Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2625 | 1 Outblaze | 1 Outblaze Email | 2017-07-20 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Outblaze Email allows remote attackers to inject arbitrary web script or HTML via Javascript in an attribute of an IMG tag. | |||||
| CVE-2004-2624 | 1 Wackowiki | 1 Wackowiki | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in "TextSearch" in WackoWiki 3.5 allows remote attackers to inject arbitrary web script or HTML via the "phrase" parameter. | |||||
| CVE-2004-2623 | 1 Matthew Skala | 1 Rippy The Aggregator | 2017-07-20 | 10.0 HIGH | N/A |
| Unknown vulnerability in Rippy the Aggregator before 0.10, when register_globals is enabled, has unknown attack vectors and impact, possibly related to the "user-controlled filter." | |||||
| CVE-2004-2622 | 1 Altiris | 1 Deployment Server Extension For Ibm Director | 2017-07-20 | 10.0 HIGH | N/A |
| AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it connects to, which allows remote malicious servers to gain administrator access. | |||||
| CVE-2004-2611 | 1 Steven Schaefer | 1 Sophster | 2017-07-20 | 4.6 MEDIUM | N/A |
| The Change Permissions function in the Sophster suite before 0.9.6 28 May 2004 (aka 0.9.6-r5), possibly including Sophster, FreeSophster, and FreeSophsterPAM, removes the (1) setuid, (2) setgid, and (3) sticky bits when changing a file, which might allow attackers to gain privileges or conduct other unauthorized activities. | |||||
| CVE-2004-2621 | 1 Nortel | 1 Contivity | 2017-07-20 | 4.0 MEDIUM | N/A |
| Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack. | |||||
| CVE-2004-2651 | 1 Michael Christen | 1 Yacy | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in YaCy before 0.32 allow remote attackers to inject arbitrary web script or HTML via the (1) urlmaskfilter parameter to index.html or the (2) page parameter to Wiki.html. | |||||
| CVE-2004-2619 | 1 Paul L Daniels | 1 Ripmime | 2017-07-20 | 7.5 HIGH | N/A |
| ripMIME 1.3.2.3 and earlier allows remote attackers to bypass e-mail protection via a base64 MIME encoded attachment containing invalid characters that are not properly extracted. | |||||
| CVE-2004-2618 | 1 Pegasi Web Server | 1 Pegasi Web Server | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the URI, directly after the initial '/' (slash). | |||||
| CVE-2004-2617 | 1 Pegasi Web Server | 1 Pegasi Web Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to read files outside of the web root via a .. (dot dot) directly after the initial '/' (slash) in the URI. | |||||
| CVE-2004-2643 | 1 Microsoft | 1 Cabarc | 2017-07-20 | 3.7 LOW | N/A |
| Directory traversal vulnerability in Microsoft cabarc allows remote attackers to overwrite files via "../" sequences in file names in a CAB archive. | |||||
| CVE-2004-2615 | 1 Cutephp | 1 Cutenews | 2017-07-20 | 4.6 MEDIUM | N/A |
| The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given world-writable permissions, which allows local users to insert false news, delete news, and possibly gain privileges or have other unknown impact. | |||||
| CVE-2004-2644 | 1 Asn.1 Compiler | 1 Asn.1 Compiler | 2017-07-20 | 10.0 HIGH | N/A |
| Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has unknown impact and attack vectors when processing "ANY" type tags. | |||||
| CVE-2004-2652 | 1 Sourcefire | 1 Snort | 2017-07-20 | 7.8 HIGH | N/A |
| The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when printing TCP/IP options using FAST output or verbose mode, allows remote attackers to cause a denial of service (crash) via packets with invalid TCP/IP options, which trigger a null dereference. | |||||
| CVE-2004-2612 | 1 Bnc | 1 Bnc | 2017-07-20 | 7.5 HIGH | N/A |
| BNC 2.9.0 only grants access when an incorrect password is provided, which allows remote attackers to use the functionality intended for authorized users. | |||||
| CVE-2004-2656 | 1 Open Source Development Network | 1 Slashcode | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) before R_2_5_0_41 allow remote attackers to inject arbitrary web script or HTML via (1) the topic parameter in search.pl and (2) the filter parameter in submit.pl. | |||||
| CVE-2004-2640 | 1 Ryszard Pydo | 1 Linuxstat | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in lstat.cgi in LinuxStat before 2.3.1 allows remote attackers to read arbitrary files via (1) .. (dot dot) sequences or (2) absolute paths to the template parameter. | |||||
| CVE-2004-2663 | 1 Ibm | 1 Egatherer | 2017-07-20 | 7.5 HIGH | N/A |
