Unknown · CVSS Not scored
Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.
Published Oct 9, 2006 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in webfs before 1.20 allows attackers to execute arbitrary code by creating directories that result in a long pathname.
Published Oct 1, 2003 · Updated Sep 17, 2024
Unknown · CVSS Not scored
slashem-tty in the FreeBSD Ports Collection is installed with write permissions for the games group, which allows local users with group games privileges to modify slashem-tty and execute arbitrary code as other users, as demonstrated using a separate vulnerability in LTris.
Published Oct 24, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message.
Published Oct 25, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The remote web management interface of Aprelium Technologies Abyss Web Server 1.1.2 and earlier does not log connection attempts to the web management port (9999), which allows remote attackers to mount brute force attacks on the administration console without detection.
Published Oct 17, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
BlackICE Defender 2.9.cap and Server Protection 3.5.cdf, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets.
Published Oct 26, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in webfs before 1.20 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a Hostname header.
Published Oct 1, 2003 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Worker Filemanager 1.0 through 2.7 sets the permissions on the destination directory to world-readable and executable while copying data, which could allow local users to obtain sensitive information.
Published Oct 23, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Clearswift MAILsweeper 4.0 through 4.3.7 allows remote attackers to bypass filtering via a file attachment that contains "multiple extensions combined with large blocks of white space."
Published Oct 24, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
Published Oct 25, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in mIRC 6.1 and 6.11 allows remote attackers to cause a denial of service (crash) via a long DCC SEND request.
Published Oct 25, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
Published Oct 25, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The backup configuration file for Microsoft MN-500 wireless base station stores administrative passwords in plaintext, which allows local users to gain access.
Published Oct 24, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods.
Published Oct 24, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Buffer overflow in marbles 1.0.2 and earlier allows local users to gain privileges via a long HOME environment variable.
Published Oct 1, 2003 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
Published Oct 25, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cerberus FTP Server 2.1 stores usernames and passwords in plaintext, which could allow local users to gain access.
Published Oct 24, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in wp-links/links.all.php in WordPress 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the $abspath variable.
Published Oct 27, 2014 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.
Published Oct 1, 2014 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in the file upload CGI of Gast Arbeiter 1.3 allows remote attackers to write arbitrary files via a .. (dot dot) in the req_file parameter.
Published Oct 25, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 allows remote attackers to cause a denial of service via an HTTP request with a long Log_Page_Num variable.
Published Oct 25, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in dansguardian.pl in Adelix CensorNet 3.0 through 3.2 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the DENIEDURL parameter.
Published Oct 25, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Kaspersky Antivirus (KAV) 4.0.9.0 allows local users to cause a denial of service (CPU consumption or crash) and prevent malicious code from being detected via a file with a long pathname.
Published Oct 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow.
Published Oct 24, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Origo ASR-8100 ADSL Router 3.21 has an administration service running on port 254 that does not require a password, which allows remote attackers to cause a denial of service by restoring the factory defaults.
Published Oct 25, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
cart.pl in Dansie shopping cart allows remote attackers to obtain the installation path via an invalid db parameter, which leaks the path in an error message.
Published Oct 25, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
FlashFXP 1.4 uses a weak encryption algorithm for user passwords, which allows attackers to decrypt the passwords and gain access.
Published Oct 24, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Adiscon WinSyslog 4.21 SP1 allows remote attackers to cause a denial of service (CPU consumption) via a long syslog message.
Published Oct 25, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in search.php for WRENSOFT Zoom Search Engine 2.0 Build 1018 and earlier allows remote attackers to inject arbitrary web script or HTML via the zoom_query parameter.
Published Oct 25, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program.
Published Oct 24, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows remote attackers to execute arbitrary SQL commands via the (1) login username, (2) mailbox name, and possibly other attack vectors.
Published Oct 25, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file.
Published Oct 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incoming packets from DNS (UDP port 53), which allows remote attackers to bypass the firewall filters via packets with a source port of 53.
Published Oct 24, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable.
Published Oct 20, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in mIRC 6.12, when the DCC get dialog window has been minimized and the user opens the minimized window, allows remote attackers to cause a denial of service (crash) via a long filename.
Published Oct 25, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser.
Published Oct 25, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in email.php (aka email.php3) in Cedric Email Reader 0.2 and 0.3 allows remote attackers to execute arbitrary PHP code via the cer_skin parameter.
Published Oct 20, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in CDE dtmailpr of HP Tru64 4.0F through 5.1B allows local users to gain privileges via unknown attack vectors. NOTE: due to lack of details in the vendor advisory, it is not clear whether this is the same issue as CVE-1999-0840.
Published Oct 25, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Planet Technology WGSD-1020 and WSW-2401 Ethernet switches use a default "superuser" account with the "planet" password, which allows remote attackers to gain administrative access.
Published Oct 25, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption algorithm (XOR and base64 encoding), which allows local users to decrypt passwords when the configuration file is exported to XML.
Published Oct 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in PSCS VPOP3 Web Mail server 2.0e and 2.0f allows remote attackers to inject arbitrary web script or HTML via the redirect parameter to the admin/index.html page.
Published Oct 25, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end.
Published Oct 24, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Konqueror in KDE 3.0.3 allows remote attackers to cause a denial of service (core dump) via a web page that begins with a "xFFxFE" byte sequence and a large number of CRLF sequences, as demonstrated using freeze.htm.
Published Oct 24, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Netbus 1.5 through 1.7 allows more than one client to be connected at the same time, but only prompts the first connection for authentication, which allows remote attackers to gain access.
Published Oct 24, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Aladdin Knowlege Systems eSafe Gateway 3.5.126.0 does not check the entire stream of Content Vectoring Protocol (CVP) data, which allows remote attackers to bypass virus protection.
Published Oct 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in index.php in Bytehoard 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the infolder parameter.
Published Oct 25, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
CoffeeCup Software Password Wizard 4.0 stores sensitive information such as usernames and passwords in a .apw file under the web document root with insufficient access control, which allows remote attackers to obtain that information via a direct request for the file.
Published Oct 19, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/index.php; (2) 6departamentadmin/index.php, (3) 5terminals/index.php, (4) 4mailinglists/index.php, (5) 3departaments/index.php, and (6) 2groupd/index.php in 2administration/; or (7) the base parameter to include/help.php.
Published Oct 20, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (crash) via a long host string in the Unreal URL.
Published Oct 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer.
Published Oct 24, 2007 · Updated Aug 8, 2024