Full List

Search

Recent Vulnerabilities

• CVE-2004-1745 • published on February 26, 2005 Buffer overflow in Painkiller 1.3.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password.
• CVE-2004-1750 • published on February 26, 2005 RealVNC 4.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of connections to port 5900.
• CVE-2004-1717 • published on February 26, 2005 Multiple buffer overflows in the psscan function in ps.c for gv (ghostview) allow remote attackers to execute arbitrary code via a Postscript file with a long (1) BoundingBox, (2) comment, (3) Orientation, (4) PageOrder, or (5) Pages value.
• CVE-2004-1720 • published on February 26, 2005 The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote attackers to gain sensitive information via an invalid HTTP request, which reveals the installation path. NOTE: it is unclear whether the calendar.html is an exposure, since the path is leaked in web logs that may only be available to the administrators, who would have access to the path through legitimate means.
• CVE-2004-1721 • published on February 26, 2005 The (1) function.php or (2) function.view.php scripts in Merak Mail Server 5.2.7 allow remote attackers to read arbitrary PHP files via a direct HTTP request to port 32000.
• CVE-2004-1722 • published on February 26, 2005 SQL injection vulnerability in calendar.html in Merak Mail Server 5.2.7 allows remote attackers to execute arbitrary SQL statements via the schedule parameter.
• CVE-2004-1723 • published on February 26, 2005 The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion 4.00 allow remote attackers to obtain sensitive information via a direct HTTP request, which reveals the installation path in an error message.
• CVE-2004-1726 • published on February 26, 2005 Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3) xvpm.c in XV allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow.
• CVE-2004-1731 • published on February 26, 2005 signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address.
• CVE-2004-1732 • published on February 26, 2005 SQL injection vulnerability in out.ViewFolder.php in MyDMS before 1.4.2 allows remote attackers to execute arbitrary SQL commands via the folderid parameter.
• CVE-2004-1727 • published on February 26, 2005 BadBlue 2.5 allows remote attackers to cause a denial of service (refuse HTTP connections) via a large number of connections from the same IP address.
• CVE-2004-1715 • published on February 26, 2005 Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via "..\\", "..\", and similar dot dot sequences in the URL.
• CVE-2004-1716 • published on February 26, 2005 Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows remote attackers to inject arbitrary web script or HTML via the (1) IRC Server or (2) AIM ID fields in the user profile.
• CVE-2004-1714 • published on February 26, 2005 BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying firewall.ini to contain a large firewall rule.
• CVE-2004-1718 • published on February 26, 2005 The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 and earlier allows local users to cause a denial of service (crash) via an invalid pointer in the "oa" argument.
• CVE-2004-1734 • published on February 26, 2005 PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the (1) t_core_path parameter to bug_api.php or (2) t_core_dir parameter to relationship_api.php to reference a URL on a remote web server that contains the code.
• CVE-2004-1737 • published on February 26, 2005 SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.
• CVE-2004-1738 • published on February 26, 2005 Cross-site scripting (XSS) vulnerability in page.php in JShop allows remote attackers to inject arbitrary web script or HTML via the xPage parameter.
• CVE-2004-1739 • published on February 26, 2005 Bird Chat 1.61 allows remote attackers to cause a denial of service (crash) via invalid users.
• CVE-2004-1744 • published on February 26, 2005 Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to cause a denial of service (CPU consumption or crash) via many large HTTP requests.