| The (1) SetDebugging and (2) RunEgatherer methods in IBM Access Support eGatherer ActiveX control 2.0.0.16 allow remote attackers to create files with arbitrary content, as demonstrated by creating a .hta file in a Startup folder. | |||||
| CVE-2004-2637 | 1 Zonet | 1 Zsr1104we Wireless Router Runtime Code | 2017-07-20 | 6.4 MEDIUM | N/A |
| The NAT implementation in Zonet ZSR1104WE Wireless Router Runtime Code Version 2.41 converts IP addresses of inbound connections to the IP address of the router, which allows remote attackers to bypass intended security restrictions. | |||||
| CVE-2004-2641 | 1 Sun | 2 Netra 1280, Sun Fire | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire V1280, and Netra 1280 allows remote attackers to cause a denial of service (system controller hang) via IP Packets With Type of Service (TOS) Bits set. | |||||
| CVE-2004-2636 | 1 Rit Research Labs | 1 Tinyweb | 2017-07-20 | 5.0 MEDIUM | N/A |
| TinyWeb 1.9 allows remote attackers to read source code of scripts via "/./" in the URL. | |||||
| CVE-2006-0317 | 1 Redkernel | 1 Referrer Tracker | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in rkrt_stats.php in RedKernel Referrer Tracker 1.1.0-3 allows remote attackers to inject arbitrary web script or HTML via a query string value as a GET, which is stored in the $QUERY_STRING variable. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information. | |||||
| CVE-2006-0316 | 1 Aol | 1 Aol Client Software | 2017-07-20 | 10.0 HIGH | N/A |
| Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control, as used in AOL 8.0, 8.0 Plus, and 9.0 Classic, allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2006-0312 | 1 Mike Helton | 1 Aoblogger | 2017-07-20 | 5.0 MEDIUM | N/A |
| create.php in aoblogger 2.3 allows remote attackers to bypass authentication and create new blog entries by setting the uza parameter to 1. | |||||
| CVE-2006-0311 | 1 Mike Helton | 1 Aoblogger | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in aoblogger 2.3 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2006-0310 | 1 Mike Helton | 1 Aoblogger | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in aoblogger 2.3 allows remote attackers to inject arbitrary Javascript via a javascript URI in the BBcode url tag. | |||||
| CVE-2005-4055 | 1 Cars Portal | 1 Cars Portal | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Cars Portal 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) page and (2) car parameters. | |||||
| CVE-2005-4044 | 1 Mr. Cgi Guy | 1 Amazon Search Directory | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.cgi in Amazon Search Directory 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly the search parameter. | |||||
| CVE-2006-0305 | 1 Clipcomm | 2 Cp-100e Voip Wifi Phone, Cpw-100e Voip Wifi Phone | 2017-07-20 | 7.5 HIGH | N/A |
| Clipcomm CPW-100E VoIP 802.11b Wireless Handset Phone running firmware 1.1.12 (051129) and CP-100E VoIP 802.11b Wireless Phone running firmware 1.1.60 allows remote attackers to gain unauthorized access via the debug service on TCP port 60023. | |||||
| CVE-2006-0304 | 1 Achal Dhir | 1 Dual Dhcp Dns Server | 2017-07-20 | 7.5 HIGH | N/A |
| Buffer overflow in Dual DHCP DNS Server 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the DHCP options field. | |||||
| CVE-2006-0251 | 1 Faq-o-matic | 1 Faq-o-matic | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in fom.cgi in Faq-O-Matic 2.711 allows remote attackers to inject arbitrary web script or HTML via the (1) _duration, (2) file, and (3) cmd parameters. | |||||
| CVE-2006-0248 | 1 Intracom | 1 Jetspeed | 2017-07-20 | 5.0 MEDIUM | N/A |
| Virata-EmWeb web server 6_1_0, as used in (1) Intracom JetSpeed 500 and 520 and (2) Allied Data Technologies CopperJet 811 RouterPlus, allows remote attackers to access privileged information, such as user lists and configuration settings, via direct HTTP requests. | |||||
| CVE-2006-0247 | 1 Netbula | 1 Anyboard | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in anyboard.cgi in Netbula Anyboard 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the tK parameter in a find command. | |||||
| CVE-2006-0400 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-20 | 7.5 HIGH | N/A |
| CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives." | |||||
| CVE-2006-0395 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-20 | 5.1 MEDIUM | N/A |
| The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types. | |||||
| CVE-2006-0393 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-20 | 4.0 MEDIUM | N/A |
| OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang. | |||||
