Unknown · CVSS Not scored
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in index.php in CoolPHP 1.0-stable allows remote attackers to execute arbitrary web script or HTML via the (1) query or (2) nick parameters.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Ability Server 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long STOR command.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbitrary files via a symlink attack on the _private directory, which is created when Front Page extensions are enabled.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Mozilla allows remote attackers to cause a denial of service (application crash from invalid memory access) via an "unusual combination of visual elements," including several large MARQUEE tags with large height parameters, as demonstrated by mangleme.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in the WvTFTPServer::new_connection function in wvtftpserver.cc for WvTftp 0.9 allows remote attackers to execute arbitrary code via a long option string in a TFTP packet.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x allows remote attackers to execute arbitrary SQL statements via the Name parameter.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SalesLogix 6.1 includes usernames, passwords, and other sensitive information in the headers of an HTTP response, which could allow remote attackers to gain access.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Carbon Copy 6.0.5257 does not drop system privileges when opening external programs through the help topic interface, which allows local users to gain privileges via (1) the help topic interface in CCW32.exe, which launches Notepad, or (2) the help button in the Carbon Copy Scheduler (CCSched.exe).
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in SalesLogix 6.1 allows remote attackers to execute arbitrary SQL statements via the id parameter in a view operation.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in index.php in CoolPHP 1.0-stable allows remote attackers to access arbitrary files and execute local PHP scripts via a .. (dot dot) in the op parameter.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in SalesLogix 6.1 allows remote attackers to upload arbitrary files via a .. (dot dot) in a ProcessQueueFile request.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Adobe Acrobat and Acrobat Reader 6.0 allow remote attackers to read arbitrary files via a PDF file that contains an embedded Shockwave (swf) file that references files outside of the temporary directory.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2) computed when composed, or (3) computed text element fields. NOTE: the vendor has disputed this issue, saying that it is not a problem with Notes/Domino itself, but with the applications that do not properly handle this feature
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in ShixxNote 6.net build 117 allows remote attackers to execute arbitrary code via a long font field.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Clientexec allows remote attackers to gain sensitive information via an HTTP request to phpinfo.php, which calls the phpinfo function.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Flash Messaging clients can ignore disconnecting commands such as "shutdown" from the Flash Messaging Server 5.2.0g (rev 1.1.2), which could allow remote attackers to stay connected.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in GoSmart Message Board allows remote attackers to execute arbitrary SQL code via the (1) QuestionNumber and Category parameters to Forum.asp or (2) Username and Password parameter to Login_Exec.asp.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
AJ-Fork 167 allows remote attackers to gain sensitive information via a direct request to (1) auto-acronyms.php, (2) auto-archive.php, (3) ount-article-views.php, (4) kses.php, (5) custom-quick-tags.php, (6) disable-all-comments.php, (7) easy-date-format.php, (8) enable-disable-comments.php, (9) filter-by-author.php, (10) format-switcher.php, (11) long-to-short.php, (12) prospective-posting.php, or (13) sort-by-xfield.php, which displays the full path in an error message.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in render.UserLayoutRootNode.uP in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via the utf parameter.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in index.php in ocPortal 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the req_path parameter to reference a URL on a remote web server that contains a malicious funcs.php script.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Monolith games including (1) Alien versus Predator 2 1.0.9.6 and earlier, (2) Blood 2 2.1 and earlier, (3) No one lives forever 1.004 and earlier and (4) Shogo 2.2 and earlier allows remote attackers to cause a denial of service (application crash) via a long secure Gamespy query.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Vypress Messenger 3.5.1 and earlier allows remote attackers to execute arbitrary code via a message with a long first field.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
BlackBoard 1.5.1 allows remote attackers to gain sensitive information via a direct request to (1) checkdb.inc.php, (2) admin.inc.php or (3) cp.inc.php, which reveals the path in a PHP error message.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in index.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers to execute arbitrary web script or HTML via the module parameter.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in Judge Dredd: Dredd vs. Death 1.01 and earlier allows remote attackers to cause a denial of service (application crash) via format string specifiers in a chat message.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows remote attackers to execute arbitrary SQL commands via (1) the bug_id parameter in a viewvotes operation or (2) the project parameter in an add operation.
Published Feb 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Flash Messaging 5.2.0g (rev 1.1.2) and earlier allows remote attackers to cause a denial of service (application crash) via certain wide characters.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in BlackBoard 1.5.1 allows remote attackers to execute arbitrary PHP code by modifying the libpath parameter (incorrectly called "libpach") to reference a URL on a remote web server that contains _more.php, as demonstrated using checkdb.inc.php.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in GoSmart Message Board allows remote attackers to execute inject web script or HTML via the (1) Category parameter to Forum.asp or (2) MainMessageID parameter to ReplyToQuestion.asp.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote attackers to execute arbitrary SQL commands via the p parameter.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows remote attackers to execute arbitrary web script via an img src tag.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a denial of service (CPU consumption) via XML attributes in a crafted XML document.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to cause a denial of service (application crash) via a long (1) SAML, SOML, SEND, or MAIL command to the SMTP server or (2) LIST command to the IMAP server.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The web interface for Micronet Wireless Broadband Router SP916BM running firmware before 1.9 08/04/2004 resets the password to the default password when the router is shut off, which could allow remote attackers to gain access.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier allows remote attackers to cause a denial of service (service crash) via a long (1) username or (2) password.
Published Feb 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
AppServ 2.5.x and earlier installs a default username and password, which allows remote attackers to gain access.
Published Feb 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The displaycontent function in config.php for Just Another Flat file (JAF) CMS 3.0RC allows remote attackers to gain sensitive information via a blank show parameter, which reveals the installation path in an error message, as demonstrated using index.php.
Published Feb 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in the FTP server in TriDComm 1.3 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in FTP commands such as (1) DIR, (2) GET, or (3) PUT.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
MyWebServer 1.0.3 allows remote attackers to bypass authentication, modify configuration, and read arbitrary files via a direct HTTP request to (1) /admin or (2) ServerProperties.html.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause a denial of service (application crash) via the status command.
Published Feb 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
index.php in PHP Links allows remote attackers to gain sensitive information via an invalid show parameter, which reveals the full path in an error message.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The webmail service in 602 Lan Suite 2004.0.04.0909 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) by sending a POST request with a large Content-Length value, then disconnecting without sending that amount of data.
Published Feb 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in index.php in Invision Power Board 2.0.0 allows remote attackers to execute arbitrary web script or HTML via the Referer field in the HTTP header.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft SQL Server 7.0 allows remote attackers to cause a denial of service (mssqlserver service halt) via a long request to TCP port 1433, possibly triggering a buffer overflow.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in ParaChat Server 5.5 allows remote attackers to read arbitrary files via a ..%5C (hex-encoded dot dot) in the URL.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive information via an HTTP request with an invalid cat_id parameter, which reveals the full path in a PHP error message.
Published Feb 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in livre_include.php in @lex Guestbook allows remote attackers to execute arbitrary PHP code by modifying the chem_absolu parameter to reference a URL on a remote web server that contains the code.
Published Feb 20, 2005 · Updated Aug 8, 2024