Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter.
Max CVSS
7.2
EPSS Score
97.31%
Published
2004-08-31
Updated
2017-07-11
Stack-based buffer overflow in Gaucho 1.4 Build 145 allows remote attackers to execute arbitrary code via a POP3 email with a long Content-Type header.
Max CVSS
7.5
EPSS Score
21.37%
Published
2004-08-24
Updated
2017-07-11
Ground Control II: Operation Exodus 1.0.0.7 and earlier allows remote servers to cause a denial of service (client or server crash) via a large packet, which generates a "Message too long" socket error that is treated as a critical error.
Max CVSS
5.0
EPSS Score
1.18%
Published
2004-08-26
Updated
2017-07-11
Buffer overflow in Painkiller 1.3.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password.
Max CVSS
5.0
EPSS Score
3.42%
Published
2004-08-24
Updated
2017-07-11
Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to cause a denial of service (CPU consumption or crash) via many large HTTP requests.
Max CVSS
5.0
EPSS Score
10.67%
Published
2004-08-24
Updated
2017-07-11
Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to view arbitrary files via an HTTP request for the disk_c virtual folder.
Max CVSS
5.0
EPSS Score
1.94%
Published
2004-08-24
Updated
2017-07-11
Directory traversal vulnerability in WebAPP 0.9.9 allows remote attackers to view arbitrary files via a .. (dot dot) in the viewcat parameter.
Max CVSS
5.0
EPSS Score
1.94%
Published
2004-08-24
Updated
2017-07-11
Music daemon (musicd) 0.0.3 and earlier allows remote attackers to cause a denial of service (crash) by calling LOAD with a binary file as an argument, then calling SHOWLIST.
Max CVSS
5.0
EPSS Score
4.06%
Published
2004-08-23
Updated
2017-07-11
Music daemon (musicd) 0.0.3 and earlier allows remote attackers to read arbitrary files by calling LOAD with a full pathname, then calling SHOWLIST.
Max CVSS
5.0
EPSS Score
0.66%
Published
2004-08-23
Updated
2017-07-11
Bird Chat 1.61 allows remote attackers to cause a denial of service (crash) via invalid users.
Max CVSS
5.0
EPSS Score
5.02%
Published
2004-08-23
Updated
2017-07-11
SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.
Max CVSS
7.5
EPSS Score
0.28%
Published
2004-08-16
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in the create list option in Sympa 4.1.x and earlier allows remote authenticated users to inject arbitrary web script or HTML via the description field.
Max CVSS
4.3
EPSS Score
0.29%
Published
2004-08-21
Updated
2017-07-11
Directory traversal vulnerability in MyDMS 1.4.2 and other versions allows remote registered users to read arbitrary files via .. (dot dot) sequences in the URL.
Max CVSS
5.0
EPSS Score
0.26%
Published
2004-08-20
Updated
2017-07-11
SQL injection vulnerability in out.ViewFolder.php in MyDMS before 1.4.2 allows remote attackers to execute arbitrary SQL commands via the folderid parameter.
Max CVSS
7.5
EPSS Score
0.24%
Published
2004-08-20
Updated
2017-07-11
signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address.
Max CVSS
5.0
EPSS Score
4.51%
Published
2004-08-20
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in Nihuo Web Log Analyzer 1.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.
Max CVSS
4.3
EPSS Score
0.40%
Published
2004-08-20
Updated
2017-07-11
Buffer overflow in British National Corpus SARA (sarad) allows remote attackers to execute arbitrary code by calling the client with a long string.
Max CVSS
7.5
EPSS Score
11.71%
Published
2004-08-20
Updated
2017-07-11
BadBlue 2.5 allows remote attackers to cause a denial of service (refuse HTTP connections) via a large number of connections from the same IP address.
Max CVSS
5.0
EPSS Score
7.38%
Published
2004-08-20
Updated
2017-07-11
Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3) xvpm.c in XV allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow.
Max CVSS
7.5
EPSS Score
2.55%
Published
2004-08-20
Updated
2017-07-11
The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusion_admin/db_backups directory to world read/write/execute (777), which allows remote attackers to download or view database backups, which have easily guessable filenames and contain the administrator username and password.
Max CVSS
7.5
EPSS Score
5.57%
Published
2004-08-18
Updated
2017-07-11
SQL injection vulnerability in calendar.html in Merak Mail Server 5.2.7 allows remote attackers to execute arbitrary SQL statements via the schedule parameter.
Max CVSS
7.5
EPSS Score
0.82%
Published
2004-08-17
Updated
2017-07-11
The (1) function.php or (2) function.view.php scripts in Merak Mail Server 5.2.7 allow remote attackers to read arbitrary PHP files via a direct HTTP request to port 32000.
Max CVSS
5.0
EPSS Score
1.22%
Published
2004-08-17
Updated
2017-07-11
The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote attackers to gain sensitive information via an invalid HTTP request, which reveals the installation path. NOTE: it is unclear whether the calendar.html is an exposure, since the path is leaked in web logs that may only be available to the administrators, who would have access to the path through legitimate means.
Max CVSS
5.0
EPSS Score
3.11%
Published
2004-08-17
Updated
2017-07-11
Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) or showlite parameters to address.html, or the (7) spage or (8) autoresponder parameters to settings.html, the (9) folder parameter to readmail.html, or the (10) attachmentpage_text_error parameter to attachment.html, (11) folder, (12) ct, or (13) cv parameters to calendar.html, (14) an <img> tag, or (15) the subject of an e-mail message.
Max CVSS
4.3
EPSS Score
1.16%
Published
2004-08-17
Updated
2017-07-11
The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 and earlier allows local users to cause a denial of service (crash) via an invalid pointer in the "oa" argument.
Max CVSS
2.1
EPSS Score
0.04%
Published
2004-08-17
Updated
2017-07-11
240 vulnerabilities found
1 2 3 4 5 6 7 8 9 10
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!