Unknown · CVSS Not scored
Directory traversal vulnerability in source.php in Quick & Dirty PHPSource Printer 1.1 and earlier allows remote attackers to read arbitrary files via ".../...//" sequences in the file parameter, which are reduced to "../" when PHPSource Printer uses a regular expression to remove "../" sequences.
Published Jul 6, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
WebCalendar before 1.0.0 does not properly restrict access to assistant_edit.php, which allows remote attackers to gain privileges.
Published Jul 19, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a allows remote attackers to inject arbitrary web script or HTML via the searchtype or searchterm parameters to (1) results.php or (2) categorysearch.php.
Published Jul 19, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in default.asp for FSboard 2.0 allows remote attackers to read arbitrary files via ".." sequences in the filename parameter.
Published Jul 5, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg.
Published Jul 19, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
delete.php in Plague News System 0.6 and earlier allows remote unauthenticated attackers to delete news, comments, and shoutbox posts by modifying the id parameter.
Published Jul 6, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information.
Published Jul 12, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 and earlier allows remote attackers to execute arbitrary code via the serverPath parameter.
Published Jul 6, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in class.ticket.php in osTicket 1.3.1 beta and earlier allows remote attackers to execute arbitrary SQL commands via the ticket variable.
Published Jul 6, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unknown vulnerability in the SMTP service in MailEnable Standard before 1.9 and Professional before 1.6 allows remote attackers to cause a denial of service (crash) during authentication.
Published Jul 12, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unknown vulnerability in the HTTPMail service in MailEnable Professional before 1.6 has unknown impact and attack vectors.
Published Jul 12, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restrict Image datatype uploads to image content types, which allows remote authenticated users to upload certain types of files, as demonstrated by .js files, which may enable cross-site scripting (XSS) attacks or other attacks.
Published Jul 6, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 might allow local users to execute arbitrary code via long command line arguments to (1) penable or other hard-linked files including (2) pdisable, (3) pstart, (4) phold, (5) pdelay, or (6) pshare.
Published Jul 12, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete.
Published Jul 8, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message titles of a hidden forum.
Published Jul 12, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects.
Published Jul 6, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow local users to execute arbitrary code via a long command line argument.
Published Jul 12, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow remote attackers to modify SQL statements via unknown attack vectors.
Published Jul 17, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
WebEOC before 6.0.2 does not properly check user authorization, which allows remote attackers to gain privileges via a direct request to a resource.
Published Jul 17, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
eZ publish 3.5 through 3.7 before 20050608 requires both edit and create permissions in order to submit data, which allows remote attackers to edit data submitted by arbitrary anonymous users.
Published Jul 6, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ProPack 3 with SP 5 and 6, and SGI ProPack 4, allows local users to execute arbitrary shells as root on other hosts in the cluster or array.
Published Jul 12, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
WebEOC before 6.0.2 does not properly restrict the size of an uploaded file, which allows remote authenticated users to cause a denial of service (system and database resource consumption) via a large file.
Published Jul 17, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
eZ publish 3.5 through 3.7 before 20050830 does not use a folder's read permissions to restrict notifications, which allows remote authenticated users to obtain sensitive information about changes to content in arbitrary folders.
Published Jul 6, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with (1) "anything after the url" or (2) a "wrong url".
Published Jul 6, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The siteaccess URIMatching implementation in eZ publish 3.5 through 3.8 before 20050812 converts all non-alphanumeric characters in a URI to '_' (underscore), which allows remote attackers to bypass access restrictions by inserting certain characters in a URI, as demonstrated by a request for /admin:de, which matches a rule allowing only /admin_de to access /admin.
Published Jul 6, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access Point before 1.03.12 allows remote attackers to obtain sensitive information via the web interface.
Published Jul 27, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Internet Graphics Server in SAP before 6.40 Patch 11 allows remote attackers to read arbitrary files via ".." sequences in an HTTP GET request.
Published Jul 26, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow local users to cause a denial of service (kernel crash) by using the set-parameters ioctl on an audio device to change the block size and set the pause state to "unpaused" in the same ioctl, which causes a divide-by-zero error.
Published Jul 5, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in verify.asp in EtoShop Dynamic Biz Website Builder (QuickWeb) 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) T1 or (2) T2 parameters.
Published Jul 5, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in CartWIZ allow remote attackers to modify SQL statements via the (1) idProduct parameter to tellAFriend.asp, (2) sortType parameter to viewSupportTickets.asp, or the id parameter to (3) updateCreditCards.asp or (4) deleteCreditCards.asp.
Published Jul 11, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to cause a denial of service (port exhaustion and memory consumption) by using all ephemeral ports.
Published Jul 12, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Golden FTP Server 2.60 allows remote authenticated attackers to list arbitrary directories via a "\.." (backslash dot dot) in an LS (LIST) command.
Published Jul 5, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in gals.php in PhotoGal Photo Gallery 1.5 and earlier allows remote attackers to execute arbitrary code via the news_file parameter.
Published Jul 12, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Published Jul 11, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
SMS 1.9.2m and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) request1 or (2) request2 temporary files.
Published Jul 19, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in showerr.asp in DVBBS 7.1 SP2 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
Published Jul 19, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
Published Jul 5, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
CenterICQ 4.20.0 and earlier creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack on the gg.token.PID temporary file.
Published Jul 17, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown impact and attack vectors.
Published Jul 12, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
mimicboard2 (Mimic2) 086 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mimic2.dat.
Published Jul 6, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact and attack vectors, possibly involving a PHP file inclusion vulnerability.
Published Jul 13, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Unknown vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to cause a denial of service or access files via crafted HTTP requests.
Published Jul 11, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which makes it easier for attackers to crack passwords.
Published Jul 17, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked as "safe for scripting" for Internet Explorer, which allows remote attackers to create or append to arbitrary files.
Published Jul 1, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
Published Jul 13, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
login.php in phpWishlist before 0.1.15 allows remote attackers to bypass authentication via a direct request to admin.php.
Published Jul 11, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in index.php in Plague News System 0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the cid parameter.
Published Jul 6, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Prevx Pro 2005 1.0 allows local users to bypass file protection and modify files by using MapViewOfFile to perform memory mapping on the file.
Published Jul 5, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Backup Manager 0.5.8a creates temporary files insecurely, which allows local users to conduct unauthorized file operations when a user is burning a CDR.
Published Jul 11, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
oftpd 0.3.7 allows remote attackers to cause a denial of service via a USER command with a large number of null (\0) characters.
Published Jul 12, 2005 · Updated Sep 16, 2024