Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-04-25 | CVE-2004-1967 | Cross-Site Request Forgery (CSRF) vulnerability in Openbb 1.0.6 Cross-site request forgery (CSRF) vulnerabilities in (1) cp_forums.php, (2) cp_usergroup.php, (3) cp_ipbans.php, (4) myhome.php, (5) post.php, or (6) moderator.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary code by including the code in an image tag or a link. | 8.8 |
| 2004-04-15 | CVE-2004-0217 | Link Following vulnerability in Symantec Antivirus Scan Engine 4.0/4.3 The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log. | 7.0 |
| 2004-01-05 | CVE-2003-1013 | NULL Pointer Dereference vulnerability in Ethereal The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference. | 7.5 |
| 2004-01-05 | CVE-2003-1000 | NULL Pointer Dereference vulnerability in Xchat 2.0.6 xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference. | 7.5 |
| 2003-11-17 | CVE-2003-0844 | Link Following vulnerability in Schroepl MOD Gzip mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled. | 7.1 |
| 2003-08-27 | CVE-2003-0625 | Off-by-one Error vulnerability in Hadrons Xfstt Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake, which leaks the memory in the server's response. | 7.5 |
| 2003-08-18 | CVE-2003-0578 | Link Following vulnerability in IBM U2 Universe 10.0.0.9 cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files. | 7.8 |
| 2003-06-30 | CVE-2003-0411 | Improper Handling of Case Sensitivity vulnerability in Oracle SUN ONE Application Server 7.0 Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension. | 7.5 |
| 2003-01-07 | CVE-2002-0628 | Improper Restriction of Excessive Authentication Attempts vulnerability in Polycom products The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack. | 7.5 |
| 2002-12-31 | CVE-2002-2323 | Improper Preservation of Permissions vulnerability in SUN Solaris PC Netlink 1.0/1.1/1.2 Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and directories that use symbolic links and have been restored from backup, which could allow local or remote attackers to bypass intended access restrictions. | 7.5 |