Full List

Search

Recent Vulnerabilities

• CVE-2003-1129 • published on March 12, 2005 Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ActiveX control before 1,0,0,45 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a URL with a long hostname to Yahoo! Messenger or Yahoo! Chat.
• CVE-2003-1120 • published on March 12, 2005 Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the password change plugin (ssh-passwd-plugin) is enabled, allows local users to obtain the server's private key.
• CVE-2003-1121 • published on March 12, 2005 Services in ScriptLogic 4.01, and possibly other versions before 4.14, process client requests at raised privileges, which allows remote attackers to (1) modify arbitrary registry entries via the ScriptLogic RPC service (SLRPC) or (2) modify arbitrary configuration via the RunAdmin services (SLRAserver.exe and SLRAclient.exe).
• CVE-2003-1123 • published on March 12, 2005 Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows untrusted applets to access certain information within trusted applets, which allows attackers to bypass the restrictions of the Java security model.
• CVE-2003-1119 • published on March 12, 2005 SSH Secure Shell before 3.2.9 allows remote attackers to cause a denial of service via malformed BER/DER packets.
• CVE-2003-1122 • published on March 12, 2005 ScriptLogic 4.01, and possibly other versions before 4.14, uses insecure permissions for the LOGS$ share, which allows users to modify log records and possibly execute arbitrary code.
• CVE-2003-1127 • published on March 12, 2005 Whale Communications e-Gap 2.5 on Windows 2000 allows remote attackers to obtain the source code for the login page via the HTTP TRACE method, which bypasses the preprocessor.
• CVE-2003-1128 • published on March 12, 2005 XMMS.pm in X2 XMMS Remote, as obtained from the vendor server between 4 AM 11 AM PST on May 7, 2003, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to TCP port 8086.
• CVE-2005-0448 • published on March 12, 2005 Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.
• CVE-2005-0719 • published on March 12, 2005 Unknown vulnerability in the systems message queue in HP Tru64 Unix 4.0F PK8 through 5.1B-2/PK4 allows local users to cause a denial of service (process crash) for processes such as nfsstat, pfstat, arp, ogated, rarpd, route, sendmail, srconfig, strsetup, trpt, netstat, and xntpd.
• CVE-2005-0721 • published on March 12, 2005 PHP remote file inclusion vulnerability in modules.php in eXPerience2 allows remote attackers to execute arbitrary PHP code by modifying the file parameter to reference a URL on a remote web server that contains the code.
• CVE-2005-0722 • published on March 12, 2005 eXPerience2 allows remote attackers to obtain the full path for the web root via a direct request to modules.php without any parameters, which leaks the path in a PHP error message.
• CVE-2005-0723 • published on March 12, 2005 Cross-site scripting (XSS) vulnerability in the jumpmenu function in functions.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameters, which is not properly cleansed in the $pageurl variable, as demonstrated using pafiledb.php.
• CVE-2005-0725 • published on March 12, 2005 SQL injection vulnerability in the getAllbyArticle function in wfsfiles.php for WF-Sections (wfsections) 1.07 allows remote attackers to execute arbitrary SQL commands via the articleid parameter to article.php.
• CVE-2005-0718 • published on March 12, 2005 Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory.
• CVE-2005-0720 • published on March 12, 2005 PHP remote file inclusion vulnerability in admin/header.php in PHP mcNews 1.3 allows remote attackers to execute arbitrary PHP code by modifying the skinfile parameter to reference a URL on a remote web server that contains the code.
• CVE-2005-0724 • published on March 12, 2005 paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via (1) an invalid str parameter to pafiledb.php, or a direct request to (2) viewall.php, (3) stats.php, (4) search.php, (5) rate.php, (6) main.php, (7) license.php, (8) category.php, (9) download.php, (10) file.php, (11) email.php, or (12) admin.php, which reveals the path in a PHP error message.
• CVE-2005-0726 • published on March 12, 2005 SQL injection vulnerability in editpost.php in UBB.threads 6.0 allows remote attackers to execute arbitrary SQL commands via the Number parameter.
• CVE-2003-1098 • published on March 11, 2005 The Xserver for HP-UX 11.22 was not properly built, which introduced a vulnerability that allows local users to gain privileges.
• CVE-2003-1103 • published on March 11, 2005 SQL injection vulnerability in loginact.asp for Hummingbird CyberDOCS before 3.9 allows remote attackers to execute arbitrary SQL commands.