Weekly Vulnerabilities Reports > December 27, 2004 to January 2, 2005

Overview

1047 new vulnerabilities reported during this period, including 62 critical vulnerabilities and 301 high severity vulnerabilities. This weekly summary report vulnerabilities in 879 products from 559 vendors including Microsoft, IBM, Mozilla, SUN, and GNU. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", and "Path Traversal".

  • 894 reported vulnerabilities are remotely exploitables.
  • 11 reported vulnerabilities have public exploit available.
  • 40 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 1024 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 32 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

62 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-12-31 CVE-2004-2734 Novell Improper Authentication vulnerability in Novell Netware 6.5

webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.

10.0
2004-12-31 CVE-2004-2689 Newsphp Permissions, Privileges, and Access Controls vulnerability in Newsphp

NewsPHP allows remote attackers to gain unauthorized administrative access by setting a cookie to the "autorized=admin; root=admin" value.

10.0
2004-12-31 CVE-2004-2645 ASN 1 Compiler Multiple Unspecified vulnerability in Asn.1 Compiler Asn.1 Compiler 0.9.4/0.9.5/0.9.6

Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has unknown impact and attack vectors when processing "CHOICE" types with "indefinite length structures."

10.0
2004-12-31 CVE-2004-2644 ASN 1 Compiler Multiple Unspecified vulnerability in Asn.1 Compiler Asn.1 Compiler 0.9.4/0.9.5/0.9.6

Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has unknown impact and attack vectors when processing "ANY" type tags.

10.0
2004-12-31 CVE-2004-2627 SUN Remote Security vulnerability in Java 2 Micro Edition

Java 2 Micro Edition (J2ME) does not properly validate bytecode, which allows remote attackers to escape the Kilobyte Virtual Machine (KVM) sandbox and execute arbitrary code.

10.0
2004-12-31 CVE-2004-2623 Matthew Skala Remote Security vulnerability in Rippy The Aggregator

Unknown vulnerability in Rippy the Aggregator before 0.10, when register_globals is enabled, has unknown attack vectors and impact, possibly related to the "user-controlled filter."

10.0
2004-12-31 CVE-2004-2622 Altiris Remote Command Execution vulnerability in Altiris Deployment Server

AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it connects to, which allows remote malicious servers to gain administrator access.

10.0
2004-12-31 CVE-2004-2613 Vserver Remote Security vulnerability in Linux-VServer

Unspecified vulnerability in procfs in the Linux-VServer stable branch for the 2.4 kernel before 1.23 and Linux-VServer development branch for the 2.4 kernel before 1.3.5 has unspecified impact and attack vectors, related to "write access to specific proc entries from a vserver context", a different vulnerability than CVE-2004-2408.

10.0
2004-12-31 CVE-2004-2590 Meindlsoft Unspecified vulnerability in Meindlsoft Cute PHP Library 0.46

Unspecified vulnerability in meindlSOFT Cute PHP Library (aka cphplib) 0.46 has unknown impact and attack vectors, related to regular expressions.

10.0
2004-12-31 CVE-2004-2537 Netwin Unspecified vulnerability in NetWin SurgeMail Webmail

Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a "Webmail security bug."

10.0
2004-12-31 CVE-2004-2532 Solarwinds Credentials Management vulnerability in Solarwinds Serv-U File Server

Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command.

10.0
2004-12-31 CVE-2004-2513 Pmail Remote Security vulnerability in Pmail Pegasus 4.01

Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 allows remote attackers to execute arbitrary code via a long SELECT command.

10.0
2004-12-31 CVE-2004-2500 Ilohamail Unspecified vulnerability in IlohaMail

Unknown vulnerability in IlohaMail before 0.8.14-rc1 has unknown impact and attack vectors.

10.0
2004-12-31 CVE-2004-2470 Madbms Login vulnerability in MadBMS

Unspecified vulnerability in MadBMS before 1.1.5 has unknown impact and attack vectors, related to logins.

10.0
2004-12-31 CVE-2004-2453 Tutti Nova Multiple Unspecified vulnerability in Tutti Nova

Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta) and 0.9.4, when register_globals is enabled, has unknown impact and attack vectors.

10.0
2004-12-31 CVE-2004-2441 Kerio Unspecified vulnerability in Kerio Mailserver 6.0/6.0.1/6.0.2

Unspecified vulnerability in Kerio MailServer before 6.0.3 has unknown impact and unknown remote attack vectors, related to a "potential security issue."

10.0
2004-12-31 CVE-2004-2427 Axis Denial-Of-Service vulnerability in 2420 Video Server

Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi.

10.0
2004-12-31 CVE-2004-2421 Hitachi Remote vulnerability in Hitachi JP1 P-1B41-9461, JP1 P-1B41-9471 and JP1 P-1J41-9471

Unknown vulnerability in Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP 6 and 7, when running on HP-UX in trusted mode, allows attackers to bypass authentication and gain administrator rights.

10.0
2004-12-31 CVE-2004-2407 Phpgroupware Remote Security vulnerability in Phpgroupware

Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown attack vectors and impact, related to a "security hole" in the Setup/Config functionality.

10.0
2004-12-31 CVE-2004-2406 Phpgroupware Remote Security vulnerability in Phpgroupware

Unknown "overflow" in the phpgw_config table for phpGroupWare before 0.9.14.002 has unknown attack vectors and impact.

10.0
2004-12-31 CVE-2004-2403 Yabb Unspecified vulnerability in Yabb

Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters.

10.0
2004-12-31 CVE-2004-2388 IBM Privilege Escalation vulnerability in IBM AIX 4.3.3

rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges to the wrong user.

10.0
2004-12-31 CVE-2004-2359 Dell Local Privilege Escalation vulnerability in Dell Truemobile 1300 Wlan Mini-Pci Card Util Trayapplet 3.10.39.0

Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet 3.10.39.0 does not properly drop SYSTEM privileges when started from the systray applet, which allows local users to gain privileges by accessing the Help functionality.

10.0
2004-12-31 CVE-2004-2289 Microsoft Unspecified vulnerability in Microsoft Windows XP

Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with a Desktop.ini file containing a .ShellClassInfo specifier with a CLSID value that is associated with an executable file.

10.0
2004-12-31 CVE-2004-2284 Open Webmail Remote Command Execution Variant vulnerability in Open WebMail Vacation.PL

The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument.

10.0
2004-12-31 CVE-2004-2281 IBM Java Applet vulnerability in IBM Lotus Notes

Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 and 6.0.x before 6.0.5 have unknown impact and attack vectors, related to Java applets, as identified by (1) KSPR5YS6GR and (2) KSPR62F4D3.

10.0
2004-12-31 CVE-2004-2275 I Mall Commerce Remote Command Execution vulnerability in I-Mall Commerce I-mall Script

i-mall.cgi in I-Mall Commerce allows remote attackers to execute arbitrary commands via shell metacharacters via the p parameter.

10.0
2004-12-31 CVE-2004-2248 Goosequill Remote Security vulnerability in Goosequill Remoteeditor 0.1.1

Unknown vulnerability in RemoteEditor before 0.1.1 has unknown impact and attack vectors, related to "oversize submissions."

10.0
2004-12-31 CVE-2004-2247 Goosequill Remote Security vulnerability in Goosequill Audienceconnect 1.0.Beta.20

Unknown vulnerability in the "admin of paypal email addresses" in AudienceConnect before 1.0.beta.21 has unknown impact and attack vectors.

10.0
2004-12-31 CVE-2004-2237 Moodle Unspecified vulnerability in Moodle

Unknown vulnerability in Moodle before 1.3.4 has unknown impact and attack vectors, related to "strings in Moodle texts."

10.0
2004-12-31 CVE-2004-2236 Moodle Unspecified vulnerability in Moodle

Unknown vulnerability in Moodle before 1.3.3 has unknown impact and attack vectors, related to language setting.

10.0
2004-12-31 CVE-2004-2235 Moodle Remote Security vulnerability in Moodle 1.1.1

Unknown vulnerability in Moodle before 1.2 has unknown impact and attack vectors, related to improper filtering of text.

10.0
2004-12-31 CVE-2004-2233 Moodle Unspecified vulnerability in Moodle

Unknown "front page vulnerability with Moodle servers" for Moodle before 1.3.2 has unknown impact and attack vectors.

10.0
2004-12-31 CVE-2004-2159 Xmlstarlet Buffer Overflow vulnerability in Xmlstarlet Command Line XML Toolkit 0.9.3

Multiple buffer overflows in XMLStarlet Command Line XML Toolkit 0.9.3 have unknown impact and attack vectors via (1) xml_elem.c and (2) xml_select.c.

10.0
2004-12-31 CVE-2004-2156 Recruitment Agency Software Security vulnerability in Recruitment Agency Software Online Recruitment Agency 1.0

Multiple unknown vulnerabilities in Online Recruitment Agency 1.0 have unknown impact and attack vectors.

10.0
2004-12-31 CVE-2004-2153 Real Estate Management Software Multiple Unspecified vulnerability in Real Estate Management Software Real Estate Management Software 1.0

Multiple unknown vulnerabilities in Real Estate Management Software 1.0 have unknown impact and attack vectors.

10.0
2004-12-31 CVE-2004-2142 Jorg Schilling Remote Security vulnerability in SDD 1.28/1.31

Unknown vulnerability in the remote tape support (remote.c) in the RMT client for Jorg Schilling sdd 1.28 and 1.31 has unknown impact and attack vectors.

10.0
2004-12-31 CVE-2004-2114 Internetnow Stack and Heap Overflow vulnerability in Internetnow Proxynow 2.6/2.75

Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and earlier allow remote attackers to execute arbitrary code via a GET request with a long ftp:// URL.

10.0
2004-12-31 CVE-2004-2048 Esesix Multiple vulnerability in eSeSIX Thintune Thin Client Devices

radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier starts a process port 25072 that can be accessed with a default "jstwo" password, which allows remote attackers to gain access.

10.0
2004-12-31 CVE-2004-1903 Blaxxun Buffer Overflow vulnerability in Blaxxun Contact 3D 7.0

Buffer overflow in blaxxun 3D 7.0 allows remote attackers to execute arbitrary code via a long URL property inside an object tag.

10.0
2004-12-31 CVE-2004-1898 Tildeslash Remote vulnerability in Multiple Monit Administration Interface

Stack-based buffer overflow in the administration interface in Monit 1.4 through 4.2 allows remote attackers to execute arbitrary code via a long username.

10.0
2004-12-31 CVE-2004-1812 Broadcom Unspecified vulnerability in Broadcom Unicenter TNG 2.4/2.4.2

Multiple stack-based buffer overflows in Agent Common Services (1) cam.exe and (2) awservices.exe in Unicenter TNG 2.4 allow remote attackers to execute arbitrary code.

10.0
2004-12-31 CVE-2004-1763 Haht Commerce Buffer Overrun vulnerability in HAHTsite Scenario Server Project File Name

Buffer overflow in hsrun.exe for HAHTsite Scenario Server 5.1 Patch 06 (build 91) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long project name.

10.0
2004-12-31 CVE-2004-1486 HP Remote vulnerability in HP ServiceGuard Undisclosed

Unknown vulnerability in Serviceguard A.11.13 through A.11.16.00 and Cluster Object Manager A.01.03 and B.01.04 through B.03.00.01 on HP-UX, Serviceguard A.11.14.04 and A.11.15.04 and Cluster Object Manager B.02.01.02 and B.02.02.02 on HP Linux, allow remote attackers to gain privileges via unknown attack vectors.

10.0
2004-12-31 CVE-2004-1483 Symantec Multiple vulnerability in Symantec Clientless VPN Gateway 4400 5.0

Multiple unknown vulnerabilities in the ActiveX and HTML file browsers in Symantec Clientless VPN Gateway 4400 Series 5.0 have unknown attack vectors and unknown impact.

10.0
2004-12-31 CVE-2004-1463 Moinmoin Privilege Escalation vulnerability in MoinMoin PageEditor

Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, related to Access Control Lists (ACL), has unknown impact.

10.0
2004-12-31 CVE-2004-1402 Iwebnegar SQL Injection vulnerability in IWebNegar

SQL injection vulnerability in iWebNegar allows remote attackers to execute arbitrary SQL commands via (1) the string parameter for index.php, (2) comments.php, or (3) the administrator login page.

10.0
2004-12-31 CVE-2004-1390 QNX Local Buffer Overrun vulnerability in QNX Rtos and RTP

Multiple buffer overflows in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 allow remote attackers to execute arbitrary code via a long argument to the (1) -F, (2) name, (3) en, (4) upscript, (5) downscript, (6) retries, (7) timeout, (8) scriptdetach, (9) noscript, (10) nodetach, (11) remote_mac, or (12) local_mac flags.

10.0
2004-12-31 CVE-2004-1236 Netscape Remote Buffer Overflow vulnerability in Netscape Directory Server 3.6

Buffer overflow in the LDAP component for Netscape Directory Server (NDS) 3.6 on HP-UX and other operating systems allows remote attackers to execute arbitrary code.

10.0
2004-12-31 CVE-2004-1050 Avaya
Microsoft
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."
10.0
2004-12-31 CVE-2004-1017 Linux Local Integer Overflow vulnerability in Linux Kernel 2.4.0

Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x have unknown impact and unknown attack vectors.

10.0
2004-12-31 CVE-2004-0985 Microsoft Remote Security vulnerability in Microsoft IE 6.0

Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help.

10.0
2004-12-31 CVE-2004-0904 Mozilla
Netscape
Conectiva
Redhat
Integer Overflow vulnerability in Mozilla Browser BMP Image Decoding

Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.

10.0
2004-12-31 CVE-2004-0429 Apple Remote Security vulnerability in Apple mac OS X 10.2.8/10.3.3

Unknown vulnerability related to "the handling of large requests" in RAdmin for Apple Mac OS X 10.3.3 and Mac OS X 10.2.8 may allow attackers to have unknown impact via unknown attack vectors.

10.0
2004-12-31 CVE-2004-0090 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 through 10.3.2 does not "shutdown properly," which has unknown impact and attack vectors.

10.0
2004-12-31 CVE-2004-2214 Mbedthis Improper Handling of Case Sensitivity vulnerability in Mbedthis Appweb Http Server 1.0.4

Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to bypass access restrictions via a URI with mixed case characters.

9.8
2004-12-31 CVE-2004-2154 Apple
Canonical
Improper Handling of Case Sensitivity vulnerability in multiple products

CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive.

9.8
2004-12-31 CVE-2004-2692 Kyberdigi Labs Permissions, Privileges, and Access Controls vulnerability in Kyberdigi Labs PHP-Exec-Dir

The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not handled using the php_escape_shell_cmd function.

9.3
2004-12-31 CVE-2004-2687 Apple
Samba
Configuration vulnerability in multiple products

distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.

9.3
2004-12-31 CVE-2004-1441 Board Power Cross-Site Scripting vulnerability in Board Power Board Power 2.04Pf

Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power 2.04PF allows remote attackers to inject arbitrary web script or HTML via the action parameter.

9.3
2004-12-31 CVE-2004-2700 Aspdotnetstorefront Permissions, Privileges, and Access Controls vulnerability in Aspdotnetstorefront 3.3

Unrestricted file upload vulnerability in AspDotNetStorefront 3.3 allows remote authenticated administrators to upload arbitrary files with executable extensions via admin/images.aspx.

9.0
2004-12-31 CVE-2004-2673 Argosoft Multiple vulnerability in ArGoSoft FTP Server

Multiple buffer overflows in ArGoSoft FTP Server before 1.4.1.6 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a SITE ZIP command with a long first or second argument, or (2) a SITE COPY with a long argument.

9.0

301 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-12-31 CVE-2004-1842 Phpnuke Cross-Site Request Forgery (CSRF) vulnerability in PHPnuke PHP-Nuke

Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php.

8.8
2004-12-31 CVE-2004-2690 Newsphp File-Upload vulnerability in newsPHP

Unrestricted file upload vulnerability in the Administration Panel for NewsPHP allows remote authenticated administrators to upload and execute arbitrary code instead of video files.

8.5
2004-12-31 CVE-2004-2111 Solarwinds Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Solarwinds Serv-U File Server

Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename.

8.5
2004-12-31 CVE-2004-0638 Oracle Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oracle Oracle8I and Oracle9I

Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument.

8.5
2004-12-31 CVE-2004-2745 Anteco Visual Technologies Path Traversal vulnerability in Anteco Visual Technologies Ownserver

Directory traversal vulnerability in Anteco Visual Technologies OwnServer 1.0 and earlier allows remote attackers to read arbitrary files via a ..

7.8
2004-12-31 CVE-2004-2679 Checkpoint Information Disclosure vulnerability in Checkpoint Firewall-1 4.0/4.1/R55

Check Point Firewall-1 4.1 up to NG AI R55 allows remote attackers to obtain potentially sensitive information by sending an Internet Key Exchange (IKE) with a certain Vendor ID payload that causes Firewall-1 to return a response containing version and other information.

7.8
2004-12-31 CVE-2004-2652 Sourcefire Remote Denial Of Service vulnerability in Snort DecodeTCPOptions

The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when printing TCP/IP options using FAST output or verbose mode, allows remote attackers to cause a denial of service (crash) via packets with invalid TCP/IP options, which trigger a null dereference.

7.8
2004-12-31 CVE-2004-2629 First Virtual Communications Denial-Of-Service vulnerability in Conference Server

Multiple vulnerabilities in the H.323 protocol implementation for First Virtual Communications Click to Meet Express (when used with H.323 conferencing endpoints), Click to Meet Premier, Conference Server, and V-Gate allow remote attackers to cause a denial of service, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.

7.8
2004-12-31 CVE-2004-2583 Smartertools Denial-Of-Service vulnerability in Smartertools Smartermail 1.6.1511/1.6.1529

SMTP service in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous open connections to TCP port 25.

7.8
2004-12-31 CVE-2004-2539 Network Appliance Remote Undisclosed Denial Of Service vulnerability in Network Appliance Data Ontap and Netcache

Unknown vulnerability in Network Appliance NetCache 5.2 and Data ONTAP 6.0 allows remote attackers to cause a denial of service (panic and reboot) and possibly other impacts via unknown attack vectors, possibly related to unspecified worms, as identified by bug ID

7.8
2004-12-31 CVE-2004-2534 Fastream Denial Of Service vulnerability in Fastream NetFile FTP/Web Server HEAD Request

Fastream NETFile Server 7.1.2 does not properly handle keep-alive connection timeouts and does not close the connection after a HEAD request, which allows remote attackers to perform a denial of service (connection consumption) by sending a large number HTTP HEAD requests.

7.8
2004-12-31 CVE-2004-2531 GNU Denial Of Service vulnerability in GNU Gnutls 1.0.16

X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys.

7.8
2004-12-31 CVE-2004-2499 Hitachi Denial Of Service vulnerability in Hitachi Web Page Generator

Unspecified vulnerability in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier allows remote attackers to cause a denial of service via unknown attack vectors when a web site is "improperly accessed."

7.8
2004-12-31 CVE-2004-2496 Opentext Remote Denial Of Service vulnerability in OpenText FirstClass HTTP Daemon Search Function

The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote attackers to cause a denial of service (service availability loss) via a large number of POST requests to /Search.

7.8
2004-12-31 CVE-2004-2495 Code Crafters Multiple vulnerability in Code-Crafters Ability Mail Server 1.18

The (1) Webmail, (2) admin, and (3) SMTP services in Ability Mail Server 1.18 allow remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous connections to the service.

7.8
2004-12-31 CVE-2004-2013 Linux Integer Overflow or Wraparound vulnerability in Linux Kernel

Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in socket.c in the Linux kernel 2.4.25 and earlier allows local users to execute arbitrary code via an optlen value of -1, which causes kmalloc to allocate 0 bytes of memory.

7.8
2004-12-31 CVE-2004-1896 Nullsoft Heap Overflow vulnerability in NullSoft Winamp in_mod.dll Plug-in

Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a Fasttracker 2 (.xm) mod media file.

7.6
2004-12-31 CVE-2004-2758 SUN Denial-Of-Service vulnerability in Sunforum 3.2/3D1.0

Multiple unspecified vulnerabilities in the H.323 protocol implementation for Sun SunForum 3.2 and 3D 1.0 allow remote attackers to cause a denial of service (segmentation fault and process crash), as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.

7.5
2004-12-31 CVE-2004-2754 Yabb SQL Injection vulnerability in Yabb SE

SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions.

7.5
2004-12-31 CVE-2004-2746 Pensacola WEB Designs SQL Injection vulnerability in Pensacola web Designs Xtremeasp Photogallery 2.0

SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

7.5
2004-12-31 CVE-2004-2739 Phprojekt Permissions, Privileges, and Access Controls vulnerability in PHProjekt

The setup routine (setup.php) in PHProjekt 4.2.1 and earlier allows remote attackers to modify system configuration via unknown attack vectors.

7.5
2004-12-31 CVE-2004-2737 Netsupport SQL Injection vulnerability in Netsupport DNA Helpdesk 1.01

SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk 1.01 allows remote attackers to execute arbitrary SQL commands via the where parameter.

7.5
2004-12-31 CVE-2004-2716 PHP Heaven SQL Injection vulnerability in PHP Heaven PHPmychat 0.14.5

Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters.

7.5
2004-12-31 CVE-2004-2715 PHP Heaven Improper Authentication vulnerability in PHP Heaven PHPmychat 0.14.5

edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false.

7.5
2004-12-31 CVE-2004-2711 Phrozensmoke Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Phrozensmoke Gyach Enhanced

Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "avatar retrieval."

7.5
2004-12-31 CVE-2004-2710 Phrozensmoke Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Phrozensmoke Gyach Enhanced

Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to (1) sending certain typing statuses or (2) setting the chat room status bar to the current chat room name.

7.5
2004-12-31 CVE-2004-2709 Phrozensmoke Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Phrozensmoke Gyach Enhanced

Buffer overflow in the strip_html_tags method for Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors involving HTML tags.

7.5
2004-12-31 CVE-2004-2707 Phrozensmoke Undisclosed vulnerability in GYach Enhanced

Multiple unspecified vulnerabilities in Gyach Enhanced (Gyach-E) before 1.0.5 have unknown impact and attack vectors related to "several security flaws," probably related to buffer overflows in HTTP server responses.

7.5
2004-12-31 CVE-2004-2695 Jelsoft
Point TO Point Protocol Project
SQL Injection vulnerability in multiple products

SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter.

7.5
2004-12-31 CVE-2004-2685 Youngzsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Youngzsoft Ccproxy

Buffer overflow in YoungZSoft CCProxy 6.2 and earlier allows remote attackers to execute arbitrary code via a long address in a ping (p) command to the Telnet proxy service, a different vector than CVE-2004-2416.

7.5
2004-12-31 CVE-2004-2681 Peersec Networks Cross-Site Scripting vulnerability in MatrixSSL

PeerSec MatrixSSL before 1.1 caches session keys for an indefinitely long time, which might make it easier for remote attackers to hijack a session.

7.5
2004-12-31 CVE-2004-2677 Qwikmail Remote Format String vulnerability in Qwikmail Smtp 0.3

Format string vulnerability in qwik-smtpd.c in QwikMail SMTP (qwik-smtpd) 0.3 and earlier allows remote attackers to execute arbitrary code via format specifiers in the (1) clientRcptTo array, and the (2) Received and (3) messageID variables, possibly involving HELO and hostname arguments.

7.5
2004-12-31 CVE-2004-2672 Argosoft Remote Security vulnerability in Argosoft FTP Server 1.4.2

Unspecified vulnerability in ArGoSoft FTP server before 1.4.2.2 allows attackers to upload .lnk files via unknown vectors.

7.5
2004-12-31 CVE-2004-2669 Neocrome Remote SQL Injection vulnerability in Neocrome Land Down Under 701

Multiple SQL injection vulnerabilities in Land Down Under (LDU) v701 allow remote attackers to execute arbitrary SQL commands or obtain the installation path via parameters including (1) s, w, and d in users.php, (2) id in comments.php, (3) rusername in auth.php, or (4) h in plug.php.

7.5
2004-12-31 CVE-2004-2668 Interchange Development Group SQL-Injection vulnerability in Interchange

SQL injection vulnerability in Interchange before 4.8.9 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2004-12-31 CVE-2004-2663 IBM Unspecified vulnerability in IBM Egatherer 2.0.0.16

The (1) SetDebugging and (2) RunEgatherer methods in IBM Access Support eGatherer ActiveX control 2.0.0.16 allow remote attackers to create files with arbitrary content, as demonstrated by creating a .hta file in a Startup folder.

7.5
2004-12-31 CVE-2004-2653 PD9 Software Remote Security vulnerability in Megabbs 2.0/2.1

Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows attackers to gain privileges via unknown vectors involving (1) admin/userlevelmembers-edit.asp and (2) admin/edit-groups.asp.

7.5
2004-12-31 CVE-2004-2639 Drew Withers Remote Security vulnerability in Journalness

Unspecified vulnerability in Journalness 3.0.7 and earlier allows remote attackers to create or modify posts via unknown attack vectors.

7.5
2004-12-31 CVE-2004-2638 Oscommerce Unspecified vulnerability in Oscommerce 1.5.1

The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote attackers to access files in the "admin/" directory by modifying the in_login parameter to a non-zero value.

7.5
2004-12-31 CVE-2004-2635 Mcafee Information Disclosure vulnerability in Mcafee Security Installer Control System 4.0.0.81

An ActiveX control for McAfee Security Installer Control System 4.0.0.81 allows remote attackers to access the Windows registry via web pages that use the control's RegQueryValue() method.

7.5
2004-12-31 CVE-2004-2632 Phpmyadmin Input Validation vulnerability in phpMyAdmin

phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables.

7.5
2004-12-31 CVE-2004-2631 Phpmyadmin Input Validation vulnerability in phpMyAdmin

Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name.

7.5
2004-12-31 CVE-2004-2630 Phpmyadmin Remote Command Execution vulnerability in phpMyAdmin

The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.

7.5
2004-12-31 CVE-2004-2619 Paul L Daniels Unspecified vulnerability in Paul L Daniels Ripmime

ripMIME 1.3.2.3 and earlier allows remote attackers to bypass e-mail protection via a base64 MIME encoded attachment containing invalid characters that are not properly extracted.

7.5
2004-12-31 CVE-2004-2614 Xuebrothers Buffer Overflow vulnerability in Xuebrothers Myweb 3.3

Buffer overflow in MyWeb 3.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.

7.5
2004-12-31 CVE-2004-2612 BNC Authentication Bypass vulnerability in BNC 2.9.0

BNC 2.9.0 only grants access when an incorrect password is provided, which allows remote attackers to use the functionality intended for authorized users.

7.5
2004-12-31 CVE-2004-2606 Linksys Remote Administration Service Weakness in Linksys WRT54G Router World Accessible

The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled.

7.5
2004-12-31 CVE-2004-2593 ID Software Remote vulnerability in ID Software Quake II Server 3.20/3.21

Buffer overflow in command-packet processing of Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a packet with a long cmd_args buffer.

7.5
2004-12-31 CVE-2004-2579 Novell Remote vulnerability in Novell Ichain 2.3

ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access control rules of an unspecified component via an unspecified attack vector involving a string that contains escape sequences represented with "overlong UTF-8 encoding."

7.5
2004-12-31 CVE-2004-2573 Phpgroupware Remote File Include vulnerability in PHPgroupware 0.9.14.003

PHP remote file inclusion vulnerability in tables_update.inc.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to execute arbitrary PHP code via an external URL in the appdir parameter.

7.5
2004-12-31 CVE-2004-2571 Enderunix Buffer Overflow vulnerability in Isoqlog

Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow remote attackers to execute arbitrary code via the (1) parseQmailFromBytesLine, (2) parseQmailToRemoteLine, (3) parseQmailToLocalLine, (4) parseSendmailFromBytesLine, (5) parseSendmailToLine, (6) parseEximFromBytesLine, and (7) parseEximToLine functions in Parser.c; allow local users to execute arbitrary code via the (8) lowercase and (9) check_syslog_date functions in Parser.c, and (10) unspecified functions in Dir.c; and allow unspecified attackers to execute arbitrary code via the (11) loadconfig and (12) removespaces functions in loadconfig.c, the (13) loadLang function in LangCfg.c, and (14) unspecified functions in Html.c.

7.5
2004-12-31 CVE-2004-2567 Recipants SQL Injection and Cross-Site Scripting vulnerability in ReciPants

Multiple SQL injection vulnerabilities in ReciPants 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) user id, (2) recipe id, (3) category id, and (4) other ID number fields.

7.5
2004-12-31 CVE-2004-2561 Internet Sofware Sciences SQL Injection vulnerability in Internet Sofware Sciences Web+Center 4.0.1

Multiple SQL injection vulnerabilities in Internet Software Sciences Web+Center 4.0.1 allow remote attackers to execute arbitrary SQL commands via (1) the ISS_TECH_CENTER_LOGIN cookie in search.asp and (2) one or more cookies in DoCustomerOptions.asp.

7.5
2004-12-31 CVE-2004-2560 Andreas Gohr Remote Arbitrary File Upload vulnerability in DokuWiki

DokuWiki before 2004-10-19, when used on a web server that permits execution based on file extension, allows remote attackers to execute arbitrary code by uploading a file with an appropriate extension such as ".php" or ".cgi".

7.5
2004-12-31 CVE-2004-2559 Andreas Gohr Denial-Of-Service vulnerability in Dokuwiki

DokuWiki before 2004-10-19 allows remote attackers to access administrative functionality including (1) Mediaselectiondialog, (2) Recent changes, (3) feed, and (4) search, possibly due to the lack of ACL checks.

7.5
2004-12-31 CVE-2004-2558 IBM Product Unspecified Credential Impersonation vulnerability in IBM

Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, Access Manager for e-business 3.9 to 5.1, Access Manager Identity Manager Solution 5.1, Configuration Manager 4.2, Configuration Manager for Automated Teller Machines 2.1.0, and IBM WebSphere Everyplace Server, Service Provider Offering for Multi-platforms 2.1.3 to 2.15 allow remote attackers to hijack sessions of authenticated users via unknown attack vectors involving certain cookies, aka "Potential Credential Impersonation Attack."

7.5
2004-12-31 CVE-2004-2551 Layton Technology SQL Injection vulnerability in Layton Technology Helpbox 3.0.1

Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1 allow remote attackers to execute arbitrary SQL commands via (1) the sys_comment_id parameter in editcommentenduser.asp, (2) the sys_suspend_id parameter in editsuspensionuser.asp, (3) the table parameter in export_data.asp, (4) the sys_analgroup parameter in manageanalgrouppreference.asp, (5) the sys_asset_id parameter in quickinfoassetrequests.asp, (6) the sys_eusername parameter in quickinfoenduserrequests.asp, and the sys_request_id parameter in (7) requestauditlog.asp, (8) requestcommentsenduser.asp, (9) selectrequestapplytemplate.asp, and (10) selectrequestlink.asp, resulting in an ability to create a new HelpBox user account and read, modify, or delete data from the backend database.

7.5
2004-12-31 CVE-2004-2542 Dynix Undisclosed SQL Injection vulnerability in Dynix WebPac

Multiple SQL injection vulnerabilities in Dynix (formerly known as epixtech) WebPAC allow remote attackers to execute arbitrary SQL commands via unknown attack vectors, resulting in an ability to execute stored procedures, bypass login authentication, and cause an unspecified denial of service to backend databases.

7.5
2004-12-31 CVE-2004-2536 Linux Local IO Access Inheritance vulnerability in Linux Kernel

The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 does not invalidate the per-TSS io_bitmap pointers if a process obtains IO access permissions from the ioperm function but does not drop those permissions when it exits, which allows other processes to access the per-TSS pointers, access restricted memory locations, and possibly gain privileges.

7.5
2004-12-31 CVE-2004-2501 Mailenable Remote Pre-Authentication Buffer Overflow vulnerability in MailEnable IMAP Service

Buffer overflow in the IMAP service of MailEnable Professional Edition 1.52 and Enterprise Edition 1.01 allows remote attackers to execute arbitrary code via (1) a long command string or (2) a long string to the MEIMAP service and then terminating the connection.

7.5
2004-12-31 CVE-2004-2486 Dropbear SSH Project Authentication vulnerability in Dropbear SSH Server Digital Signature Standard

The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which might allow remote attackers to gain access.

7.5
2004-12-31 CVE-2004-2478 CA
IBM
Jetty
Directory Traversal vulnerability in Jetty

Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a ..

7.5
2004-12-31 CVE-2004-2474 Phpnews SQL Injection vulnerability in PHPnews 1.2.3

SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers to execute arbitrary SQL commands via the mid parameter to sendtofriend.php.

7.5
2004-12-31 CVE-2004-2471 Jamesoff Parameter Unspecified SQL Injection vulnerability in JamesOff Quoteengine 1.0/1.1

SQL injection vulnerability in the sloth TCL script in QuoteEngine before 1.2.0 allow remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2004-12-31 CVE-2004-2461 GNU Remote POP3 Protocol vulnerability in gnubiff

Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code.

7.5
2004-12-31 CVE-2004-2456 Minibb Remote SQL Injection vulnerability in MiniBB

SQL injection vulnerability in index.php in miniBB 1.7f and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a userinfo action.

