Unknown · CVSS Not scored
The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg.
Published Jul 19, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions.
Published Oct 6, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
delete.php in Plague News System 0.6 and earlier allows remote unauthenticated attackers to delete news, comments, and shoutbox posts by modifying the id parameter.
Published Jul 6, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out the admin user account after multiple incorrect password guesses, which allows remote attackers who know or guess the admin account name to cause a denial of service (blocked admin logins).
Published Apr 1, 2006 · Updated Sep 17, 2024
Unknown · CVSS Not scored
global.php in YaPiG 0.92b allows remote attackers to include arbitrary local files via the BASE_DIR parameter.
Published Jun 7, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Einstein 1.0 stores credit card information in plaintext in the world-readable wallets.dat file, which allows local users to steal the information.
Published Mar 2, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1.0.72 allow remote attackers to inject arbitrary web script or HTML via (1) dl-search.php or (2) wl-search.php.
Published Sep 7, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through 8.2.2 allows local users with SELECT privileges to conduct unauthorized activities and insert, update or delete table contents.
Published Jun 29, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4) formmailer/logfile.csv.
Published Mar 31, 2009 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information.
Published Jul 12, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 and earlier allows remote attackers to execute arbitrary code via the serverPath parameter.
Published Jul 6, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
ioFTPD 0.5.84 u responds with different messages depending on whether or not a username exists, which allows remote attackers to enumerate valid usernames.
Published Jan 27, 2006 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in Xeobook 0.93 allow remote attackers to inject arbitrary web script or HTML via Javascript events in tages such as <b>.
Published Oct 23, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple unknown vulnjerabilities HP OpenView Event Correlation Services (OV ECS) 3.32 and 3.33 allow attackers to cause a denial of service or execute arbitrary code.
Published May 3, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" even when the user has selected the "Require pairing for security" option, which could confuse users about which setting is valid.
Published Aug 19, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in class.ticket.php in osTicket 1.3.1 beta and earlier allows remote attackers to execute arbitrary SQL commands via the ticket variable.
Published Jul 6, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files.
Published Feb 27, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to inject arbitrary Javascript via a URL with a "..." (triple dot) followed by an onmouseover event.
Published May 18, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in shop.cgi in Remote Cart allows remote attackers to inject arbitrary web script or HTML via the (1) merchant or (2) demo parameters.
Published May 16, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier may allow local users to gain privileges via a long (1) XAPPLRESLANGPATH or (2) XAPPLRESDIR environment variable, or (3) command line argument.
Published May 2, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unknown vulnerability in the SMTP service in MailEnable Standard before 1.9 and Professional before 1.6 allows remote attackers to cause a denial of service (crash) during authentication.
Published Jul 12, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
frox 0.7.18, when running setuid root, does not properly drop privileges when reading a configuration file, which allows local users to read portions of arbitrary files via the -f command line option.
Published Sep 7, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID.
Published Dec 15, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in the semop system call in Mac OS X 10.3.9 and earlier allows local users to gain privileges via crafted arguments.
Published May 12, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in blenderplay in Blender Player 2.37a allows attackers to execute arbitrary code via a long command line argument.
Published Oct 5, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unknown vulnerability in the HTTPMail service in MailEnable Professional before 1.6 has unknown impact and attack vectors.
Published Jul 12, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
BisonFTP Server V4R1 allows remote authenticated users to cause a denial of service via an invalid command with a long argument.
Published Jun 29, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restrict Image datatype uploads to image content types, which allows remote authenticated users to upload certain types of files, as demonstrated by .js files, which may enable cross-site scripting (XSS) attacks or other attacks.
Published Jul 6, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Idetix Software Systems Revize CMS stores conf/revize.xml under the web document root with insufficient access control, which allows remote attackers to obtain sensitive configuration information.
Published Nov 21, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unknown vulnerability in FlexCast Audio Video Streaming Server before 2.0 has unknown impact and attack vectors.
Published Jun 8, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to bypass authentication by modifying the email parameter.
Published May 18, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The SNMP service in the Belkin 54G (F5D7130) wireless router allows remote attackers to cause a denial of service via unknown vectors.
Published Mar 22, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 might allow local users to execute arbitrary code via long command line arguments to (1) penable or other hard-linked files including (2) pdisable, (3) pstart, (4) phold, (5) pdelay, or (6) pshare.
Published Jul 12, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in Copernicus Europa allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published Dec 29, 2006 · Updated Sep 17, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in verify.asp for Ecomm Professional Guestbook 3.x allows remote attackers to execute arbitrary SQL commands via the AdminPWD parameter.
Published May 3, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
AFP Server for Mac OS X 10.4.1, when using an ACL enabled volume, does not properly remove an ACL when a file is copied to a directory that does not use ACLs, which will override the POSIX file permissions for that ACL.
Published Jun 14, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
A "missing request validation" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying certain parameters or other inputs.
Published Dec 22, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact.
Published May 3, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in admin/about.php in contentServ 3.1 allows remote attackers to read or include arbitrary files via ".." sequences in the ctsWebsite parameter.
Published Sep 27, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in aMember allow remote attackers to inject arbitrary web script or HTML via the (1) lamember_login parameter to sendpass.php and (2) login parameter to member.php.
Published Dec 5, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete.
Published Jul 8, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Opera Web Browser 8.50 and 8.0 through 8.0.2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site.
Published Nov 21, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message titles of a hidden forum.
Published Jul 12, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML.
Published Apr 27, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects.
Published Jul 6, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
kernfs_xread in kernfs_vnops.c in NetBSD before 20050831 does not check for a negative offset when reading the message buffer, which allows local users to read arbitrary kernel memory.
Published Apr 14, 2006 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Echelog 0.6.2 allows attackers to "exploit function stacks on some architectures," with unknown impact and attack vectors.
Published Mar 19, 2006 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in the SDL port of abuse (abuse-SDL) before 2.00 allow local users to execute arbitrary code via the command line.
Published Mar 8, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 installs the client installation directories with insecure EVERYBODY permissions, which allows local users to gain sensitive information.
Published May 25, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Polygen before 1.0.6 generates precompiled grammar objects with world-writable permissions, which allows local users to cause a denial of service (disk consumption) and possibly perform other unauthorized activities.
Published Sep 6, 2005 · Updated Sep 17, 2024