High · CVSS 7.8 · CISA KEV
The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
Published Jul 14, 2004 · Updated Oct 22, 2025
Medium · CVSS 5.3
phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request.
Published Jul 17, 2005 · Updated Jan 16, 2025
Unknown · CVSS Not scored
Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when the "Display hidden files" option is enabled, via the (1) MLSD or (2) MLST commands.
Published Jul 2, 2010 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unknown vulnerability in Moodle before 1.2 allows teachers to log in as administrators.
Published Jul 17, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to conduct HTTP response splitting attacks via unknown vectors.
Published Jul 10, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Published Jul 10, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact and attack vectors.
Published Jul 10, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance.
Published Jul 10, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
DansGuardian before 2.7.7-2 allows remote attackers to bypass URL filters via a ".." in the request.
Published Jul 19, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook allow attackers to cause a denial of service (crash) via malformed e-mail messages (1) without a body or (2) without a carriage return ("\n") separating the headers from the body.
Published Jul 1, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Goollery before 0.04b allows remote attackers to inject arbitrary HTML or web script via the conversation_id parameter to viewpic.php.
Published Jul 17, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unknown vulnerability in Moodle before 1.3.3 has unknown impact and attack vectors, related to language setting.
Published Jul 17, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is configured by default to trust sessmgr.exe, which allows local users to use sessmgr.exe to create a local listening port that bypasses the ICF access controls.
Published Jul 10, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Format string vulnerability in xml_elem.c for XMLStarlet Command Line XML Toolkit 0.9.3 may allow attackers to cause a denial of service or execute arbitrary code.
Published Jul 10, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum 1.61 allow remote attackers to inject arbitrary web script or HTML via the (1) country parameter to view_user.php, (2) show parameter to view_forum.php, (3) letter parameter to view_user.php, (4) highlight parameter to view_topic.php, (5) show parameter to index.php, (6) q parameter to search.php, (7) Referer header to admin.php, or the (8) user_email parameter to login.php.
Published Jul 10, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors.
Published Jul 10, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote attackers to bypass URL filters via a crafted request that causes a page to be added to the clean page cache.
Published Jul 19, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values.
Published Jul 10, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unknown vulnerability in the "admin of paypal email addresses" in AudienceConnect before 1.0.beta.21 has unknown impact and attack vectors.
Published Jul 17, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
Published Jul 10, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which allows context-dependent attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal), a related issue to CVE-2003-0147.
Published Jul 5, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in Express-Web Content Management System (CMS) allow remote attackers to steal cookie-based authentication information and possibly perform other exploits via the (1) n, (2) b, (3) e, or (4) a parameters to default.asp, (5) the Referer header in an HTTP request to login.asp, or (6) the email parameter to subscribe/default.asp.
Published Jul 10, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis Manager allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Published Jul 10, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Published Jul 10, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to execute arbitrary shell commands via the query string.
Published Jul 10, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server.
Published Jul 10, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unknown vulnerability in Moodle before 1.3.4 has unknown impact and attack vectors, related to "strings in Moodle texts."
Published Jul 17, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
efFingerD 0.2.12 allows remote attackers to cause a denial of service (daemon crash) via a packet with a single byte, which triggers a "Wrong protocol or connection state" error.
Published Jul 19, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page views, (3) SpecialIpblocklist, (4) SpecialEmailuser, (5) SpecialMaintenance, and (6) ImagePage.
Published Jul 10, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
PeerSec MatrixSSL before 1.1 caches session keys for an indefinitely long time, which might make it easier for remote attackers to hijack a session.
Published Jul 5, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command.
Published Jul 17, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PimenGest2 before 1.1.1 allows remote attackers to obtain the database password via debug information in rowLatex.inc.php.
Published Jul 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in the "access code" in SecureEditor before 0.1.2 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions.
Published Jul 17, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in pads.c in Passive Asset Detection System (Pads) might allow local users to execute arbitrary code via a long report file name argument. NOTE: since Pads is not normally installed setuid, this may not be a vulnerability.
Published Jul 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
FsPHPGallery before 1.2 allows remote attackers to cause a denial of service via an image with a large size attribute, which causes a crash when the server attempts to resize the image.
Published Jul 17, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in search.php in Phorum, possibly 5.0.7 beta and earlier, allows remote attackers to inject arbitrary HTML or web script via the subject parameter.
Published Jul 17, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in the "access code" in RemoteEditor before 0.1.6 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions.
Published Jul 17, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not properly detect certain password-protected files in a ZIP file, which allows remote attackers to bypass anti-virus protection.
Published Jul 17, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in Ansel 2.1 and earlier allows remote attackers to modify SQL statements via the image parameter.
Published Jul 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks.
Published Jul 17, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in aGSM Half-Life client allows remote Half-Life servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server response.
Published Jul 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in Moodle before 1.2 has unknown impact and attack vectors, related to improper filtering of text.
Published Jul 17, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown cross-site scripting (XSS) vulnerability in the web GUI in vHost before 3.10r1 has unknown impact and attack vectors.
Published Jul 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Opera Browser 7.23, and other versions before 7.50, updates the address bar as soon as the user clicks a link, which allows remote attackers to redirect to other sites via the onUnload attribute.
Published Jul 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in index.php in FsPHPGallery before 1.2 allows remote attackers to list arbitrary directories via the dir parameter.
Published Jul 17, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows remote attackers to inject arbitrary HTML or web script via the (1) page parameter to viewalbum.php or (2) btopage parameter to viewpic.php.
Published Jul 17, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 allows attackers to execute arbitrary commands as root via unknown vectors in the sample code.
Published Jul 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers to cause a denial of service (crash) via unknown vectors related to Java applets, as identified by KSPR62F4KN.
Published Jul 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument.
Published Jul 19, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and 5.52, 4.60 for Samba Servers, and 4.52 and earlier for Linux does not properly detect certain viruses in a PKZip archive, which allows viruses such as Sober.D and Sober.G to bypass initial detection.
Published Jul 19, 2005 · Updated Aug 8, 2024