7.5
2004-12-31 CVE-2004-2455 Sweex Unspecified vulnerability in Sweex Wireless Broadband Router Accesspoint 802.11G Lc000060

Sweex Wireless Broadband Router/Accesspoint 802.11g (LC000060) allows remote attackers to obtain sensitive information and gain privileges by using TFTP to download the nvram file, then extracting the username, password, and other data from the file.

7.5
2004-12-31 CVE-2004-2443 Jaws Input Validation vulnerability in Jaws 0.2/0.3

Jaws 0.3 allows remote attackers to bypass authentication and via an HTTP request to admin.php with the logged cookie set to the MD5 hash of a null password, which is compared against the logged session variable by the logged_on function in application.php.

7.5
2004-12-31 CVE-2004-2437 PHP Fusion SQL and HTML Injection vulnerability in PHP Fusion PHP Fusion 4.01

SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the rowstart parameter to (1) index.php or (2) members.php, or (3) the comment_id parameter to comments.php.

7.5
2004-12-31 CVE-2004-2433 Altnet
Grokster
Kazaa
Remote Buffer Overflow vulnerability in Altnet ADM ActiveX Control

Buffer overflow in the IsValidFile function in the ADM ActiveX control for Altnet Download Manager 4.0.0.4 and earlier, as used in Kazaa Media Desktop 1.3 through 2.6.4 and Grokkster 1.3 through 2.6, allows remote attackers to execute arbitrary code via a long bstrFilepath parameter.

7.5
2004-12-31 CVE-2004-2431 THE Ignition Project Authentication Bypass vulnerability in ignitionServer Server Link Service

Unknown vulnerability in The Ignition Project ignitionServer 0.1.2 through 0.3.1, with the linking service enabled, allows remote attackers to bypass authentication.

7.5
2004-12-31 CVE-2004-2429 Enderunix Software Buffer Overflow vulnerability in Spamguard

Multiple stack-based and heap-based buffer overflows in EnderUNIX spamGuard before 1.7-BETA allow remote attackers to execute arbitrary code via the (1) qmail_parseline and (2) sendmail_parseline functions in parser.c, (3) loadconfig and (4) removespaces functions in loadconfig.c, and possibly (5) unspecified functions in functions.c.

7.5
2004-12-31 CVE-2004-2425 Axis Multiple vulnerability in Axis Network Camera And Video Server

Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.

7.5
2004-12-31 CVE-2004-2417 Smtp Proxy Remote Format String vulnerability in Smtp.Proxy 1.1.3

Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) client hostname or (2) message-id, which are injected into a syslog message.

7.5
2004-12-31 CVE-2004-2416 Youngzsoft Remote Buffer Overflow vulnerability in Youngzsoft Ccproxy 6.0

Buffer overflow in the logging component of CCProxy allows remote attackers to execute arbitrary code via a long HTTP GET request.

7.5
2004-12-31 CVE-2004-2413 Virtual Programming SQL Injection vulnerability in Virtual Programming VP-ASP Shopproductselect Script

SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through 5.0 allows remote attackers to execute arbitrary SQL commands via the (1) Processed0 and (2) Processed1 parameters in a POST request to shopproductselect.asp.

7.5
2004-12-31 CVE-2004-2412 Virtual Programming SQL Injection vulnerability in Virtual Programming VP-ASP Shopping Cart CatalogID

Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 through 5.0 allow remote attackers to execute arbitrary SQL commands via the catalogid parameter in (1) shopreviewlist.asp and (2) shopreviewadd.asp.

7.5
2004-12-31 CVE-2004-2401 Ipswitch Buffer Overrun vulnerability in Ipswitch Imail Express 8.03

Stack-based buffer overflow in Ipswitch IMail Express Web Messaging before 8.05 might allow remote attackers to execute arbitrary code via an HTML message with long "tag text."

7.5
2004-12-31 CVE-2004-2397 Broadcom Cleartext Storage of Sensitive Information vulnerability in Broadcom Bluecoat Security Gateway

The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates.

7.5
2004-12-31 CVE-2004-2393 SUN Unspecified vulnerability in SUN Jsse 1.0.3/1.0.301/1.0.302

Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not properly validate the certificate chain of a client or server, which allows remote attackers to falsely authenticate peers for SSL/TLS.

7.5
2004-12-31 CVE-2004-2387 Denis Sbragion
Peter Astrand
Remote vulnerability in Sredird

Buffer overflow in the HandleCPCCommand function of sercd before 2.3.1 and sredird 2.2.1 and earlier allows remote attackers to execute arbitrary code.

7.5
2004-12-31 CVE-2004-2386 Denis Sbragion
Peter Astrand
USE of Externally-Controlled Format String vulnerability in multiple products

Format string vulnerability in the LogMsg function in sercd before 2.3.1 and sredird 2.2.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers passed from the HandleCPCCommand function.

7.5
2004-12-31 CVE-2004-2376 Twilight Utilities Denial-Of-Service vulnerability in Twilight Utilities Twilight Utilities web Server 2.0.0.0

Buffer overflow in postfile.exe for Twilight Utilities Web Server 2.0.0.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL request with a long attfile attribute.

7.5
2004-12-31 CVE-2004-2375 1ST Class Internet Solutions Remote Buffer Overflow vulnerability in 1ST Class Internet Solutions 1ST Class Mail Server 4.0

Buffer overflow in the POP3 server in 1st Class Mail Server 4.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an APOP USER command with a long second parameter (digest).

7.5
2004-12-31 CVE-2004-2373 AOL Unspecified vulnerability in AOL Instant Messenger

The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is created in a predictable location, which may allow remote attackers to use a shell: URI to exploit other vulnerabilities that involve predictable locations.

7.5
2004-12-31 CVE-2004-2370 Cerulean Studios Remote Security vulnerability in Cerulean Studios Trillian and Trillian PRO

Stack-based buffer overflow in Trillian 0.71 through 0.74f and Trillian Pro 1.0 through 2.01 allows remote attackers to execute arbitrary code via a Yahoo Messenger packet with a long key name.

7.5
2004-12-31 CVE-2004-2350 Phpbb Group SQL Injection vulnerability in PHPBB Search.PHP Search_Results Parameter

SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the search_results parameter.

7.5
2004-12-31 CVE-2004-2349 Tunez Remote SQL Injection vulnerability in Tunez

Multiple SQL injection vulnerabilities in Tunez before 1.20-pre2 allow remote attackers to execute arbitrary SQL queries.

7.5
2004-12-31 CVE-2004-2347 Leif M Wright Remote Command Execution vulnerability in Leif M. Wright web Blog 1.1/1.1.5

blog.cgi in Leif M.

7.5
2004-12-31 CVE-2004-2341 Isearch Remote Security vulnerability in iSearch

PHP file include injection vulnerability in isearch.inc.php for iSearch allows remote attackers to execute arbitrary code via the isearch_path parameter.

7.5
2004-12-31 CVE-2004-2340 Even Balance Remote SQL Injection vulnerability in PunkBuster Database

** UNVERIFIABLE ** SQL injection vulnerability in PunkBuster Screenshot Database (PB-DB) Alpha 6 allows remote attackers to execute arbitrary SQL commands via the username and password fields of the login form.

7.5
2004-12-31 CVE-2004-2338 Openbsd Unspecified vulnerability in Openbsd 3.3/3.4

OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64, which may allow remote attackers to bypass access restrictions.

7.5
2004-12-31 CVE-2004-2326 IP3 Networks SQL Injection vulnerability in IP3 Networks products

SQL injection vulnerability in IP3 Networks NetAccess Appliance before firmware 3.1.18b13 allows remote attackers to bypass authentication via the (1) login or (2) password.

7.5
2004-12-31 CVE-2004-2324 Dotnetnuke Multiple vulnerability in DotNetNuke

SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the (1) table and (2) field parameters in LinkClick.aspx.

7.5
2004-12-31 CVE-2004-2322 Phpwebsite SQL-Injection vulnerability in Phpwebsite

SQL injection vulnerability in the (1) announce and (2) notes modules of phpWebSite before 0.9.3-2 allows remote attackers to execute arbitrary SQL queries, as demonstrated using the ANN_id parameter to the announce module.

7.5
2004-12-31 CVE-2004-2314 Novell Remote Security vulnerability in Novell Ichain 2.1/2.2

The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b 2.2.116 does not have a password by default, which allows remote attackers to gain access.

7.5
2004-12-31 CVE-2004-2304 Cerulean Studios Remote Boundary Condition Error vulnerability in Cerulean Studios Trillian and Trillian PRO

Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.

7.5
2004-12-31 CVE-2004-2299 Omnicron Buffer Overflow vulnerability in Omnicron OmniHTTPD Get Request

Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote attackers to execute arbitrary code via an HTTP GET request with a long Range header.

7.5
2004-12-31 CVE-2004-2295 Francisco Burzi Input Validation vulnerability in PHP-Nuke

SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to execute arbitrary SQL commands via the order parameter.

7.5
2004-12-31 CVE-2004-2291 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script.

7.5
2004-12-31 CVE-2004-2290 Microsoft Microsoft Windows XP Explorer allows attackers to execute arbitrary code via a HTML and script in a self-executing folder that references an executable file within the folder, which is automatically executed when a user accesses the folder.
7.5
2004-12-31 CVE-2004-2286 Activestate
Larry Wall
Integer Overflow vulnerability in Multiple Perl Implementation Duplication Operator

Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow.

7.5
2004-12-31 CVE-2004-2271 Minishare Remote Buffer Overflow vulnerability in MiniShare Server

Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.

7.5
2004-12-31 CVE-2004-2266 Ansel Input Validation vulnerability in Ansel

SQL injection vulnerability in Ansel 2.1 and earlier allows remote attackers to modify SQL statements via the image parameter.

7.5
2004-12-31 CVE-2004-2263 Playsms SQL Injection vulnerability in Anton Raharja PlaySMS Valid Function

SQL injection vulnerability in the valid function in fr_left.php in PlaySMS 0.7 and earlier allows remote attackers to modify SQL statements via the vc2 cookie.

7.5
2004-12-31 CVE-2004-2254 Netwin Authentication Bypass vulnerability in SurgeLDAP Web Administration

SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter.

7.5
2004-12-31 CVE-2004-2250 Goosequill Remote Security vulnerability in Audienceconnect Remoteeditor

Unknown vulnerability in the "access code" in RemoteEditor before 0.1.6 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions.

7.5
2004-12-31 CVE-2004-2249 Goosequill Remote Security vulnerability in Audienceconnect Secureeditor

Unknown vulnerability in the "access code" in SecureEditor before 0.1.2 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions.

7.5
2004-12-31 CVE-2004-2243 Phorum Remote Security vulnerability in Phorum 4.3.7

Phorum allows remote attackers to hijack sessions of other users by stealing and replaying the session hash in the phorum_uriauth parameter, as demonstrated using profile.php.

7.5
2004-12-31 CVE-2004-2240 Phorum Cross-Site Scripting and SQL Injection vulnerability in Phorum 5.0.11

Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php.

7.5
2004-12-31 CVE-2004-2239 Inter7 Multiple vulnerability in Inter7 Vpopmail Vsybase.c

Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow attackers to cause a denial of service or execute arbitrary code.

7.5
2004-12-31 CVE-2004-2234 Moodle Unknown vulnerability in Moodle before 1.2 allows teachers to log in as administrators.
7.5
2004-12-31 CVE-2004-2221 Mercantec Buffer Overflow vulnerability in Mercantec Softcart 4.00B

Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows remote attackers to execute arbitrary code via a long parameter in an HTTP GET request.

7.5
2004-12-31 CVE-2004-2218 Phpmywebhosting SQL Injection vulnerability in PHPMyWebHosting

SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and earlier allows remote attackers to modify SQL statements via the password parameter.

7.5
2004-12-31 CVE-2004-2212 Alivesites Remote Input Validation vulnerability in Alivesites Forum 2.0

SQL injection vulnerability in forum.asp in AliveSites Forums 2.0 allows remote attackers to execute arbitrary SQL commands via the forum_id parameter.

7.5
2004-12-31 CVE-2004-2209 Ideal Science Remote Input Validation vulnerability in Ideal Science IdealBB

SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2004-12-31 CVE-2004-2206 Natterchat SQL Injection vulnerability in Natterchat 1.12

SQL injection vulnerability in NatterChat 1.12 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2004-12-31 CVE-2004-2203 Ansel Unspecified vulnerability in Ansel

Ansel 1.2 through 2.0 uses insecure default permissions, which allows remote attackers to gain access to web readable directories.

7.5
2004-12-31 CVE-2004-2202 Duware Remote vulnerability in Duware Duclassified 4.0/4.1/4.2

Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 through 4.2 allows remote attackers to bypass authentication and execute other commands on the server's underlying database via the (1) cat_id or (2) sub_id parameters in adDetail.asp, or (2) the password parameter in the login form.

7.5
2004-12-31 CVE-2004-2201 Duware Remote vulnerability in DUware Software

SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to execute arbitrary SQL commands via the FOR_ID parameter in messages.asp, (2) MSG_ID parameter in messageDetail.asp, or (3) password parameter in the login form.

7.5
2004-12-31 CVE-2004-2192 Turbotraffictrader Input Validation vulnerability in Turbotraffictrader PHP 1.0

SQL injection vulnerability in tttadmin/settings.php in Turbo Traffic Trader PHP 1.0 allows remote attackers to execute arbitrary SQL commands via the ttt_admin parameter.

7.5
2004-12-31 CVE-2004-2189 Dmxready Cross-Site Scripting And SQL Injection vulnerability in DMXReady Site Chassis Manager

SQL injection vulnerability in DMXReady Site Chassis Manager allows remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2004-12-31 CVE-2004-2186 Mediawiki Remote Input Validation vulnerability in Mediawiki 1.3.5

SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance.

7.5
2004-12-31 CVE-2004-2183 Wehelpbus Remote Command Execution vulnerability in Wehelpbus 0.1

Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to execute arbitrary shell commands via the query string.

7.5
2004-12-31 CVE-2004-2182 Macromedia Improper Authentication vulnerability in Macromedia Jrun 4.0/4.0Build61650

Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server.

7.5
2004-12-31 CVE-2004-2181 Wowbb Remote Input Validation vulnerability in WowBB Forum 1.61/1.65

Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remote attackers to execute arbitrary SQL commands via the (1) sort_by or (2) page parameters to view_user.php, or the (3) forum_id parameter to view_topic.php.

7.5
2004-12-31 CVE-2004-2178 Devoybb Remote Input Validation vulnerability in Devoybb web Forum 1.0

SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2004-12-31 CVE-2004-2175 ALL Enthusiast INC SQL Injection vulnerability in All Enthusiast ReviewPost PHP PRO 2.5/2.5.1

Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow remote attackers to execute arbitrary SQL commands via the (1) product parameter to showproduct.php or (2) cat parameter to showcat.php.

7.5
2004-12-31 CVE-2004-2173 Early Impact Multiple vulnerability in EarlyImpact ProductCart

SQL injection vulnerability in advSearch_h.asp in EarlyImpact ProductCart allows remote attackers to execute arbitrary SQL commands via the priceUntil parameter.

7.5
2004-12-31 CVE-2004-2172 Netsourcecommerce Inadequate Encryption Strength vulnerability in Netsourcecommerce Productcart

EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via a chosen plaintext attack.

7.5
2004-12-31 CVE-2004-2167 Latex2Rtf Remote Buffer Overflow vulnerability in Latex2Rtf 1.9.15

Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other versions, allow remote attackers to execute arbitrary code via (1) the expandmacro function, and possibly (2) Environments and (3) TranslateCommand.

7.5
2004-12-31 CVE-2004-2166 Canon Unspecified vulnerability in Canon Imagerunner 5000I and Imagerunner C3200

The print-from-email feature in the Canon ImageRUNNER (iR) 5000i and C3200 digital printer, when not using IP address range filtering, allows remote attackers to print arbitrary text without authentication via a text/plain email to TCP port 25.

7.5
2004-12-31 CVE-2004-2163 Openbsd Authentication Bypass vulnerability in Openbsd 3.2/3.4/3.5

login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies.

7.5
2004-12-31 CVE-2004-2161 Tutos Remote Input Validation vulnerability in Tutos 1.120040414

SQL injection vulnerability in file_overview.php in TUTOS 1.1 allows remote attackers to execute arbitrary SQL commands via the link_id parameter.

7.5
2004-12-31 CVE-2004-2158 S9Y Input Validation vulnerability in S9Y Serendipity 0.7Beta1

SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php.

7.5
2004-12-31 CVE-2004-2155 Online Bookmarks Authentication Bypass vulnerability in Online-Bookmarks

Online-bookmarks before 0.4.6 allows remote attackers to bypass its authentication mechanism via a direct request to (1) config/*, (2) bookmarks.php, (3) footer.php, (4) main.php, (5) tree.php, or (6) functions.php.

7.5
2004-12-31 CVE-2004-2145 PD9 Software SQL-Injection vulnerability in Megabbs 2/2.1

SQL injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows remote attackers to execute arbitrary SQL commands via the (1) sortdir or (2) criteria parameter to ladder-log.asp or the (3) memberid or (4) teamid parameter to view-profile.asp.

7.5
2004-12-31 CVE-2004-2143 Mambo SQL Injection vulnerability in ReMOSitory

SQL injection vulnerability in the ReMOSitory Server add-on module to Mambo Portal 4.5.1 (1.09) and earlier allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in the com_remository option.

7.5
2004-12-31 CVE-2004-2110 Phorum SQL-Injection vulnerability in Phorum

SQL injection vulnerability in register.php in Phorum before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the hide_email parameter.

7.5
2004-12-31 CVE-2004-2108 Quadcomm SQL Injection vulnerability in QuadComm Q-Shop

Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote attackers to execute arbitrary SQL commands via certain parameters to (1) search.asp, (2) browse.asp, (3) details.asp, (4) showcat.asp, (5) users.asp, (6) addtomylist.asp, (7) modline.asp, (8) cart.asp, or (9) newuser.asp.

7.5
2004-12-31 CVE-2004-2107 Finjan Software Unspecified vulnerability in Finjan Software Surfingate

Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not authenticate FHTTP commands on TCP port 3141, which allows remote attackers to use the finjan-parameter-type header to (1) restart the service, (2) use the getlastmsg command to view log information, or (3) use the online command to force a policy update from the database server.

7.5
2004-12-31 CVE-2004-2071 Macallan Authentication Bypass vulnerability in Macallan Mail Solution 2.8.4.6Build260

Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier versions, allows remote attackers to bypass authentication in the web interface via an HTTP GET request with two slashes ("//") after the server name.

7.5
2004-12-31 CVE-2004-2065 Daniel Barron Unspecified vulnerability in Daniel Barron Dansguardian

DansGuardian 2.8 and earlier allows remote attackers to bypass the extension filtering rule via a hex encoded extension or .

7.5
2004-12-31 CVE-2004-2062 Antiboard Input Validation vulnerability in AntiBoard

SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to execute arbitrary SQL via the (1) thread_id, (2) parent_id, or (3) mode parameters.

7.5
2004-12-31 CVE-2004-2057 Xlinesoft Multiple vulnerability in XLineSoft ASPRunner

SQL injection vulnerability in ASPRunner 2.4 allows remote attackers to execute arbitrary SQL statements.

7.5
2004-12-31 CVE-2004-2056 Nucleus Group SQL-Injection vulnerability in Nucleus Group Nucleus CMS 3.01

SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows remote attackers to execute arbitrary SQL statements via the itemid parameter.

7.5
2004-12-31 CVE-2004-2052 Esesix Remote Security vulnerability in Thintune

eSeSIX Thintune thin clients running firmware 2.4.38 and earlier accept any password that begins with the actual password, which makes it easier for users to conduct brute force password guessing.

7.5
2004-12-31 CVE-2004-2026 Apsis Remote Format String vulnerability in APSIS Pound

Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages.

7.5
2004-12-31 CVE-2004-2025 ZEN Cart SQL-Injection vulnerability in ZEN Cart ZEN Cart 1.1.3

SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 before patch 2 may allow remote attackers to execute arbitrary SQL commands via the products_id parameter.

7.5
2004-12-31 CVE-2004-2024 ZEN Cart Remote Security vulnerability in ZEN Cart ZEN Cart 1.1.4

The distribution of Zen Cart 1.1.4 before patch 2 includes certain debugging code in the Admin password retrieval functionality, which allows attackers to gain administrative privileges via password_forgotten.php.

7.5
2004-12-31 CVE-2004-2023 ZEN Cart SQL Injection vulnerability in ZEN Cart ZEN Cart 1.1.2D/1.1.4

SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 before patch 1, and possibly other versions allows remote attackers to execute arbitrary SQL via the (1) admin_name or (2) admin_pass parameters.

7.5
2004-12-31 CVE-2004-2018 Francisco Burzi Unspecified vulnerability in Francisco Burzi PHP-Nuke

PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x through 7.3 allows remote attackers to execute arbitrary PHP code by modifying the modpath parameter to reference a URL on a remote web server that contains the code.

7.5
2004-12-31 CVE-2004-2016 Netchat Remote Buffer Overflow vulnerability in NetChat Web Server

Stack-based buffer overflow in the HTTP server in NetChat 7.3 and earlier allows remote attackers to execute arbitrary code via a long GET request.

7.5
2004-12-31 CVE-2004-2010 Phpshop Remote PHP Script Execution vulnerability in PHPShop

PHP remote file inclusion vulnerability in index.php in phpShop 0.7.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the base_dir parameter to reference a URL on a remote web server that contains phpshop.cfg.

7.5
2004-12-31 CVE-2004-1966 Openbb Input Validation vulnerability in OpenBB

Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter in board.php, (2) sortorder, perpage, or id parameters in member.php, (3) forums parameter in search.php, or (4) PID or FID parameters in post.php.

7.5
2004-12-31 CVE-2004-1962 Protector System Unspecified vulnerability in Protector System Protector System 1.15B1

SQL injection vulnerability in index.php in Protector System 1.15b1 allows remote attackers to bypass SQL injection filters by using "/**/" sequences in the targeted fields.

7.5
2004-12-31 CVE-2004-1955 Phprofession Multiple vulnerability in PHProfession 2.5

SQL injection vulnerability in modules.php in phProfession 2.5 allows remote attackers to execute arbitrary SQL code via the offset parameter.

7.5
2004-12-31 CVE-2004-1949 Postnuke Software Foundation Module SQL Injection vulnerability in Postnuke Software Foundation Postnuke 0.726

SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module.

7.5
2004-12-31 CVE-2004-1914 Francisco Burzi
Shiba Design
Multiple vulnerability in NukeCalendar

SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to execute arbitrary SQL commands via the eid parameter.

7.5
2004-12-31 CVE-2004-1904 Panda Remote Heap Overflow vulnerability in Panda Activescan 5.0

Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to execute arbitrary code via the Internacional property followed by a long string.

7.5
2004-12-31 CVE-2004-1900 PAN Vision Remote Format String vulnerability in Pan Vision IGI-2 Covert Strike

Format string vulnerability in the logging function in IGI 2 Covert Strike server 1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in RCON commands.

7.5
2004-12-31 CVE-2004-1892 Emule Remote Buffer Overflow vulnerability in Emule 0.42D

Stack-based buffer overflow in DecodeBase16 function, as used in the (1) IRC module and (2) web server in eMule 0.42d, allows remote attackers to execute arbitrary code via a long string.

7.5
2004-12-31 CVE-2004-1888 Aborior Remote Arbitrary Command Execution vulnerability in Aborior Encore Web Forum

display.cgi in Aborior Encore WebForum allows remote to execute arbitrary commands via shell metacharacters in the file variable.

7.5
2004-12-31 CVE-2004-1881 Cactusoft SQL Injection vulnerability in Cactusoft Cactushop 5.0/5.1

SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp in CactuShop 5.x allows remote attackers to execute arbitrary SQL commands via the strItems parameter.

7.5
2004-12-31 CVE-2004-1841 MS Analysis SQL Injection vulnerability in MS Analysis Website Traffic Analyzer 2.0

SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL via the referer field in an HTTP request.

7.5
2004-12-31 CVE-2004-1836 Invision Power Services SQL Injection vulnerability in Invision Power Services Invision Power TOP Site List 1.0/1.1/1.1Rc2

SQL injection vulnerability in index.php in Invision Power Top Site List 1.1 RC 2 and earlier allows remote attackers to execute arbitrary SQL via the id parameter of the comments action.

7.5
2004-12-31 CVE-2004-1835 Invision Power Services SQL Injection vulnerability in Invision Power Services Invision Gallery 1.0.1

Multiple SQL injection vulnerabilities in index.php in Invision Gallery 1.0.1 allow remote attackers to execute arbitrary SQL via the (1) img, (2) cat, (3) sort_key, (4) order_key, (5) user, or (6) album parameters.

7.5
2004-12-31 CVE-2004-1813 Vocaltec Remote Authentication Bypass vulnerability in Vocaltec Vgw4 8 Telephony Gateway 8.0

VocalTec VGW4/8 Gateway 8.0 allows remote attackers to bypass authentication via an HTTP request to home.asp with a trailing slash (/).

7.5
2004-12-31 CVE-2004-1811 HP Unspecified vulnerability in HP SSL Http Server 5.0/5.92

The SSL HTTP Server in HP Web-enabled Management Software 5.0 through 5.92, with anonymous access enabled, allows remote attackers to compromise the trusted certificates by uploading their own certificates.

7.5
2004-12-31 CVE-2004-1806 Dogpatch Software SQL Injection vulnerability in Dogpatch Software Cfwebstore 5.0

SQL injection vulnerability in index.cfm in CFWebstore 5.0 allows remote attackers to execute SQL commands via the (1) category_id, (2) product_id, or (3) feature_id parameters.

7.5
2004-12-31 CVE-2004-1800 Sysbotz Authentication Bypass vulnerability in Sysbotz SimpleData

Unknown vulnerability in Sysbotz SimpleData 4.0.1 and possibly earlier versions allows remote attackers to gain access via a crafted URL and a certain cookie.

7.5
2004-12-31 CVE-2004-1799 Openbsd Unspecified vulnerability in Openbsd

PF in certain OpenBSD versions, when stateful filtering is enabled, does not limit packets for a session to the original interface, which allows remote attackers to bypass intended packet filters via spoofed packets to other interfaces.

7.5
2004-12-31 CVE-2004-1796 Hotnews PHP File Include vulnerability in HotNews

PHP remote file inclusion vulnerability in HotNews 0.7.2 and earlier allows remote attackers to execute arbitrary PHP code via the (1) config[header] parameter to hotnews-engine.inc.php3 or (2) config[incdir] parameter to hnmain.inc.php3.

7.5
2004-12-31 CVE-2004-1793 Yatsoft Remote Buffer Overflow vulnerability in YaSoft Switch Off

Stack-based buffer overflow in swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote authenticated users to execute arbitrary code via a long message parameter in a SendMsg action to action.htm.

7.5
2004-12-31 CVE-2004-1791 Edimax Remote Security vulnerability in Edimax Full Rate Adsl Router Ar6004

The web management interface in Edimax AR-6004 ADSL Routers uses a default administrator name and password, which also appear as the default login text for the management interface, which allows remote attackers to gain access.

7.5
2004-12-31 CVE-2004-1787 Postnuke Software Foundation SQL Injection vulnerability in Postnuke Software Foundation Postcalendar 4.0.0

SQL injection vulnerability in PostCalendar 4.0.0 allows remote attackers to execute arbitrary SQL commands via search queries.

7.5
2004-12-31 CVE-2004-1783 Net2Soft Remote Directory Traversal vulnerability in Net2Soft Flash FTP Server

Directory traversal vulnerability in Net2Soft Flash FTP Server 1.0 allows remote attackers to read and create arbitrary files via a /..

7.5
2004-12-31 CVE-2004-1782 David Maciejak Remote Command Execution vulnerability in Athena Web Registration

athenareg.php in Athena Web Registration allows remote attackers to execute arbitrary commands via shell metacharacters in the pass parameter.

7.5
2004-12-31 CVE-2004-1773 GNU Buffer Overflow vulnerability in GNU Sharutils 4.2/4.2.1

Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar.

7.5
2004-12-31 CVE-2004-1765 MOD Security Buffer Overflow vulnerability in MOD Security MOD Security 1.7.4

Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.

7.5
2004-12-31 CVE-2004-1762 F Secure Remote Security vulnerability in F-Secure Anti-Virus

Unknown vulnerability in F-Secure Anti-Virus (FSAV) 4.52 for Linux before Hotfix 3 allows the Sober.D worm to bypass FASV.

7.5
2004-12-31 CVE-2004-1755 BEA Privilege Escalation vulnerability in BEA WebLogic Server and Express SSL Client

The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after the first connection, which could allow users to gain privileges.

7.5
2004-12-31 CVE-2004-1734 Mantis Remote Server-Side Script Execution vulnerability in Mantis 0.19.0A

PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the (1) t_core_path parameter to bug_api.php or (2) t_core_dir parameter to relationship_api.php to reference a URL on a remote web server that contains the code.

7.5
2004-12-31 CVE-2004-1725 John Bradley Buffer Overflow and Integer Handling vulnerability in John Bradley XV 3.10A

Stack-based buffer overflow in xvbmp.c in XV allows remote attackers to execute arbitrary code via a crafted image file.

7.5
2004-12-31 CVE-2004-1666 Cerulean Studios Remote Buffer Overflow vulnerability in Cerulean Studios Trillian 0.74I

Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN servers to execute arbitrary code via a long string that ends in a newline character.

7.5
2004-12-31 CVE-2004-1592 Ocportal Remote File Include vulnerability in Ocportal 1.0.3

PHP remote file inclusion vulnerability in index.php in ocPortal 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the req_path parameter to reference a URL on a remote web server that contains a malicious funcs.php script.

7.5
2004-12-31 CVE-2004-1591 Micronet Remote Security vulnerability in Micronet Sp916Bm 1.9

The web interface for Micronet Wireless Broadband Router SP916BM running firmware before 1.9 08/04/2004 resets the password to the default password when the router is shut off, which could allow remote attackers to gain access.

7.5
2004-12-31 CVE-2004-1588 Gosmart Input Validation vulnerability in Go Smart Inc GoSmart Message Board

SQL injection vulnerability in GoSmart Message Board allows remote attackers to execute arbitrary SQL code via the (1) QuestionNumber and Category parameters to Forum.asp or (2) Username and Password parameter to Login_Exec.asp.

7.5
2004-12-31 CVE-2004-1580 Devellion SQL Injection vulnerability in Devellion Cubecart 2.0.1

SQL injection vulnerability in index.php in CubeCart 2.0.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

7.5
2004-12-31 CVE-2004-1574 Vypress Remote Buffer Overflow vulnerability in VyPRESS Messenger

Buffer overflow in Vypress Messenger 3.5.1 and earlier allows remote attackers to execute arbitrary code via a message with a long first field.

7.5
2004-12-31 CVE-2004-1570 Eaden Mckee SQL Injection vulnerability in Eaden Mckee Bblog 0.7.2/0.7.3

SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote attackers to execute arbitrary SQL commands via the p parameter.

7.5
2004-12-31 CVE-2004-1567 Silent Storm Input Validation vulnerability in Silent-Storm Portal

profile.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers to gain privileges by setting the mail parameter to 1, which is the value for an administrator.

7.5
2004-12-31 CVE-2004-1562 W Agora Remote Input Validation vulnerability in W-Agora 4.1.6A

SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows remote attackers to execute arbitrary SQL commands via the key parameter.

7.5
2004-12-31 CVE-2004-1561 Icecast Buffer Overflow vulnerability in Icecast Server HTTP Header

Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a large number of headers.

7.5
2004-12-31 CVE-2004-1558 Ypops Remote Buffer Overflow vulnerability in YahooPOPS!

Multiple stack-based buffer overflows in YPOPs! (aka YahooPOPS) 0.4 through 0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) POP3 USER command or (2) SMTP request.

7.5
2004-12-31 CVE-2004-1555 Broadboard Instant SQL Injection vulnerability in BroadBoard Message Board

Multiple SQL injection vulnerabilities in BroadBoard Instant ASP Message Board allow remote attackers to run arbitrary SQL commands via the (1) keywords parameter to search.asp, (2) handle parameter to profile.asp, (3) txtUserHandle parameter to reg2.asp or (4) txtUserEmail parameter to forgot.asp.

7.5
2004-12-31 CVE-2004-1554 Alexphpteam Remote PHP File Include vulnerability in Alexphpteam Alex Guestbook 3.12

PHP remote file inclusion vulnerability in livre_include.php in @lex Guestbook allows remote attackers to execute arbitrary PHP code by modifying the chem_absolu parameter to reference a URL on a remote web server that contains the code.

7.5
2004-12-31 CVE-2004-1553 Fullrevolution SQL Injection vulnerability in Fullrevolution Aspwebalbum 3.2

SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp.

7.5
2004-12-31 CVE-2004-1552 Full Revolution SQL Injection vulnerability in Full Revolution Aspwebcalendar 4.5

SQL injection vulnerability in aspWebCalendar allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the eventid parameter to calendar.asp.

7.5
2004-12-31 CVE-2004-1550 Motorola Remote Authentication Bypass vulnerability in Motorola Wr850G 4.0.3Firmware

Motorola Wireless Router WR850G running firmware 4.03 allows remote attackers to bypass authentication, log on as an administrator, and obtain sensitive information by repeatedly making an HTTP request for ver.asp until an administrator logs on.

