Medium · CVSS 5.3
The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.
Published Aug 16, 2005 · Updated May 28, 2026
High · CVSS 8.4
Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed
Published Aug 16, 2005 · Updated Jan 16, 2025
High · CVSS 7.5
mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference.
Published Aug 19, 2004 · Updated Jan 16, 2025
Unknown · CVSS Not scored
Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (CPU consumption) via delayed responses to DNS queries.
Published Aug 17, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unknown "overflow" in the phpgw_config table for phpGroupWare before 0.9.14.002 has unknown attack vectors and impact.
Published Aug 18, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 allows remote attackers to obtain sensitive information via a user message that is generated when Mbedthis denies access.
Published Aug 16, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in the text parameter, which is checked for dangerous sequences before it is canonicalized, leading to a cross-site scripting (XSS) vulnerability.
Published Aug 4, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script.
Published Aug 4, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the %template package in InterSystems Cache' 5.0 allows attackers to access certain files on a server, including (1) cache.key and (2) cache.dat, related to .csp files under (a) Dev\studio\templates and (b) Devuser\studio\templates.
Published Aug 20, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the administrator does not change the credential by using the NMAP Credential Generator.
Published Aug 5, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown attack vectors and impact, related to a "security hole" in the Setup/Config functionality.
Published Aug 18, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64, which may allow remote attackers to bypass access restrictions.
Published Aug 16, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users to obtain passwords, related to the password table.
Published Aug 20, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in explorer.php in DSM Light Web File Browser 2.0 allows remote attackers to read arbitrary files via .. (dot dot) in the wdir parameter.
Published Aug 4, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter.
Published Aug 4, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the %XML.Utils.SchemaServer class in InterSystems Cache' 5.0 allows attackers to access arbitrary files on a server.
Published Aug 20, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unknown vulnerability in sh_hash_compdata for Samhain 1.8.9 through 2.0.1 might allow attackers to cause a denial of service (null pointer dereference).
Published Aug 18, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002 account of the GEMNet license server, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.
Published Aug 4, 2015 · Updated Aug 8, 2024
Unknown · CVSS Not scored
sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability.
Published Aug 4, 2008 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Soft3304 04WebServer before 1.41 allows remote attackers to cause a denial of service (resource consumption or crash) via certain data related to OpenSSL, which causes a thread to terminate but continue to hold resources.
Published Aug 17, 2006 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Soft3304 04WebServer before 1.41 does not properly check file names, which allows remote attackers to obtain sensitive information (CGI source code).
Published Aug 17, 2006 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The (1) SetDebugging and (2) RunEgatherer methods in IBM Access Support eGatherer ActiveX control 2.0.0.16 allow remote attackers to create files with arbitrary content, as demonstrated by creating a .hta file in a Startup folder.
Published Aug 18, 2006 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Agnitum Outpost Pro Firewall 2.1 allows remote attackers to cause a denial of service (CPU consumption) via a flood of small, invalid packets, which can not be processed quickly enough by Outpost Pro.
Published Aug 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive information via URLs containing invalid hostnames that cause DNS operations to fail, which results in references to previously used error messages.
Published Aug 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
Published Aug 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers to execute arbitrary SQL commands via the mid parameter to sendtofriend.php.
Published Aug 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Roger Wilco 1.4.1.6 and earlier, or Roger Wilco Base Station 0.30a or earlier, allows remote attackers to send audio to arbitrary channels, aka the "Voices from the deep" bug.
Published Aug 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Reservation.class.php for phpScheduleIt 1.01 and earlier allows attackers to modify or delete reservations.
Published Aug 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
MyProxy 6.58 allows remote authenticated users in the Users Tab to connect to arbitrary hosts from the MyProxy server, possibly bypassing access restrictions, by connecting to the proxy and issuing a CONNECT command.
Published Aug 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta) and 0.9.4, when register_globals is enabled, has unknown impact and attack vectors.
Published Aug 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (infinite loop and crash) via an IFRAME with "?" as the file source.
Published Aug 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
DiamondCS Process Guard Free 2.000 allows local users to disable the process guard protection system by overwriting the current Service Descriptor Table (SDT) in \device\physicalmemory with the original SDT found in ntoskrnl.exe.
Published Aug 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and earlier allows remote attackers to cause a denial of service (application crash) via a long, malformed UDP datagram.
Published Aug 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in 3Com OfficeConnect ADSL 11g Router allows remote attackers to cause a denial of service (crash) via a large amount of UDP traffic.
Published Aug 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Sweex Wireless Broadband Router/Accesspoint 802.11g (LC000060) allows remote attackers to obtain sensitive information and gain privileges by using TFTP to download the nvram file, then extracting the username, password, and other data from the file.
Published Aug 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple stack-based and heap-based buffer overflows in EnderUNIX spamGuard before 1.7-BETA allow remote attackers to execute arbitrary code via the (1) qmail_parseline and (2) sendmail_parseline functions in parser.c, (3) loadconfig and (4) removespaces functions in loadconfig.c, and possibly (5) unspecified functions in functions.c.
Published Aug 18, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Jaws 0.3 allows remote attackers to bypass authentication and via an HTTP request to admin.php with the logged cookie set to the MD5 hash of a null password, which is compared against the logged session variable by the logged_on function in application.php.
Published Aug 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in Hitachi Cosminexus Portal Framework 01-00, 01-01, 01-02, 02-01, 02-02, 02-03, and other versions allows remote attackers to obtain sensitive information in the <ut:cache> tag library.
Published Aug 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and earlier allows local users to obtain proxy credentials (username or password) of other users.
Published Aug 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
wmFrog weather monitor 0.1.6 and other versions before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Published Aug 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Open WebMail 2.30 and earlier, when use_syshomedir is disabled or create_syshomedir is enabled, creates new directories before authenticating, which allows remote attackers to create arbitrary directories.
Published Aug 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.
Published Aug 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest that the demonstration code's use of the res:// protocol does not cross privilege boundaries, since it is not allowed in the Internet Zone. Thus this might not be a vulnerability.
Published Aug 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Kerio MailServer before 6.0.3 has unknown impact and unknown remote attack vectors, related to a "potential security issue."
Published Aug 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.
Published Aug 18, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 allows remote attackers to inject arbitrary web script or HTML via the Mailbox parameter to (1) viewmail.tagz, (2) the index script under /user/, (3) members.tagz, (4) general.tagz, (5) advanced.tagz, or (6) list.tagz.
Published Aug 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in chat.ghp in Easy Chat Server 1.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
Published Aug 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
cplay 1.49 on Linux allows local users to overwrite arbitrary files via a symlink attack on the cplay_control temporary file.
Published Aug 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in ADA Image Server (ImgSvr) 0.4 allows remote attackers to read arbitrary files or list directories via hex-encoded "..//" sequences ("%2e%2e%2f%2f"). NOTE: it was later reported that 0.6.21 and earlier is also affected.
Published Aug 20, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in MadBMS before 1.1.5 has unknown impact and attack vectors, related to logins.
Published Aug 20, 2005 · Updated Aug 8, 2024