Unknown · CVSS Not scored
index.php in phpWebSite 0.10.0 and earlier allows remote attackers to obtain sensitive information via an invalid SEA_search_module parameter, which reveals the path in a PHP error message.
Published Feb 27, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.
Published Feb 28, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23 allows remote authenticated users to gain "unauthorized access to files."
Published Feb 25, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
saveUser.do in Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows local users to gain privileges by setting the adminUser parameter to true.
Published Feb 24, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote attackers to obtain sensitive information via a direct request to the /about.html page.
Published Feb 24, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd.
Published Feb 25, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php.
Published Feb 24, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post.
Published Feb 25, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
consoleConnect.jsp in Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote attackers to connect to arbitrary consoles by modifying the consolename parameter.
Published Feb 24, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.php, (5) relation_cleanup.lib.php, (6) header_meta_style.inc.php, (7) get_foreign.lib.php, (8) display_tbl_links.lib.php, (9) display_export.lib.php, (10) db_table_exists.lib.php, (11) charset_conversion.lib.php, (12) ufpdf.php, (13) mysqli.dbi.lib.php, (14) setup.php, or (15) cookie.auth.lib.php, which reveals the path in a PHP error message.
Published Feb 24, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
PeerFTP_5 stores sensitive information such as passwords in plaintext in the PeerFTP.ini files, which allows local users to gain privileges.
Published Feb 23, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users.
Published Feb 24, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4 may allow local users to trigger a buffer overflow via negative arguments.
Published Feb 24, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) Shop 1.2 may allow remote attackers to execute arbitrary SQL statements via the (1) cats, (2) l_price, or (3) u_price parameters.
Published Feb 24, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Gigafast router (aka CompUSA router) allows remote attackers to gain sensitive information and bypass the login page via a direct request to backup.cfg, which reveals the administrator password in plaintext.
Published Feb 21, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The Quake 3 engine, as used in multiple game packages, allows remote attackers to cause a denial of service (shutdown game server) and possibly crash the server via a long infostring, possibly triggering a buffer overflow.
Published Feb 16, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Buffer overflow in the MoxaDriverIoctl function for the moxa serial driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x before 2.6.22 allows local users to execute arbitrary code via a certain modified length value.
Published Feb 22, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks.
Published Feb 21, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Signedness error in the copy_from_read_buf function in n_tty.c for Linux kernel 2.6.10 and 2.6.11rc1 allows local users to read kernel memory via a negative argument.
Published Feb 24, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in (1) GinpPictureServlet.java and (2) PicCollection.java in ginp (Java Photo Gallery Web Application) before 0.22 allows remote attackers to read arbitrary files.
Published Feb 24, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
ADP Elite System Max 9000 allows remote authenticated users to gain privileges by uploading a .profile that sets the ADPROOT environment variable to the root directory.
Published Feb 21, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<".
Published Feb 16, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote attackers to inject arbitrary web script or HTML via the (1) sn1, (2) year, or (3) page parameter to zboard.php or (4) filename to view_image.php.
Published Feb 21, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The ImageGalleryPlugin (ImageGalleryPlugin.pm) in Twiki allows remote attackers to execute arbitrary commands via certain commands that generate thumbnails.
Published Feb 23, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unknown vulnerability in Information Resource Manager (IRM) before 1.5.2.1 allows remote attackers to have "potentially serious" impact, related to LDAP logins.
Published Feb 22, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Chat Anywhere 2.72a stores sensitive information such as passwords in plaintext in the .INI file for a chatroom, which allows local users to gain privileges.
Published Feb 23, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
eXeem 0.21 stores sensitive information such as passwords in plaintext in the Exeem registry key, which allows local users to gain privileges via the proxy_user and proxy_password values.
Published Feb 23, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Verity Ultraseek before 5.3.3 allows remote attackers to inject arbitrary HTML and web script via search parameters.
Published Feb 23, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in ComGetLogFile.php3 for TrackerCam 5.12 and earlier allows remote attackers to read arbitrary files via ".." sequences and (1) "/" slash), (2) "\" (backslash), or (3) hex-encoded characters in the fn parameter.
Published Feb 19, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
CRLF injection vulnerability in bizmail.cgi in Biz Mail Form before 2.2 allows remote attackers to bypass the email check and send spam e-mail via CRLF sequences and forged mail headers in the email parameter.
Published Feb 21, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication.
Published Feb 21, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2004-1693.
Published Feb 23, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.
Published Feb 21, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back door, which allows remote attackers to access the file system and possibly execute arbitrary commands.
Published Feb 21, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows remote attackers to read arbitrary files via (1) ../ and (2) ..\ characters in an HTTP request.
Published Feb 21, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Sami HTTP Server 1.0.5 allows remote attackers to cause a denial of service via an HTTP request containing two CRLF sequences, which triggers a NULL dereference.
Published Feb 16, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c for Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4, when running on 64-bit architectures, may allow local users to trigger a buffer overflow as a result of casting discrepancies between size_t and int data types.
Published Feb 24, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x allows remote attackers to execute arbitrary code via a long type 77 request.
Published Feb 21, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Buffer overflow in Bontago 1.1 and earlier allows remote attackers to execute arbitrary code via a long nickname.
Published Feb 21, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Gigafast router (aka CompUSA router) with the DNS proxy option enabled allows remote attackers to cause a denial of service via malformed DNS queries.
Published Feb 21, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to cause a denial of service (application crash) via a PDF file that contains a negative Count value in the root page node.
Published Feb 21, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unknown vulnerability in IBM Hardware Management Console (HMC) before 4.4 for POWER5 servers allows local users to gain privileges, related to the Guided Setup Wizard.
Published Feb 24, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple memory leaks in the MQL parser in Emdros before 1.1.22 allow remote attackers to cause a denial of service (memory consumption) via malformed MQL statements.
Published Feb 14, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The RgSecurity form in the HTTP server for the Thomson TCW690 cable modem running firmware 2.1 and software ST42.03.0a does not properly validate the password before performing changes, which allows remote attackers on the LAN to gain access via a direct POST request.
Published Feb 21, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (hang) via a flood of certain ARP packets.
Published Feb 15, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unknown vulnerability in NewsBruiser 2.x before 2.6.1 allows remote attackers to "take actions on comments."
Published Feb 17, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and Tarantella Enterprise 3 3.40 and 3.30, when using RSA SecurID and multiple users have the same username, reveals sensitive information during authentication, which allows remote attackers to identify valid usernames and the authentication scheme.
Published Feb 19, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Sun Java JRE 1.1.x through 1.4.x writes temporary files with long filenames that become predictable on a file system that uses 8.3 style short names, which allows remote attackers to write arbitrary files to known locations and facilitates the exploitation of vulnerabilities in applications that rely on unpredictable file names.
Published Feb 19, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in the user_valid_crypt function in user.php in WebCalendar 0.9.45 allows remote attackers to execute arbitrary SQL commands via an encoded webcalendar_session cookie.
Published Feb 19, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unknown "major security flaws" in Ulog-php before 1.0, related to input validation, have unknown impact and attack vectors, probably related to SQL injection vulnerabilities in (1) host.php, (2) port.php, and (3) index.php.
Published Feb 17, 2005 · Updated Aug 7, 2024