7.5
2004-12-31 CVE-2004-1541 VAN Dyke Technologies Remote Command Execution vulnerability in Van Dyke SecureCRT

SecureCRT 4.0, 4.1, and possibly other versions, allows remote attackers to execute arbitrary commands via a telnet:// URL that uses the /F option to specify a configuration file on a samba share.

7.5
2004-12-31 CVE-2004-1538 Phpkit Input Validation vulnerability in PHPkit 1.6.02/1.6.03/1.6.1

SQL injection vulnerability in include.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2004-12-31 CVE-2004-1536 Ipbproarcade Remote SQL Injection vulnerability in IPBProArcade

SQL injection vulnerability in index.php in the ibProArcade module for Invision Power Board (IPB) 1.x and 2.x allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5
2004-12-31 CVE-2004-1535 Phpbb Group Remote Security vulnerability in phpBB

PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_path parameter to reference a URL on a remote web server that contains the code.

7.5
2004-12-31 CVE-2004-1532 Appserv Open Project Remote Insecure Default Password vulnerability in AppServ Open Project

AppServ 2.5.x and earlier installs a default username and password, which allows remote attackers to gain access.

7.5
2004-12-31 CVE-2004-1531 Invision Power Services SQL Injection vulnerability in Invision Power Board Index.PHP Post Action

SQL injection vulnerability in post.php in Invision Power Board (IPB) 2.0.0 through 2.0.2 allows remote attackers to execute arbitrary SQL commands via the qpid parameter.

7.5
2004-12-31 CVE-2004-1530 ROB Sutton Remote vulnerability in Event Calendar

SQL injection vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the (1) eid or (2) cid parameters.

7.5
2004-12-31 CVE-2004-1526 NEW Media Generation Remote Security vulnerability in NEW Media Generation Hired Team Trial 2.1/2.2

Hired Team: Trial 2.0 and earlier and 2.200 does not limit how game players can kick other players off the server, including the administrator.

7.5
2004-12-31 CVE-2004-1519 Benjamin Curtis SQL-Injection vulnerability in phpBugTracker

SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows remote attackers to execute arbitrary SQL commands via (1) the bug_id parameter in a viewvotes operation or (2) the project parameter in an add operation.

7.5
2004-12-31 CVE-2004-1517 Zonelabs Unspecified vulnerability in Zonelabs Imsecure 1.0.0.0/1.0.1.0/1.0.2.0

Zone Labs IMsecure and IMsecure Pro before 1.5 allow remote attackers to bypass Active Link Filtering via an instant message containing a URL with hex encoded file extensions.

7.5
2004-12-31 CVE-2004-1515 Jelsoft SQL-Injection vulnerability in vBulletin

SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php.

7.5
2004-12-31 CVE-2004-1510 Webcalendar Remote vulnerability in WebCalendar

WebCalendar allows remote attackers to gain privileges by modifying critical parameters to (1) view_entry.php or (2) upcoming.php.

7.5
2004-12-31 CVE-2004-1508 Webcalendar Remote vulnerability in WebCalendar

init.php in WebCalendar allows remote attackers to execute arbitrary local PHP scripts via the user_inc parameter.

7.5
2004-12-31 CVE-2004-1505 Salims Softhouse Directory Traversal vulnerability in Salims Softhouse JAF CMS 3.0

Directory traversal vulnerability in index.php in Just Another Flat file (JAF) CMS 3.0RC allows remote attackers to read arbitrary files and possibly execute PHP code via a ..

7.5
2004-12-31 CVE-2004-1498 Webhost Automation Input Validation vulnerability in WebHost Automation Helm Control Panel

SQL injection vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary SQL commands via the messageToUserAccNum parameter.

7.5
2004-12-31 CVE-2004-1485 GNU
Tftp
Remote Buffer Overflow vulnerability in InetUtils TFTP Client

Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote malicious DNS servers to execute arbitrary code via a large DNS response that is handled by the gethostbyname function.

7.5
2004-12-31 CVE-2004-1482 BNC Buffer Overflow vulnerability in BNC sbuf_getmsg()

The sbuf_getmsg function in BNC incorrectly handles backspace characters, which could allow remote attackers to bypass authentication and gain access to arbitrary scripts.

7.5
2004-12-31 CVE-2004-1480 HP Access Restriction Bypass vulnerability in HP StorageWorks Command View XP

Unknown vulnerability in the management station in HP StorageWorks Command View XP 1.8B and earlier allows remote attackers to bypass access restrictions.

7.5
2004-12-31 CVE-2004-1478 Hitachi
Macromedia
Remote vulnerability in Macromedia JRun

JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session.

7.5
2004-12-31 CVE-2004-1468 Usermin
Webmin
The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message.
7.5
2004-12-31 CVE-2004-1466 Gallery Project Remote Server-Side Script Execution vulnerability in Gallery Project Gallery 1.4.4

The set_time_limit function in Gallery before 1.4.4_p2 deletes non-image files in a temporary directory every 30 seconds after they have been uploaded using save_photos.php, which allows remote attackers to upload and execute execute arbitrary scripts before they are deleted, if the temporary directory is under the web root.

7.5
2004-12-31 CVE-2004-1462 Moinmoin Privilege Escalation vulnerability in MoinMoin

Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote attackers to gain unauthorized access to administrator functions such as (1) revert and (2) delete.

7.5
2004-12-31 CVE-2004-1461 Cisco Multiple vulnerability in Cisco products

Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address.

7.5
2004-12-31 CVE-2004-1460 Cisco Multiple vulnerability in Cisco products

Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote attackers to gain unauthorized access to AAA clients via a blank password.

7.5
2004-12-31 CVE-2004-1456 Cvstrac Remote Command Execution vulnerability in CVSTrac filediff

filediff in CVStrac allows remote attackers to execute arbitrary commands via shell metacharacters in rcsinfo.

7.5
2004-12-31 CVE-2004-1440 Putty Unspecified vulnerability in Putty

Multiple heap-based buffer overflows in the modpow function in PuTTY before 0.55 allow (1) remote attackers to execute arbitrary code via an SSH2 packet with a base argument that is larger than the mod argument, which causes the modpow function to write memory before the beginning of its buffer, and (2) remote malicious servers to cause a denial of service (client crash) and possibly execute arbitrary code via a large bignum during authentication.

7.5
2004-12-31 CVE-2004-1439 Sapporoworks Buffer Overflow vulnerability in Sapporoworks Black Jumbodog 3.6.1

Buffer overflow in BlackJumboDog 3.x allows remote attackers to execute arbitrary code via long FTP commands such as (1) USER, (2) PASS, (3) RETR,(4) CWD, (5) XMKD, and (6) XRMD.

7.5
2004-12-31 CVE-2004-1437 Pavuk Remote Digest Authentication Buffer Overflow vulnerability in Pavuk 0.928R1/0.928R2/0.9Pl28I

Multiple buffer overflows in the digest authentication functionality in Pavuk 0.9.28-r2 and earlier allow remote attackers to execute arbitrary code.

7.5
2004-12-31 CVE-2004-1436 Cisco Multiple vulnerability in Cisco ONS

The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 4.6(0) and 4.6(1) and 15454 and 15454 SDH 4.6(0) and 4.6(1), when a user account is configured with a blank password, allows remote attackers to gain unauthorized access by logging in with a password larger than 10 characters.

7.5
2004-12-31 CVE-2004-1430 Ipbproarcade Remote SQL Injection vulnerability in Ipbproarcade 2.5

SQL injection vulnerability in the show_stats module in Arcade.php in IbProArcade allows remote attackers to execute arbitrary SQL code via the gameid parameter.

7.5
2004-12-31 CVE-2004-1429 Argosoft Remote Security vulnerability in FTP Server

ArGoSoft FTP 1.4.2.4 and earlier does not limit the number of times that a bad password can be entered, which makes it easier for remote attackers to guess passwords via a brute force attack.

7.5
2004-12-31 CVE-2004-1427 Korweblog Remote File Include vulnerability in Korweblog 1.6.1/1.6.2Cvs

PHP remote file inclusion vulnerability in main.inc in KorWeblog 1.6.2-cvs and earlier allows remote attackers to execute arbitrary PHP code by modifying the G_PATH parameter to reference a URL on a remote web server that contains the code, as demonstrated in index.php when using ..

7.5
2004-12-31 CVE-2004-1423 PHP Calendar Code Injection vulnerability in PHP-Calendar

Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php.

7.5
2004-12-31 CVE-2004-1421 WHM Remote vulnerability in WHM Autopilot 2.4.5/2.4.6/2.4.6.5

Multiple PHP remote file inclusion vulnerabilities (1) step_one.php, (2) step_one_tables.php, (3) step_two_tables.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the server_inc parameter to reference a URL on a remote web server that contains the code.

7.5
2004-12-31 CVE-2004-1408 Singapore Remote vulnerability in Singapore Image Gallery

The addImage method for admin.class.php in Image Gallery Web Application 0.9.10 does not properly check filenames, which allows remote attackers to upload and execute arbitrary files.

7.5
2004-12-31 CVE-2004-1406 Ikonboard COM Remote SQL Injection vulnerability in Ikonboard

SQL injection vulnerability in ikonboard.cgi in Ikonboard 3.1.0 through 3.1.3 allows remote attackers to inject arbitrary SQL commands via the (1) st or (2) keywords parameter.

7.5
2004-12-31 CVE-2004-1405 Mediawiki Remote Arbitrary Script Upload vulnerability in MediaWiki

MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.

7.5
2004-12-31 CVE-2004-1404 Opentools Remote vulnerability in Opentools Attachment Mod

Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.

7.5
2004-12-31 CVE-2004-1403 SIR Remote File Include vulnerability in SIR GNUBoard

PHP remote file inclusion vulnerability in index.php in GNUBoard 3.39 and earlier allows remote attackers to execute arbitrary PHP code by modifying the doc parameter to reference a URL on a remote web server that contains the code.

7.5
2004-12-31 CVE-2004-1401 ASP Rider Remote SQL Injection vulnerability in ASP-Rider

SQL injection vulnerability in verify.asp in Asp-rider allows remote attackers to execute arbitrary SQL statements and bypass authentication via the username parameter.

7.5
2004-12-31 CVE-2004-1400 Active Server Corner Unspecified vulnerability in Active Server Corner ASP Calendar 1.0

The control panel in ASP Calendar does not require authentication to access, which allows remote attackers to gain unauthorized access via a direct request to main.asp.

7.5
2004-12-31 CVE-2004-1386 Tiki Improper Input Validation vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1

TikiWiki before 1.8.4.1 does not properly verify uploaded images, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2005-0200.

7.5
2004-12-31 CVE-2004-1383 Phpgroupware Cross-Site Scripting and SQL Injection vulnerability in PHPGroupWare

Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to execute arbitrary SQL statements via the (1) order, (2) project_id, (3) pro_main, or (4) hours_id parameters to index.php or (5) ticket_id to viewticket_details.php.

7.5
2004-12-31 CVE-2004-1332 HP Buffer Overflow vulnerability in HP HP-UX FTP Server Debug Logging Mode

Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute arbitrary code via a long command request.

7.5
2004-12-31 CVE-2004-1327 Crystal ART Software Remote Client-Side Buffer Overflow vulnerability in Crystal Art Crystal FTP

Buffer overflow in Crystal FTP Client 2.8 allows remote malicious servers to execute arbitrary code via a response to a LIST command that contains a file name with a long extension.

7.5
2004-12-31 CVE-2004-1182 Hylafax Unspecified vulnerability in Hylafax

hfaxd in HylaFAX before 4.2.1, when installed with a "weak" hosts.hfaxd file, allows remote attackers to authenticate and bypass intended access restrictions via a crafted (1) username or (2) hostname that satisfies a regular expression that is matched against a hosts.hfaxd entry without a password.

7.5
2004-12-31 CVE-2004-1173 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 6.0

Internet Explorer 6 allows remote attackers to bypass the popup blocker via the document object model (DOM) methods in the DHTML Dynamic HTML (DHTML) Editing Component (DEC) and Javascript that calls showModalDialog.

7.5
2004-12-31 CVE-2004-1166 Microsoft Code Injection vulnerability in Microsoft IE and Internet Explorer

CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.

7.5
2004-12-31 CVE-2004-1155 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.

7.5
2004-12-31 CVE-2004-1143 GNU Unspecified vulnerability in GNU Mailman

The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.

7.5
2004-12-31 CVE-2004-1104 Microsoft Unspecified vulnerability in Microsoft IE 6.0

Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty "href" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL.

7.5
2004-12-31 CVE-2004-0951 HP Unspecified vulnerability in HP Ignite-Ux C.6.2.241

The make_recovery command for the TFTP server in HP Ignite-UX before C.6.2.241 makes a copy of the password file in the TFTP directory tree, which allows remote attackers to obtain sensitive information.

7.5
2004-12-31 CVE-2004-0826 Mozilla
Netscape
SUN
HP
Remote Heap Overflow vulnerability in Mozilla Network Security Services Library

Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.

7.5
2004-12-31 CVE-2004-0817 Enlightenment
Imagemagick
SUN
Conectiva
Mandrakesoft
Redhat
Suse
Turbolinux
Ubuntu
BMP Image Decoding Buffer Overflow vulnerability in IMLib/IMLib2

Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.

7.5
2004-12-31 CVE-2004-0567 Microsoft Remote Buffer Overflow vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows NT

The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attackers to execute arbitrary code or cause a denial of service (server crash), which results in an "unchecked buffer" and possibly triggers a buffer overflow, aka the "Name Validation Vulnerability."

7.5
2004-12-31 CVE-2004-0561 University OF Minnesota Denial-Of-Service vulnerability in University of Minnesota Gopherd 3.0.3

Format string vulnerability in the log routine for gopher daemon (gopherd) 3.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code.

7.5
2004-12-31 CVE-2004-0560 University OF Minnesota Denial Of Service vulnerability in University of Minnesota Gopherd 3.0.3

Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted content of a certain size that triggers the overflow.

7.5
2004-12-31 CVE-2004-0555 GNU Unspecified vulnerability in GNU Queue

Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 may allow remote attackers to execute arbitrary code.

7.5
2004-12-31 CVE-2004-0390 SCO Unspecified vulnerability in SCO Openserver 5.0.5/5.0.6/5.0.7

SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style access control when users log in using scologin, which allows remote attackers to gain unauthorized access to an X session via other X login methods.

7.5
2004-12-31 CVE-2004-0369 Entrust
Symantec
Remote IPsec/ISAKMP Buffer Overflow vulnerability in Entrust LibKMP ISAKMP Library

Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote attackers to execute arbitrary code via a crafted ISAKMP payload.

7.5
2004-12-31 CVE-2004-0323 XMB Forum Unspecified vulnerability in XMB Forum XMB 1.8/1.8Sp1/1.8Sp2

Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the (1) ppp parameter in viewthread.php, (2) desc parameter in misc.php, (3) tpp parameter in forumdisplay.php, (4) ascdesc parameter in forumdisplay.php, or (5) the addon parameter in stats.php.

7.5
2004-12-27 CVE-2004-1317 Netcat Remote Security vulnerability in Netcat

Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, when running with the -e option, allows remote attackers to execute arbitrary code via a long DNS command.

7.5
2004-12-31 CVE-2004-2693 HP Permissions, Privileges, and Access Controls vulnerability in HP Hp-Ux 11.00/11.04/11.11

HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installed uses insecure directory permissions, which allows local users to gain privileges via files in /opt/gnome/src/GLib/.

7.2
2004-12-31 CVE-2004-2686 SUN Path Traversal vulnerability in SUN Solaris and Sunos

Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls.

7.2
2004-12-31 CVE-2004-2676 Webroot Software Local Security vulnerability in Webroot Software SPY Sweeper Enterprise 1.5.1Build3698

The Spy Sweeper Enterprise Client (SpySweeperTray.exe) in WebRoot Spy Sweeper before 2.0 does not drop privileges when using the help functionality, which allows local users to gain privileges.

7.2
2004-12-31 CVE-2004-2554 Novell Local Privilege Escalation vulnerability in Novell Client Firewall 2.0

Novell Client Firewall (NCF) 2.0, as based on the Agnitum Outpost Firewall, allows local users to execute arbitrary code with SYSTEM privileges by opening the NCF tray icon and using the Help functionality to launch programs with SYSTEM privileges.

7.2
2004-12-31 CVE-2004-2515 Vmware Local Format String vulnerability in VMWare Workstation 4.5.2Build8848

Format string vulnerability in VMware Workstation 4.5.2 build-8848, if running with elevated privileges, might allow local users to execute arbitrary code via format string specifiers in command line arguments.

7.2
2004-12-31 CVE-2004-2504 ALT N Local Privilege Escalation vulnerability in Alt-N MDaemon

The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, executes child processes such as NOTEPAD.EXE with SYSTEM privileges when users create new files, which allows local users with physical access to gain privileges.

7.2
2004-12-31 CVE-2004-2430 Trend Micro Local Privilege Escalation vulnerability in Trend Micro OfficeScan

Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detection pop-up window, which allows local users to gain SYSTEM privileges.

7.2
2004-12-31 CVE-2004-2409 Samhain Labs Local Heap Overflow vulnerability in Samhain Labs Samhain Database Update

Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 through 2.0.1, when running in update mode ("-t update"), might allow attackers to execute arbitrary code.

7.2
2004-12-31 CVE-2004-2396 Mandrakesoft passwd 0.68 does not check the return code for the pam_start function, which has unknown impact and attack vectors that may prevent "safe and proper operation" of PAM.
7.2
2004-12-31 CVE-2004-2372 Bochs Project Local Security vulnerability in Bochs

Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path.

7.2
2004-12-31 CVE-2004-2335 Macromedia Local Privilege Escalation vulnerability in Macromedia Contribute and Studio

The Macromedia installers and e-licensing client on Mac OS X, as used for Macromedia Contribute 2, Director, Dreamweaver, Fireworks, Flash, and Studio, install the AuthenticationService setuid and writable by other users, which allows local users to gain privileges by modifying the program.

7.2
2004-12-31 CVE-2004-2329 Kerio Local Privilege Escalation vulnerability in Kerio Personal Firewall 2.1.5

Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute arbitrary code with SYSTEM privileges via the Load button in the Firewall Configuration Files option, which does not drop privileges before opening the file loading dialog box.

7.2
2004-12-31 CVE-2004-2312 IBM Local Buffer Overflow vulnerability in IBM AIX 4.3.3

Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, allows local users to gain privileges via a long CC argument.

7.2
2004-12-31 CVE-2004-2300 UCD Snmp Local Buffer Overflow vulnerability in UCD-SNMPD Command Line Parsing

Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed setuid root, allows local users to execute arbitrary code via a long -p command line argument.

7.2
2004-12-31 CVE-2004-2270 IBM Unspecified vulnerability in IBM Parallel Environment 3.2/4.1

Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 allows attackers to execute arbitrary commands as root via unknown vectors in the sample code.

7.2
2004-12-31 CVE-2004-2269 Matt Shelton Local Security vulnerability in Passive Asset Detection System

Stack-based buffer overflow in pads.c in Passive Asset Detection System (Pads) might allow local users to execute arbitrary code via a long report file name argument.

7.2
2004-12-31 CVE-2004-2265 Uudeview Unspecified vulnerability in Uudeview 0.5.18/0.5.19

UUDeview 0.5.20 and earlier handles temporary files insecurely during decoding, with unknown attack vectors and impact.

7.2
2004-12-31 CVE-2004-2228 Mozilla Mozilla Firefox before 1.0 is installed with world-writable permissions on Mac OS X, which allows local users to gain privileges.
7.2
2004-12-31 CVE-2004-2205 Symantec Veritas Unspecified vulnerability in Symantec Veritas Cluster Server

Unknown vulnerability in Veritas Cluster Server 1.0.1 through 4.0 allows local users to gain root access via unspecified vectors.

7.2
2004-12-31 CVE-2004-2204 Macromedia Unspecified vulnerability in Macromedia Coldfusion 6.0/6.1

Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT.

7.2
2004-12-31 CVE-2004-2197 Kdocker Unspecified vulnerability in KDocker

kdocker.cpp in kdocker 0.1 through 0.8 does not properly check the ownership of files, which could allow local users to execute arbitrary programs.

7.2
2004-12-31 CVE-2004-2148 Slava Astashonok Local vulnerability in Slava Astashonok Fprobe

Unknown local vulnerability in the "change user" feature of Slava Astashonok Fprobe 1.0.5 and earlier has unknown impact and attack vectors.

7.2
2004-12-31 CVE-2004-2070 Altiris The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) allows local users to execute arbitrary commands by opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2005-1590.
7.2
2004-12-31 CVE-2004-2012 Niels
Vladimir Kotal
Netbsd
Privilege Escalation vulnerability in NetBSD/FreeBSD Port Systrace Exit Routine Access Validation

The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges.

7.2
2004-12-31 CVE-2004-1767 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Solaris and Sunos

The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules (LKM), possibly involving the modload function.

7.2
2004-12-31 CVE-2004-1573 AJ Fork
Cutephp
The documentation for AJ-Fork 167 implies that users should set permissions for users.db.php to 777, which allows local users to execute arbitrary PHP code and gain privileges as the administrator.
7.2
2004-12-31 CVE-2004-1469 Peter D Gray Unspecified vulnerability in Peter D. Gray SUS 2.0/2.0.1

Format string vulnerability in the log function in SUS 2.0.2, and other versions before 2.0.6, allows local users to execute arbitrary code via format string specifiers in a command line argument that is passed directly to syslog.

7.2
2004-12-31 CVE-2004-1452 Gentoo Unspecified vulnerability in Gentoo Linux

Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts.

7.2
2004-12-31 CVE-2004-1330 IBM Local Buffer Overflow vulnerability in IBM AIX PAGINIT

Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users to execute arbitrary code via a long username.

7.2
2004-12-31 CVE-2004-1328 HP Newgrp Local Privilege Escalation vulnerability in HP Hp-Ux 11.00/11.11/11.4

Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain elevated privileges.

7.2
2004-12-31 CVE-2004-1189 MIT Out-Of-Bounds Write vulnerability in MIT Kerberos 5

The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow authenticated users to execute arbitrary code via a heap-based buffer overflow.

7.2
2004-12-31 CVE-2004-1144 Linux Unspecified vulnerability in Linux Kernel 2.4.0

Unknown vulnerability in the 32bit emulation code in Linux 2.4 on AMD64 systems allows local users to gain privileges.

7.2
2004-12-31 CVE-2004-0984 GNU Local Security vulnerability in GNU Mailutils 0.5/0.6

Unknown vulnerability in the dotlock implementation in mailutils before 1:0.5-4 on Debian GNU/Linux allows attackers to gain privileges.

7.2
2004-12-31 CVE-2004-0821 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

The CFPlugIn in Core Foundation framework in Mac OS X allows user supplied libraries to be loaded, which could allow local users to gain privileges.

7.2
2004-12-31 CVE-2004-0806 Cdrtools Unspecified vulnerability in Cdrtools Cdrecord 1.11/2.0

cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges.

7.2
2004-12-31 CVE-2004-0780 SUN Local Buffer Overflow vulnerability in Sun Solaris UUSTAT

Buffer overflow in uustat in Sun Solaris 8 and 9 allows local users to execute arbitrary code via a long -S command line argument.

7.2
2004-12-31 CVE-2004-2724 Lionmax Software Improper Authentication vulnerability in Lionmax Software Chat Anywhere 2.72A

LionMax Software Chat Anywhere 2.72a allows remote attackers to cause a denial of service (server crash and client CPU consumption) via a username beginning with percent (%) followed by a null character.

7.1
2004-12-31 CVE-2004-2691 3Com Denial-Of-Service vulnerability in 3Com 3C17205-Us, 3C17210-Us and Superstack 3 Switch

Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface.

7.1
2004-12-31 CVE-2004-1471 CVS
Openpkg
SGI
Freebsd
Gentoo
Openbsd
Multiple vulnerability in CVS

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.

7.1

595 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-12-31 CVE-2004-2698 Imwheel Race Condition vulnerability in Imwheel

Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local users to cause a denial of service (IMWheel crash) and possibly modify arbitrary files via a symlink attack on the imwheel.pid file.

6.9
2004-12-31 CVE-2004-2697 IBM Race Condition vulnerability in IBM AIX 4.3.3/5.1/5.1L

The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file).

6.9
2004-12-31 CVE-2004-2541 Cscope Buffer Errors vulnerability in Cscope 15.5

Buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target.

6.9
2004-12-31 CVE-2004-2760 Openbsd Configuration vulnerability in Openbsd Openssh 3.5/3.5P1

sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190.

6.8
2004-12-31 CVE-2004-2751 Postnuke Software Foundation SQL Injection vulnerability in Postnuke Software Foundation Postnuke 0.722/0.723/0.726

SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter.

6.8
2004-12-31 CVE-2004-2719 Foxmail Buffer Errors vulnerability in Foxmail 5.0.300

Buffer overflow in the UrlToLocal function in PunyLib.dll of Foxmail 5.0.300 allows remote attackers to execute arbitrary code via a mail message with a long From field, a different issue than CVE-2005-0339.

6.8
2004-12-31 CVE-2004-2675 Argosoft Multiple vulnerability in ArGoSoft FTP Server

ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users to cause a denial of service (crash) via a SITE PASS command with a long password parameter, which causes the database to be corrupted.

6.8
2004-12-31 CVE-2004-2674 Argosoft Multiple vulnerability in ArGoSoft FTP Server

Directory traversal vulnerability in ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users to determine the existence of arbitrary files via ".." sequences in the SITE UNZIP argument.

6.8
2004-12-31 CVE-2004-2670 Endonesia Cross-Site Scripting vulnerability in Endonesia 8.3

Multiple cross-site scripting (XSS) vulnerabilities in mod.php in eNdonesia 8.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewcat operation or (2) the query parameter in a search operation in the publisher module.

6.8
2004-12-31 CVE-2004-2667 IBM Cross-Site Scripting vulnerability in Lotus Domino

Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before 6.0.4 and 6.5.x before 6.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

6.8
2004-12-31 CVE-2004-2602 Ubertec Remote vulnerability in Help Center Live

PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) before 1.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the HCL_path parameter to pipe.php.

6.8
2004-12-31 CVE-2004-2354 Francisco Burzi
Warpspeed
Cross-Site Scripting vulnerability in 4Nguestbook

SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 through 6.9 allows remote attackers to modify SQL statements via the entry parameter to modules.php, which can also facilitate cross-site scripting (XSS) attacks when MySQL errors are triggered.

6.8
2004-12-31 CVE-2004-2185 Mediawiki Remote Input Validation vulnerability in Mediawiki 1.3.5

Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page views, (3) SpecialIpblocklist, (4) SpecialEmailuser, (5) SpecialMaintenance, and (6) ImagePage.

6.8
2004-12-31 CVE-2004-2128 BRS Cross-Site Scripting vulnerability in BRS WebWeaver

Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows remote attackers to execute arbitrary script as other users via the query string to ISAPISkeleton.dll.

6.8
2004-12-31 CVE-2004-2115 Oracle Cross-Site Scripting vulnerability in Oracle Http Server 8.1.7/9.0.1/9.2.0

Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.

6.8
2004-12-31 CVE-2004-2109 Quadcomm Cross-Site Scripting vulnerability in QuadComm Q-Shop

Multiple cross-site scripting (XSS) vulnerabilities in (1) imagezoom.asp or (2) recommend.asp in Q-Shop allow remote attackers to execute arbitrary script and steal the user session ID via Javascript in a URL.

6.8
2004-12-31 CVE-2004-2072 Mambo Cross-Site Scripting vulnerability in Mambo Open Source 4.6

Cross-site scripting (XSS) vulnerability in index.php for Mambo Open Source 4.6, and possibly earlier versions, allows remote attackers to execute script on other clients via the Itemid parameter.

6.8
2004-12-31 CVE-2004-1419 Zeroboard Code Injection vulnerability in Zeroboard 4.1Pl2/4.1Pl3/4.1Pl4

PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) _zb_path parameter to outlogin.php or (2) dir parameter to write.php to reference a URL on a remote web server that contains the code.

6.8
2004-12-31 CVE-2004-2538 Nilesh Dosooye Unspecified vulnerability in Nilesh Dosooye PHPcodegenie

Direct static code injection vulnerability in the PCG simple application generation in phpCodeGenie before 3.0.2 allows remote authenticated users to execute arbitrary code via the (1) header or (2) footer.

6.5
2004-12-31 CVE-2004-2523 Openftpd Remote Message Format String vulnerability in Openftpd FTP Server 0.29.4/0.30/0.30.1

Format string vulnerability in the msg command (cat_message function in msg.c) in OpenFTPD 0.30.2 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in the message argument.

6.5
2004-12-31 CVE-2004-2345 Oracle Security vulnerability in Oracle9i Database Server

Unknown multiple vulnerabilities in Oracle9i Database Server 9.0.1.4, 9.0.1.5, 9.2.0.3, and 9.2.0.4 allow local users with the ability to invoke SQL to cause a denial of service or obtain sensitive information.

6.5
2004-12-31 CVE-2004-1995 Fusetalk Cross-Site Request Forgery (CSRF) vulnerability in Fusetalk 2.0

Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows remote attackers to create arbitrary accounts via a link to adduser.cfm.

6.5
2004-12-31 CVE-2004-2743 Raditha Dissanayake Permissions, Privileges, and Access Controls vulnerability in Raditha Dissanayake Mega Upload Progress BAR

upload.cgi in Mega Upload Progress Bar before 1.45 allows remote attackers to copy or overwrite arbitrary files via unspecified parameters related to names of uploaded files.

6.4
2004-12-31 CVE-2004-2642 Nathaniel Bray Unspecified vulnerability in Nathaniel Bray Yeemp

Yeemp 0.9.9 and earlier does not properly encrypt inbound files, which allows remote attackers to spoof the identity of the sender.

6.4
2004-12-31 CVE-2004-2637 Zonet Unspecified vulnerability in Zonet Zsr1104We Wireless Router Runtime Code 2.41

The NAT implementation in Zonet ZSR1104WE Wireless Router Runtime Code Version 2.41 converts IP addresses of inbound connections to the IP address of the router, which allows remote attackers to bypass intended security restrictions.

6.4
2004-12-31 CVE-2004-2601 Ubertec Remote Security vulnerability in Ubertec Help Center Live 1.2.6

PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) allows remote attackers to read local files and possibly execute PHP code via a URL in the SKIN_inner parameter to inc/skin.php.

6.4
2004-12-31 CVE-2004-2546 Samba
Trustix
Denial-Of-Service vulnerability in Samba

Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption).

6.4
2004-12-31 CVE-2004-2483 Kerio Remote vulnerability in Kerio WinRoute Firewall

Kerio WinRoute Firewall before 6.0.9 uses information from PTR queries in response to A queries, which allows remote attackers to poison the DNS cache or cause a denial of service (connection loss).

6.4
2004-12-31 CVE-2004-2405 F Secure Denial-Of-Service vulnerability in F-Secure Anti-Virus

Buffer overflow in multiple F-Secure Anti-Virus products, including F-Secure Anti-Virus 5.42 and earlier, allows remote attackers to bypass scanning or cause a denial of service (crash or module restart), depending on the product, via a malformed LHA archive.

6.4
2004-12-31 CVE-2004-2369 IBM Directory Traversal vulnerability in IBM Lotus Domino 6.5.1

Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 6.5.1 allows attackers to create and detect directories via a ..

6.4
2004-12-31 CVE-2004-2357 Proofpoint Remote Security vulnerability in Proofpoint Protection Server

The embedded MySQL 4.0 server for Proofpoint Protection Server does not require a password for the root user of MySQL, which allows remote attackers to read or modify the backend database.

6.4
2004-12-31 CVE-2004-2298 Novell Denial-Of-Service vulnerability in Internet Messaging System

Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the administrator does not change the credential by using the NMAP Credential Generator.

6.4
2004-12-31 CVE-2004-2274 W3C Remote URI Parsing vulnerability in W3C Jigsaw

Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and attack vectors, possibly related to the parsing of the URI.

6.4
2004-12-31 CVE-2004-2255 Phpmyfaq Unspecified vulnerability in PHPmyfaq 1.3.12

Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename.

6.4
2004-12-31 CVE-2004-2198 Duware Remote vulnerability in DUware Software

account.asp in DUware DUclassmate 1.0 through 1.1 allows remote attackers to change the passwords for arbitrary users by modifying the MM_recordId parameter on the "My Account" page.

6.4
2004-12-31 CVE-2004-2184 Digicraft Software Directory Traversal vulnerability in Yak! Chat Client FTP Server

Directory traversal vulnerability in Digicraft Yak! server 2.0 through 2.1.2 allows remote attackers to read or write arbitrary files via "../" or "..\" sequences in commands such as (1) dir or (2) put.

6.4
2004-12-31 CVE-2004-2160 Xmlstarlet Denial-Of-Service vulnerability in Xmlstarlet Command Line XML Toolkit 0.9.3

Format string vulnerability in xml_elem.c for XMLStarlet Command Line XML Toolkit 0.9.3 may allow attackers to cause a denial of service or execute arbitrary code.

