Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information.
Max CVSS
4.3
EPSS Score
0.26%
Published
2002-12-31
Updated
2011-03-08
Sun AnswerBook2 1.2 through 1.4.2 allows remote attackers to execute administrative scripts such as (1) AdminViewError and (2) AdminAddadmin via a direct request.
Max CVSS
10.0
EPSS Score
1.52%
Published
2002-12-31
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in PHP(Reactor) 1.2.7 pl1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the style attribute of an HTML tag.
Max CVSS
4.3
EPSS Score
0.44%
Published
2002-12-31
Updated
2008-09-05
Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 characters, which allows remote attackers to prevent the IP address from being logged via a long IDENT response.
Max CVSS
6.4
EPSS Score
0.23%
Published
2002-12-31
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in Compaq Insight Management Agents 2.0, 2.1, 3.6.0, 4.2 and 4.3.7 allows remote attackers to inject arbitrary web script or HTML via a URL, which inserts the script into the resulting error message.
Max CVSS
4.3
EPSS Score
0.22%
Published
2002-12-31
Updated
2008-09-05
acWEB 1.14 allows remote attackers to cause a denial of service (crash) via an HTTP request for a MS-DOS device name such as COM2.
Max CVSS
7.8
EPSS Score
0.21%
Published
2002-12-31
Updated
2008-09-05
site_searcher.cgi in Super Site Searcher allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter.
Max CVSS
7.5
EPSS Score
0.88%
Published
2002-12-31
Updated
2008-09-05
Direct connect text client (DCTC) client 0.83.3 allows remote attackers to cause a denial of service (crash) via a string ending with a NULL byte character.
Max CVSS
7.8
EPSS Score
0.28%
Published
2002-12-31
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in acFreeProxy (aka acFP) 1.33 beta 7 allows remote attackers to inject arbitrary web script or HTML via the URL, which is inserted into an error page.
Max CVSS
4.3
EPSS Score
0.41%
Published
2002-12-31
Updated
2008-09-05
acFTP 1.4 does not properly handle when an invalid password is provided by the user during authentication, which allows remote attackers to hide or misrepresent certain activity from log files and possibly gain privileges.
Max CVSS
10.0
EPSS Score
4.76%
Published
2002-12-31
Updated
2008-09-05
Directory traversal vulnerability in Zeroo web server 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL GET request.
Max CVSS
5.0
EPSS Score
0.33%
Published
2002-12-31
Updated
2008-09-05
Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero (null) bytes sent via UDP to a running service.
Max CVSS
6.8
EPSS Score
0.18%
Published
2002-12-31
Updated
2008-09-05
Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash).
Max CVSS
4.3
EPSS Score
0.76%
Published
2002-12-31
Updated
2016-10-18
WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script source code for files with extensions greater than 3 characters via a URL request that uses the equivalent 8.3 file name.
Max CVSS
5.0
EPSS Score
0.20%
Published
2002-12-31
Updated
2008-09-05
Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts.
Max CVSS
2.1
EPSS Score
0.05%
Published
2002-12-31
Updated
2008-09-05
Buffer overflow in badmin.c in BannerWheel 1.0 allows remote attackers to execute arbitrary code via a long rcmd command.
Max CVSS
10.0
EPSS Score
2.42%
Published
2002-12-31
Updated
2017-07-29
openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information.
Max CVSS
5.0
EPSS Score
0.29%
Published
2002-12-31
Updated
2008-09-05
Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID.
Max CVSS
3.5
EPSS Score
0.12%
Published
2002-12-31
Updated
2008-09-05
Gordano Messaging Server (GMS) Mail 8 (a.k.a. NTMail) only filters email messages for the first recipient, which allows remote attackers to bypass JUCE filters by sending a message to more than one user on the GMS server.
Max CVSS
7.5
EPSS Score
0.33%
Published
2002-12-31
Updated
2008-09-05
Certain patches for QNX Neutrino realtime operating system (RTOS) 6.2.0 set insecure permissions for the files (1) /sbin/io-audio by OS Update Patch A, (2) /bin/shutdown, (3) /sbin/fs-pkg, and (4) phshutdown by QNX experimental patches, (5) cpim, (6) vpim, (7) phrelaycfg, and (8) columns, (9) othello, (10) peg, (11) solitaire, and (12) vpoker in the games pack 2.0.3, which allows local users to gain privileges by modifying the files before permissions are changed.
Max CVSS
6.9
EPSS Score
0.04%
Published
2002-12-31
Updated
2008-09-05
Buffer overflow in HTTP server in LiteServe 2.0, 2.0.1 and 2.0.2 allows remote attackers to cause a denial of service (hang) via a large number of percent characters (%) in an HTTP GET request.
Max CVSS
5.0
EPSS Score
0.28%
Published
2002-12-31
Updated
2008-09-05
Check Point FireWall-1 4.1 and Next Generation (NG), with UserAuth configured to proxy HTTP traffic only, allows remote attackers to pass unauthorized HTTPS, FTP and possibly other traffic through the firewall.
Max CVSS
4.9
EPSS Score
0.23%
Published
2002-12-31
Updated
2008-09-05
Buffer overflow in IISPop email server 1.161 and 1.181 allows remote attackers to cause a denial of service (crash) via a long request to the POP3 port (TCP port 110).
Max CVSS
5.0
EPSS Score
1.16%
Published
2002-12-31
Updated
2016-10-18
Directory traversal vulnerability in KeyFocus web server 1.0.8 allows remote attackers to read arbitrary files for recognized MIME type files via "...", "....", ".....", and other multiple dot sequences.
Max CVSS
5.0
EPSS Score
2.72%
Published
2002-12-31
Updated
2008-09-05
SURECOM broadband router EP-4501 uses a default SNMP read community string of "public" and a default SNMP read/write community string of "secret," which allows remote attackers to read and modify router configuration information.
Max CVSS
10.0
EPSS Score
0.76%
Published
2002-12-31
Updated
2016-10-18
869 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!