypass access restrictions by importing NukoInfo values in certain DATEV keys, which disables Nutzungskontrolle.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in the FTP service in Plug and Play Web Server 1.0002c allow remote attackers to cause a denial of service (crash) via long (1) dir, (2) ls, (3) delete, (4) mkdir, (5) DELE, (6) RMD, or (7) MKD commands.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook 1.51 allows remote attackers to inject arbitrary web script or HTML via (1) HTML in a posted message or (2) Javascript in an onmouseover attribute in an e-mail address or URL.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Musicqueue 1.2.0 allows local users to overwrite arbitrary files by triggering a segmentation fault and using a symlink attack on the resulting musicqueue.crash file.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Java Runtime Environment (JRE) and Software Development Kit (SDK) 1.4.2 through 1.4.2_02 allows local users to overwrite arbitrary files via a symlink attack on (1) unpack.log, as created by the unpack program, or (2) .mailcap1 and .mime.types1, as created by the RPM program.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Musicqueue 1.2.0 allows local users to execute arbitrary code via a long language variable in the configuration file.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts with insecure ACLs, which allows local users to read other users' email messages.
Published May 10, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.
Published May 20, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, generates an "Account does not exist" error message when an invalid username is entered, which makes it easier for remote attackers to conduct brute force attacks.
Published May 23, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in WsMp3 daemon (WsMp3d) 0.0.10 and earlier allows remote attackers to read and execute arbitrary files via .. (dot dot) sequences in HTTP GET or POST requests.
Published May 23, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in gPS before 0.10.2 may allow local users to cause a denial of service (SIGSEGV) in rgpsp via long command lines.
Published May 30, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
gPS before 1.1.0 does not properly follow the rgpsp connection source acceptation policy as specified in the rgpsp.conf file, which could allow unauthorized remote attackers to connect to rgpsp.
Published May 30, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, stores user names and passwords in plaintext in the blackmoon.mdb file, which can allow local users to gain privileges.
Published May 23, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 and earlier allows remote attackers to insert arbitrary script via the Search field.
Published May 23, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in unknown versions of Maelstrom allows local users to execute arbitrary code via a long -player command line argument.
Published May 22, 2003 · Updated Aug 8, 2024