6.4
2004-12-31 CVE-2004-1583 Tridcomm Directory Traversal vulnerability in TriDComm Built-in FTP Server

Directory traversal vulnerability in the FTP server in TriDComm 1.3 and earlier allows remote attackers to read or write arbitrary files via a ..

6.4
2004-12-31 CVE-2004-1557 Mywebserver Remote vulnerability in Mywebserver 1.0.3

MyWebServer 1.0.3 allows remote attackers to bypass authentication, modify configuration, and read arbitrary files via a direct HTTP request to (1) /admin or (2) ServerProperties.html.

6.4
2004-12-31 CVE-2004-0952 HP Unspecified vulnerability in HP Hp-Ux

HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the add_new_client command, causes the TFTP server to set world-writable permissions on part of the directory tree, which allows remote attackers to modify data or cause disk consumption.

6.4
2004-12-31 CVE-2004-2634 IBM Console Commands Symbolic Link vulnerability in Multiple IBM AIX

The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM AIX 5.1 and 5.2 allow local users to overwrite arbitrary files via a symlink attack on temporary files via unknown attack vectors.

6.2
2004-12-31 CVE-2004-2714 Windowmaker USE of Externally-Controlled Format String vulnerability in Windowmaker

Unspecified vulnerability in Window Maker 0.80.2 and earlier allows attackers to perform unknown actions via format string specifiers in a font specification in WMGLOBAL, probably a format string vulnerability.

6.0
2004-12-31 CVE-2004-2553 THE Ignition Project Privilege Escalation vulnerability in the Ignition Project Ignitionserver 0.1.2/0.1.2R1/0.1.2R2

The Ignition Project ignitionServer 0.1.2 through 0.1.2-R2 allows remote authenticated users with local IRC operator privileges to obtain global IRC operator privileges by using the unofficial umode command with the +ORD argument.

6.0
2004-12-31 CVE-2004-1389 Veritas Privilege Escalation vulnerability in Veritas NetBackup

Unknown vulnerability in the Veritas NetBackup Administrative Assistant interface for NetBackup BusinesServer 3.4, 3.4.1, and 4.5, DataCenter 3.4, 3.4.1, and 4.5, Enterprise Server 5.1, and NetBackup Server 5.0 and 5.1, allows attackers to execute arbitrary commands via the bpjava-susvc process, possibly related to the call-back feature.

6.0
2004-12-31 CVE-2004-1464 Cisco Unspecified vulnerability in Cisco IOS

Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.

5.9
2004-12-31 CVE-2004-2733 Webwiz Permissions, Privileges, and Access Controls vulnerability in Webwiz web WIZ Forums 7.7

Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers to (1) block arbitrary IP addresses via pop_up_ip_blocking.asp or (2) modify topics via pop_up_topic_admin.asp.

5.8
2004-12-31 CVE-2004-2694 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Outlook Express 6.0

Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top".

5.8
2004-12-31 CVE-2004-2682 Peersec Networks Cross-Site Scripting vulnerability in MatrixSSL

PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which allows context-dependent attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal), a related issue to CVE-2003-0147.

5.8
2004-12-31 CVE-2004-2649 Eudora Improper Input Validation vulnerability in Eudora 6.1.0.6

Eudora 6.1.0.6 allows remote attackers to obfuscate URLs displayed in the status bar by inserting a large number of characters (e.g.

5.8
2004-12-31 CVE-2004-2580 Novell Remote vulnerability in Novell Ichain 2.3

Cross-site scripting (XSS) vulnerability in Novell iChain 2.3 allows remote attackers to obtain login credentials via unspecified vectors.

5.8
2004-12-31 CVE-2004-2563 Serena Software Remote Authentication Bypass vulnerability in Serena Software Serena Teamtrack 6.1.1

Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive information such as user names, versions, and database information, and conduct cross-site scripting (XSS) attacks, via a direct request to tmtrack.dll with modified LoginPage and Template parameters.

5.8
2004-12-31 CVE-2004-2320 BEA Information Exposure vulnerability in BEA Weblogic Server

The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.

5.8
2004-12-31 CVE-2004-2753 HP Local Insecure File Access vulnerability in HP SharedX

Unspecified vulnerability in SharedX in HP-UX B.11.00, B.11.11, and B.11.22 allows local users to access unspecified files or cause a denial of service via unknown vectors related to handling of "files in a potentially insecure manner."

5.6
2004-12-31 CVE-2004-2696 BEA Credentials Management vulnerability in BEA Weblogic Server

BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call.

5.5
2004-12-31 CVE-2004-2331 Macromedia Unsafe Reflection vulnerability in Macromedia Coldfusion 6.1

ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.

5.5
2004-12-31 CVE-2004-1901 Gentoo Link Following vulnerability in Gentoo Linux and Portage

Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.

5.5
2004-12-31 CVE-2004-2655 Xscreensaver Local Password Disclosure vulnerability in Xscreensaver 4.14/4.16/4.17

rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen.

5.4
2004-12-31 CVE-2004-2527 Microsoft The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running.
5.4
2004-12-31 CVE-2004-2678 HP IPsec/IKE Remote Privilege Escalation vulnerability in HP Tru64 5.1A/5.1Bp3Kbl24/5.1Bpk2Bl22

Unspecified vulnerability in HP Tru64 UNIX 5.1B PK2(BL22) and PK3(BL24), and 5.1A PK6(BL24), when using IPsec/IKE (Internet Key Exchange) with Certificates, allows remote attackers to gain privileges via unknown attack vectors.

5.1
2004-12-31 CVE-2004-2633 Arjohn Kampman Unspecified vulnerability in Arjohn Kampman Sesame RDF Container

Unspecified vulnerability in Sesamie 1.0 allows remote anonymous attackers to gain access to repositories of other users via unknown vectors.

5.1
2004-12-31 CVE-2004-2625 Outblaze HTML Injection vulnerability in Outblaze Webmail

Cross-site scripting (XSS) vulnerability in Outblaze Email allows remote attackers to inject arbitrary web script or HTML via Javascript in an attribute of an IMG tag.

5.1
2004-12-31 CVE-2004-2383 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus.

5.1
2004-12-31 CVE-2004-2099 Electronic Arts Remote Buffer Overflow vulnerability in EA Black Box Need For Speed Hot Pursuit 2 Game Client

Buffer overflow in Need for Speed Hot Pursuit 2.0 client (NFSHP2), version 242 and earlier, allows remote attackers (servers) to execute arbitrary code via long (1) gamename, (2) gamever, (3) hostname, (4) gametype, (5) mapname or (6) gamemode commands.

5.1
2004-12-31 CVE-2004-1798 Realnetworks Unspecified vulnerability in Realnetworks products

RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726.

5.1
2004-12-31 CVE-2004-1481 Realnetworks Unspecified vulnerability in Realnetworks Helix Player, Realone Player and Realplayer

Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow.

5.1
2004-12-31 CVE-2004-1476 Xine
Suse
Stack Overflow vulnerability in Xine-lib VideoCD And Text Subtitle

Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label.

5.1
2004-12-31 CVE-2004-1475 Xine Stack Overflow vulnerability in Xine-lib VideoCD And Text Subtitle

Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines.

5.1
2004-12-31 CVE-2004-1455 Xine Remote Buffer Overflow vulnerability in Xine-Lib

Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier allows remote attackers to execute arbitrary code via crafted playlists that result in a long vcd:// URL.

5.1
2004-12-31 CVE-2004-1416 pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as used in Internet Explorer, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embed tag.
5.1
2004-12-31 CVE-2004-1306 Microsoft Heap Overflow vulnerability in Microsoft Windows winhlp32 Phrase

Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a crafted .hlp file.

5.1
2004-12-31 CVE-2004-1150 Nullsoft Remote Buffer Overflow vulnerability in Nullsoft Winamp Variant

Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file.

5.1
2004-12-31 CVE-2004-1049 Microsoft Integer Overflow vulnerability in Microsoft Windows LoadImage API Function

Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability."

5.1
2004-12-31 CVE-2004-0909 Mozilla Unspecified vulnerability in Mozilla and Thunderbird

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages.

5.1
2004-12-31 CVE-2004-0802 Enlightenment
Imagemagick
SUN
Conectiva
Mandrakesoft
Redhat
Suse
Turbolinux
Ubuntu
BMP Image Decoding Buffer Overflow vulnerability in IMLib/IMLib2

Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.

5.1
2004-12-31 CVE-2004-2750 Jbrowser Path Traversal vulnerability in Jbrowser 1.0/2.0/2.1

Directory traversal vulnerability in browser.php in JBrowser 1.0 through 2.1 allows remote attackers to read arbitrary files via the directory parameter.

5.0
2004-12-31 CVE-2004-2744 Phplist Remote Security vulnerability in Mailing List Manager

Unspecified vulnerability in Tincan Limited PHPlist before 2.8.12 has unknown impact and attack vectors, related to a "security update release."

5.0
2004-12-31 CVE-2004-2736 Polar Software Improper Authentication vulnerability in Polar Software Helpdesk 3.0

Polar HelpDesk 3.0 allows remote attackers to bypass authentication by setting the UserId and UserType values in a cookie.

5.0
2004-12-31 CVE-2004-2726 Mailenable Denial-Of-Service vulnerability in Mailenable 1.18

HTTPMail service in MailEnable Professional 1.18 does not properly handle arguments to the Authorization header, which allows remote attackers to cause a denial of service (null dereference and application crash).

5.0
2004-12-31 CVE-2004-2712 Phrozensmoke Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Phrozensmoke Gyach Enhanced

Buffer overflow in Gyach Enhanced (Gyach-E) before 1.0.0-SneakPeek-3 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to "URL data."

5.0
2004-12-31 CVE-2004-2708 Phrozensmoke Credentials Management vulnerability in Phrozensmoke Gyach Enhanced

Gyach Enhanced (Gyach-E) before 1.0.0 stores passwords in plaintext, which allows attackers to obtain user passwords by reading the configuration file.

5.0
2004-12-31 CVE-2004-2706 Phrozensmoke Improper Input Validation vulnerability in Phrozensmoke Gyach Enhanced

Unspecified vulnerability in Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service (crash) via conference packets with error messages.

5.0
2004-12-31 CVE-2004-2671 Endonesia Path Disclosure vulnerability in Endonesia 8.3

mod.php in eNdonesia 8.3 allows remote attackers to obtain sensitive information via certain direct requests, and certain requests with invalid parameter values, which reveal the path in various error messages, as demonstrated by the (1) mod and (2) cid parameters.

5.0
2004-12-31 CVE-2004-2666 Mantis Information Disclosure vulnerability in Mantis

Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page.

5.0
2004-12-31 CVE-2004-2664 John LIM Information Disclosure vulnerability in Adodb

John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODB_DIR, which reveals the installation path in an error message.

5.0
2004-12-31 CVE-2004-2662 Soft3304 Denial-Of-Service vulnerability in Soft3304 04Webserver 1.41

Soft3304 04WebServer before 1.41 allows remote attackers to cause a denial of service (resource consumption or crash) via certain data related to OpenSSL, which causes a thread to terminate but continue to hold resources.

5.0
2004-12-31 CVE-2004-2661 Soft3304 Information Disclosure vulnerability in Soft3304 04Webserver 1.40

Soft3304 04WebServer before 1.41 does not properly check file names, which allows remote attackers to obtain sensitive information (CGI source code).

5.0
2004-12-31 CVE-2004-2654 Squid Denial-Of-Service vulnerability in Squid 2.5Stable5

The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference.

5.0
2004-12-31 CVE-2004-2647 Reid Garner Denial Of Service vulnerability in Multiple Free Web Chat

Free Web Chat 2.0 allows remote attackers to cause a denial of service (CPU consumption) via multiple connections from the same user.

5.0
2004-12-31 CVE-2004-2646 Reid Garner Denial Of Service vulnerability in Multiple Free Web Chat

The addUser function in UserManager.java in Free Web Chat 2.0 allows remote attackers to cause a denial of service (uncaught NullPointerException) via unknown attack vectors that cause the usrName variable to be null.

5.0
2004-12-31 CVE-2004-2641 SUN Remote TOS IP Packet Denial Of Service vulnerability in Sun Fire/Netra

Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire V1280, and Netra 1280 allows remote attackers to cause a denial of service (system controller hang) via IP Packets With Type of Service (TOS) Bits set.

5.0
2004-12-31 CVE-2004-2640 Ryszard Pydo Remote Directory Traversal vulnerability in LinuxStat

Directory traversal vulnerability in lstat.cgi in LinuxStat before 2.3.1 allows remote attackers to read arbitrary files via (1) ..

5.0
2004-12-31 CVE-2004-2636 RIT Research Labs TinyWeb 1.9 allows remote attackers to read source code of scripts via "/./" in the URL.
5.0
2004-12-31 CVE-2004-2628 Acme Labs Directory Traversal vulnerability in Acme Labs Thttpd 2.0.7Beta0.4

Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence ("%5C..") or (2) a drive letter (such as "C:").

5.0
2004-12-31 CVE-2004-2620 Paul L Daniels Remote Security vulnerability in Paul L Daniels Ripmime 1.3.1.0

The MIMEH_read_headers function in ripMIME 1.3.1.0 does not properly handle trailing "\r" and "\n" characters in headers, which leads to a buffer underflow.

5.0
2004-12-31 CVE-2004-2617 Pegasi WEB Server Input Validation vulnerability in Pegasi web Server Pegasi web Server 0.2.2

Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to read files outside of the web root via a ..

5.0
2004-12-31 CVE-2004-2608 Smartwebby Permissions, Privileges, and Access Controls vulnerability in Smartwebby Smart Guest Book 2

SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the "news database") under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the unencrypted username and password of the administrator's account.

5.0
2004-12-31 CVE-2004-2600 Intel
HP
The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and Platforms is shipped with an Authentication Type Enables parameter set to an invalid None parameter, which allows remote attackers to obtain sensitive information when LAN management functionality is enabled.
5.0
2004-12-31 CVE-2004-2598 ID Software Remote vulnerability in ID Software Quake II Server

Quake II server before R1Q2, as used in multiple products, allows remote attackers to corrupt the server's client state data structure by exiting a session without a valid disconnect command, then reconnecting, which prevents a mod from being notified of changes in the client state.

5.0
2004-12-31 CVE-2004-2597 ID Software Remote vulnerability in ID Software Quake II Server 3.20/3.21

Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an "ip" key/value pair but is also long enough to cause a new key/value pair to be truncated, which interferes with the server's ability to find the client's IP address.

5.0
2004-12-31 CVE-2004-2596 ID Software Improper Input Validation vulnerability in ID Software Quake II Server 3.20/3.21

Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (exhaustion of connection slots) via a large number of connections from the same IP address.

5.0
2004-12-31 CVE-2004-2595 ID Software Remote vulnerability in ID Software Quake II Server

Absolute path traversal vulnerability in Quake II server before R1Q2 on Linux, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a download command with a full pathname for a directory in the argument, which causes the server to crash when it cannot read data.

5.0
2004-12-31 CVE-2004-2594 ID Software Remote vulnerability in ID Software Quake II Server

Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a "\/" in a pathname argument, as demonstrated by "download \/server.cfg".

5.0
2004-12-31 CVE-2004-2592 ID Software Improper Input Validation vulnerability in ID Software Quake II Server 3.20/3.21

Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a modified client that asks the server to send data stored at a negative array offset, which is not handled when processing Configstrings and Baselines.

5.0
2004-12-31 CVE-2004-2589 ROB Flynn Multiple vulnerability in Gaim

Gaim before 0.82 allows remote servers to cause a denial of service (application crash) via a long HTTP Content-Length header, which causes Gaim to abort when attempting to allocate memory.

5.0
2004-12-31 CVE-2004-2588 XMB Software Unspecified vulnerability in XMB Software XMB Forum 1.9Nexusbeta

Intentional information leak in phpinfo.php in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allows remote attackers to obtain sensitive information such as the configuration of the web server and the PHP application.

5.0
2004-12-31 CVE-2004-2587 Smartertools Denial-Of-Service vulnerability in Smartertools Smartermail 1.6.1511/1.6.1529

login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service via a long txtusername parameter, possibly due to a buffer overflow.

5.0
2004-12-31 CVE-2004-2586 Smartertools Directory Traversal vulnerability in Smartertools Smartermail 1.6.1511/1.6.1529

Directory traversal vulnerability in frmGetAttachment.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to read arbitrary files via the filename parameter.

5.0
2004-12-31 CVE-2004-2582 Novell Remote vulnerability in Novell Ichain 2.3

Novell iChain 2.3 includes the build number in the VIA line of the proxy server's HTTP headers, which allows remote attackers to obtain sensitive information.

5.0
2004-12-31 CVE-2004-2581 Novell Remote vulnerability in Novell Ichain 2.3

Novell iChain 2.3 allows attackers to cause a denial of service via a URL with a "specific string."

5.0
2004-12-31 CVE-2004-2578 Phpgroupware Information Disclosure vulnerability in PHPGroupWare Plaintext Cookie Authentication Credentials

phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords.

5.0
2004-12-31 CVE-2004-2577 Phpgroupware Unspecified vulnerability in PHPgroupware 0.9.16Rc1/0.9.16Rc2

The acl_check function in phpGroupWare 0.9.16RC2 always returns True, even when mkdir does not behave as expected, which could allow remote attackers to obtain sensitive information via WebDAV from users' home directories that lack .htaccess files, and possibly has other unknown impacts.

5.0
2004-12-31 CVE-2004-2576 Phpgroupware Information Disclosure vulnerability in PHPgroupware 0.9.16.000

class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create .htaccess files to enable authorization checks for access to users' home-directory files, which allows remote attackers to obtain sensitive information from these files.

5.0
2004-12-31 CVE-2004-2575 Phpgroupware Information Disclosure vulnerability in Phpgroupware

phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain sensitive information via a direct request to (1) hook_admin.inc.php, (2) hook_home.inc.php, (3) class.holidaycalc.inc.php, and (4) setup.inc.php.sample, which reveals the path in an error message.

5.0
2004-12-31 CVE-2004-2572 Amax Information Technologies Remote Installation Path Disclosure vulnerability in Amax Information Technologies Magic Winmail Server 3.6

AMAX Magic Winmail Server 3.6 allows remote attackers to obtain sensitive information by entering (1) invalid characters such as "()" or (2) a large number of characters in the Lookup field on the netaddressbook.php web form, which reveals the path in an ldaplib.php error message when the ldap_search function fails, due to improper processing of the $keyword variable.

5.0
2004-12-31 CVE-2004-2570 Opera Injection vulnerability in Opera Browser

Opera before 7.54 allows remote attackers to modify properties and methods of the location object and execute Javascript to read arbitrary files from the client's local filesystem or display a false URL to the user.

5.0
2004-12-31 CVE-2004-2565 Sambar Multiple vulnerability in Sambar Server 6.1

Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, when the administrative IP address restrictions have been modified from the default, allow remote authenticated users to read arbitrary files via (1) a "..\" (dot dot backslash) in the file parameter to showini.asp, or (2) an absolute path with drive letter in the log parameter to showlog.asp.

5.0
2004-12-31 CVE-2004-2557 Netgear Unspecified vulnerability in Netgear Wg602 1.7.14

NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superman" and password "21241036", which allows remote attackers to modify the configuration.

5.0
2004-12-31 CVE-2004-2556 Netgear Unspecified vulnerability in Netgear Wg602 1.04.0/1.5.67

NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67 has a hardcoded account of username "super" and password "5777364", which allows remote attackers to modify the configuration.

5.0
2004-12-31 CVE-2004-2549 Nortel Denial Of Service vulnerability in Nortel products

Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 allow remote attackers to cause a denial of service (service crash) via a TCP request with a large string, followed by 8 newline characters, to (1) the Telnet service on TCP port 23 and (2) the HTTP service on TCP port 80, possibly due to a buffer overflow.

5.0
2004-12-31 CVE-2004-2545 Securecomputing Denial-Of-Service vulnerability in Securecomputing Sidewinder G2 6.1.0.01

Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (SMTP proxy failure) via unknown attack vendors involving an "extremely busy network." NOTE: this might not be a vulnerability because the embedded monitoring sub-system automatically restarts after the failure.

5.0
2004-12-31 CVE-2004-2543 Securecomputing Denial-Of-Service vulnerability in Securecomputing Sidewinder G2 6.1.0.01

Secure Computing Corporation Sidewinder G2 6.1.0.01 might allow remote attackers to cause a denial of service (proxy failure) via invalid traffic to the (1) T.120 or (2) RTSP proxy, or (3) invalid MIME messages to the mail filter.

5.0
2004-12-31 CVE-2004-2540 SUN Denial-Of-Service vulnerability in SUN JDK and JRE

readObject in (1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.0 through 1.4.2_05 allows remote attackers to cause a denial of service (JVM unresponsive) via crafted serialized data.

5.0
2004-12-31 CVE-2004-2535 Matthew Phillips Unspecified vulnerability in Matthew Phillips Sticker 3.0.0

The person-to-person secure messaging feature in Sticker before 3.1.0 beta 2 allows remote attackers to post messages to unauthorized private groups by using the group's public encryption key.

5.0
2004-12-31 CVE-2004-2533 Solarwinds Improper Input Validation vulnerability in Solarwinds Serv-U File Server 4.1.0.0

Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause a denial of service (application crash) via a SITE CHMOD command with a "\\...\" followed by a short string, causing partial memory corruption, a different vulnerability than CVE-2004-2111.

5.0
2004-12-31 CVE-2004-2529 Gadu Gadu Remote vulnerability in Gadu-Gadu

Gadu-Gadu allows remote attackers to bypass the "image send" option by sending a very small image file, which could be used in conjunction with image-related vulnerabilities.

5.0
2004-12-31 CVE-2004-2526 IBM Directory Traversal vulnerability in IBM Tivoli Directory Server LDACGI

Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Directory Server 4.1 and earlier allows remote attackers to view arbitrary files via a ..

5.0
2004-12-31 CVE-2004-2524 WHM Autopilot Information Disclosure vulnerability in WHM Autopilot WHM Autopilot 2.4.5

clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier allows remote attackers to obtain plaintext username and password credentials by using the clogin_e and base64_encode functions to encode the desired user ID in the c parameter, then read the plaintext values in the resulting form.

5.0
2004-12-31 CVE-2004-2517 Myserver Denial-Of-Service vulnerability in Myserver 0.7.1

myServer 0.7.1 allows remote attackers to cause a denial of service (crash) via a long HTTP POST request in a View=Logon operation to index.html.

5.0
2004-12-31 CVE-2004-2516 Myserver Directory Traversal vulnerability in MyServer

Directory traversal vulnerability in myServer 0.7 allows remote attackers to list arbitrary directories via an HTTP GET command with a large number of "./" sequences followed by "../" sequences.

5.0
2004-12-31 CVE-2004-2507 Linksys Unspecified vulnerability in Linksys Wvc11B 2.10

Absolute path traversal vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to read arbitrary files via an absolute pathname in the next_file parameter.

5.0
2004-12-31 CVE-2004-2506 Wikindx Information Disclosure vulnerability in Wikindx

Unparsed web content delivery vulnerability in WIKINDX before 0.9.9g allows remote attackers to obtain sensitive information via a direct HTTP request to the config.inc file.

5.0
2004-12-31 CVE-2004-2505 Macromedia Denial Of Service vulnerability in Macromedia ColdFusion MX Oversized Error Message

Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data.

5.0
2004-12-31 CVE-2004-2503 Inweb Remote Denial Of Service vulnerability in Inweb Mail Server 2.40

INweb Mail Server 2.40 allows remote attackers to cause a denial of service (crash) via a large number of connect/disconnect actions to the (1) POP3 and (2) SMTP services.

5.0
2004-12-31 CVE-2004-2498 Hitachi Cross-Site Scripting and Information Disclosure vulnerability in Hitachi Web Page Generator

Unspecified vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to determine internal directory structures via unknown attack vectors.

5.0
2004-12-31 CVE-2004-2485 PHP Live Remote Configuration File Include vulnerability in PHP Live!

Unspecified vulnerability in PHP Live! before 2.8.2, due to a "major security problem," allows remote attackers to include arbitrary files and directories via unspecified attack vectors.

5.0
2004-12-31 CVE-2004-2482 Microsoft Unspecified vulnerability in Microsoft Outlook 2000/2003

Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code.

5.0
2004-12-31 CVE-2004-2480 National Science Foundation Unspecified vulnerability in National Science Foundation Squid web Proxy Cache 2.3Stable5

Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass security controls and access arbitrary websites via "@@" sequences in a URL within Internet Explorer.

5.0
2004-12-31 CVE-2004-2479 National Science Foundation Information Disclosure vulnerability in Squid Proxy Failed DNS Lookup Random Error Messages

Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive information via URLs containing invalid hostnames that cause DNS operations to fail, which results in references to previously used error messages.

5.0
2004-12-31 CVE-2004-2472 Agnitum Remote Denial of Service vulnerability in Agnitum Outpost Firewall 2.1

Agnitum Outpost Pro Firewall 2.1 allows remote attackers to cause a denial of service (CPU consumption) via a flood of small, invalid packets, which can not be processed quickly enough by Outpost Pro.

5.0
2004-12-31 CVE-2004-2469 Brickhost Reservation Modification vulnerability in PHPScheduleIt Reservation.Class.PHP

Unspecified vulnerability in Reservation.class.php for phpScheduleIt 1.01 and earlier allows attackers to modify or delete reservations.

5.0
2004-12-31 CVE-2004-2467 EFS Software Denial-Of-Service vulnerability in EFS Software Easy Chat Server 1.2

chat.ghp in Easy Chat Server 1.2 allows remote attackers to add a large number of fake users, then eventually cause a denial of service (server crash).

5.0
2004-12-31 CVE-2004-2466 EFS Software Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in EFS Software Easy Chat Server 1.2/2.2

chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username parameter, possibly due to a buffer overflow.

5.0
2004-12-31 CVE-2004-2460 GNU Remote POP3 Protocol vulnerability in gnubiff

Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote attackers to cause a denial of service (application crash) via an "infinite" Unique IDentification Listing (UIDL) list.

5.0
2004-12-31 CVE-2004-2458 Open Webmail Unspecified vulnerability in Open Webmail Open Webmail

Open WebMail 2.30 and earlier, when use_syshomedir is disabled or create_syshomedir is enabled, creates new directories before authenticating, which allows remote attackers to create arbitrary directories.

5.0
2004-12-31 CVE-2004-2457 3Com Remote Denial Of Service vulnerability in 3Com OfficeConnect ADSL Wireless 11g Firewall Router

Unspecified vulnerability in 3Com OfficeConnect ADSL 11g Router allows remote attackers to cause a denial of service (crash) via a large amount of UDP traffic.

5.0
2004-12-31 CVE-2004-2452 Hitachi Information Disclosure vulnerability in Cosminexus Portal Framework

Unknown vulnerability in Hitachi Cosminexus Portal Framework 01-00, 01-01, 01-02, 02-01, 02-02, 02-03, and other versions allows remote attackers to obtain sensitive information in the <ut:cache> tag library.

5.0
2004-12-31 CVE-2004-2451 Gamespy Denial Of Service vulnerability in Roger Wilco Server Unauthorized Audio Stream

Roger Wilco 1.4.1.6 and earlier, or Roger Wilco Base Station 0.30a or earlier, allows remote attackers to send audio to arbitrary channels, aka the "Voices from the deep" bug.

5.0
2004-12-31 CVE-2004-2450 Gamespy Information Disclosure vulnerability in Roger Wilco

The client and server for Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and earlier report sensitive information such as IDs and source IP addresses, which allows remote attackers to obtain sensitive information.

5.0
2004-12-31 CVE-2004-2449 Gamespy Denial Of Service vulnerability in Gamespy products

Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and earlier allows remote attackers to cause a denial of service (application crash) via a long, malformed UDP datagram.

5.0
2004-12-31 CVE-2004-2448 Cassiopeia
Itransact
Information Disclosure vulnerability in S-Mart Shopping Cart

S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the database name.

5.0
2004-12-31 CVE-2004-2446 1ST Class Internet Solutions Input Validation vulnerability in 1ST Class Internet Solutions 1ST Class Mail Server 4.01

Directory traversal vulnerability in 1st Class Mail Server 4.01 allows remote attackers to read arbitrary files via a ".." (dot dot) sequences in unknown vectors.

5.0
2004-12-31 CVE-2004-2445 Jaws Input Validation vulnerability in Jaws 0.3Beta

Directory traversal vulnerability in index.php in Jaws 0.3 BETA allows remote attackers to view arbitrary files via a ..

5.0
2004-12-31 CVE-2004-2442 F Secure Unspecified vulnerability in F-Secure products

Multiple interpretation error in various F-Secure Anti-Virus products, including Workstation 5.43 and earlier, Windows Servers 5.50 and earlier, MIMEsweeper 5.50 and earlier, Anti-Virus for Linux Servers and Gateways 4.61 and earlier, and other products, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on the target system.

5.0
2004-12-31 CVE-2004-2439 HP Unspecified vulnerability in HP products

The remote upgrade capability in HP LaserJet 4200 and 4300 printers does not require a password, which allows remote attackers to upgrade firmware.

5.0
2004-12-31 CVE-2004-2434 Microsoft Denial-Of-Service vulnerability in Microsoft IE 6.0

Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with "::{" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using "Save As" and Internet Explorer prepares an error message with an attacker-controlled format string.

5.0
2004-12-31 CVE-2004-2432 Winagents Remote Buffer Overrun vulnerability in WinAgents TFTP Server

WinAgents TFTP Server 3.0 allows remote attackers to cause a denial of service (crash) via a request for a file with a long file name, possibly due to an off-by-one buffer overflow.

5.0
2004-12-31 CVE-2004-2428 Abczone IT Information Disclosure vulnerability in Abczone.It Wwwguestbook 1.1

Abczone.it WWWguestbook 1.1 stores db/dbase.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the plaintext username and password.

5.0
2004-12-31 CVE-2004-2426 Axis Multiple vulnerability in Axis Network Camera And Video Server

Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a ..

5.0
2004-12-31 CVE-2004-2424 BEA Remote Denial of Service vulnerability in BEA Weblogic Server 8.1

BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow remote attackers to cause a denial of service (network port consumption) via unknown actions in HTTPS sessions, which prevents the server from releasing the network port when the session ends.

5.0
2004-12-31 CVE-2004-2423 Ipswitch Buffer Overflow Denial Of Service vulnerability in Ipswitch IMail Server

Unknown vulnerability in the Web calendaring component of Ipswitch IMail Server before 8.13 allows remote attackers to cause a denial of service (crash) via "specific content."

5.0
2004-12-31 CVE-2004-2422 Ipswitch Buffer Overflow Denial Of Service vulnerability in Ipswitch IMail Server

Multiple features in Ipswitch IMail Server before 8.13 allow remote attackers to cause a denial of service (crash) via (1) a long sender field to the Queue Manager or (2) a long To field to the Web Messaging component.

5.0
2004-12-31 CVE-2004-2420 Hitachi Remote vulnerability in Hitachi JP1 P-1B41-9461, JP1 P-1B41-9471 and JP1 P-1J41-9471

Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP 6 and 7 allows remote attackers to cause a denial of service (daemon halt) via a port scan involving reset packets.

5.0
2004-12-31 CVE-2004-2415 Davenport Denial Of Service vulnerability in Davenport XML Expansion

Davenport before 0.9.10 allows attackers to cause a denial of service (resource consumption) via (1) a very large XML file or (2) entity expansion attacks.

5.0
2004-12-31 CVE-2004-2399 Securecomputing Denial-Of-Service vulnerability in Securecomputing Sidewinder G2 6.1.0.01

Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (CPU consumption) via delayed responses to DNS queries.

5.0
2004-12-31 CVE-2004-2392 Mandrakesoft Multiple Unspecified vulnerability in Mandrakesoft Mandrake Linux and Mandrake Linux Corporate Server

libuser 0.51.7 allows attackers to cause a denial of service (crash or disk consumption) via unknown attack vectors, related to read failures and other bugs.

5.0
2004-12-31 CVE-2004-2391 Jabberstudio Remote Denial Of Service vulnerability in Jabber Software Jabber Gadu-Gadu Transport

Jabber Gadu-Gadu Transport (a.k.a.

5.0
2004-12-31 CVE-2004-2390 Jabberstudio Remote Denial Of Service vulnerability in Jabber Software Jabber Gadu-Gadu Transport

The roster import functionality in Jabber Gadu-Gadu Transport (a.k.a.

5.0
2004-12-31 CVE-2004-2389 Jabberstudio Remote Denial Of Service vulnerability in Jabber Software Jabber Gadu-Gadu Transport

Unknown vulnerability in Jabber Gadu-Gadu Transport (a.k.a.

5.0
2004-12-31 CVE-2004-2385 Emumail Multiple vulnerability in Emumail EMU Webmail 5.2.7

EMU Webmail 5.2.7 allows remote attackers to obtain sensitive path information (home directory) via an HTTP request for init.emu.

5.0
2004-12-31 CVE-2004-2384 Nullsoft Denial of Service vulnerability in Nullsoft Winamp 5.02

NullSoft Winamp 5.02 allows remote attackers to cause a denial of service (crash) by creating a file with a long filename, which causes the victim's player to crash when the file is opened from the command line.