| CVE-2006-0392 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-20 | 5.1 MEDIUM | N/A |
| Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Canon RAW image. | |||||
| CVE-2006-0391 | 1 Apple | 1 Mac Os X | 2017-07-20 | 1.7 LOW | N/A |
| Directory traversal vulnerability in the BOM framework in Mac OS X 10.x before 10.3.9 and 10.4 before 10.4.5 allows user-assisted attackers to overwrite or create arbitrary files via an archive that is handled by BOMArchiveHelper. | |||||
| CVE-2006-0389 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds. | |||||
| CVE-2006-0387 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-20 | 6.4 MEDIUM | N/A |
| Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier, and 10.3.9 and earlier, allows remote attackers to execute arbitrary code via unspecified vectors involving a web page with crafted JavaScript, a different vulnerability than CVE-2005-4504. | |||||
| CVE-2006-0381 | 1 Freebsd | 1 Freebsd | 2017-07-20 | 5.0 MEDIUM | N/A |
| A logic error in the IP fragment cache functionality in pf in FreeBSD 5.3, 5.4, and 6.0, and OpenBSD, when a 'scrub fragment crop' or 'scrub fragment drop-ovl' rule is being used, allows remote attackers to cause a denial of service (crash) via crafted packets that cause a packet fragment to be inserted twice. | |||||
| CVE-2005-4259 | 1 Aspbb | 1 Aspbb | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ASPBB 0.4 allow remote attackers to execute arbitrary SQL commands via the (1) TID parameter in topic.asp, (2) FORUM_ID parameter in forum.asp, and (3) PROFILE_ID parameter in profile.asp. NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID. | |||||
| CVE-2005-4258 | 1 Cisco | 71 Catalyst, Catalyst 1200 Series, Catalyst 1900 Series and 68 more | 2017-07-20 | 7.8 HIGH | N/A |
| Unspecified Cisco Catalyst Switches allow remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID. | |||||
| CVE-2006-0386 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-20 | 1.7 LOW | N/A |
| FileVault in Mac OS X 10.4.5 and earlier does not properly mount user directories when creating a FileVault image, which allows local users to access protected files when FileVault is enabled. | |||||
| CVE-2005-4253 | 1 Torrential | 1 Torrential | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in getdox.php in Torrential 1.2 allows remote attackers to inject arbitrary web script or HTML via the URL. NOTE: this might be resultant from CVE-2005-4160. | |||||
| CVE-2005-4206 | 1 Blackboard | 1 Blackboard Learning And Community Post Systems | 2017-07-20 | 4.0 MEDIUM | N/A |
| Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect users to other URLs and conduct phishing attacks via a modified url parameter to frameset.jsp, which loads the URL into a frame and causes it to appear to be part of a valid page. | |||||
| CVE-2005-4203 | 1 Logisphere | 1 Logisphere | 2017-07-20 | 7.8 HIGH | N/A |
| LogiSphere 0.9.9j does not restrict the number of messages that can be sent, which allows remote attackers to cause a denial of service by sending a large number of messages via the msg command. NOTE: due to lack of appropriate details by the original researcher, it is unclear whether this description accurately reflects the discloser's claim and is distinct from the XSS issue. | |||||
| CVE-2005-4202 | 1 Logisphere | 1 Logisphere | 2017-07-20 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j allow remote attackers to access arbitrary files via (1) .. (dot dot), (2) "..." (triple dot), and (3) "..//" sequences in the URL, (4) "../" sequences in the source parameter to viewsource.jsp, or (5) "..\" (dot dot backslash) sequences in the NS-query-pat parameter to the search URL. URL. | |||||
| CVE-2005-4201 | 1 Showalbumonline | 1 My Album Online | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in My Album Online 1.0 allows remote attackers to access arbitrary files via ".../" (triple dot) sequences in unspecified vectors. | |||||
| CVE-2005-4196 | 1 Internet Scout | 1 Scout Portal Toolkit | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the ss parameter in SPT--QuickSearch.php; (2) ParentId parameter in SPT--BrowseResources.php; (3) the ResourceId parameter in SPT--FullRecord.php; (4) ResourceOffset parameter in SPT--Home.php, (5) F_SearchString parameter in SPT--QuickSearch.php; (6) F_UserName and (7) F_Password parameters in SPT--UserLogin.php; (8) F_SearchCat1, (9) F_TextField1, (10) F_SearchCat2, (11) F_TextField2, (12) F_SearchCat3, (13) F_TextField3, (14) F_SearchCat4, (15) F_TextField4, (16) ResourceType, (17) Language, (18) Audience, (19) Format parameters in SPT--AdvancedSearch.php. | |||||