Full List

Search

Recent Vulnerabilities

• CVE-2004-1980 • published on May 10, 2005 Directory traversal vulnerability in glossary.php in PROPS 0.6.1 allows remote attackers to view arbitrary files via a .. (dot dot) in (1) module or (2) format variables.
• CVE-2004-1982 • published on May 10, 2005 Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify records in the board's .txt file via carriage return characters in the subject field.
• CVE-2004-1989 • published on May 10, 2005 PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc.
• CVE-2004-2004 • published on May 10, 2005 The Live CD in SUSE LINUX 9.1 Personal edition is configured without a password for root, which allows remote attackers to gain privileges via SSH.
• CVE-2004-2012 • published on May 10, 2005 The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges.
• CVE-2004-2014 • published on May 10, 2005 Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded.
• CVE-2004-2019 • published on May 10, 2005 The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message.
• CVE-2004-2020 • published on May 10, 2005 Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2) date parameter in the Statistics module, (3) year, month, and month_1 parameters in the Stories_Archive module, (4) mode, order, and thold parameters in the Surveys module, or (5) a SQL statement to index.php, as processed by mainfile.php.
• CVE-2004-2026 • published on May 10, 2005 Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages.
• CVE-2004-2029 • published on May 10, 2005 The Util_DecodeHTTPAuth function in BNBT BitTorrent Tracker Beta 7.5 Release 2 and earlier allows remote attackers to cause a denial of service (crash) via a Basic Authorization HTTP request with a "A==" value.
• CVE-2004-2039 • published on May 10, 2005 e107 0.615 allows remote attackers to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php, (3) clock_menu.php, (4) counter_menu.php, (5) login_menu.php, and other files, which reveal the full path in a PHP error message.
• CVE-2004-2041 • published on May 10, 2005 PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote attackers to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote web server that contains the code.
• CVE-2004-2043 • published on May 10, 2005 Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command.
• CVE-2004-2051 • published on May 10, 2005 The Phoenix browser in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allows local users to read arbitrary files via a file:/// URL.
• CVE-2004-2055 • published on May 10, 2005 Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attackers to inject arbitrary HTMl or web script via the search_author parameter.
• CVE-2004-2059 • published on May 10, 2005 Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or (4) SQL parameter in export.asp.
• CVE-2004-2060 • published on May 10, 2005 ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable based on table and field names.
• CVE-2004-2061 • published on May 10, 2005 RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a (1) http://, (2) ftp://, or (3) file:// URL.
• CVE-2004-2065 • published on May 10, 2005 DansGuardian 2.8 and earlier allows remote attackers to bypass the extension filtering rule via a hex encoded extension or . in the filename.
• CVE-2004-2067 • published on May 10, 2005 SQL injection vulnerability in controlpanel.php in Jaws Framework and Content Management System 0.4 allows remote attackers to execute arbitrary SQL and bypass authentication via the (1) user, (2) password, or (3) crypted_password parameters.