5.0
2004-12-31 CVE-2004-2382 Perfectnav Denial Of Service vulnerability in PerfectNav Malformed URI

The PerfectNav plugin for Microsoft Internet Explorer allows remote attackers to cause a denial of service (browser crash) via a malformed URL such as "?".

5.0
2004-12-31 CVE-2004-2381 Jetty Denial Of Service vulnerability in Jetty

HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service (memory usage and application crash) via HTTP requests with a large Content-Length.

5.0
2004-12-31 CVE-2004-2380 Twilight Utilities Directory Traversal vulnerability in Twilight Utilities Twilight Utilities web Server 2.0.0.0

Directory traversal vulnerability in postfile.exe for Twilight Utilities Web Server 2.0.0.0 allows remote attackers to write arbitrary files via a ..

5.0
2004-12-31 CVE-2004-2377 Alcatel Denial Of Service vulnerability in Alcatel Omniswitch and Omniswitch 7800

Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a denial of service (reboot) via certain network scans, as demonstrated using a Nessus port scan of ports 1 through 1024 with safe-checks disabled.

5.0
2004-12-31 CVE-2004-2374 Working Resources INC Path Disclosure vulnerability in Working Resources Inc. Badblue 2.40

BadBlue 2.4 allows remote attackers to obtain the location of the server installation path via a request for phptest.php, which includes the pathname in the source of the resulting HTML.

5.0
2004-12-31 CVE-2004-2371 Redstorm Remote Denial Of Service vulnerability in Redstorm Desert Siege, Ghost Recon and the SUM of ALL Fears

Multiple Red Storm web-based games, including Ghost Recon 1.4 and earlier, Desert Siege, and The Sum of all Fears 1.1.1.0 and earlier, do not properly check return values from certain functions, which allows remote attackers to cause a denial of service (hang) via packets that contain text strings with incorrect size values.

5.0
2004-12-31 CVE-2004-2367 Texas Imperial Software Remote Denial Of Service vulnerability in WFTPD Server GUI

The Control Panel applet in WFTPD and WFTPD Pro 3.21 R1 and R2 allows remote authenticated users to cause a denial of service (crash) via a long FTP command.

5.0
2004-12-31 CVE-2004-2366 Globalscape Remote Buffer Overflow vulnerability in Globalscape Secure FTP Server 2.0Build20040311

Buffer overflow in GlobalSCAPE Secure FTP Server 2.0 B03.11.2004.2 allows remote attackers to cause a denial of service (crash) via a SITE command with a long argument.

5.0
2004-12-31 CVE-2004-2361 Digital Reality Remote Denial Of Service vulnerability in Digital Reality Game Engine

Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 and Desert Rats vs.

5.0
2004-12-31 CVE-2004-2360 Targem Games Remote Denial Of Service vulnerability in Targem Games Battle Mages 1.0

Targem Battle Mages 1.0 allows remote attackers to cause a denial of service (infinite loop) via a UDP packet with incomplete data, which causes the server to enter an infinite loop while waiting to read the rest of the data that is not sent.

5.0
2004-12-31 CVE-2004-2356 Fizmez Denial Of Service vulnerability in Fizmez web Server 1.0

Early termination vulnerability in Fizmez Web Server 1.0 allows remote attackers to cause a denial of service (crash) by connecting to the server and then disconnecting without sending any data, which triggers a null pointer dereference.

5.0
2004-12-31 CVE-2004-2353 Incogen BugPort before 1.099 stores its configuration file (conf/config.conf) under the web document root with a file extension that is not normally parsed by web servers, which allows remote attackers to obtain sensitive information.
5.0
2004-12-31 CVE-2004-2348 Sybari Denial Of Service vulnerability in Sybari Antigen 7.0Build722(Sr2)

Sybari AntiGen for Domino 7.0 Build 722 SR2 allows remote attackers to cause a denial of service (hang) via an encrypted ZIP file with the "include full path info" option set, as used by certain variants of the Beagle/Bagle worm.

5.0
2004-12-31 CVE-2004-2344 Vocaltec Remote H.225 Denial Of Service vulnerability in Vocaltec Vgw120 Telephony Gateway and Vgw480 Telephony Gateway

Unknown vulnerability in the ASN.1/H.323/H.225 stack of VocalTec VGW120 and VGW480 allows remote attackers to cause a denial of service.

5.0
2004-12-31 CVE-2004-2342 Burton Sang Remote Denial of Service vulnerability in ChatterBox

ChatterBox 2.0 allows remote attackers to cause a denial of service (server crash) via a malformed request to the server, as demonstrated using "aaaaaa".

5.0
2004-12-31 CVE-2004-2336 Novell Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
5.0
2004-12-31 CVE-2004-2333 Bodington Unspecified vulnerability in Bodington 2.1.0Rc1/2.1.0Rc2/2.1.0Rc3

Bodington 2.1.0 RC1 and earlier does not secure the file upload area, which allows remote attackers to read uploaded files.

5.0
2004-12-31 CVE-2004-2330 Macromedia Denial of Service vulnerability in Macromedia Coldfusion 6.1

ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields.

5.0
2004-12-31 CVE-2004-2328 Clearswift Denial Of Service vulnerability in Clearswift MAILsweeper For SMTP RAR Archive

Clearswift MAILsweeper for SMTP before 4.3_13 allows remote attackers to cause a denial of service (infinite loop) via an e-mail with a crafted RAR archive attached.

5.0
2004-12-31 CVE-2004-2327 Vizer WEB Server Remote Denial of Service vulnerability in Vizer web Server Vizer web Server 1.9.1

Vizer Web Server 1.9.1 allows remote attackers to cause a denial of service (crash) via multiple malformed requests including (1) requests without GET, (2) GET requests without HTTP, (3) or long GET requests.

5.0
2004-12-31 CVE-2004-2323 Dotnetnuke Multiple vulnerability in DotNetNuke

DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including the SQL server username and password, via a GET request for source or configuration files such as Web.config.

5.0
2004-12-31 CVE-2004-2318 Netwin Denial Of Service vulnerability in SurgeFTP Surgeftpmgr.CGI

The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in the CMD parameter.

5.0
2004-12-31 CVE-2004-2317 Mbedthis Software Multiple vulnerability in Mbedthis Software AppWeb HTTP Server

Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 allows remote attackers to obtain sensitive information via a user message that is generated when Mbedthis denies access.

5.0
2004-12-31 CVE-2004-2316 Mbedthis Software Denial Of Service vulnerability in Mbedthis Software AppWeb HTTP Server Empty Options Request

Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via a GET request containing an MS-DOS device name such as COM1.

5.0
2004-12-31 CVE-2004-2315 Mbedthis Software Denial Of Service vulnerability in Mbedthis Software AppWeb HTTP Server Empty Options Request

Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via an empty OPTIONS request.

5.0
2004-12-31 CVE-2004-2313 Inter7 Unspecified vulnerability in Inter7 Sqwebmail

Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks.

5.0
2004-12-31 CVE-2004-2307 Microsoft Unspecified vulnerability in Microsoft Internet Explorer and Windows XP

Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service (browser crash) via a shell: URI with double backslashes (\\) in an HTML tag such as IFRAME or A.

5.0
2004-12-31 CVE-2004-2305 Broadcom Unspecified vulnerability in Broadcom Etrust Antivirus EE 6.0/7.0

Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows remote attackers to bypass virus scanning by including a password-protected file in a ZIP file, which causes eTrust to scan only the password protected file and skip the other files.

5.0
2004-12-31 CVE-2004-2301 Qualcomm Eudora before 6.1.1 allows remote attackers to cause a denial of service (crash) via an e-mail with a long "To:" field, possibly due to a buffer overflow.
5.0
2004-12-31 CVE-2004-2297 Francisco Burzi Input Validation vulnerability in PHP-Nuke

The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large, out-of-range score parameter.

5.0
2004-12-31 CVE-2004-2296 Francisco Burzi Input Validation vulnerability in PHP-Nuke

The preview_review function in the Reviews module in PHP-Nuke 6.0 to 7.3, when running on Windows systems, allows remote attackers to obtain sensitive information via an invalid date parameter, which generates an error message.

5.0
2004-12-31 CVE-2004-2292 ALT N Remote Status Command Buffer Overflow vulnerability in Alt-N MDaemon

Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers to cause a denial of service (application crash) via a long STATUS command to the IMAP server.

5.0
2004-12-31 CVE-2004-2287 DSM Directory Traversal vulnerability in DSM Light web File Browser 2.0

Directory traversal vulnerability in explorer.php in DSM Light Web File Browser 2.0 allows remote attackers to read arbitrary files via ..

5.0
2004-12-31 CVE-2004-2283 Daniel Barron Unspecified vulnerability in Daniel Barron Dansguardian

Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote attackers to bypass URL filters via a crafted request that causes a page to be added to the clean page cache.

5.0
2004-12-31 CVE-2004-2282 Daniel Barron Security Bypass vulnerability in Dansguardian

DansGuardian before 2.7.7-2 allows remote attackers to bypass URL filters via a ".." in the request.

5.0
2004-12-31 CVE-2004-2280 IBM Java Applet vulnerability in IBM Lotus Notes

Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers to cause a denial of service (crash) via unknown vectors related to Java applets, as identified by KSPR62F4KN.

5.0
2004-12-31 CVE-2004-2277 Agsm Buffer Overflow vulnerability in Agsm 2.35C/2.51C

Buffer overflow in aGSM Half-Life client allows remote Half-Life servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server response.

5.0
2004-12-31 CVE-2004-2273 Evan Sims Denial-Of-Service vulnerability in Evan Sims Effingerd 0.2.12

efFingerD 0.2.12 allows remote attackers to cause a denial of service (daemon crash) via a packet with a single byte, which triggers a "Wrong protocol or connection state" error.

5.0
2004-12-31 CVE-2004-2272 Evan Sims Denial-Of-Service vulnerability in Evan Sims Effingerd 0.2.12

Buffer overflow in the sockFinger_DataArrival function in efFingerD 0.2.12 allows remote attackers to cause a denial of service (daemon crash) via a long finger command.

5.0
2004-12-31 CVE-2004-2268 Pimentech Information Disclosure vulnerability in Pimentech Pimengest2 1.10.1

PimenGest2 before 1.1.1 allows remote attackers to obtain the database password via debug information in rowLatex.inc.php.

5.0
2004-12-31 CVE-2004-2260 Opera Open Redirect vulnerability in Opera Browser

Opera Browser 7.23, and other versions before 7.50, updates the address bar as soon as the user clicks a link, which allows remote attackers to redirect to other sites via the onUnload attribute.

5.0
2004-12-31 CVE-2004-2259 Beasts Denial of Service vulnerability in Beasts Vsftpd 1.2.0/1.2.1

vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service (crash) via a SIGCHLD signal during a malloc or free call, which is not re-entrant.

5.0
2004-12-31 CVE-2004-2256 Phpmyfaq Directory Traversal vulnerability in phpMyFAQ Lang Parameter

Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via ..

5.0
2004-12-31 CVE-2004-2253 Netwin Directory Traversal vulnerability in Netwin Surgeldap 1.0D/1.0E/1.0G

Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a ..

5.0
2004-12-31 CVE-2004-2251 Astaro Remote Security vulnerability in Security Linux

The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks.

5.0
2004-12-31 CVE-2004-2244 Oracle Denial Of Service vulnerability in Oracle Application Server and Oracle9I

The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service (CPU and memory consumption) via a SOAP message containing a crafted DTD.

5.0
2004-12-31 CVE-2004-2227 Mozilla Remote Security vulnerability in Firefox

Mozilla Firefox before 1.0 truncates long filenames in the file download dialog box, which makes it easier for remote attackers to trick users into downloading files with dangerous extensions.

5.0
2004-12-31 CVE-2004-2226 Mozilla Remote Security vulnerability in Mozilla Thunderbird 0.8/1.7.1/1.7.3

Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when HTML-Mails is enabled, allows remote attackers to determine valid e-mail addresses via an HTML e-mail that references a Cascading Style Sheets (CSS) document on the attacker's server.

5.0
2004-12-31 CVE-2004-2225 Mozilla Unspecified vulnerability in Mozilla Firefox

Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download directory via a crafted data: URI that is not properly handled when the user clicks the Save button.

5.0
2004-12-31 CVE-2004-2224 Appfoundry Denial-Of-Service vulnerability in Appfoundry Message Foundry 2.75.0003

Appfoundry Message Foundry 2.75 .0003 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that contains MS-DOS device names such as com1.

5.0
2004-12-31 CVE-2004-2223 Fsphpgallery Input Validation vulnerability in FsPHPGallery

FsPHPGallery before 1.2 allows remote attackers to cause a denial of service via an image with a large size attribute, which causes a crash when the server attempts to resize the image.

5.0
2004-12-31 CVE-2004-2220 F Secure Unspecified vulnerability in F-Secure Anti-Virus 6.30/6.30Sr1/6.31

F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not properly detect certain password-protected files in a ZIP file, which allows remote attackers to bypass anti-virus protection.

5.0
2004-12-31 CVE-2004-2217 Ychat Remote Denial Of Service vulnerability in yChat

Multiple unknown vulnerabilities in yhttpd in yChat before 0.7 allow remote attackers to cause a denial of service (segmentation fault) via unknown vectors.

5.0
2004-12-31 CVE-2004-2216 SUN Remote Denial Of Service vulnerability in SUN products

Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate.

5.0
2004-12-31 CVE-2004-2213 Mbedthis Software Multiple vulnerability in Mbedthis Software AppWeb HTTP Server

Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to obtain the source code for scripts via a (1) trailing dot (".") or (2) trailing space in an HTTP request.

5.0
2004-12-31 CVE-2004-2208 Ideal Science Remote Input Validation vulnerability in Ideal Science IdealBB

CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to conduct HTTP response splitting attacks via unknown vectors.

5.0
2004-12-31 CVE-2004-2196 Zanfi Solutions Remote Security vulnerability in Zanfi Solutions Zanfi CMS Lite 1.1

Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requests without required arguments to (1) adm_pages.php, (2) corr_pages.php, (3) del_block.php, (4) del_page.php, (5) footer.php, (6) home.php, and others.

5.0
2004-12-31 CVE-2004-2195 Zanfi Solutions Remote File Include vulnerability in Zanfi Solutions Zanfi CMS Lite 1.1

PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite 1.1 allows remote attackers to execute arbitrary PHP code via the inc parameter.

5.0
2004-12-31 CVE-2004-2194 Mailenable Remote Denial Of Service vulnerability in MailEnable

MailEnable Professional Edition before 1.53 and Enterprise Edition before 1.02 allows remote attackers to cause a denial of service (crash) via malformed (1) SMTP or (2) IMAP commands.

5.0
2004-12-31 CVE-2004-2190 Unzoo Directory Traversal vulnerability in Unzoo 4.42

Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact and attack vectors.

5.0
2004-12-31 CVE-2004-2187 Mediawiki Remote Input Validation vulnerability in Mediawiki 1.3.5

Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors.

5.0
2004-12-31 CVE-2004-2179 Microsoft Remote Denial of Service vulnerability in Microsoft Frontpage and IE

asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values.

5.0
2004-12-31 CVE-2004-2170 Niti Telecom Remote Directory Traversal vulnerability in Niti Telecom Caravan Business Server 2.0003D

Directory traversal vulnerability in sample_showcode.html in Caravan 2.00/03d and earlier allows remote attackers to read arbitrary files via the fname parameter.

5.0
2004-12-31 CVE-2004-2168 Baardsen Software Denial-Of-Service vulnerability in Baardsen Software Basomail Server 1.24

BaSoMail 1.24 allows remote attackers to cause a denial of service (CPU consumption) via multiple connections to TCP port (1) 25 (SMTP) or (2) 110 (POP3).

5.0
2004-12-31 CVE-2004-2165 Impressions Games Remote Denial Of Service vulnerability in Impressions Games Lords of the Realm III Nickname

Lords of the Realm III 1.01 and earlier, when in the lobby stage, allows remote attackers to cause a denial of service (crash from unallocated memory write) via a long user nickname.

5.0
2004-12-31 CVE-2004-2164 Virtual Programming Denial Of Service vulnerability in Virtual Programming Vp-Asp 5.0

shoprestoreorder.asp in VP-ASP 5.0 does not close the database connection when a user restores a previous order, which allows remote attackers to cause a denial of service (connection consumption).

5.0
2004-12-31 CVE-2004-2151 Virtual Projects Denial Of Service vulnerability in Virtual Projects Chatma

Chatman 1.1.1 RC1 and earlier allows remote attackers to cause a denial of service (memory consumption or application crash) via a very large data size.

5.0
2004-12-31 CVE-2004-2149 Oracle Remote Buffer Overflow vulnerability in MySQL Bounded Parameter Statement Execution

Buffer overflow in the prepared statements API in libmysqlclient for MySQL 4.1.3 beta and 4.1.4 allows remote attackers to cause a denial of service via a large number of placeholders.

5.0
2004-12-31 CVE-2004-2147 Symantec Denial Of Service vulnerability in Symantec Norton AntiVirus Malformed EMail

Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook allow attackers to cause a denial of service (crash) via malformed e-mail messages (1) without a body or (2) without a carriage return ("\n") separating the headers from the body.

5.0
2004-12-31 CVE-2004-2146 PD9 Software Remote Security vulnerability in Megabbs 2/2.1

CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows attackers to conduct HTTP response splitting attacks via the fid parameter in a writenew action to thread-post.asp.

5.0
2004-12-31 CVE-2004-2137 Microsoft Information Disclosure vulnerability in Microsoft Outlook Express 6.0

Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow remote attackers to obtain sensitive information.

5.0
2004-12-31 CVE-2004-2129 Loom Software Remote HTTP GET Request Denial Of Service vulnerability in Loom Software SurfNow

SurfNOW 2.2 allows remote attackers to cause a denial of service (crash) via a series of long HTTP GET requests, possibly triggering a buffer overflow.

5.0
2004-12-31 CVE-2004-2124 Gallery Project Remote Global Variable Injection vulnerability in Gallery

The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412.

5.0
2004-12-31 CVE-2004-2121 Borland Software Directory Traversal vulnerability in Borland Webserver for Corel Paradox

Multiple directory traversal vulnerabilities in Borland Web Server (BWS) 1.0b3 and earlier allow remote attackers to read and download arbitrary files via (1) multi-dot "......" sequences, or (2) "%5c%2e%2e" (encoded "\..") sequences, in the URL.

5.0
2004-12-31 CVE-2004-2112 Herberlin Directory Traversal vulnerability in Herberlin Bremsserver 1.2.4

Directory traversal vulnerability in BremsServer 1.2.4 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in the URL.

5.0
2004-12-31 CVE-2004-2106 Novell Remote Security vulnerability in Novell Netware 5.1/6.0

Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to list directories via a direct request to (1) /com/, (2) /com/novell/, (3) /com/novell/webaccess, or (4) /ns-icons/.

5.0
2004-12-31 CVE-2004-2105 Novell Remote Security vulnerability in Novell Netware 5.1/6.0

The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to read arbitrary .htt files via a full pathname in the error parameter.

5.0
2004-12-31 CVE-2004-2104 Novell Multiple vulnerability in Novell Netware 5.1/6.0

Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to obtain sensitive server information, including the internal IP address, via a direct request to (1) snoop.jsp, (2) SnoopServlet, (3) env.bas, or (4) lcgitest.nlm.

5.0
2004-12-31 CVE-2004-2101 Geovision Denial-Of-Service vulnerability in Geohttpserver

The sysinfo script in GeoHttpServer allows remote attackers to cause a denial of service (crash) via a long pwd parameter, possibly triggering a buffer overflow.

5.0
2004-12-31 CVE-2004-2100 Geovision Security Bypass vulnerability in Geohttpserver

GeoHttpServer, when configured to authenticate users, allows remote attackers to bypass authentication and access unauthorized files via a URL that contains %0a%0a (encoded newlines).

5.0
2004-12-31 CVE-2004-2095 Niels Provos Remote Virtual Host Detection vulnerability in Honeyd

Honeyd before 0.8 replies to TCP packets with the SYN and RST flags set, which allows remote attackers to identify IP addresses that are being simulated by Honeyd.

5.0
2004-12-31 CVE-2004-2081 Karjasoft Denial Of Service vulnerability in Karjasoft Sami FTP Server 1.1.3

The samiftp.dll library in Sami FTP Server 1.1.3 allows local users to cause a denial of service (pmsystem.exe crash) by issuing (1) a CD command with a tilde (~) character or dot dot (/../) or (2) a GET command for an unavailable file.

5.0
2004-12-31 CVE-2004-2075 Sophos Denial Of Service vulnerability in Sophos Anti-Virus MIME Header Handling

Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of service (infinite loop) via a MIME header that is not properly terminated.

5.0
2004-12-31 CVE-2004-2074 Bolintech Unspecified vulnerability in Bolintech Dream FTP Server 1.02

Format string vulnerability in Dream FTP 1.02 allows local users to cause a denial of service (crash) via format string specifiers in the (1) PASS or (2) RETR commands.

5.0
2004-12-31 CVE-2004-2069 Openbsd Remote Denial Of Service vulnerability in OpenSSH LoginGraceTime

sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption).

5.0
2004-12-31 CVE-2004-2068 Leafnode Denial-Of-Service vulnerability in Leafnode

fetchnews in leafnode 1.9.47 and earlier allows remote attackers to cause a denial of service (process hang) via an empty NNTP news article with missing mandatory headers.

5.0
2004-12-31 CVE-2004-2060 Xlinesoft Multiple vulnerability in XLineSoft ASPRunner

ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable based on table and field names.

5.0
2004-12-31 CVE-2004-2059 Xlinesoft Multiple vulnerability in XLineSoft ASPRunner

Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or (4) SQL parameter in export.asp.

5.0
2004-12-31 CVE-2004-2058 Xlinesoft Multiple vulnerability in XLineSoft ASPRunner

ASPRunner 2.4 allows remote attackers to gain sensitive information via (1) hidden form fields or (2) error messages.

5.0
2004-12-31 CVE-2004-2054 Phpbb Group HTTP Response Splitting vulnerability in PHPBB

CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via (1) the mode parameter to privmsg.php or (2) the redirect parameter to login.php.

5.0
2004-12-31 CVE-2004-2046 APC Denial Of Service vulnerability in APC Powerchute 6.0/7.1

Unknown vulnerability in APC PowerChute Business Edition 6.0 through 7.0.1 allows remote attackers to cause a denial of service via unknown attack vectors.

5.0
2004-12-31 CVE-2004-2045 Conceptronic Denial Of Service vulnerability in Conceptronic Cadslr1 Adsl Router 3.04N

The HTTP administration interface on Conceptronic CADSLR1 ADSL router running firmware 3.04n allows remote attackers to cause a denial of service (device reboot) via an HTTP request with a long username.

5.0
2004-12-31 CVE-2004-2019 Francisco Burzi Input Validation vulnerability in PHP-Nuke

The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message.

5.0
2004-12-31 CVE-2004-1958 Epic Games Remote Arbitrary File Overwrite vulnerability in Epic Games products

Directory traversal vulnerability in manifest.ini in Unreal engine allows remote attackers to overwrite arbitrary files via ..

5.0
2004-12-31 CVE-2004-1953 Phprofession Multiple vulnerability in PHProfession 2.5

phProfession 2.5 allows remote attackers to gain sensitive information via a direct HTTP request to upload.php, which reveals the path in a PHP error message.

5.0
2004-12-31 CVE-2004-1951 Xine Remote File Overwrite vulnerability in Xine Xine, Xine-Lib and Xine-Ui

xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.

5.0
2004-12-31 CVE-2004-1937 Nuked Klan Multiple vulnerability in Nuked-Klan

Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and 1.5b allow remote attackers to read or include arbitrary files via ..

5.0
2004-12-31 CVE-2004-1912 Francisco Burzi
Shiba Design
Multiple vulnerability in NukeCalendar

The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, (4) block-Calendar_center.php scripts in NukeCalendar 1.1.a, as used in PHP-Nuke, allow remote attackers to obtain sensitive information via a URL with an invalid argument, which reveals the full path in an error message.

5.0
2004-12-31 CVE-2004-1910 Symantec Denial Of Service vulnerability in Symantec Security Check Virus Detection COM Object

rufsi.dll in Symantec Virus Detection allows remote attackers to cause a denial of service (crash) via a long string to the GetPrivateProfileString function.

5.0
2004-12-31 CVE-2004-1908 Mcafee Information Disclosure vulnerability in Mcafee FreeScan CoMcFreeScan Browser

McFreeScan.CoMcFreeScan.1 ActiveX object in Mcafee FreeScan allows remote attackers to obtain sensitive information via the GetSpecialFolderLocation function with certain parameters.

5.0
2004-12-31 CVE-2004-1906 Mcafee Buffer Overflow vulnerability in Mcafee FreeScan CoMcFreeScan Browser Object

Mcafee FreeScan allows remote attackers to cause a denial of service and possibly arbitrary code via a long string in the ScanParam property of a COM object, which may trigger a buffer overflow.

5.0
2004-12-31 CVE-2004-1905 Panda Denial of Service vulnerability in Panda Activescan 5.0

ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to cause a denial of service (crash) by calling the SetSitesFile function.

5.0
2004-12-31 CVE-2004-1899 Tildeslash Remote vulnerability in Multiple Monit Administration Interface

The administration interface in Monit 1.4 through 4.2 allows remote attackers to cause an off-by-one overflow via a POST that contains 1024 bytes.

5.0
2004-12-31 CVE-2004-1897 Tildeslash Remote vulnerability in Multiple Monit Administration Interface

Administration interface in Monit 1.4 through 4.2 allows remote attackers to cause a denial of service (segmentation fault) by sending a Basic Authentication request without a password, which causes Monit to decrement a null pointer and perform an out-of-bounds read.

5.0
2004-12-31 CVE-2004-1893 Macromedia Remote User Database Access vulnerability in Macromedia Dreamweaver

Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on Testing Server" is selected, uploads the mmhttpdb.asp script to the web site but does not require authentication, which allows remote attackers to obtain sensitive information and possibly execute arbitrary SQL commands via a direct request to mmhttpdb.asp.

5.0
2004-12-31 CVE-2004-1891 SGI Remote Security vulnerability in SGI Irix 6.5.20

The ftp_syslog function in ftpd in SGI IRIX 6.5.20 "doesn't work with anonymous FTP," which has an unknown impact, possibly preventing the actions of anonymous users from being logged.

5.0
2004-12-31 CVE-2004-1889 SGI Denial Of Service vulnerability in SGI IRIX ftpd

Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows remote attackers to cause a denial of service (hang) via a link failure with Microsoft Windows.

5.0
2004-12-31 CVE-2004-1887 ADA Remote Directory Listing vulnerability in ADA Imgsvr 0.4

Ada Image Server (ImgSvr) 0.4 allows remote attackers to view directories or download files via an HTTP request with a trailing %00 (null).

5.0
2004-12-31 CVE-2004-1880 Openldap Denial-Of-Service vulnerability in OpenLDAP

Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier allows remote attackers to cause a denial of service (memory consumption).

5.0
2004-12-31 CVE-2004-1869 Nival Interactive Remote Denial Of Service vulnerability in Nival Interactive Etherlords and Etherlords II

Etherlords I 1.07 and earlier and Etherlords II 1.03 and earlier allows remote attackers to cause a denial of service (crash) by sending a packet that specifies the size for the next packet, then sending a larger packet than specified, which causes Etherlords to read unallocated memory.

5.0
2004-12-31 CVE-2004-1860 XMB Forum Buffer Overflow vulnerability in XMB Forum XMB 1.8Sp3/1.9Beta

Buffer overflow in Check Point SmartDashboard in Check Point NG AI R54 and R55 allows remote authenticated users to cause a denial of service (server disconnect) and possibly execute arbitrary code via a large filter on a column when using SmartView Tracker.

5.0
2004-12-31 CVE-2004-1858 HP HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of service (crash) via a malformed request, possibly due to a stricmp() error from an invalid use of the "$" character.
5.0
2004-12-31 CVE-2004-1832 Apple Remote Buffer Overflow vulnerability in Apple mac OS X Server 10.3

Buffer overflow in the GUI admin service in Mac OS X Server 10.3 allows remote attackers to cause a denial of service (crash and restart) via a large amount of data to TCP port 660.

5.0
2004-12-31 CVE-2004-1831 Techland Denial of Service vulnerability in Techland Chrome 1.2.0

Buffer overflow in Chrome 1.2.0.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large length value, which leads to a null dereference or out-of-bounds read.

5.0
2004-12-31 CVE-2004-1828 Belchior Foundry Authentication Bypass vulnerability in Belchior Foundry Vcard 2.8/2.9

Vcard 2.9 and possibly other versions does not require authorization to run uninstall.php, which could allow remote attackers to uninstall Vcard and delete database tables via a direct request to uninstall.php.

5.0
2004-12-31 CVE-2004-1814 Vocaltec Remote Authentication Bypass vulnerability in Vocaltec Vgw4 8 Telephony Gateway 8.0

Directory traversal vulnerability in VocalTec VGW4/8 Gateway 8.0 allows remote attackers to read protected files via ..

5.0
2004-12-31 CVE-2004-1810 Opera Unspecified vulnerability in Opera Browser

The Javascript engine in Opera 7.23 allows remote attackers to cause a denial of service (crash) by creating a new Array object with a large size value, then writing into that array.

5.0
2004-12-31 CVE-2004-1805 Epic Games Remote Format String vulnerability in Epic Games Unreal Engine 226F/433/436

Format string vulnerability in games using the Epic Games Unreal Engine 436 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in class names.

5.0
2004-12-31 CVE-2004-1804 Invicta Remote Denial Of Service vulnerability in Invicta Wmcam Server 2.1.348

wMCam server 2.1.348 allows remote attackers to cause a denial of service (no new connections) via multiple malformed HTTP requests without the GET command.

5.0
2004-12-31 CVE-2004-1802 Lionmax Software Chat Anywhere 2.72 and earlier allows remote attackers to hide their IP address by using %00 before the nickname, which causes the IP address to be displayed as $IP$ on the administration web page.
5.0
2004-12-31 CVE-2004-1801 Pwebserver Remote Directory Traversal vulnerability in Pwebserver web Server 0.3.0/0.3.2/0.3.3

Directory traversal vulnerability in PWebServer 0.3.3 allows remote attackers to read arbitrary files via a ..

5.0
2004-12-31 CVE-2004-1792 Yatsoft Remote Denial Of Service vulnerability in YaSoft Switch Off Large Packet

swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a long packet with two CRLF sequences to the service management port (TCP 8000).

5.0
2004-12-31 CVE-2004-1788 ASP Nuke Remote User Database Access vulnerability in ASP-Nuke 1.0/1.2/1.3

ASP-Nuke 1.3 and earlier places user credentials under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to main.mdb.

5.0
2004-12-31 CVE-2004-1777 Skype Technologies Improper Input Validation vulnerability in Skype Technologies Skype 0.98.0.04

A "range check error" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114.

5.0
2004-12-31 CVE-2004-1775 Cisco Unspecified vulnerability in Cisco Catos and IOS

Cisco VACM (View-based Access Control MIB) for Catalyst Operating Software (CatOS) 5.5 and 6.1 and IOS 12.0 and 12.1 allows remote attackers to read and modify device configuration via the read-write community string.

5.0
2004-12-31 CVE-2004-1750 VNC Remote Denial of Service vulnerability in VNC Realvnc 4.0

RealVNC 4.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of connections to port 5900.

5.0
2004-12-31 CVE-2004-1736 THE Cacti Group Unspecified vulnerability in the Cacti Group Cacti 0.8.5A

Cacti 0.8.5a allows remote attackers to gain sensitive information via an HTTP request to (1) auth.php, (2) auth_login.php, (3) auth_changepassword.php, and possibly other php files, which reveal the installation path in a PHP error message.

5.0
2004-12-31 CVE-2004-1723 PHP Fusion Information Disclosure vulnerability in PHP Fusion PHP Fusion 4.00

The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion 4.00 allow remote attackers to obtain sensitive information via a direct HTTP request, which reveals the installation path in an error message.

5.0
2004-12-31 CVE-2004-1590 Clientexec Information Disclosure vulnerability in Clientexec 2.2.1

Clientexec allows remote attackers to gain sensitive information via an HTTP request to phpinfo.php, which calls the phpinfo function.

5.0
2004-12-31 CVE-2004-1587 Monolith Productions Remote Buffer Overflow vulnerability in Monolith Lithtech Game Engine

Buffer overflow in Monolith games including (1) Alien versus Predator 2 1.0.9.6 and earlier, (2) Blood 2 2.1 and earlier, (3) No one lives forever 1.004 and earlier and (4) Shogo 2.2 and earlier allows remote attackers to cause a denial of service (application crash) via a long secure Gamespy query.

5.0
2004-12-31 CVE-2004-1585 Jera Technology Remote Denial of Service vulnerability in Jera Technology Flash Messaging 5.2/5.2G

Flash Messaging 5.2.0g (rev 1.1.2) and earlier allows remote attackers to cause a denial of service (application crash) via certain wide characters.

5.0
2004-12-31 CVE-2004-1584 Wordpress Unspecified vulnerability in Wordpress 1.2

CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter.

5.0
2004-12-31 CVE-2004-1581 Blackboard Information Disclosure vulnerability in Blackboard 1.5.1

BlackBoard 1.5.1 allows remote attackers to gain sensitive information via a direct request to (1) checkdb.inc.php, (2) admin.inc.php or (3) cp.inc.php, which reveals the path in a PHP error message.

