Unknown · CVSS Not scored
Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows attackers to gain privileges via unknown vectors involving (1) admin/userlevelmembers-edit.asp and (2) admin/edit-groups.asp.
Published Jan 9, 2006 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02 allows remote attackers to obtain unspecified "access" to e-mail via a crafted e-mail message, related to a "session hijacking" issue, a different vulnerability than CVE-2005-2022 and CVE-2006-5486.
Published Jan 28, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in ArGoSoft FTP server before 1.4.2.2 allows attackers to upload .lnk files via unknown vectors.
Published Jan 9, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, a different vulnerability than CVE-2005-2022 and CVE-2006-5486.
Published Jan 28, 2010 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.
Published Jan 5, 2009 · Updated Aug 8, 2024
Unknown · CVSS Not scored
mod.php in eNdonesia 8.3 allows remote attackers to obtain sensitive information via certain direct requests, and certain requests with invalid parameter values, which reveal the path in various error messages, as demonstrated by the (1) mod and (2) cid parameters.
Published Jan 5, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in mod.php in eNdonesia 8.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewcat operation or (2) the query parameter in a search operation in the publisher module.
Published Jan 5, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users to determine the existence of arbitrary files via ".." sequences in the SITE UNZIP argument.
Published Jan 9, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in ArGoSoft FTP Server before 1.4.1.6 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a SITE ZIP command with a long first or second argument, or (2) a SITE COPY with a long argument.
Published Jan 9, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Spy Sweeper Enterprise Client (SpySweeperTray.exe) in WebRoot Spy Sweeper before 2.0 does not drop privileges when using the help functionality, which allows local users to gain privileges.
Published Jan 29, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users to cause a denial of service (crash) via a SITE PASS command with a long password parameter, which causes the database to be corrupted.
Published Jan 9, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 through 9 allows remote attackers to execute arbitrary code.
Published Jan 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field.
Published Jan 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote malicious FTP servers to overwrite arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.
Published Jan 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory.
Published Jan 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 allow local users to execute arbitrary code as the uucp user.
Published Jan 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with "%FF" encoded sequences that are improperly converted to "Y" characters.
Published Jan 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT.
Published Jan 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in System Administration Manager (SAM) in HP-UX B.11.00, B.11.11, B.11.22, and B.11.23 allows local users to gain privileges.
Published Jan 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via format string specifiers in a content URL, as demonstrated in the filename portion of a .mp3 file.
Published Jan 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
Published Jan 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The expat XML parser code, as used in the open source Jabber (jabberd) 1.4.3 and earlier, jadc2s 0.9.0 and earlier, and possibly other packages, allows remote attackers to cause a denial of service (application crash) via a malformed packet to a socket that accepts XML connections.
Published Jan 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.
Published Jan 6, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a malformed .hlp file, which leads to a heap-based buffer overflow.
Published Jan 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in in.named on Solaris 8 allows remote attackers to cause a denial of service (process crash).
Published Jan 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks.
Published Jan 29, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inaccessible, which could allow remote attackers to obtain sensitive information in conjunction with a directory traversal (..) attack.
Published Jan 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.
Published Jan 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module (BSM), which allows attackers to avoid having their activity logged.
Published Jan 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Crystal FTP Client 2.8 allows remote malicious servers to execute arbitrary code via a response to a LIST command that contains a file name with a long extension.
Published Jan 6, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script.
Published Jan 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role Based Access Control (RBAC), allows local users to execute certain commands with additional privileges.
Published Jan 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
X Display Manager (XDM) on Solaris 8 allows remote attackers to cause a denial of service (XDM crash) via an invalid X Display Manager Control Protocol (XDMCP) request.
Published Jan 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory.
Published Jan 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.
Published Jan 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."
Published Jan 29, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow local users to execute arbitrary code via (1) a long third argument to the rec2xml function or (2) a long filename argument to the generate_distfile procedure.
Published Jan 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The xdvizilla script in tetex-bin 2.0.2 creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack.
Published Jan 6, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when invoked by conv_lpd, allows local users to overwrite arbitrary files.
Published Jan 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user.
Published Jan 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.
Published Jan 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang.
Published Jan 6, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not properly log IP addresses when SSHD is configured with the ListenAddress as 0.0.0.0, which makes it easier for remote attackers to hide the source of their activities.
Published Jan 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users to cause a denial of service (kernel panic) via a malformed probe request to the SVM.
Published Jan 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local system.
Published Jan 6, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may allow local users to execute arbitrary code.
Published Jan 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in NetBSD kernel may allow local users to execute arbitrary code and gain privileges.
Published Jan 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges.
Published Jan 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The configuration backup in Asante FM2008 running firmware 1.06 stores the username and password in cleartext, which could allow remote attackers to gain unauthorized access.
Published Jan 6, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password.
Published Jan 19, 2005 · Updated Aug 8, 2024