Unknown · CVSS Not scored
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call.
Published Oct 6, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the report viewer in Crystal Enterprise 8.5, 9, and 10 allows remote attackers to inject arbitrary web script or HTML via script in the URL to a report (RPT) file.
Published Oct 9, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the FTP server of Hummingbird Connectivity 7.1 and 9.0 allows remote, authenticated users to cause a denial of service (application crash) via a long argument to the XCWD command.
Published Oct 9, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords.
Published Oct 6, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local users to cause a denial of service (IMWheel crash) and possibly modify arbitrary files via a symlink attack on the imwheel.pid file.
Published Oct 6, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Inetd32 Administration Tool of Hummingbird Connectivity 7.1 and 9.0 allows local users to execute arbitrary code by changing the program for handling incoming connections.
Published Oct 9, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The CheckGroup function in openSkat VTMF before 2.1 generates public key pairs in which the "p" variable might not be prime, which allows remote attackers to determine the private key and decrypt messages.
Published Oct 6, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top".
Published Oct 6, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters.
Published Oct 6, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Clearswift MIMEsweeper 5.0.5, when it has been upgraded from MAILsweeper for SMTP version 4.3 or MAILsweeper Business Suite I or II, allows remote attackers to bypass scanning by including encrypted data in a mail message, which causes the message to be marked as "Clean" instead of "Encrypted".
Published Oct 6, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
NewsPHP allows remote attackers to gain unauthorized administrative access by setting a cookie to the "autorized=admin; root=admin" value.
Published Oct 6, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file). NOTE: this might be related to CVE-2006-5002.
Published Oct 6, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. NOTE: the provenance of this information is unknown; details are obtained from third party reports.
Published Oct 6, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not handled using the php_escape_shell_cmd function.
Published Oct 6, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in index.php in NewsPHP allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter. NOTE: this issue might overlap vector 3 in CVE-2006-3358.
Published Oct 6, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unrestricted file upload vulnerability in the Administration Panel for NewsPHP allows remote authenticated administrators to upload and execute arbitrary code instead of video files.
Published Oct 6, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in the msg command (cat_message function in msg.c) in OpenFTPD 0.30.2 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in the message argument.
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to determine internal directory structures via unknown attack vectors.
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in VMware Workstation 4.5.2 build-8848, if running with elevated privileges, might allow local users to execute arbitrary code via format string specifiers in command line arguments. NOTE: it is not clear if there are any default or typical circumstances under which VMware would be running with privileges beyond those already available to the attackers, so this might not be a vulnerability.
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Visual truncation vulnerability in Gadu-Gadu allows remote attackers to spoof the file extension on transmitted files via a filename with a large number of spaces followed by the real extension, which is not displayed in the dialog box.
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running.
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in Network Appliance NetCache 5.2 and Data ONTAP 6.0 allows remote attackers to cause a denial of service (panic and reboot) and possibly other impacts via unknown attack vectors, possibly related to unspecified worms, as identified by bug ID
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Absolute path traversal vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to read arbitrary files via an absolute pathname in the next_file parameter.
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the IMAP service of MailEnable Professional Edition 1.52 and Enterprise Edition 1.01 allows remote attackers to execute arbitrary code via (1) a long command string or (2) a long string to the MEIMAP service and then terminating the connection.
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Direct static code injection vulnerability in the PCG simple application generation in phpCodeGenie before 3.0.2 allows remote authenticated users to execute arbitrary code via the (1) header or (2) footer.
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web (GmaxWWW) Desktop 5, 6, and Desktop for Jichitai 6, allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter.
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Gadu-Gadu allows remote attackers to bypass the "image send" option by sending a very small image file, which could be used in conjunction with image-related vulnerabilities.
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable.
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Mail server in Gattaca Server 2003 1.1.10.0 allows remote attackers to perform a denial of service (application crash) via a large number of connections to TCP port (1) 25 (SMTP) or (2) 110 (POP).
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier allows remote attackers to cause a denial of service via unknown attack vectors when a web site is "improperly accessed."
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys.
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier allows remote attackers to obtain plaintext username and password credentials by using the clogin_e and base64_encode functions to encode the desired user ID in the c parameter, then read the plaintext values in the resulting form.
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
INweb Mail Server 2.40 allows remote attackers to cause a denial of service (crash) via a large number of connect/disconnect actions to the (1) POP3 and (2) SMTP services.
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated users to read or list arbitrary files via (1) "..", (2) "\..\" (backslash dot dot), or (3) "/../" sequences in (a) RETR (get), (b) NLST (ls), (c) LIST (ls), (d) RNFR, or (e) RNTO FTP commands.
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid parameter in annoucement.php; (7) the cid parameter in news.php; (8) the cid parameter in contents.php; (9) the q parameter in search.php; and (10) the country parameter in register.php.
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Gattaca Server 2003 1.1.10.0 allows remote attackers to cause a denial of service (CPU consumption) via directory specifiers in the LANGUAGE parameter to (1) index.tmpl and (2) web.tmpl, such as (a) slash "/", (b) backslash "\", (c) dot ".",, (d) dot dot "..", and (e) internal slash "lang//en".
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a "Webmail security bug."
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) login.php, and (3) online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers to inject arbitrary web script or HTML via the Cat parameter.
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 does not invalidate the per-TSS io_bitmap pointers if a process obtains IO access permissions from the ioperm function but does not drop those permissions when it exits, which allows other processes to access the per-TSS pointers, access restricted memory locations, and possibly gain privileges.
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the PHPSESSID parameter.
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in sresult.exe in Webcam Watchdog 4.0.1a allows remote attackers to inject arbitrary web script or HTML via the cam parameter.
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in PHP Live! before 2.8.2, due to a "major security problem," allows remote attackers to include arbitrary files and directories via unspecified attack vectors.
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, executes child processes such as NOTEPAD.EXE with SYSTEM privileges when users create new files, which allows local users with physical access to gain privileges.
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in IlohaMail before 0.8.14-rc1 has unknown impact and attack vectors.
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Groupmax World Wide Web (GmaxWWW) 2 and 3, and Desktop 5, 6, and Desktop for Jichitai allows remote authenticated users to read arbitrary .html files via the template name parameter.
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command.
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The (1) Webmail, (2) admin, and (3) SMTP services in Ability Mail Server 1.18 allow remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous connections to the service.
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in showflat.php in Infopop UBB.Threads before 6.5 allows remote attackers to inject arbitrary web script or HTML via the Cat parameter.
Published Oct 25, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Fastream NETFile Server 7.1.2 does not properly handle keep-alive connection timeouts and does not close the connection after a HEAD request, which allows remote attackers to perform a denial of service (connection consumption) by sending a large number HTTP HEAD requests.
Published Oct 25, 2005 · Updated Aug 8, 2024