5.0
2004-12-31 CVE-2004-1579 Devellion Information Disclosure vulnerability in Devellion Cubecart 2.0.1

index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive information via an HTTP request with an invalid cat_id parameter, which reveals the full path in a PHP error message.

5.0
2004-12-31 CVE-2004-1577 Greg Donald Information Disclosure vulnerability in Phplinks

index.php in PHP Links allows remote attackers to gain sensitive information via an invalid show parameter, which reveals the full path in an error message.

5.0
2004-12-31 CVE-2004-1576 Megalo Format string vulnerability in Judge Dredd: Dredd vs.
5.0
2004-12-31 CVE-2004-1575 Apache Denial Of Service vulnerability in Apache Xerces-C++ 2.5.0

The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a denial of service (CPU consumption) via XML attributes in a crafted XML document.

5.0
2004-12-31 CVE-2004-1572 AJ Fork Unspecified vulnerability in Aj-Fork 167

AJ-Fork 167 does not restrict access to directories such as (1) data, (2) inc, (3) plugins, (4) skins, or (5) tools, which allows remote attackers to list files in those directories via a direct HTTP request.

5.0
2004-12-31 CVE-2004-1571 AJ Fork Information Disclosure vulnerability in Aj-Fork 167

AJ-Fork 167 allows remote attackers to gain sensitive information via a direct request to (1) auto-acronyms.php, (2) auto-archive.php, (3) ount-article-views.php, (4) kses.php, (5) custom-quick-tags.php, (6) disable-all-comments.php, (7) easy-date-format.php, (8) enable-disable-comments.php, (9) filter-by-author.php, (10) format-switcher.php, (11) long-to-short.php, (12) prospective-posting.php, or (13) sort-by-xfield.php, which displays the full path in an error message.

5.0
2004-12-31 CVE-2004-1568 Parachat Directory Traversal vulnerability in Parachat Server 5.5

Directory traversal vulnerability in ParaChat Server 5.5 allows remote attackers to read arbitrary files via a ..%5C (hex-encoded dot dot) in the URL.

5.0
2004-12-31 CVE-2004-1565 W Agora Remote Input Validation vulnerability in W-Agora 4.1.6A

list.php in w-Agora 4.1.6a allows remote attackers to reveal the full path via a crafted HTTP request, possibly involving a malformed id parameter.

5.0
2004-12-31 CVE-2004-1564 W Agora Remote Input Validation vulnerability in W-Agora 4.1.6A

CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the thread parameter.

5.0
2004-12-31 CVE-2004-1560 Microsoft Remote Denial Of Service vulnerability in Microsoft SQL Server 7.0

Microsoft SQL Server 7.0 allows remote attackers to cause a denial of service (mssqlserver service halt) via a long request to TCP port 1433, possibly triggering a buffer overflow.

5.0
2004-12-31 CVE-2004-1556 Mywebserver Remote vulnerability in Mywebserver 1.0.3

MyWebServer 1.0.3 allows remote attackers to cause a denial of service (application crash) via a large number of connections within a short time.

5.0
2004-12-31 CVE-2004-1549 Onnuri Infotek Remote vulnerability in Onnuri Infotek Activepost Standard 3.1

The conference menu in ActivePost Standard 3.1 sends passwords of password-protected rooms in cleartext, which could allow remote attackers to gain sensitive information by sniffing the network connection.

5.0
2004-12-31 CVE-2004-1548 Onnuri Infotek Remote vulnerability in Onnuri Infotek Activepost Standard 3.1

Directory traversal vulnerability in the file server in ActivePost Standard 3.1 allows remote authenticated users to upload arbitrary files via a ..

5.0
2004-12-31 CVE-2004-1547 Onnuri Infotek Remote vulnerability in ActivePost Messenger

The file server in ActivePost Standard 3.1 and earlier allows remote authenticated users to cause a denial of service (application crash) via a long filename, possibly triggering a buffer overflow.

5.0
2004-12-31 CVE-2004-1546 ALT N Remote Buffer Overflow vulnerability in Alt-N Mdaemon 6.5.1

Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to cause a denial of service (application crash) via a long (1) SAML, SOML, SEND, or MAIL command to the SMTP server or (2) LIST command to the IMAP server.

5.0
2004-12-31 CVE-2004-1545 Moniwiki Remote Server-Side Script Execution vulnerability in Moniwiki 1.0.8/1.0.9/1.0.9.1

UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.

5.0
2004-12-31 CVE-2004-1543 Korweblog Remote Directory Listing vulnerability in Korweblog 1.6.2Cvs

Directory traversal vulnerability in viewimg.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to list arbitrary directories via a ..

5.0
2004-12-31 CVE-2004-1542 Raven Software Buffer Overflow vulnerability in Raven Software Soldier Of Fortune 2

Buffer overflow in Soldier of Fortune II 1.03 Gold and earlier allows remote attackers to cause a denial of service (server or client crash) via a long (1) query or (2) reply.

5.0
2004-12-31 CVE-2004-1540 Zyxel Remote Administration Configuration Reset vulnerability in Zyxel Prestige and Zynos

ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versions, with HTTP Remote Administration enabled, does not require a password to access rpFWUpload.html, which allows remote attackers to reset the router configuration file.

5.0
2004-12-31 CVE-2004-1539 Gearbox Software Remote Denial Of Service vulnerability in Gearbox Software Halo Game Client

Halo: Combat Evolved 1.05 and earlier allows remote game servers to cause a denial of service (client crash) via a long value in a game server reply, which triggers a NULL dereference.

5.0
2004-12-31 CVE-2004-1534 Zonelabs Remote Ad-Blocking Denial Of Service vulnerability in Zone Labs ZoneAlarm

ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking enabled, allows remote web sites to cause a denial of service (application instability or system hang) via certain JavaScript.

5.0
2004-12-31 CVE-2004-1533 Digital Mappings Systems Remote Buffer Overrun vulnerability in Digital Mappings Systems Pop3 Server 1.5.3Build37

Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier allows remote attackers to cause a denial of service (service crash) via a long (1) username or (2) password.

5.0
2004-12-31 CVE-2004-1528 ROB Sutton Remote vulnerability in ROB Sutton PHP-Nuke Event Calendar 2.13

The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to gain sensitive information via an HTTP request to (1) config.php, (2) index.php, or (3) submit.php, which reveal the full path in an error message.

5.0
2004-12-31 CVE-2004-1527 Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions.
5.0
2004-12-31 CVE-2004-1525 NEW Media Generation Remote vulnerability in New Media Generation Hired Team: Trial

Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause a denial of service (application crash) via the status command.

5.0
2004-12-31 CVE-2004-1524 NEW Media Generation Remote vulnerability in NEW Media Generation Hired Team Trial 2.1/2.2

Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause a denial of service (game interruption) via a malformed UDP packet sent to a game port, such as port 29200.

5.0
2004-12-31 CVE-2004-1523 NEW Media Generation Remote vulnerability in NEW Media Generation Hired Team Trial 2.0/2.1/2.2

Format string vulnerability in the game console in Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause a denial of service (application crash) via format string specifiers in a message.

5.0
2004-12-31 CVE-2004-1522 3DO Remote Format String vulnerability in 3DO Army MEN Real Time Strategy Game 1.0

Format string vulnerability in Army Men RTS 1.0 allows remote attackers to cause a denial of service (application crash) via a nickname that contains format strings.

5.0
2004-12-31 CVE-2004-1521 Qualcomm Remote Security vulnerability in Qualcomm Eudora 6.2.0.14

Eudora 6.2.0.14 does not issue a warning when a user forwards an e-mail message that contains base64 or quoted-printable encoded attachments, which makes it easier for remote attackers to read arbitrary files via spoofed "Converted" headers.

5.0
2004-12-31 CVE-2004-1516 Phpwebsite Unspecified vulnerability in PHPwebsite

CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the block_username parameter in the user module.

5.0
2004-12-31 CVE-2004-1514 Soft3304 Remote vulnerability in Soft3304 04Webserver 1.42

04WebServer 1.42 allows remote attackers to cause a denial of service (fail to restart properly) via an HTTP request for an MS-DOS device name such as COM2.

5.0
2004-12-31 CVE-2004-1513 Soft3304 Remote vulnerability in Soft3304 04Webserver 1.42

04WebServer 1.42 does not adequately filter data that is written to log files, which could allow remote attackers to inject carriage return characters into the log file and spoof log entries.

5.0
2004-12-31 CVE-2004-1511 Hotfoon Corporation Remote Security vulnerability in Hotfoon

Hotfoon 4.0 does not notify users before opening links in web browsers, which could allow remote attackers to execute arbitrary code via a certain link sent in a chat window.

5.0
2004-12-31 CVE-2004-1509 Webcalendar Remote vulnerability in WebCalendar

validate.php in WebCalendar allows remote attackers to gain sensitive information via an invalid encoded_login parameter, which reveals the full path in an error message.

5.0
2004-12-31 CVE-2004-1507 Webcalendar Remote vulnerability in WebCalendar

CRLF injection vulnerability in login.php in WebCalendar allows remote attackers to inject CRLF sequences via the return_path parameter and perform HTTP Response Splitting attacks to modify expected HTML content from the server.

5.0
2004-12-31 CVE-2004-1504 Salims Softhouse Information Disclosure vulnerability in Salims Softhouse JAF CMS 3.0

The displaycontent function in config.php for Just Another Flat file (JAF) CMS 3.0RC allows remote attackers to gain sensitive information via a blank show parameter, which reveals the installation path in an error message, as demonstrated using index.php.

5.0
2004-12-31 CVE-2004-1503 SUN Remote Denial Of Service vulnerability in Sun Java Runtime Environment InitialDirContext

Integer overflow in the InitialDirContext in Java Runtime Environment (JRE) 1.4.2, 1.5.0 and possibly other versions allows remote attackers to cause a denial of service (Java exception and failed DNS requests) via a large number of DNS requests, which causes the xid variable to wrap around and become negative.

5.0
2004-12-31 CVE-2004-1502 Software602 Denial-Of-Service vulnerability in 602Lan Suite

The Telnet proxy in 602 Lan Suite 2004.0.04.0909 and earlier allows remote attackers to cause a denial of service (socket exhaustion) via a Telnet request to an IP address of the proxy's network interface, which causes a loop.

5.0
2004-12-31 CVE-2004-1501 Software602 Denial-Of-Service vulnerability in 602Lan Suite

The webmail service in 602 Lan Suite 2004.0.04.0909 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) by sending a POST request with a large Content-Length value, then disconnecting without sending that amount of data.

5.0
2004-12-31 CVE-2004-1496 Minihttpserver NET Directory Traversal vulnerability in Minihttpserver.Net web Forums Server 1.6/2.0Powerpack

Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 Power Pack allows remote attackers to read arbitrary files via a URL containing (1) "..\" (dot dot backslash), (2) "../" (dot dot slash), (3) "/%2E%2E%5C" (encoded dot dot backslash), or (4) "%2E%2E%2F" (encoded dot dot slash).

5.0
2004-12-31 CVE-2004-1494 Kingsoft Denial-Of-Service vulnerability in Xdict

Buffer overflow in the Screen Fetch option in XDICT 2002 through 2005 allows remote attackers to cause a denial of service ( CPU consumption or application exit) and possibly execute arbitrary code via a long string.

5.0
2004-12-31 CVE-2004-1493 Quicksilver Remote Denial of Service vulnerability in Quicksilver Master of Orion III

Master of Orion III 1.2.5 and earlier allows remote attackers to cause a denial of service (server crash) via multiple connections with long nicknames, possibly triggering a buffer overflow.

5.0
2004-12-31 CVE-2004-1492 Quicksilver Remote Denial of Service vulnerability in Quicksilver Master of Orion III

Master of Orion III 1.2.5 and earlier allows remote attackers to cause a denial of service (game exit) via a data packet that contains a large size specifier, which causes a large memory allocation to fail.

5.0
2004-12-31 CVE-2004-1491 Opera
Gentoo
KDE
Suse
Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.
5.0
2004-12-31 CVE-2004-1484 Socat Remote Format String vulnerability in Socat

Format string vulnerability in the _msg function in error.c in socat 1.4.0.3 and earlier, when used as an HTTP proxy client and run with the -ly option, allows remote attackers or local users to execute arbitrary code via format string specifiers in a syslog message.

5.0
2004-12-31 CVE-2004-1474 Symantec Remote vulnerability in Symantec Enterprise Firewall/VPN Appliance

Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 uses a default read/write SNMP community string, which allows remote attackers to alter the firewall's configuration file.

5.0
2004-12-31 CVE-2004-1473 Symantec Remote vulnerability in Symantec Enterprise Firewall/VPN Appliance

Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 allow remote attackers to bypass filtering and determine whether the device is running services such as tftpd, snmpd, or isakmp via a UDP port scan with a source port of UDP 53.

5.0
2004-12-31 CVE-2004-1472 Symantec Remote vulnerability in Symantec Enterprise Firewall/VPN Appliance

Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 allow remote attackers to cause a denial of service (device freeze) via a fast UDP port scan on the WAN interface.

5.0
2004-12-31 CVE-2004-1470 Snipsnap Unspecified vulnerability in Snipsnap 0.5.2A

CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions before 1.0b1, allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server.

5.0
2004-12-31 CVE-2004-1459 Cisco Multiple vulnerability in Cisco Secure Access Control Server

Cisco Secure Access Control Server (ACS) 3.2, when configured as a Light Extensible Authentication Protocol (LEAP) RADIUS proxy, allows remote attackers to cause a denial of service (device crash) via certain LEAP authentication requests.

5.0
2004-12-31 CVE-2004-1458 Cisco Multiple vulnerability in Cisco products

The CSAdmin web administration interface for Cisco Secure Access Control Server (ACS) 3.2(2) build 15 allows remote attackers to cause a denial of service (hang) via a flood of TCP connections to port 2002.

5.0
2004-12-31 CVE-2004-1457 Novell Remote Denial Of Service vulnerability in Novell Bordermanager 3.8

The Virtual Private Network (VPN) capability in Novell Bordermanager 3.8 allows remote attackers to cause a denial of service (ABEND in IKE.NLM) via a malformed IKE packet, as sent by the Striker ISAKMP Protocol Test Suite.

5.0
2004-12-31 CVE-2004-1454 Cisco Remote Denial Of Service vulnerability in Cisco IOS OSPF

Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) enabled, allows remote attackers to cause a denial of service (device reload) via a malformed OSPF packet.

5.0
2004-12-31 CVE-2004-1450 Mozilla Remote Security vulnerability in Mozilla 1.7

Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations.

5.0
2004-12-31 CVE-2004-1447 Jetbox Unspecified vulnerability in Jetbox ONE CMS 2.0.8

Jetbox One 2.0.8 and possibly other versions stores passwords in the database in plaintext, which could allow attackers to gain sensitive information.

5.0
2004-12-31 CVE-2004-1446 Juniper Denial Of Service vulnerability in Juniper Networks NetScreen SSHv1

Unknown vulnerability in ScreenOS in Juniper Networks NetScreen firewall 3.x through 5.x allows remote attackers to cause a denial of service (device reboot or hang) via a crafted SSH v1 packet.

5.0
2004-12-31 CVE-2004-1444 Roundup Tracker Path Traversal vulnerability in Roundup-Tracker Roundup

Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via ..

5.0
2004-12-31 CVE-2004-1435 Cisco Multiple vulnerability in Cisco ONS

Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (control card reset) via a large number of TCP connections with an invalid response instead of the final ACK (TCP-ACK).

5.0
2004-12-31 CVE-2004-1434 Cisco Multiple vulnerability in Cisco ONS

Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.1(0) to 4.1(2), 4.5(x), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (control card reset) via malformed SNMP packets.

5.0
2004-12-31 CVE-2004-1433 Cisco Multiple vulnerability in Cisco ONS

Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, and ONS 15600 1.x(x), allows remote attackers to cause a denial of service (control card reset) via malformed (1) TCP and (2) UDP packets.

5.0
2004-12-31 CVE-2004-1432 Cisco Multiple vulnerability in Cisco ONS

Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (control card reset) via malformed (1) IP or (2) ICMP packets.

5.0
2004-12-31 CVE-2004-1431 JOE Lumbroso Remote File Access vulnerability in Joe Lumbroso FormMail.php Arbitrary

FormMail.php 5.0, and possibly other versions, allows remote attackers to read arbitrary files via a full pathname in the ar_file (auto-reply) parameter.

5.0
2004-12-31 CVE-2004-1426 Korweblog Remote File Include vulnerability in Korweblog 1.6.1/1.6.2Cvs

Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to read arbitrary files and execute arbitrary PHP files via ..

5.0
2004-12-31 CVE-2004-1425 Moodle Unspecified vulnerability in Moodle

Directory traversal vulnerability in file.php in Moodle 1.4.2 and earlier allows remote attackers to read arbitrary session files for known session IDs via a ..

5.0
2004-12-31 CVE-2004-1422 WHM Remote vulnerability in WHM Autopilot 2.4.5/2.4.6/2.4.6.5

WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain sensitive information via phpinfo, which reveals php settings.

5.0
2004-12-31 CVE-2004-1415 Ben3W Remote SQL Injection vulnerability in 2Bgal 2.4/2.5.1

SQL injection vulnerability in (1) disp_album.php and possibly (2) disp_img.php in 2Bgal 2.4 and 2.5.1 allows remote attackers to execute arbitrary SQL commands via the id_album parameter.

5.0
2004-12-31 CVE-2004-1414 Gadu Gadu Denial-Of-Service vulnerability in Gadu-Gadu Instant Messenger 6.1Build156

Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of service (application hang) via a message that contains many special strings that are converted to images.

5.0
2004-12-31 CVE-2004-1413 Kayako Cross-Site Scripting and SQL Injection vulnerability in Kayako ESupport

Multiple SQL injection vulnerabilities in Kayako eSupport 2.x allow remote attackers to execute arbitrary SQL commands via the (1) subcat, (2) rate, (3) questiondetails, (4) ticketkey22, (5) email22 parameters to index.php, or (6) the e-mail field of the Forgot Key feature.

5.0
2004-12-31 CVE-2004-1409 Singapore Remote vulnerability in Singapore Image Gallery web Application 0.9.10

Multiple cross-site scripting vulnerabilities in Image Gallery Web Application 0.9.10 allow remote attackers to inject arbitrary web script or HTML.

5.0
2004-12-31 CVE-2004-1407 Singapore Remote vulnerability in Singapore Image Gallery web Application 0.9.10

Multiple directory traversal vulnerabilities in singapore Image Gallery Web Application 0.9.10 allow remote attackers to (1) read arbitrary files via the showThumb method for thumb.php, or (2) delete arbitrary files via admin.class.php.

5.0
2004-12-31 CVE-2004-1399 Opentools Remote vulnerability in Opentools Attachment Mod

Directory traversal vulnerability in the Attachment module 2.3.10 and earlier for phpBB allows remote attackers to read arbitrary files via a ..

5.0
2004-12-31 CVE-2004-1395 Monolith Productions Remote Denial Of Service vulnerability in Monolith Productions Contract Jack, NO ONE Lives Forever 2 and Tron

The Lithtech engine, as used in (1) Contract Jack 1.1 and earlier, (2) No one lives forever 2 1.3 and earlier, (3) Tron 2.0 1.042 and earlier, (4) F.E.A.R.

5.0
2004-12-31 CVE-2004-1393 SUN Denial Of Service vulnerability in Sun Solaris TCSetAttr System Hang

Unknown vulnerability in the tcsetattr function for Sun Solaris for SPARC 2.6, 7, and 8 allows local users to cause a denial of service (system hang).

5.0
2004-12-31 CVE-2004-1392 PHP Unspecified vulnerability in PHP

PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function.

5.0
2004-12-31 CVE-2004-1385 Phpgroupware Information Disclosure vulnerability in Phpgroupware

phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain sensitive information via (1) unexpected characters in the session ID such as shell metacharacters, (2) an invalid appname parameter to preferences.php or (3) an invalid menuaction parameter to index.php, which reveals the web server path in an error message.

5.0
2004-12-31 CVE-2004-1343 CVS Unspecified vulnerability in CVS

CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash).

5.0
2004-12-31 CVE-2004-1200 Mozilla Denial Of Service vulnerability in Mozilla Firefox Infinite Array Sort

Firefox and Mozilla allow remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.

5.0
2004-12-31 CVE-2004-1198 Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.
5.0
2004-12-31 CVE-2004-1186 GNU Multiple vulnerability in GNU Enscript 1.6.3

Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service (application crash).

5.0
2004-12-31 CVE-2004-1043 Microsoft Unspecified vulnerability in Microsoft Internet Explorer and Windows XP

Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."

5.0
2004-12-31 CVE-2004-0931 Mysql Denial of Service vulnerability in MySQL MaxDB WebDBM Server Name

MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial of service (crash) via an HTTP request to webdbm with high ASCII values in the Server field, which triggers an assert error in the IsAscii7 function.

5.0
2004-12-31 CVE-2004-0829 Samba Unspecified vulnerability in Samba

smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service (daemon crash) by sending a FindNextPrintChangeNotify request without a previous FindFirstPrintChangeNotify, as demonstrated by the SMB client in Windows XP SP2.

5.0
2004-12-31 CVE-2004-0825 Apple Denial of Service vulnerability in Apple mac OS X Server 10.2.8/10.3.4/10.3.5

QuickTime Streaming Server in Mac OS X Server 10.2.8, 10.3.4, and 10.3.5 allows remote attackers to cause a denial of service (application deadlock) via a certain sequence of operations.

5.0
2004-12-31 CVE-2004-0808 Samba Unspecified vulnerability in Samba

The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided.

5.0
2004-12-31 CVE-2004-0789 Delegate
Dnrd
DON Moore
Maradns
Pliant
Posadis
Qbik
Team Johnlong
Axis
Denial Of Service vulnerability in Multiple Vendor DNS Response Flooding

Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet.

5.0
2004-12-31 CVE-2004-0592 Suse Denial-Of-Service vulnerability in Suse Linux 2.6.5

The tcp_find_option function of the netfilter subsystem for IPv6 in the SUSE Linux 2.6.5 kernel with USAGI patches, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a casting operation to the char type, a similar flaw to CVE-2004-0626.

5.0
2004-12-31 CVE-2004-0498 Stonesoft Denial-Of-Service vulnerability in Firewall Engine

The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and earlier allows remote attackers to cause a denial of service (crash) via crafted H.323 packets.

5.0
2004-12-31 CVE-2004-0467 Juniper Remote Denial Of Service vulnerability in Juniper Networks JUNOS

Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a denial of service (routing disabled) via a large number of MPLS packets, which are not filtered or verified before being sent to the Routing Engine, which reduces the speed at which other packets are processed.

5.0
2004-12-31 CVE-2004-0465 Openconnect Unspecified vulnerability in Openconnect Webconnect 6.4.4/6.5

Directory traversal vulnerability in jretest.html in WebConnect 6.5 and 6.4.4, and possibly earlier versions, allows remote attackers to read keys within arbitrary INI formatted files via "..//" sequences in the WCP_USER parameter.

5.0
2004-12-30 CVE-2004-1376 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0

Directory traversal vulnerability in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote malicious FTP servers to overwrite arbitrary files via ..

5.0
2004-12-29 CVE-2004-1316 Mozilla Remote Heap Overflow vulnerability in Mozilla Browser Network News Transport Protocol

Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated.

5.0
2004-12-31 CVE-2004-2665 HP Denial-Of-Service vulnerability in HP Hp-Ux 11.00/11.11/11.4

Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.00, B.11.04, and B.11.11 before 20040628 allows local users to cause a denial of service via unspecified vectors.

4.9
2004-12-31 CVE-2004-2650 Apache Denial Of Service vulnerability in Apache James 2.2.0

Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.

4.9
2004-12-31 CVE-2004-2730 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

Sysinternals PsTools before 2.05, including (1) PsExec before 1.54, (2) PsGetsid before 1.41, (3) PsInfo before 1.61, (4) PsKill before 1.03, (5) PsList before 1.26, (6) PsLoglist before 2.51, (7) PsPasswd before 1.21, (8) PsService before 2.12, (9) PsSuspend before 1.05, and (10) PsShutdown before 2.32, does not properly disconnect from remote IPC$ and ADMIN$ shares, which allows local users to access the shares with elevated privileges by using the existing share mapping.

4.6
2004-12-31 CVE-2004-2615 Cutephp Local Security vulnerability in Cutephp Cutenews 1.3.6

The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given world-writable permissions, which allows local users to insert false news, delete news, and possibly gain privileges or have other unknown impact.

4.6
2004-12-31 CVE-2004-2611 Steven Schaefer Denial-Of-Service vulnerability in Sophster

The Change Permissions function in the Sophster suite before 0.9.6 28 May 2004 (aka 0.9.6-r5), possibly including Sophster, FreeSophster, and FreeSophsterPAM, removes the (1) setuid, (2) setgid, and (3) sticky bits when changing a file, which might allow attackers to gain privileges or conduct other unauthorized activities.

4.6
2004-12-31 CVE-2004-2610 Stefan Bambach Local Security vulnerability in Mntd

mntd_mount.c in mntd before 0.4.2 might allow local users to gain privileges via shell metacharacters in a remount option in the configuration file.

4.6
2004-12-31 CVE-2004-2552 TIM Mann Local Security vulnerability in Xboard

Buffer overflow in XBoard 4.2.7 and earlier might allow local users to execute arbitrary code via a long -icshost command line argument.

4.6
2004-12-31 CVE-2004-2490 IBM Local Privilege Escalation vulnerability in IBM products

Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.xC1 and 9.40.xC2 allows local users to execute arbitrary code via a long GL_PATH environment variable.

4.6
2004-12-31 CVE-2004-2489 IBM Local Privilege Escalation vulnerability in IBM Informix

Format string vulnerability in IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to execute arbitrary code via a modified INFORMIXDIR environment variable that points to a file with format string specifiers in the filename.

4.6
2004-12-31 CVE-2004-2481 Myproxy Local Security vulnerability in Myproxy 6.58

MyProxy 6.58 allows remote authenticated users in the Users Tab to connect to arbitrary hosts from the MyProxy server, possibly bypassing access restrictions, by connecting to the proxy and issuing a CONNECT command.

4.6
2004-12-31 CVE-2004-2462 Cplay Symbolic Link vulnerability in Cplay 1.49

cplay 1.49 on Linux allows local users to overwrite arbitrary files via a symlink attack on the cplay_control temporary file.

4.6
2004-12-31 CVE-2004-2306 SUN Unspecified vulnerability in SUN Solaris and Sunos

Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has been removed as a result of security hardening, disables mail alerts from the audit_warn script, which might allow attackers to escape detection.

4.6
2004-12-31 CVE-2004-2229 Oracle Multiple Unspecified vulnerability in Oracle9i Lite

Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server 5.0.0.0.0 through 5.0.2.9.0 allow remote authenticated users to gain privileges.

4.6
2004-12-31 CVE-2004-2215 Marc Lehmann Unspecified vulnerability in Marc Lehmann Rxvt-Unicode 3.4/3.5

RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, which allows local users to access the terminals of other users and possibly gain privileges.

4.6
2004-12-31 CVE-2004-2176 Microsoft Unspecified vulnerability in Microsoft Windows XP

The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is configured by default to trust sessmgr.exe, which allows local users to use sessmgr.exe to create a local listening port that bypasses the ICF access controls.

4.6
2004-12-31 CVE-2004-2126 ISS Unspecified vulnerability in ISS Blackice PC Protection

The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure permissions for .INI files such as (1) blackice.ini, (2) firewall.ini, (3) protect.ini, or (4) sigs.ini, which allows local users to modify BlackICE configuration or possibly execute arbitrary code by exploiting vulnerabilities in the .INI parsers.

4.6
2004-12-31 CVE-2004-2125 ISS Local Buffer Overrun vulnerability in Internet Security Systems BlackICE PC Protection blackd.exe

Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other versions before 3.6.ccb, with application protection off, allows local users to gain system privileges by modifying the .INI file to contain a long packetLog.fileprefix value.

4.6
2004-12-31 CVE-2004-2050 Esesix Multiple vulnerability in eSeSIX Thintune Thin Client Devices

eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow local users to gain privileges by pressing CTRL-SHIFT-ALT-DEL and entering the "maertsJ" password, which is hard-coded into lshell.

4.6
2004-12-31 CVE-2004-2049 Esesix Multiple vulnerability in eSeSIX Thintune Thin Client Devices

eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store sensitive usernames and passwords in cleartext in configuration files for the keeper library, which allows attackers to gain access.

4.6
2004-12-31 CVE-2004-1781 Info Touch Denial Of Service vulnerability in Info Touch Surfnet 1.31

Info Touch Surfnet kiosk allows local users to crash Surfnet and access the underlying operating system via the CMD_CREDITCARD_CHARGE command.

4.6
2004-12-31 CVE-2004-1780 Info Touch Unspecified vulnerability in Info Touch Surfnet 1.31

Info Touch Surfnet kiosk allows local users to deposit extra time into Internet kiosk accounts via repeated authentication attempts.

4.6
2004-12-31 CVE-2004-1772 GNU Buffer Overflow vulnerability in GNU Sharutils 4.2/4.2.1

Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument.

4.6
2004-12-31 CVE-2004-1757 BEA Unspecified vulnerability in BEA Weblogic Server 6.1/7.0/8.1

BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges.

4.6
2004-12-31 CVE-2004-1520 Ipswitch Remote Buffer Overflow vulnerability in Ipswitch Imail 8.13

Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote authenticated users to execute arbitrary code via a long IMAP DELETE command.

4.6
2004-12-31 CVE-2004-1518 Phorum SQL Injection vulnerability in Phorum FOLLOW.PHP

SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier allows remote authenticated users to execute arbitrary SQL command via the forum_id parameter.

4.6
2004-12-31 CVE-2004-1497 Minihttpserver NET Web Forums Server 1.6 and 2.0 Power Pack stores passwords in plaintext in the Username.ini file, which allows local users to gain privileges.
4.6
2004-12-31 CVE-2004-1448 Jetbox Remote Server-Side Script Execution vulnerability in Jetbox ONE CMS 2.0.8

Jetbox One 2.0.8 and possibly other versions allow remote attackers with Author privileges in the IMAGES module to upload PHP files and execute arbitrary code.

4.6
2004-12-31 CVE-2004-1398 Roxio Local Format String vulnerability in Roxio Toast TDIXSupport

Format string vulnerability in prelink.c in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via format string specifiers in the extension argument.

4.6
2004-12-31 CVE-2004-1394 SUN Unspecified vulnerability in SUN Solaris and Sunos

The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users with custom rights profiles to execute profile commands with additional privileges.

4.6
2004-12-31 CVE-2004-1391 QNX Local Command Execution vulnerability in QNX Rtos and RTP

Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious mount program.

4.6
2004-12-31 CVE-2004-0997 Linux Local Privilege Escalation vulnerability in Linux Kernel MIPS Ptrace

Unspecified vulnerability in the ptrace MIPS assembly code in Linux kernel 2.4 before 2.4.17 allows local users to gain privileges via unknown vectors.

4.6
2004-12-31 CVE-2004-0979 Microsoft Unspecified vulnerability in Microsoft IE, Internet Explorer and Windows XP

Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended configuration.

4.6
2004-12-31 CVE-2004-0919 Freebsd Unspecified vulnerability in Freebsd

The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to read arbitrary kernel memory via (1) negative coordinates or (2) large coordinates.

4.6
2004-12-31 CVE-2004-0913 Ecartis Remote Undisclosed Privilege Escalation vulnerability in Ecartis

Unknown vulnerability in ecartis 0.x before 0.129a+1.0.0-snap20020514-1.3 and 1.x before 1.0.0+cvs.20030911-8 allows attackers in the same domain to gain administrator privileges and modify configuration.

4.6
2004-12-31 CVE-2004-0907 Mozilla Unspecified vulnerability in Mozilla and Thunderbird

The Linux install .tar.gz archives for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8, create certain files with insecure permissions, which could allow local users to overwrite those files and execute arbitrary code.

4.6
2004-12-31 CVE-2004-0906 Mozilla Unspecified vulnerability in Mozilla and Thunderbird

The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code.

4.6
2004-12-31 CVE-2004-2731 Linux Numeric Errors vulnerability in Linux Kernel

Multiple integer overflows in Sbus PROM driver (drivers/sbus/char/openprom.c) for the Linux kernel 2.4.x up to 2.4.27, 2.6.x up to 2.6.7, and possibly later versions, allow local users to execute arbitrary code by specifying (1) a small buffer size to the copyin_string function or (2) a negative buffer size to the copyin function.

4.4
2004-12-31 CVE-2004-2729 Hummingbird Permissions, Privileges, and Access Controls vulnerability in Hummingbird Connectivity 7.1/9.0

Inetd32 Administration Tool of Hummingbird Connectivity 7.1 and 9.0 allows local users to execute arbitrary code by changing the program for handling incoming connections.

4.4
2005-01-01 CVE-2005-0266 Sugarcrm Cross-Site Scripting vulnerability in SugarCRM

Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X allows remote attackers to inject arbitrary web script or HTML via the (1) return_module, (2) return_action, (3) name, (4) module, or (5) record parameter.

