webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to cause a denial of service via malformed ASN.1 packets in corrupt client certificates to an SSL server, as demonstrated using an exploit for the OpenSSL ASN.1 parsing vulnerability.
Max CVSS
5.0
EPSS Score
2.73%
Published
2004-01-15
Updated
2008-09-05
Oracle toplink mapping workBench uses a weak encryption algorithm for passwords, which allows local users to decrypt the passwords.
Max CVSS
4.6
EPSS Score
0.04%
Published
2004-01-28
Updated
2018-10-19
Certain third-party packages for CVSup 16.1h, such as SuSE Linux, contain untrusted paths in the ELF RPATH fields of certain executables, which could allow local users to execute arbitrary code by causing cvsup to link against malicious libraries that are created in world-writable directories such as /usr/src/packages.
Max CVSS
4.6
EPSS Score
0.04%
Published
2004-01-29
Updated
2017-07-11
Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo review allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter.
Max CVSS
5.0
EPSS Score
2.76%
Published
2004-01-29
Updated
2017-07-11
Stack-based buffer overflow in ontape for IBM Informix Dynamic Server (IDS) 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable.
Max CVSS
7.2
EPSS Score
0.04%
Published
2004-01-27
Updated
2017-07-11
Directory traversal vulnerability in Web Blog 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file variable.
Max CVSS
5.0
EPSS Score
4.57%
Published
2004-01-20
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra Forum allows remote attackers to inject arbitrary web script or HTML via the (1) use_last_read or (2) forum parameters.
Max CVSS
4.3
EPSS Score
0.26%
Published
2004-01-24
Updated
2017-07-11
Reptile Web Server allows remote attackers to cause a denial of service (CPU consumption) via multiple incomplete GET requests without the HTTP version.
Max CVSS
5.0
EPSS Score
6.13%
Published
2004-01-23
Updated
2017-07-11
Tiny Server 1.1 allows remote attackers to cause a denial of service (crash) via malformed HTTP requests such as (1) a GET request without the HTTP version (HTTP/1.1), or (2) a request without GET or the HTTP version.
Max CVSS
5.0
EPSS Score
9.70%
Published
2004-01-24
Updated
2018-08-13
Buffer overflow in the (1) WTHoster and (2) WebDriver modules in WildTangent Web Driver 4.0 allows remote attackers to execute arbitrary code via a long filename.
Max CVSS
7.5
EPSS Score
18.29%
Published
2004-01-29
Updated
2017-07-11
PortalApp places user credentials under the web root with insufficient access control, which allows remote attackers to gain access to sensitive information via a direct request to 8275.mdb.
Max CVSS
5.0
EPSS Score
3.83%
Published
2004-01-04
Updated
2017-07-11
SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable.
Max CVSS
7.5
EPSS Score
3.30%
Published
2004-01-03
Updated
2008-09-05
Buffer overflow in the web server of Webcam Watchdog 3.63 allows remote attackers to execute arbitrary code via a long HTTP GET request.
Max CVSS
7.5
EPSS Score
24.72%
Published
2004-01-03
Updated
2017-07-11
The default installation of NetScreen-Security Manager before Feature Pack 1 does not enable encryption for communication with devices running ScreenOS 5.0, which allows remote attackers to obtain sensitive information via sniffing.
Max CVSS
5.0
EPSS Score
0.67%
Published
2004-01-20
Updated
2017-07-11
Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows local users to gain root privileges via unknown vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2004-01-14
Updated
2017-10-11
The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247.
Max CVSS
10.0
EPSS Score
1.13%
Published
2004-01-21
Updated
2017-07-11
Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, allows remote attackers to cause a denial of service (CPU consumption) via arbitrary packets to TCP port 14247, as demonstrated using port scanning.
Max CVSS
5.0
EPSS Score
17.49%
Published
2004-01-21
Updated
2017-07-11
Unknown vulnerability in chroot on SCO UnixWare 7.1.1 through 7.1.4 allows local users to escape the chroot jail and conduct unauthorized activities.
Max CVSS
4.6
EPSS Score
0.06%
Published
2004-01-14
Updated
2017-07-11
lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack.
Max CVSS
2.1
EPSS Score
0.04%
Published
2004-01-10
Updated
2017-07-11
FirstClass Desktop Client 7.1 allows remote attackers to execute arbitrary commands via hyperlinks in FirstClass RTF messages.
Max CVSS
7.5
EPSS Score
1.12%
Published
2004-01-20
Updated
2017-07-11
SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x before 2.3.4 allows remote attackers to steal sensitive information via the eventid parameter.
Max CVSS
5.0
EPSS Score
3.92%
Published
2004-01-20
Updated
2017-10-10
SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the hide_email parameter.
Max CVSS
7.5
EPSS Score
0.51%
Published
2004-01-20
Updated
2017-10-10
Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the phorum_check_xss function in common.php, (2) the EditError variable in profile.php, and (3) the Error variable in login.php.
Max CVSS
4.3
EPSS Score
1.12%
Published
2004-01-20
Updated
2017-07-11
admin.php in PHPGEDVIEW 2.61 allows remote attackers to obtain sensitive information via an action parameter with a phpinfo command.
Max CVSS
5.0
EPSS Score
2.45%
Published
2004-01-20
Updated
2017-10-10
Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW 2.61 allows remote attackers to inject arbitrary HTML and web script via the firstname parameter.
Max CVSS
6.8
EPSS Score
1.56%
Published
2004-01-20
Updated
2017-10-10
65 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!