Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the (1) my_header parameter to header.php3 or (2) my_footer parameter to footer.php3.
Published Oct 20, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Proxomitron Naoko 4.4 allows remote attackers to execute arbitrary code via a long request.
Published Oct 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in AMX 0.9.2 and earlier, a plugin for Valve Software's Half-Life Server, allows remote attackers to execute arbitrary commands via format string specifiers in the amx_say command.
Published Oct 19, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to cause a denial of service (segmentation fault) via a malformed RPL_NAMREPLY numeric 353 message.
Published Oct 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in LTris 1.0.1 of FreeBSD Ports Collection 2003-02-25 and earlier allows local users to execute arbitrary code with gid "games" permission via a long HOME environment variable.
Published Oct 24, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in 3D-FTP client 4.0 allows remote FTP servers to cause a denial of service (crash) and possibly execute arbitrary code via a long banner.
Published Oct 24, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Album.pl 6.1 allows remote attackers to execute arbitrary commands, when an alternative configuration file is used, via unknown attack vectors.
Published Oct 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in parse_xml.cg Apple Darwin Streaming Server 4.1.2 and Apple Quicktime Streaming Server 4.1.1 allows remote attackers to read arbitrary files via a ... (triple dot) in the filename parameter.
Published Oct 20, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Epic Games Unreal Engine 226f through 436 does not validate the challenge key, which allows remote attackers to exhaust the player limit by joining the game multiple times.
Published Oct 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access.
Published Oct 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
DotBr 0.1 allows remote attackers to execute arbitrary shell commands via the cmd parameter to (1) exec.php3 or (2) system.php3.
Published Oct 20, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to encrypt data, which could allow local users to use their own passphrase to decrypt the data.
Published Oct 19, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, generates different error messages depending on whether a specified file exists or not, which allows local users to obtain sensitive information.
Published Oct 19, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ttForum allow remote attackers to execute arbitrary PHP code via the (1) template parameter in News.php or (2) installdir parameter in install.php.
Published Oct 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with automatic redirection disabled allows remote attackers to inject arbitrary web script or HTML via the HTTP Location header.
Published Oct 20, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Siemens 45 series mobile phones allows remote attackers to cause a denial of service (disconnect and unavailable inbox) via a Short Message Service (SMS) message with a long image name.
Published Oct 24, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote attackers to use Phorum as a connection proxy to other sites via (1) register.php or (2) login.php.
Published Oct 24, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message.
Published Oct 24, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in emailreader_execute_on_each_page.inc.php in Cedric Email Reader 0.4 allows remote attackers to execute arbitrary PHP code via the emailreader_ini parameter.
Published Oct 20, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
MAILsweeper for SMTP 4.3.6 and 4.3.7 allows remote attackers to cause a denial of service (CPU consumption) via a PowerPoint attachment that either (1) is corrupt or (2) contains "embedded objects."
Published Oct 24, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a ".." (dot dot) in an unreal:// URL.
Published Oct 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request.
Published Oct 20, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor was unable to reproduce the problem on a system that had been patched for an lp vulnerability (CVE-2002-1473).
Published Oct 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Gupta SQLBase 8.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long EXECUTE command.
Published Oct 19, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the reverse DNS lookup of Smart IRC Daemon (SIRCD) 0.4.0 and 0.4.4 allows remote attackers to execute arbitrary code via a client with a long hostname.
Published Oct 19, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
RTS CryptoBuddy 1.2 and earlier truncates long passphrases without warning the user, which may make it easier to conduct certain brute force guessing attacks.
Published Oct 19, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command.
Published Oct 20, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access.
Published Oct 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in index.php in PY-Livredor 1.0 allows remote attackers to insert arbitrary web script or HTML via the (1) titre, (2) Votre pseudo, (3) Votre e-mail, or (4) Votre message fields.
Published Oct 19, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthenticated bind requests if (1) bind_anon_dn is on, which allows a bind with no password provided, (2) bind_anon_cred is on, which allows a bind with no DN, or (3) bind_anon is on, which allows a bind with no DN or password.
Published Oct 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Posadis 0.50.4 through 0.50.8 allows remote attackers to cause a denial of service (crash) via a DNS message without a question section, which triggers null dereference.
Published Oct 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in nukebrowser.php in Nukebrowser 2.1 to 2.5 allows remote attackers to execute arbitrary PHP code via the filhead parameter.
Published Oct 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in Far Manager 1.70beta1 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long pathname.
Published Oct 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in ISMail 1.4.3 and earlier allow remote attackers to execute arbitrary code via long domain names in (1) MAIL FROM or (2) RCPT TO fields.
Published Oct 19, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
Published Oct 24, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositron" user account with an easily guessable password, which allows local users or remote attackers to gain access.
Published Oct 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to crash Opera via a long HTTP request ending in a .ZIP extension.
Published Oct 19, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local users to execute arbitrary code by calling wall with a large file as an argument.
Published Oct 19, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in Nuked-Klan 1.2b allow remote attackers to inject arbitrary HTML or web script via (1) the Author field in the Guestbook module, (2) the Titre or Pseudo fields in the Forum module, or (3) "La Tribune Libre" in the Shoutbox module.
Published Oct 17, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
nCipher Support Software 6.00, when using generatekey KeySafe to import keys, does not delete the temporary copies of the key, which may allow local users to gain access to the key by reading the (1) key.pem or (2) key.der files.
Published Oct 20, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a response to the ad server.
Published Oct 19, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple GameSpy 3D 2.62 compatible gaming servers generate very large UDP responses to small requests, which allows remote attackers to use the servers as an amplifier in DDoS attacks with spoofed UDP query packets, as demonstrated using Battlefield 1942.
Published Oct 14, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Kaspersky Antivirus (KAV) 4.0.9.0 does not detect viruses in files with MS-DOS device names in their filenames, which allows local users to bypass virus protection, as demonstrated using aux.vbs and aux.com.
Published Oct 23, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variable to find and execute programs such as rm while operating at raised privileges, which allows local users to gain privileges by modifying the path to point to a malicious rm program.
Published Oct 17, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code.
Published Oct 19, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
Published Oct 19, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter.
Published Oct 24, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in ByteCatcher FTP client 1.04b allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner.
Published Oct 17, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org Guestbook 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) name, or (3) title field.
Published Oct 14, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in edittag.cgi in EditTag 1.1 allows remote attackers to read arbitrary files via a "%2F.." (encoded slash dot dot) in the file parameter.
Published Oct 14, 2007 · Updated Aug 8, 2024