4.3
2004-12-31 CVE-2004-2757 Novell Cross-Site Scripting vulnerability in Novell Ichain 2.1/2.2

Cross-site scripting (XSS) vulnerability in the failed login page in Novell iChain before 2.2 build 2.2.113 and 2.3 First Customer Ship (FCS) allows remote attackers to inject arbitrary web script or HTML via url parameter.

4.3
2004-12-31 CVE-2004-2756 Xoops Cross-Site Scripting vulnerability in Xoops

Cross-site scripting (XSS) vulnerability in viewtopic.php in Xoops 2.x, possibly 2 through 2.0.5, allows remote attackers to inject arbitrary web script or HTML via the (1) forum and (2) topic_id parameters.

4.3
2004-12-31 CVE-2004-2755 Symantec Cross-Site Scripting vulnerability in Symantec web Security 2.5/3.0/3.0.1

Cross-site scripting (XSS) vulnerability in Symantec Web Security 2.5, 3.0.0, and 3.0.1 before build 62 allows remote attackers to inject arbitrary web script or HTML via the query string in blocked URLs that are listed in (1) error or (2) block page messages.

4.3
2004-12-31 CVE-2004-2752 Postnuke Software Foundation Cross-Site Scripting vulnerability in Postnuke Software Foundation Postnuke 0.726

Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action.

4.3
2004-12-31 CVE-2004-2749 2Wire Path Traversal vulnerability in 2Wire Homeportal

Directory traversal vulnerability in wra/public/wralogin in 2Wire Gateway, possibly as used in HomePortal and other product lines, allows remote attackers to read arbitrary files via a ..

4.3
2004-12-31 CVE-2004-2748 Webtrends Information Exposure vulnerability in Webtrends Reporting Center 6.1A

viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition 6.1a allows remote attackers to determine the installation path via an invalid profileid parameter, which leaks the pathname in an error message.

4.3
2004-12-31 CVE-2004-2742 Businessobjects Cross-Site Scripting vulnerability in Businessobjects Crystal Enterprise 10/8.5/9

Cross-site scripting (XSS) vulnerability in the report viewer in Crystal Enterprise 8.5, 9, and 10 allows remote attackers to inject arbitrary web script or HTML via script in the URL to a report (RPT) file.

4.3
2004-12-31 CVE-2004-2741 Horde Cross-Site Scripting vulnerability in Horde Application Framework

Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters.

4.3
2004-12-31 CVE-2004-2740 Phprojekt Code Injection vulnerability in PHProjekt

PHP remote file inclusion vulnerability in authform.inc.php in PHProjekt 4.2.3 and earlier allows remote attackers to include arbitrary PHP code via a URL in the path_pre parameter.

4.3
2004-12-31 CVE-2004-2738 Zeroboard Cross-Site Scripting vulnerability in Zeroboard 4.1Pl2/4.1Pl3/4.1Pl4

Cross-site scripting (XSS) vulnerability in check_user_id.php in ZeroBoard 4.1pl4 and earlier allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.

4.3
2004-12-31 CVE-2004-2735 Fredric Fredricson Cross-Site Scripting vulnerability in Fredric Fredricson P4Db

Cross-site scripting (XSS) vulnerability in P4DB 2.01 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) SET_PREFERENCES parameter in SetPreferences.cgi; (2) BRANCH parameter in branchView.cgi; (3) FSPC and (4) COMPLETE parameters in changeByUsers.cgi; (5) FSPC, (6) LABEL, (7) EXLABEL, (8) STATUS, (9) MAXCH, (10) FIRSTCH, (11) CHOFFSETDISP, (12) SEARCHDESC, (13) SEARCH_INVERT, (14) USER, (15) GROUP, and (16) CLIENT parameters in changeList.cgi; (17) CH parameter in changeView.cgi; (18) USER parameter in clientList.cgi; (19) CLIENT parameter in clientView.cgi; (20) FSPC parameter in depotTreeBrowser.cgi; (21) FSPC parameter in depotStats.cgi; (22) FSPC, (23) REV, (24) ACT, (25) FSPC2, (26) REV2, (27) CH, and (28) CONTEXT parameters in fileDiffView.cgi; (29) FSPC and (30) REV parameters in fileDownLoad.cgi; (31) FSPC, (32) LISTLAB, and (33) SHOWBRANCH parameters in fileLogView.cgi; (34) FSPC and (35) LABEL parameters in fileSearch.cgi; (36) FSPC, (37) REV, and (38) FORCE parameters in fileViewer.cgi; (39) FSPC parameter in filesChangedSince.cgi; (40) GROUP parameter in groupView.cgi; (41) TYPE, (42) FSPC, and (43) REV parameters in htmlFileView.cgi; (44) CMD parameter in javaDataView.cgi; (45) JOBVIEW and (46) FLD parameters in jobList.cgi; (47) JOB parameter in jobView.cgi; (48) LABEL1 and (49) LABEL2 parameters in labelDiffView.cgi; (50) LABEL parameter in labelView.cgi; (51) FSPC parameter in searchPattern.cgi; (52) TYPE, (53) FSPC, and (54) REV parameters in specialFileView.cgi; (55) GROUPSONLY parameter in userList.cgi; or (56) USER parameter in userView.cgi.

4.3
2004-12-31 CVE-2004-2732 Netbilling OS Command Injection vulnerability in Netbilling 2.0

nbmember.cgi in Netbilling 2.0 allows remote attackers to obtain sensitive information via the cmd=test option, which can be leveraged to determine the access key.

4.3
2004-12-31 CVE-2004-2727 Mailenable Buffer Errors vulnerability in Mailenable 1.5/1.6/1.7

Buffer overflow in MEHTTPS (HTTPMail) of MailEnable Professional 1.5 through 1.7 allows remote attackers to cause a denial of service (application crash) via a long HTTP GET request.

4.3
2004-12-31 CVE-2004-2725 Aztek Forum Cross-Site Scripting vulnerability in Aztek Forum Aztek Forum 4.0

Multiple cross-site scripting (XSS) vulnerabilities in Aztek Forum 4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in (a) search.php, (2) the email parameter in (b) subscribe.php, and (3) the return and (4) title parameters in (c) forum_2.php.

4.3
2004-12-31 CVE-2004-2721 Heiko Stamer Cryptographic Issues vulnerability in Heiko Stamer Openskat

The CheckGroup function in openSkat VTMF before 2.1 generates public key pairs in which the "p" variable might not be prime, which allows remote attackers to determine the private key and decrypt messages.

4.3
2004-12-31 CVE-2004-2720 Snitz Communications Cross-Site Scripting vulnerability in Snitz Communications Snitz Forums 2000

Cross-site scripting (XSS) vulnerability in register.asp in Snitz Forums 2000 3.4.04 and earlier allows remote attackers to inject arbitrary web script or HTML via javascript events in the Email parameter.

4.3
2004-12-31 CVE-2004-2718 PHP Heaven Permissions, Privileges, and Access Controls vulnerability in PHP Heaven PHPmychat 0.14.5

PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request.

4.3
2004-12-31 CVE-2004-2704 Hastymail
Microsoft
Cross-Site Scripting vulnerability in multiple products

Hastymail 1.0.1 and earlier (stable) and 1.1 and earlier (development) does not send the "attachment" parameter in the Content-Disposition field for attachments, which causes the attachment to be rendered inline by Internet Explorer when the victim clicks the download link, which facilitates cross-site scripting (XSS) and possibly other attacks.

4.3
2004-12-31 CVE-2004-2703 Clearswift Cryptographic Issues vulnerability in Clearswift products

Clearswift MIMEsweeper 5.0.5, when it has been upgraded from MAILsweeper for SMTP version 4.3 or MAILsweeper Business Suite I or II, allows remote attackers to bypass scanning by including encrypted data in a mail message, which causes the message to be marked as "Clean" instead of "Encrypted".

4.3
2004-12-31 CVE-2004-2702 Swsoft Cross-Site Scripting vulnerability in Swsoft Plesk 7.0/7.1

Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 and 7.1 Reloaded allows remote attackers to inject arbitrary web script or HTML via the login_name parameter.

4.3
2004-12-31 CVE-2004-2701 Aspdotnetstorefront Cross-Site Scripting vulnerability in Aspdotnetstorefront 3.3

Cross-site scripting (XSS) vulnerability in signin.aspx for AspDotNetStorefront 3.3 allows remote attackers to inject arbitrary web script or HTML via the returnurl parameter.

4.3
2004-12-31 CVE-2004-2699 Aspdotnetstorefront Permissions, Privileges, and Access Controls vulnerability in Aspdotnetstorefront 3.3

deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to delete arbitrary product images via a modified ProductID parameter.

4.3
2004-12-31 CVE-2004-2688 Newsphp Cross-Site Scripting vulnerability in Newsphp

Cross-site scripting (XSS) vulnerability in index.php in NewsPHP allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter.

4.3
2004-12-31 CVE-2004-2656 Open Source Development Network Security vulnerability in Open Source Development Network Slashcode 2.2.5

Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) before R_2_5_0_41 allow remote attackers to inject arbitrary web script or HTML via (1) the topic parameter in search.pl and (2) the filter parameter in submit.pl.

4.3
2004-12-31 CVE-2004-2651 Michael Christen Cross-Site Scripting vulnerability in YACY Peer-To-Peer Search Engine

Multiple cross-site scripting (XSS) vulnerabilities in YaCy before 0.32 allow remote attackers to inject arbitrary web script or HTML via the (1) urlmaskfilter parameter to index.html or the (2) page parameter to Wiki.html.

4.3
2004-12-31 CVE-2004-2624 Wackowiki Cross-Site Scripting vulnerability in Wackowiki R3/R3.5

Cross-site scripting (XSS) vulnerability in "TextSearch" in WackoWiki 3.5 allows remote attackers to inject arbitrary web script or HTML via the "phrase" parameter.

4.3
2004-12-31 CVE-2004-2618 Pegasi WEB Server Input Validation vulnerability in Pegasi web Server Pegasi web Server 0.2.2

Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the URI, directly after the initial '/' (slash).

4.3
2004-12-31 CVE-2004-2604 Phproxy Cross-Site Scripting vulnerability in PHProxy 0.1/0.2/0.3

Cross-site scripting (XSS) vulnerability in index.php in PHProxy allows remote attackers to inject arbitrary web script or HTML via the error parameter.

4.3
2004-12-31 CVE-2004-2603 Ubertec Remote vulnerability in Help Center Live

Cross-site scripting (XSS) vulnerability in the Search module in UberTec Help Center Live (HCL) allows remote attackers to inject arbitrary web script or HTML via the find parameter to index.php.

4.3
2004-12-31 CVE-2004-2585 Smartertools Cross-Site Scripting vulnerability in Smartertools Smartermail 1.6.1511/1.6.1529

Cross-site scripting (XSS) vulnerability in frmCompose.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to inject arbitrary web script or HTML via Javascript to the "check spelling" feature in the compose area.

4.3
2004-12-31 CVE-2004-2574 Phpgroupware HTML Injection vulnerability in PHPgroupware 0.9.16.000/0.9.16.002/0.9.16.003

Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to inject arbitrary web script or HTML via the date parameter in a calendar.uicalendar.planner menuaction.

4.3
2004-12-31 CVE-2004-2568 Recipants SQL Injection and Cross-Site Scripting vulnerability in ReciPants

Multiple cross-site scripting (XSS) vulnerabilities in ReciPants 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) user id, (2) recipe id, (3) category id, and (4) other ID number fields.

4.3
2004-12-31 CVE-2004-2566 Liveworld Cross-Site Scripting vulnerability in Livefocusgroup

Multiple cross-site scripting (XSS) vulnerabilities in LiveWorld products, possibly including (1) LiveForum, (2) LiveQ&A, (3) LiveChat, and (4) LiveFocusGroup, allow remote attackers to inject arbitrary web script or HTML via the q parameter in (a) search.jsp, (b) findclub!execute.jspa, and (c) search!execute.jspa.

4.3
2004-12-31 CVE-2004-2564 Sambar Multiple vulnerability in Sambar Server 6.1

Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, allow remote attackers to inject arbitrary web script or HTML via (1) the show parameter in show.asp and (2) the title parameter in showperf.asp.

4.3
2004-12-31 CVE-2004-2550 Xperience Undisclosed Cross-Site Scripting vulnerability in SandSurfer

Multiple cross-site scripting (XSS) vulnerabilities in unspecified Perl scripts in SandSurfer before 1.7.1 allow remote attackers to inject arbitrary web script or HTML, which is later executed by a target who views reports containing the injected data.

4.3
2004-12-31 CVE-2004-2548 Netwin Input Validation vulnerability in Netwin Surgemail and Webmail

Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form.

4.3
2004-12-31 CVE-2004-2528 Webcam Corp Cross-Site Scripting vulnerability in Webcam Corp Webcam Watchdog 4.0.1A

Cross-site scripting (XSS) vulnerability in sresult.exe in Webcam Watchdog 4.0.1a allows remote attackers to inject arbitrary web script or HTML via the cam parameter.

4.3
2004-12-31 CVE-2004-2525 S9Y Remote Cross-Site Scripting vulnerability in S9Y Serendipity

Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable.

4.3
2004-12-31 CVE-2004-2514 Powerportal HTML Injection vulnerability in Powerportal 1.1B/1.3/1.3B

Cross-site scripting (XSS) vulnerability in modules/private_messages/index.php in PowerPortal 1.x allows remote attackers to inject arbitrary web script or HTML via the (1) SUBJECT or (2) MESSAGE field.

4.3
2004-12-31 CVE-2004-2512 Codeworx Technologies Unspecified vulnerability in Codeworx Technologies Dcp-Portal

CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the PHPSESSID parameter.

4.3
2004-12-31 CVE-2004-2511 Codeworx Technologies Cross-Site Scripting vulnerability in DCP-Portal

Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid parameter in annoucement.php; (7) the cid parameter in news.php; (8) the cid parameter in contents.php; (9) the q parameter in search.php; and (10) the country parameter in register.php.

4.3
2004-12-31 CVE-2004-2510 Ubbcentral Cross-Site Scripting vulnerability in UBBCentral UBB.threads

Cross-site scripting (XSS) vulnerability in showflat.php in Infopop UBB.Threads before 6.5 allows remote attackers to inject arbitrary web script or HTML via the Cat parameter.

4.3
2004-12-31 CVE-2004-2509 Ubbcentral Cross-Site Scripting vulnerability in Ubbcentral Ubb.Threads 6.2.3/6.5

Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) login.php, and (3) online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers to inject arbitrary web script or HTML via the Cat parameter.

4.3
2004-12-31 CVE-2004-2508 Linksys Cross-Site Scripting vulnerability in Linksys Wvc11B 2.10

Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to inject arbitrary web script or HTML via the next_file parameter.

4.3
2004-12-31 CVE-2004-2497 Hitachi Cross-Site Scripting and Information Disclosure vulnerability in Hitachi Web Page Generator

Cross-site scripting (XSS) vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

4.3
2004-12-31 CVE-2004-2494 Code Crafters Multiple vulnerability in Code-Crafters Ability Mail Server

Cross-site scripting (XSS) vulnerability in _error in Ability Mail Server 1.18 allows remote attackers to inject arbitrary web script or HTML via the erromsg parameter.

4.3
2004-12-31 CVE-2004-2492 Hitachi Cross-Site Scripting And Directory Traversal vulnerability in Groupmax World Wide Web

Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web (GmaxWWW) Desktop 5, 6, and Desktop for Jichitai 6, allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter.

4.3
2004-12-31 CVE-2004-2484 PHP Gift Registry Cross-Site Scripting vulnerability in PHP Gift Registry

Cross-site scripting (XSS) vulnerability in PHP Gift Registry 1.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter to (1) event.php or (2) index.php.

4.3
2004-12-31 CVE-2004-2475 Google HTML Injection vulnerability in Google Toolbar About.HTML

Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section.

4.3
2004-12-31 CVE-2004-2468 Scripts FOR Educators Cross-Site Scripting vulnerability in Scripts for Educators Sillysearch 2.3

Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.

4.3
2004-12-31 CVE-2004-2465 EFS Software Cross-Site Scripting vulnerability in EFS Software Easy Chat Server 1.2

Cross-site scripting (XSS) vulnerability in chat.ghp in Easy Chat Server 1.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter.

4.3
2004-12-31 CVE-2004-2447 1ST Class Internet Solutions Input Validation vulnerability in 1ST Class Internet Solutions 1ST Class Mail Server 4.01

Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 allows remote attackers to inject arbitrary web script or HTML via the Mailbox parameter to (1) viewmail.tagz, (2) the index script under /user/, (3) members.tagz, (4) general.tagz, (5) advanced.tagz, or (6) list.tagz.

4.3
2004-12-31 CVE-2004-2444 Jaws Input Validation vulnerability in Jaws 0.3

Cross-site scripting (XSS) vulnerability in index.php in Jaws 0.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter.

4.3
2004-12-31 CVE-2004-2438 PHP Fusion SQL and HTML Injection vulnerability in PHP Fusion PHP Fusion 4.01

Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows remote attackers to inject arbitrary web script or HTML via the (1) Submit News, (2) Submit Link or (3) Submit Article field.

4.3
2004-12-31 CVE-2004-2435 Peoplesoft Cross-Site Scripting vulnerability in Peoplesoft Hrms 7.0

Cross-site scripting (XSS) vulnerability in PeopleSoft Human Resources Management System (HRMS) 7.0, when "web enabled" using HTML Access, allows remote attackers to inject arbitrary web script or HTML via unspecified (1) debugging or (2) utility scripts.

4.3
2004-12-31 CVE-2004-2411 Virtual Programming Cross-Site Scripting vulnerability in Virtual Programming VP-ASP Shopping Cart Shop$DB.Asp 4.0/4.50/5.0

The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart 4.0 through 5.0 does not sufficiently cleanse inputs, which allows remote attackers to conduct cross-site scripting (XSS) attacks that do not use <script> tags, as demonstrated via javascript in IMG tags to (1) the cat parameter in shopdisplayproducts.asp or (2) the msg parameter in shoperror.asp, and possibly other vectors.

4.3
2004-12-31 CVE-2004-2402 Yabb Cross-Site Scripting vulnerability in YaBB YaBB.pl IMSend

Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter.

4.3
2004-12-31 CVE-2004-2358 Phpbb Group Multiple vulnerability in PhpBB admin_words.php

Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB 2.0.6c allows remote attackers to inject arbitrary web script or HTML via the id parameter.

4.3
2004-12-31 CVE-2004-2355 Crafty Syntax Live Help HTML Injection vulnerability in Crafty Syntax Live Help Crafty Syntax Live Help 2.7.3

Cross-site scripting (XSS) vulnerability in Crafty Syntax Live Help (CSLH) before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the name field of a livehelp or chat session.

4.3
2004-12-31 CVE-2004-2352 Martin Bauer HTML Injection vulnerability in Martin Bauer Gbook 1.4

Cross-site scripting (XSS) vulnerability in GBook for PHP-Nuke 1.0 allows remote attackers to inject arbitrary web script or HTML via cookies that are stored in the $_COOKIE PHP variable, which is not cleansed by PHP-Nuke.

4.3
2004-12-31 CVE-2004-2351 Martin Bauer HTML Injection vulnerability in Martin Bauer Gbook 1.4

Cross-site scripting (XSS) vulnerability in GBook for Php-Nuke 1.0 allows remote attackers to inject arbitrary web script or HTML via multiple parameters, including (1) name, (2) email, (3) city, and (4) message, which do not use the <script> and <style> tags, which are filtered by PHP-Nuke.

4.3
2004-12-31 CVE-2004-2346 Minihttpserver NET Cross-Site Scripting vulnerability in Forum Web Server

Multiple cross-site scripting (XSS) vulnerabilities in Forum Web Server 1.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Subject field in post1.htm and (2) the File Description field in postfile2.htm.

4.3
2004-12-31 CVE-2004-2334 Emumail Multiple vulnerability in Emumail EMU Webmail 5.2.7

Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail 5.2.7 allow remote attackers to inject arbitrary web script or HTML via (1) a hex-encoded value to the variable parameter in emumail.fcgi, (2) the folder parameter in emumail.fcgi, or Javascript in the (3) username or (4) password field in the login page.

4.3
2004-12-31 CVE-2004-2332 Cpan HTML Injection vulnerability in Cpan WWW Form 1.12

Multiple cross-site scripting (XSS) vulnerabilities in CPAN WWW::Form before 1.13 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2004-12-31 CVE-2004-2325 Dotnetnuke Multiple vulnerability in DotNetNuke

Cross-site scripting (XSS) vulnerability in EditModule.aspx for DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to inject arbitrary web script or HTML.

4.3
2004-12-31 CVE-2004-2310 IBM Cross-Site Scripting vulnerability in IBM Lotus Domino 6.5.1

Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows remote attackers to inject arbitrary web script or HTML via a Domino command in the Quick Console.

4.3
2004-12-31 CVE-2004-2308 Cpanel Cross-Site Scripting vulnerability in cPanel dir Parameter

Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html.

4.3
2004-12-31 CVE-2004-2294 Francisco Burzi Input Validation vulnerability in PHP-Nuke

Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in the text parameter, which is checked for dangerous sequences before it is canonicalized, leading to a cross-site scripting (XSS) vulnerability.

4.3
2004-12-31 CVE-2004-2293 Francisco Burzi Input Validation vulnerability in PHP-Nuke

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter.

4.3
2004-12-31 CVE-2004-2288 Jelsoft Unspecified vulnerability in Jelsoft Vbulletin

Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter.

4.3
2004-12-31 CVE-2004-2279 Invision Power Services Cross-Site Scripting vulnerability in Invision Power Services Invision Power Board 1.3Final

Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 Final allows remote attackers to execute arbitrary script as other users via the pop parameter in a chat action to index.php.

4.3
2004-12-31 CVE-2004-2278 Chaogic Systems Cross-Site Scripting vulnerability in Chaogic Systems VHost

Unknown cross-site scripting (XSS) vulnerability in the web GUI in vHost before 3.10r1 has unknown impact and attack vectors.

4.3
2004-12-31 CVE-2004-2267 Ansel Input Validation vulnerability in Ansel

Cross-site scripting (XSS) vulnerability in Ansel 2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via the album name.

4.3
2004-12-31 CVE-2004-2261 E107 Script HTML Injection vulnerability in e107 Website System

Cross-site scripting (XSS) vulnerability in e107 allows remote attackers to inject arbitrary script or HTML via the "login name/author" field in the (1) news submit or (2) article submit functions.

4.3
2004-12-31 CVE-2004-2246 Goollery Cross-Site Scripting vulnerability in Goollery 0.3

Cross-site scripting (XSS) vulnerability in Goollery before 0.04b allows remote attackers to inject arbitrary HTML or web script via the conversation_id parameter to viewpic.php.

4.3
2004-12-31 CVE-2004-2245 Goollery Cross-Site Scripting vulnerability in Goollery 0.3

Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows remote attackers to inject arbitrary HTML or web script via the (1) page parameter to viewalbum.php or (2) btopage parameter to viewpic.php.

4.3
2004-12-31 CVE-2004-2242 Phorum Cross-Site Scripting vulnerability in Phorum 5.0.7Beta

Cross-site scripting (XSS) vulnerability in search.php in Phorum, possibly 5.0.7 beta and earlier, allows remote attackers to inject arbitrary HTML or web script via the subject parameter.

4.3
2004-12-31 CVE-2004-2241 Phorum Cross-Site Scripting and SQL Injection vulnerability in Phorum 5.0.11

Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier allows remote attackers to inject arbitrary HTML or web script via search.php.

4.3
2004-12-31 CVE-2004-2211 Alivesites Remote Input Validation vulnerability in Alivesites Forum 2.0

Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) forum_id, (2) method, or (3) forum_title parameters to post.asp, (4) the forum_title parameter to forum.asp, or (5) the id parameter to post.asp.

4.3
2004-12-31 CVE-2004-2210 Express WEB Cross-Site Scripting vulnerability in Express-Web Content Management System

Multiple cross-site scripting (XSS) vulnerabilities in Express-Web Content Management System (CMS) allow remote attackers to steal cookie-based authentication information and possibly perform other exploits via the (1) n, (2) b, (3) e, or (4) a parameters to default.asp, (5) the Referer header in an HTTP request to login.asp, or (6) the email parameter to subscribe/default.asp.

4.3
2004-12-31 CVE-2004-2207 Ideal Science Remote Input Validation vulnerability in Ideal Science IdealBB

Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2004-12-31 CVE-2004-2200 Duware Remote vulnerability in DUware Software

Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to inject arbitrary web script or HTML via via the message text.

4.3
2004-12-31 CVE-2004-2199 Duware Remote vulnerability in Duware Duclassified 4.0

Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 allows remote attackers to inject arbitrary web script or HTML via the message text.

4.3
2004-12-31 CVE-2004-2193 Cjoverkill Cross-Site Scripting vulnerability in Cjoverkill 4.0.3

Cross-site scripting (XSS) vulnerability in trade.php for CJOverkill 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the (1) tms[0] or (2) url parameters.

4.3
2004-12-31 CVE-2004-2191 Turbotraffictrader Input Validation vulnerability in Turbotraffictrader PHP 1.0

Cross-site scripting (XSS) vulnerability in ttt-webmaster.php in Turbo Traffic Trader PHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) msg[0] or (2) siteurl parameters.

4.3
2004-12-31 CVE-2004-2188 Dmxready Cross-Site Scripting And SQL Injection vulnerability in DMXReady Site Chassis Manager

Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis Manager allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2004-12-31 CVE-2004-2180 Wowbb Remote Input Validation vulnerability in Wowbb web Forum 1.61

Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum 1.61 allow remote attackers to inject arbitrary web script or HTML via the (1) country parameter to view_user.php, (2) show parameter to view_forum.php, (3) letter parameter to view_user.php, (4) highlight parameter to view_topic.php, (5) show parameter to index.php, (6) q parameter to search.php, (7) Referer header to admin.php, or the (8) user_email parameter to login.php.

4.3
2004-12-31 CVE-2004-2177 Devoybb Remote Input Validation vulnerability in Devoybb web Forum 1.0

Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2004-12-31 CVE-2004-2174 Early Impact Multiple vulnerability in EarlyImpact ProductCart

Cross-site scripting (XSS) vulnerability in Custva.asp in EarlyImpact ProductCart allows remote attackers to inject arbitrary Javascript via the redirectUrl parameter.

4.3
2004-12-31 CVE-2004-2171 Cherokee Cross-Site Scripting vulnerability in Cherokee Error Page

Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting error page.

4.3
2004-12-31 CVE-2004-2162 Tutos Remote Input Validation vulnerability in Tutos 1.120040414

Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the search field of the Address Module or (2) the t parameter to app_new.php.

4.3
2004-12-31 CVE-2004-2157 S9Y Input Validation vulnerability in S9Y Serendipity 0.7Beta1

Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions before 0.7-beta3, allows remote attackers to inject arbitrary HTML and PHP code via the (1) email or (2) username field.

4.3
2004-12-31 CVE-2004-2152 Mediawiki Cross-Site Scripting vulnerability in MediaWiki Raw Page

Cross-site scripting (XSS) vulnerability in 'raw' page output mode for MediaWiki 1.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML.

4.3
2004-12-31 CVE-2004-2123 Nextplace Cross-Site Scripting vulnerability in E-Commerce Asp Engine

Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com E-Commerce ASP Engine allow remote attackers to inject arbitrary web script or HTML via the (1) level parameter of productdetail.asp, (2) searchKey parameter of searchresults.asp, and possibly (3) level parameter of ListCategories.asp.

4.3
2004-12-31 CVE-2004-2113 Herberlin Cross-Site Scripting vulnerability in Herberlin Bremsserver 1.2.4

Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the URL.

4.3
2004-12-31 CVE-2004-2103 Novell Cross-Site Scripting vulnerability in Novell Netware 5.1/6.0

Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to process arbitrary script or HTML as other users via (1) a malformed request for a Perl program with script in the filename, (2) the User.id parameter to the webacc servlet, (3) the GWAP.version parameter to webacc, or (4) a URL request for a .bas file with script in the filename.

4.3
2004-12-31 CVE-2004-2102 Freesco Cross-Site Scripting vulnerability in FREESCO

Cross-site scripting (XSS) vulnerability in FREESCO 2.05, a modified version of thttpd, allows remote attackers to inject arbitrary web script or HTML via the test parameter.

4.3
2004-12-31 CVE-2004-2098 Native Solutions Unspecified vulnerability in Native Solutions TBE Banner Engine 4.0/5.0

Cross-site scripting (XSS) vulnerability in the banner engine (TBE) 5.0 allows remote attackers to execute arbitrary script as other users via the HTML banner view/preview capability.

4.3
2004-12-31 CVE-2004-2096 Mephistoles Internet Suite Cross-Site Scripting vulnerability in Mephistoles Internet Suite Mephistoles Httpd 0.6Final/0.6P1/0.6P2

Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 final allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the URL.

4.3
2004-12-31 CVE-2004-2094 Darkwet Cross-Site Scripting vulnerability in Darkwet Webcam XP 1.6.945

Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows remote attackers to inject arbitrary HTML or web script as other users via a URL that contains the script.

4.3
2004-12-31 CVE-2004-2076 Jelsoft Cross-Site Scripting vulnerability in Jelsoft Vbulletin 3.0.0Rc4

Cross-site scripting (XSS) vulnerability in search.php for Jelsoft vBulletin 3.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.

4.3
2004-12-31 CVE-2004-2063 Antiboard Input Validation vulnerability in AntiBoard

Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to inject arbitrary HTML or web script via the feedback parameter.

4.3
2004-12-31 CVE-2004-2020 Francisco Burzi Input Validation vulnerability in PHP-Nuke

Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2) date parameter in the Statistics module, (3) year, month, and month_1 parameters in the Stories_Archive module, (4) mode, order, and thold parameters in the Surveys module, or (5) a SQL statement to index.php, as processed by mainfile.php.

4.3
2004-12-31 CVE-2004-2017 Turbotraffictrader Cross-Site Scripting and HTML Injection vulnerability in Turbotraffictrader C 1.0

Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic Trader C (TTT-C) 1.0 allow remote attackers to inject arbitrary HTML or web script, as demonstrated via (1) the link parameter to ttt-out, (2) the X-Forwarded-For header in a GET request to ttt-in, (3) the Referer header in a GET request to ttt-in, or the (4) site name or (5) site URL fields in the main control panel.

4.3
2004-12-31 CVE-2004-2015 Webct HTML Injection vulnerability in WebCT Campus Edition HTML Tags

Cross-site scripting (XSS) vulnerability in WebCT Campus Edition allows remote attackers to inject arbitrary HTML or web script via (1) iframe, (2) img, or (3) object tags.

4.3
2004-12-31 CVE-2004-1960 Protector System Unspecified vulnerability in Protector System Protector System 1.15B1

Cross-site scripting (XSS) vulnerability in blocker_query.php in Protector System 1.15b1 allows remote attackers to inject arbitrary web script or HTML via the (1) target or (2) portNum parameters.

4.3
2004-12-31 CVE-2004-1913 Francisco Burzi
Shiba Design
Multiple vulnerability in NukeCalendar

Cross-site scripting (XSS) vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to inject arbitrary web script or HTML via the eid parameter.

4.3
2004-12-31 CVE-2004-1911 Azerbaijan Development Group Cross-Site Scripting vulnerability in Azerbaijan Development Group Azdgdating 2.1.1

Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) l parameter (aka language variable) to index.php or (2) id parameter to view.php.

4.3
2004-12-31 CVE-2004-1882 Cactusoft Cross-Site Scripting vulnerability in CactuSoft Cactushop 5.0/5.1

Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in CactuShop 5.x allows remote attackers to inject arbitrary web script or HTML via the strImageTag parameter.

4.3
2004-12-31 CVE-2004-1879 Phpkit HTML Injection vulnerability in PHPkit 1.6.03

Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows allows remote attackers to inject arbitrary web script or HTML via forum messages.

4.3
2004-12-31 CVE-2004-1867 WEB Fresh HTML Injection vulnerability in Web Fresh Fresh Guest Book 1.0/2.0/2.1

Cross-site scripting (XSS) vulnerability in guest.cgi in Fresh Guest Book allows remote attackers to inject arbitrary web script or HTML via the Name field.

4.3
2004-12-31 CVE-2004-1863 XMB Forum Cross-Site Scripting vulnerability in XMB Forum XMB 1.8Sp3/1.9Beta

Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allow remote attackers to inject arbitrary web script or HTML via (1) the u2uheader parameter in editprofile.php, the restrict parameter in (2) member.php, (3) misc.php, and (4) today.php, and (5) an arbitrary parameter in phpinfo.php.

4.3
2004-12-31 CVE-2004-1845 Expinion NET Multiple vulnerability in Expinion.Net News Manager Lite 2.5

Multiple cross-site scripting (XSS) vulnerabilities in News Manager Lite 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to comment_add.asp, (2) search parameter to search.asp, or (3) n parameter to category_news_headline.asp.

4.3
2004-12-31 CVE-2004-1844 Expinion NET Cross-Site Scripting vulnerability in Expinion.net Member Management System

Cross-site scripting (XSS) vulnerability in Member Management System 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the err parameter to error.asp or (2) register.asp.

4.3
2004-12-31 CVE-2004-1837 Joel Palmius HTML Injection vulnerability in Joel Palmius Mod_Survey Survey Input Field

Cross-site scripting (XSS) vulnerability in Mod_survey 3.0.x before 3.0.16-pre2 and 3.2.x before 3.2.0-pre4 allows remote attackers to inject arbitrary web script or HTML via the certain survey fields or error messages for malformed query strings.

4.3
2004-12-31 CVE-2004-1824 Jelsoft Cross-Site Scripting vulnerability in VBulletin Memberlist.PHP

Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.0 allows remote attackers to inject arbitrary web script or HTML via the what parameter to memberlist.php.

4.3
2004-12-31 CVE-2004-1823 Jelsoft Cross-Site Scripting vulnerability in Jelsoft Vbulletin 3.0.0/3.0.0Can4

Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft vBulletin 2.0 beta 3 through 3.0 can4 allows remote attackers to inject arbitrary web script or HTML via the (1) page parameter to showthread.php or (2) order parameter to forumdisplay.php.

4.3
2004-12-31 CVE-2004-1809 Phpbb Group Cross-Site Scripting vulnerability in PHPBB

Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) postdays parameter to viewtopic.php or (2) topicdays parameter to viewforum.php.

4.3
2004-12-31 CVE-2004-1807 Dogpatch Software Cross-Site Scripting vulnerability in Dogpatch Software Cfwebstore 5.0

Cross-site scripting (XSS) vulnerability in index.cfm in CFWebstore 5.0 allows remote attackers to inject arbitrary web script or HTML via the URL.

4.3
2004-12-31 CVE-2004-1797 Freznoshop Cross-Site Scripting vulnerability in FreznoShop Search Script

Cross-site scripting (XSS) vulnerability in search.php for FreznoShop 1.3.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.

4.3
2004-12-31 CVE-2004-1794 Vcard4J HTML Injection vulnerability in VCard4J Toolkit

Cross-site scripting (XSS) vulnerability in the VCard4J Toolkit allows remote attackers to inject arbitrary web script or HTML via the NICKNAME tag in a vCard.

4.3
2004-12-31 CVE-2004-1790 Edimax Cross-Site Scripting vulnerability in Edimax Full Rate Adsl Router Ar6004

Cross-site scripting (XSS) vulnerability in the web management interface in Edimax AR-6004 ADSL Routers allows remote attackers to inject arbitrary web script or HTML via the URL.

4.3
2004-12-31 CVE-2004-1789 Zyxel Cross-Site Scripting vulnerability in ZyXEL ZyWALL 10 Management Interface

Cross-site scripting (XSS) vulnerability in the web management interface in ZyWALL 10 4.07 allows remote attackers to inject arbitrary web script or HTML via the rpAuth_1 page.

4.3
2004-12-31 CVE-2004-1779 Thwboard Cross-Site Scripting vulnerability in ThWboard board.php

Cross-site scripting (XSS) vulnerability in board.php for ThWboard before beta 2.84 allows remote attackers to inject arbitrary web script or HTML via the lastvisited parameter.

4.3
2004-12-31 CVE-2004-1747 Network Everywhere HTML Injection vulnerability in Network Everywhere Nr041 1.2Release03

Cross-site scripting (XSS) vulnerability in NetworkEverywhere NR041 running firmware 1.2 Release 03 allows remote attackers to inject arbitrary web script or HTML via the DHCP HOSTNAME option.

4.3
2004-12-31 CVE-2004-1746 PHP Code Snippet Library Cross-Site Scripting vulnerability in PHP Code Snippet Library PHP Code Snippet Library 0.8

Cross-site scripting (XSS) vulnerability in index.php in PHP Code Snippet Library allows remote attackers to inject arbitrary web script or HTML via the (1) cat_select or (2) show parameters.

4.3
2004-12-31 CVE-2004-1738 Jshop E Commerce Cross-Site Scripting vulnerability in Jshop E-Commerce Jshop Server 1.2

Cross-site scripting (XSS) vulnerability in page.php in JShop allows remote attackers to inject arbitrary web script or HTML via the xPage parameter.

4.3
2004-12-31 CVE-2004-1730 Mantis Cross-Site Scripting vulnerability in Mantis

Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php.

4.3
2004-12-31 CVE-2004-1593 SCT Corporation Cross-Site Scripting vulnerability in SCT Campus Pipeline Render.UserLayoutRootNode.uP

Cross-site scripting (XSS) vulnerability in render.UserLayoutRootNode.uP in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via the utf parameter.

4.3
2004-12-31 CVE-2004-1589 Gosmart Input Validation vulnerability in Go Smart Inc GoSmart Message Board

Cross-site scripting (XSS) vulnerability in GoSmart Message Board allows remote attackers to execute inject web script or HTML via the (1) Category parameter to Forum.asp or (2) MainMessageID parameter to ReplyToQuestion.asp.

4.3
2004-12-31 CVE-2004-1578 Invision Power Services Cross-Site Scripting vulnerability in Invision Power Services Invision Power Board 2.0.0

Cross-site scripting (XSS) vulnerability in index.php in Invision Power Board 2.0.0 allows remote attackers to execute arbitrary web script or HTML via the Referer field in the HTTP header.

4.3
2004-12-31 CVE-2004-1566 Silent Storm Input Validation vulnerability in Silent-Storm Portal 2.1/2.2

Cross-site scripting (XSS) vulnerability in index.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers to execute arbitrary web script or HTML via the module parameter.

4.3
2004-12-31 CVE-2004-1563 W Agora Remote Input Validation vulnerability in W-Agora 4.1.6A

Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow remote attackers to execute arbitrary web script or HTML via the (1) thread parameter to download_thread.php, (2) loginuser parameter to login.php, or (3) userid parameter to forgot_password.php.

4.3
2004-12-31 CVE-2004-1559 Wordpress Cross-Site Scripting vulnerability in Wordpress 1.2

Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php.

4.3
2004-12-31 CVE-2004-1551 PHP Arena Cross-Site Scripting vulnerability in PHP Arena Pafiledb 3.1

Cross-site scripting (XSS) vulnerability in the (1) email or (2) file modules in paFileDB 3.1 Final allows remote attackers to execute arbitrary web script or HTML via the id parameter.

4.3
2004-12-31 CVE-2004-1544 Jspwiki Cross-Site Scripting vulnerability in Jspwiki 2.1.120/2.1.121/2.1.122

Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki 2.1.120-cvs and earlier allows remote attackers to execute arbitrary web script as other users via the query parameter.

4.3
2004-12-31 CVE-2004-1537 Phpkit Input Validation vulnerability in PHPkit 1.6.02/1.6.03/1.6.1

Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary web script via the img parameter.

4.3
2004-12-31 CVE-2004-1529 ROB Sutton Remote vulnerability in ROB Sutton PHP-Nuke Event Calendar 2.13

Cross-site scripting (XSS) vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary web script via the (1) type, (2) day, (3) month, or (4) year parameters in a Preview operation, or (5) event comments.

4.3
2004-12-31 CVE-2004-1512 Soft3304 Remote vulnerability in Soft3304 04Webserver 1.42

Cross-site scripting (XSS) vulnerability in Response_default.html in 04WebServer 1.42 allows remote attackers to execute arbitrary web script or HTML via script code in the URL, which is not quoted in the resulting default error page.

4.3
2004-12-31 CVE-2004-1506 Webcalendar Remote vulnerability in WebCalendar

Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar allow remote attackers to inject arbitrary web script via (1) view_entry.php, (2) view_d.php, (3) usersel.php, (4) datesel.php, (5) trailer.php, or (6) styles.php, as demonstrated using img srg tags.

4.3
2004-12-31 CVE-2004-1499 Webhost Automation Input Validation vulnerability in WebHost Automation Helm Control Panel

Cross-site scripting (XSS) vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary web script or HTML via the Subject field.

4.3
2004-12-31 CVE-2004-1477 Macromedia Remote vulnerability in Macromedia Jrun 3.0/3.1/4.0

Cross-site scripting (XSS) vulnerability in the Management Console in JRun 4.0 allows remote attackers to execute arbitrary web script or HTML and possibly hijack a user's session.

4.3
2004-12-31 CVE-2004-1467 Egroupware Input Validation vulnerability in Egroupware 1.0/1.0.1/1.0.3

Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.0.00.003 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) date or search text field in the calendar module, (2) Field parameter, Filter parameter, QField parameter, Start parameter or Search field in the address module, (3) Subject field in the message module or (4) Subject field in the Ticket module.

4.3
2004-12-31 CVE-2004-1443 Horde HTML Injection vulnerability in Horde IMP HTML+TIME

Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message.

4.3
2004-12-31 CVE-2004-1442 IBM Cross-Site Scripting vulnerability in IBM Net.Data 7.0/7.2

Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in IBM Net.Data 7 and 7.2 allows remote attackers to inject arbitrary web script or HTML via a macro filename, which is not properly handled by error messages such as "DTWP001E."

4.3
2004-12-31 CVE-2004-1424 Moodle Cross-Site Scripting vulnerability in Moodle

Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.

4.3
2004-12-31 CVE-2004-1420 WHM Remote vulnerability in WHM Autopilot 2.4.5/2.4.6/2.4.6.5

Multiple cross-site scripting (XSS) vulnerabilities in header.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) site_title or (2) http_images parameter.

4.3
2004-12-31 CVE-2004-1418 Wirtualna Polska Remote Script Execution vulnerability in Wirtualna Polska WPKontakt

Cross-site scripting (XSS) vulnerability in WPKontakt 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an e-mail address, which is not quoted when a parsing error is generated.

4.3
2004-12-31 CVE-2004-1412 Kayako Cross-Site Scripting and SQL Injection vulnerability in Kayako ESupport

Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.x allows remote attackers to inject arbitrary web script or HTML via the searchm parameter.

4.3
2004-12-31 CVE-2004-1410 Gadu Gadu Remote Input Validation And Denial Of Service vulnerability in Gadu-Gadu

Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and earlier allows remote attackers to inject arbitrary web script via a URL, which is echoed in a popup window that displays a parsing error message, a different vulnerability than CVE-2004-1229.

4.3
2004-12-31 CVE-2004-1397 Usemod Cross-Site Scripting vulnerability in UseModWiki Wiki.PL

Cross-site scripting (XSS) vulnerability in UseModWiki 1.0 allows remote attackers to inject arbitrary web script or HTML via an argument to wiki.pl.

4.3
2004-12-31 CVE-2004-1384 Phpgroupware Cross-Site Scripting and SQL Injection vulnerability in PHPGroupWare

Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) kp3, (2) type, (3) msg, (4) forum_id, (5) pos, (6) cats_app, (7) cat_id, (8) msgball[msgnum], (9) fldball[acctnum] parameters to index.php or (10) ticket_id to viewticket_details.php.

4.3
2004-12-31 CVE-2004-1156 Mozilla Unspecified vulnerability in Mozilla Firefox and Mozilla

Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.

4.3
2004-12-31 CVE-2004-1146 Cvstrac Cross-Site Scripting vulnerability in CVSTrac

Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and (2) login.c for CVSTrac before 1.1.5 allow remote attackers to inject arbitrary HTML and web script.

4.3
2004-12-28 CVE-2004-1062 Viewcvs Unspecified vulnerability in Viewcvs 0.9.2

Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 allow remote attackers to inject arbitrary HTML and web script via certain error messages.

4.3
2004-12-31 CVE-2004-2747 Pablo Software Solutions Path Traversal vulnerability in Pablo Software Solutions Quick N Easy FTP Server 1.77

Directory traversal vulnerability in Pablo Software Solutions Quick 'n Easy FTP Server 1.77, and possibly earlier versions, allows remote authenticated users to determine the existence of arbitrary files via a ..

4.0
2004-12-31 CVE-2004-2659 Mozilla
Opera
Race Condition vulnerability in multiple products

Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears.

4.0
2004-12-31 CVE-2004-2621 Nortel Unspecified vulnerability in Nortel Contivity

Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack.

4.0
2004-12-31 CVE-2004-2584 Smartertools Remote Security vulnerability in Smartertools Smartermail 1.6.1511/1.6.1529

frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote authenticated users to create a folder that SmarterMail cannot delete or rename via a folder name with a null byte ("%00").

4.0
2004-12-31 CVE-2004-2493 Hitachi Cross-Site Scripting And Directory Traversal vulnerability in Hitachi products

Directory traversal vulnerability in Groupmax World Wide Web (GmaxWWW) 2 and 3, and Desktop 5, 6, and Desktop for Jichitai allows remote authenticated users to read arbitrary .html files via the template name parameter.

4.0
2004-12-31 CVE-2004-1569 Illustrate Buffer Overflow vulnerability in Illustrate products

Buffer overflow in (1) MusicConverter.exe, (2) playlist.exe, and (3) amp.exe in dBpowerAMP Audio Player 2.0 and dbPowerAmp Music Converter 10.0 allows remote attackers to cause a denial of service or execute arbitrary code via a .pls or .m3u playlist that contains long File1 (filename) fields.

4.0
2004-12-31 CVE-2004-0908 Mozilla Unspecified vulnerability in Mozilla and Thunderbird

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins.

4.0

89 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2004-12-31 CVE-2004-2643 Microsoft Directory Traversal vulnerability in Microsoft CABARC

Directory traversal vulnerability in Microsoft cabarc allows remote attackers to overwrite files via "../" sequences in file names in a CAB archive.

3.7
2004-12-31 CVE-2004-2626 Siemens Unspecified vulnerability in Siemens S55 09.2179

GUI overlay vulnerability in the Java API in Siemens S55 cellular phones allows remote attackers to send unauthorized SMS messages by overlaying a confirmation message with a malicious message.

3.7
2004-12-31 CVE-2004-1465 Winzip Buffer Overflow vulnerability in WinZip

Multiple buffer overflows in WinZip 9.0 and earlier may allow attackers to execute arbitrary code via multiple vectors, including the command line.

3.7
2004-12-31 CVE-2004-1445 Nessus Unspecified vulnerability in Nessus

A race condition in nessus-adduser in Nessus 2.0.11 and possibly earlier versions, if the TMPDIR environment variable is not set, allows local users to gain privileges.

3.7
2004-12-31 CVE-2004-2408 Vserver Unspecified vulnerability in Vserver Linux-Vserver

Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and earlier shares /proc permissions across all virtual and host servers, which allows local users with the ability to set permissions in /proc to obtain system information or cause a denial of service on other virtual servers or the host server.

3.6
2004-12-31 CVE-2004-2319 IBM Local Privilege Escalation vulnerability in IBM products

IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit.

3.6
2004-12-31 CVE-2004-2311 IBM Directory Traversal vulnerability in IBM Lotus Domino 6.5.1

Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows local users to create folders or determine the existence of files via a ..

3.6
2004-12-31 CVE-2004-2303 Mtools Privilege Escalation vulnerability in MTools MFormat

MTools Mformat before 3.9.9, when installed setuid root, creates files with world-readable and world-writable permissions, which allows local users to read and overwrite files.

3.6
2004-12-31 CVE-2004-2728 Hummingbird Buffer Errors vulnerability in Hummingbird Connectivity 7.1/9.0

Buffer overflow in the FTP server of Hummingbird Connectivity 7.1 and 9.0 allows remote, authenticated users to cause a denial of service (application crash) via a long argument to the XCWD command.

3.5
2004-12-31 CVE-2004-2717 PHP Heaven Path Traversal vulnerability in PHP Heaven PHPmychat 0.14.5

Multiple directory traversal vulnerabilities in admin.php3 in PHPMyChat 0.14.5 allow remote attackers with administrative privileges to read arbitrary files via a ..

2.6
2004-12-31 CVE-2004-2547 Netwin Input Validation vulnerability in Netwin Surgemail and Webmail

NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message.

2.6
2004-12-31 CVE-2004-2530 Gadu Gadu Visual truncation vulnerability in Gadu-Gadu allows remote attackers to spoof the file extension on transmitted files via a filename with a large number of spaces followed by the real extension, which is not displayed in the dialog box.
2.6
2004-12-31 CVE-2004-2491 Opera Race Condition vulnerability in Opera Browser

A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing attacks.

2.6
2004-12-31 CVE-2004-2476 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 6.0.2800

Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (infinite loop and crash) via an IFRAME with "?" as the file source.

2.6
2004-12-31 CVE-2004-2302 Linux Local Integer Overflow vulnerability in Linux Kernel 2.6.10

Race condition in the sysfs_read_file and sysfs_write_file functions in Linux kernel before 2.6.10 allows local users to read kernel memory and cause a denial of service (crash) via large offsets in sysfs files.

2.6
2004-12-31 CVE-2004-2219 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake.

2.6
2004-12-31 CVE-2004-2014 GNU Unspecified vulnerability in GNU Wget

Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded.

2.6
2004-12-31 CVE-2004-2011 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 6.0.2600

msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to cause a denial of service (crash) via a single & (ampersand) in a <Ref href> link, which triggers a parsing error, possibly due to missing portions of the URI.

2.6
2004-12-31 CVE-2004-1909 Clam Anti Virus Remote Denial Of Service vulnerability in Clam Anti-Virus Clamav 0.65/0.67

Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to cause a denial of service (crash) via certain RAR archives, such as those generated by the Beagle/Bagle worm.

2.6
2004-12-31 CVE-2004-1907 Kerio Remote Denial Of Service vulnerability in Kerio Personal Firewall Web Filtering

The Web Filtering functionality in Kerio Personal Firewall (KPF) 4.0.13 allows remote attackers to cause a denial of service (crash) by sending hex-encoded URLs containing "%13%12%13".

2.6
2004-12-31 CVE-2004-1753 Mozilla
Netscape
The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.
2.6
2004-12-31 CVE-2004-1495 Rarlab Unspecified vulnerability in Rarlab Winrar

The Repair Archive command in WinRAR 3.40 allows remote attackers to cause a denial of service (application crash) via a corrupt ZIP archive.

2.6
2004-12-31 CVE-2004-1490 Opera Unspecified vulnerability in Opera Browser

Opera 7.54 and earlier allows remote attackers to spoof file types in the download dialog via dots and non-breaking spaces (ASCII character code 160) in the (1) Content-Disposition or (2) Content-Type headers.

2.6
2004-12-31 CVE-2004-1489 Opera Exposure of Resource to Wrong Sphere vulnerability in Opera Browser

Opera 7.54 and earlier does not properly limit an applet's access to internal Java packages from Sun, which allows remote attackers to gain sensitive information, such as user names and the installation directory.

2.6
2004-12-31 CVE-2004-1451 Mozilla Remote Security vulnerability in Browser

Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks.

2.6
2004-12-31 CVE-2004-1449 Firebirdsql
Mozilla
File-Upload vulnerability in Browser

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.

2.6
2004-12-31 CVE-2004-1411 Gadu Gadu Remote Input Validation And Denial Of Service vulnerability in Gadu-Gadu

Gadu-Gadu build 155 and earlier allows remote attackers to cause a denial of service (infinite loop) via a message that contains an image whose filename does not start with restricted characters.

2.6
2004-12-31 CVE-2004-1396 Nullsoft Remote Denial Of Service vulnerability in Nullsoft Winamp 5.07

Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file.

2.6
2004-12-31 CVE-2004-0999 ZGV Remote Memory Corruption vulnerability in ZGV Image Viewer Animated GIF

zgv 5.5.3 allows remote attackers to cause a denial of service (application crash via segmentation fault) via crafted multiple-image (animated) GIF images.

2.6
2004-12-31 CVE-2004-2759 SUN Information Disclosure vulnerability in Sun StorEdge Sparse File

Shared Sun StorEdge QFS and SAM-QFS file systems, as used in Utilization Suite 4.0 through 4.1 and Performance Suite 4.0 through 4.1, might allow local users to read portions of deleted files by accessing data within sparse files.

2.1
2004-12-31 CVE-2004-2723 Nessus Credentials Management vulnerability in Nessus Nessuswx 1.4.4

NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords.

2.1
2004-12-31 CVE-2004-2684 Intersystems Local Security vulnerability in Intersystems Cache Database 5

Unspecified vulnerability in the %template package in InterSystems Cache' 5.0 allows attackers to access certain files on a server, including (1) cache.key and (2) cache.dat, related to .csp files under (a) Dev\studio\templates and (b) Devuser\studio\templates.

2.1
2004-12-31 CVE-2004-2683 Intersystems Local Security vulnerability in Intersystems Cache 5

Unspecified vulnerability in the %XML.Utils.SchemaServer class in InterSystems Cache' 5.0 allows attackers to access arbitrary files on a server.

2.1
2004-12-31 CVE-2004-2658 Suse Local Security vulnerability in Suse Linux 9.0

resmgr in SUSE CORE 9 does not properly identify terminal names, which allows local users to spoof terminals and login types.

2.1
2004-12-31 CVE-2004-2609 Symantec Unspecified vulnerability in Symantec Powerquest Deploycenter 5.5

The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 boot disks allows local users to obtain sensitive information (an unencrypted password for a Windows domain account) via four "stuffit /f:stuffit.dat" invocations, possibly due to a buffer overflow.

2.1
2004-12-31 CVE-2004-2607 Linux Unspecified vulnerability in Linux Kernel

A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to 2.6.5 and 2.4 up to 2.4.29-rc1 allows local users to read portions of kernel memory via a large len argument, which is received as an int but cast to a short, which prevents a read loop from filling a buffer.

2.1
2004-12-31 CVE-2004-2605 Astats Local Insecure Temporary File Creation vulnerability in Astats 1.6.5

aStats 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on (1) the aStats-Graphic-Signature-Generation file and (2) certain PNG image files.

2.1
2004-12-31 CVE-2004-2599 ID Software Denial-Of-Service vulnerability in Quake II Server

Multiple buffer overflows in Quake II server before R1Q2, as used in multiple products, allow local users to cause a denial of service (application crash) via the server console or rcon.

2.1
2004-12-31 CVE-2004-2591 Buttuglysoftware The data-overwrite capability of ButtUglySoftware CleanCache 2.19 does not properly overwrite data in files, which allows attackers to recover the data.
2.1
2004-12-31 CVE-2004-2569 David Stes Symbolic Link vulnerability in IPMenu Log File

ipmenu 0.0.3 before Debian GNU/Linux ipmenu_0.0.3-5 allows local users to overwrite arbitrary files via a symlink attack on the ipmenu.log temporary file.

2.1
2004-12-31 CVE-2004-2555 Smartstuff Unspecified vulnerability in Smartstuff Foolproof Security 3.9/3.9.4/3.9.7

Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses weak cryptography (arithmetic and XOR operations) to relate the Control password to the Administrator password, which allows local users to calculate the Administrator password if they know the Control password and password recovery key.

2.1
2004-12-31 CVE-2004-2544 Securecomputing Information Disclosure vulnerability in Securecomputing Sidewinder G2 6.1.0.01

Admin Console in Secure Computing Corporation Sidewinder G2 6.1.0.01 exports private keys when exporting firewall certificates, which might allow attackers to obtain sensitive information.

2.1
2004-12-31 CVE-2004-2502 IM Switch Symbolic Link vulnerability in IM-Switch Insecure Temporary File Handling

im-switch before 11.4-46.1 in Fedora Core 2 allows local users to overwrite arbitrary files via a symlink attack on the imswitcher[PID] temporary file.

2.1
2004-12-31 CVE-2004-2477 Diamondcs Unspecified vulnerability in Diamondcs Process Guard Free 2.000

DiamondCS Process Guard Free 2.000 allows local users to disable the process guard protection system by overwriting the current Service Descriptor Table (SDT) in \device\physicalmemory with the original SDT found in ntoskrnl.exe.

2.1
2004-12-31 CVE-2004-2459 GNU Local Security vulnerability in gnubiff

Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users to obtain passwords, related to the password table.

2.1
2004-12-31 CVE-2004-2454 Amsn Information Disclosure vulnerability in Amsn 0.90

aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive information such as hashed passwords from (1) hotlog.htm and (2) config.xml.

2.1
2004-12-31 CVE-2004-2440 Proxytunnel Local Proxy Credential Disclosure vulnerability in Proxytunnel 1.0.6/1.1.3

Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and earlier allows local users to obtain proxy credentials (username or password) of other users.

2.1
2004-12-31 CVE-2004-2436 Broadcom Unspecified vulnerability in Broadcom products

Computer Associates Unicenter Common Services 3.0 and earlier stores the database "SA" password in cleartext in the TndAddNspTmp.bat file, which could allow local users to gain privileges.

2.1
2004-12-31 CVE-2004-2419 Keene Directory Traversal and Authentication Bypass vulnerability in Keene Digital Media Server

Keene Digital Media Server 1.0.2 allows local users to obtain usernames and passwords by reading the dmscore.db file on the local system.

2.1
2004-12-31 CVE-2004-2414 Novell Unspecified vulnerability in Novell Netware 6.5

Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords.

2.1
2004-12-31 CVE-2004-2410 Samhain Labs Denial-Of-Service vulnerability in Samhain

Unknown vulnerability in sh_hash_compdata for Samhain 1.8.9 through 2.0.1 might allow attackers to cause a denial of service (null pointer dereference).

2.1
2004-12-31 CVE-2004-2400 Winftp Server Unspecified vulnerability in Winftp Server Winftp Server 1.6

WinFTP Server 1.6 stores username and password credentials in plaintext in the data\user.wfd file, which allows local users to gain access to the credentials.

2.1
2004-12-31 CVE-2004-2398 Netenberg Unspecified vulnerability in Netenberg Fantastico DE Luxe 2.8

Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5.

2.1
2004-12-31 CVE-2004-2395 Mandrakesoft Unspecified vulnerability in Mandrakesoft products

Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer.

2.1
2004-12-31 CVE-2004-2394 Mandrakesoft Unspecified vulnerability in Mandrakesoft products

Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks.

2.1
2004-12-31 CVE-2004-2365 Microsoft Denial-Of-Service vulnerability in Microsoft Windows 2003 Server and Windows XP

Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount.

2.1
2004-12-31 CVE-2004-2337 Inlook Unspecified vulnerability in Inlook

The /.inlook/.crypt file for inlook 0.7.3 and earlier is installed with world readable permissions, which allows local users to obtain user POP3 credentials.

2.1
2004-12-31 CVE-2004-2321 BEA Unspecified vulnerability in BEA Weblogic Server 8.1

BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including (1) ServerStartMBean.Password and (2) NodeManagerMBean.CertificatePassword.

2.1
2004-12-31 CVE-2004-2309 Crob Remote Information Disclosure vulnerability in Crob FTP Server 3.5.1

Directory traversal vulnerability in Crob FTP Server 3.5.1 allows local users to browse outside the FTP root via multiple ../ (dot dot slash) in the DIR command.

2.1
2004-12-31 CVE-2004-2276 F Secure F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and 5.52, 4.60 for Samba Servers, and 4.52 and earlier for Linux does not properly detect certain viruses in a PKZip archive, which allows viruses such as Sober.D and Sober.G to bypass initial detection.
2.1
2004-12-31 CVE-2004-2258 Hummingbird Unspecified vulnerability in Hummingbird Exceed 9.0

Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen Definition is password-protected, allows local users to access certain options by switching to another tab, then switching back to the original tab.

2.1
2004-12-31 CVE-2004-2230 Openbsd Buffer Overflow Local Denial Of Service vulnerability in Openbsd 3.4/3.5/3.6

Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allows local users to cause a denial of service (panic) and corrupt memory via IPSEC credentials on a socket.

2.1
2004-12-31 CVE-2004-2169 A A S Application Access Server Denial-Of-Service vulnerability in A-A-S Application Access Server A-A-S Application Access Server 1.0.37

Application Access Server (A-A-S) 1.0.37 and earlier allows remote authenticated users to cause a denial of service (application crash) via a long file request.

2.1
2004-12-31 CVE-2004-2097 Suse Scripts Insecure Temporary File Handling Symbolic Link vulnerability in Suse Linux 9.0

Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on (1) /tmp/fvwm-bug created by fvwm-bug, (2) /tmp/wmmenu created by wm-oldmenu2new, (3) /tmp/rates created by x11perfcomp, (4) /tmp/xf86debug.1.log created by xf86debug, (5) /tmp/.winpopup-new created by winpopup-send.sh, or (6) /tmp/initrd created by lvmcreate_initrd.

2.1
2004-12-31 CVE-2004-2022 Activestate Buffer Overflow vulnerability in Multiple Perl Implementation System Function Call

ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow.

2.1
2004-12-31 CVE-2004-1902 Citrix Unspecified vulnerability in Citrix Metaframe Password Manager 2.0

The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after executing the First Time User Wizards, which allows local users to gain sensitive information.

2.1
2004-12-31 CVE-2004-1895 Suse Unspecified vulnerability in Suse Linux 8.2/9.0

YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to overwrite arbitrary files via a symlink attack on you-$USER/cookies.

2.1
2004-12-31 CVE-2004-1894 Pragma ADE TEXutil in ConTEXt, when executed with the --silent option, allows local users to overwrite arbitrary files via a symlink attack on texutil.log.
2.1
2004-12-31 CVE-2004-1808 Metamail Corporation Unspecified vulnerability in Metamail Corporation Metamail 2.7

Extcompose in metamail does not verify the output file before writing to it, which allows local users to overwrite arbitrary files via a symlink attack.

2.1
2004-12-31 CVE-2004-1795 Info Touch Info Touch Surfnet kiosk allows local users to access the underlying filesystem via a 'file://' URI.
2.1
2004-12-31 CVE-2004-1748 Sysinternals Local Denial of Service vulnerability in Sysinternals Regmon

NtRegmon before 6.12 allows local users to cause a denial of service (crash), while NtRegmon is running, via invalid pointers to hook functions such as ZwSetQueryValue.

2.1
2004-12-31 CVE-2004-1586 Jera Technology Local Security vulnerability in Jera Technology Flash Messaging Server 5.2.0G

Flash Messaging clients can ignore disconnecting commands such as "shutdown" from the Flash Messaging Server 5.2.0g (rev 1.1.2), which could allow remote attackers to stay connected.

2.1
2004-12-31 CVE-2004-1500 Freeform Interactive
Monolith Productions
Remote Format String vulnerability in Monolith Lithtech Game Engine

Format string vulnerability in the Lithtech engine, as used in multiple games, allows remote authenticated users to cause a denial of service (application crash) via format string specifiers in (1) a nickname or (2) a message.

2.1
2004-12-31 CVE-2004-1453 GNU Local Information Disclosure vulnerability in GNU GLibC LD_DEBUG

GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program.

2.1
2004-12-31 CVE-2004-1438 Subversion Unspecified vulnerability in Subversion

The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.

2.1
2004-12-31 CVE-2004-1387 Apache Local Security vulnerability in Apache Http Server 1.3.31

The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.

2.1
2004-12-31 CVE-2004-1382 GNU Local Security vulnerability in glibc

The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968.

2.1
2004-12-31 CVE-2004-1296 GNU Local Security vulnerability in groff

The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files.

2.1
2004-12-31 CVE-2004-1179 Debian Local Insecure Temporary File Creation vulnerability in Debian Debmake

The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before 3.7.7 allows local users to overwrite arbitrary files via a symlink attack on temporary directories.

2.1
2004-12-31 CVE-2004-0824 Apple Symbolic Link vulnerability in Apple PPPDialer Insecure Log File Creation

PPPDialer for Mac OS X 10.2.8 through 10.3.5 allows local users to overwrite system files via a symlink attack on PPPDialer log files.

2.1
2004-12-31 CVE-2004-0813 IDE CD Unspecified vulnerability in Ide-Cd

Unknown vulnerability in the SG_IO functionality in ide-cd allows local users to bypass read-only access and perform unauthorized write and erase operations.

2.1
2004-12-31 CVE-2004-0533 Businessobjects Unspecified vulnerability in Businessobjects Infoview and Webintelligence

Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client.

2.1
2004-12-31 CVE-2004-0491 Redhat Local MEMLOCK RLIMIT Bypass Denial Of Service vulnerability in Redhat Enterprise Linux 3.0

The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly maintain the mlock page count when one process unlocks pages that belong to another process, which allows local users to mlock more memory than specified by the rlimit.

2.1
2004-12-31 CVE-2004-0462 The built-in web servers for multiple networking devices do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the same server.
2.1
2004-12-31 CVE-2004-0325 Typsoft Remote CPU Consumption Denial Of Service vulnerability in Typsoft FTP Server 1.10

TYPSoft FTP Server 1.10 allows remote authenticated users to cause a denial of service (CPU consumption) via "//../" arguments to (1) mkd, (2) xmkd, (3) dele, (4) size, (5) retr, (6) stor, (7) appe, (8) rnfr, (9) rnto, (10) rmd, or (11) xrmd, as demonstrated using "//../qwerty".

2.1
2004-12-27 CVE-2004-1377 GNU
Turbolinux
The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
2.1
2004-12-31 CVE-2004-2473 Wmfrog Link Following vulnerability in Wmfrog 0.1.6

wmFrog weather monitor 0.1.6 and other versions before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

1.2
2004-12-31 CVE-2004-2231 Zero G Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) persistent_state or (2) env.properties.X temporary files.
1.2
2004-12-31 CVE-2004-2648 Faronics Denial-Of-Service vulnerability in FreezeX

FreezeX 1.00.100.0666 allows local users with administrator privileges to cause a denial of service (FreezeX application) by overwriting the db.fzx file.

1.0