Full List

Search

Recent Vulnerabilities

• CVE-2004-1619 • published on February 20, 2005 Buffer overflow in Privateer's Bounty: Age of Sail II allows remote attackers to execute arbitrary code via a long nickname.
• CVE-2004-1622 • published on February 20, 2005 SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x allows remote attackers to execute arbitrary SQL statements via the Name parameter.
• CVE-2004-1623 • published on February 20, 2005 The WAV file property handler in Windows XP SP1 allows remote attackers to cause a denial of service (infinite loop in Explorer) via a WAV file with an invalid file header whose fmt chunk length is set to 0xFFFFFFFF.
• CVE-2004-1624 • published on February 20, 2005 Carbon Copy 6.0.5257 does not drop system privileges when opening external programs through the help topic interface, which allows local users to gain privileges via (1) the help topic interface in CCW32.exe, which launches Notepad, or (2) the help button in the Carbon Copy Scheduler (CCSched.exe).
• CVE-2004-1629 • published on February 20, 2005 Multiple SQL injection vulnerabilities in Dwc_articles 1.6 and earlier allow remote attackers to execute arbitrary SQL statements.
• CVE-2004-1630 • published on February 20, 2005 Cross-site scripting (XSS) vulnerability in the login form in Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to execute arbitrary web script or HTML via the url parameter.
• CVE-2004-1641 • published on February 20, 2005 Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote attackers to cause a denial of service (crash) via a long FTP command such as (1) CWD, (2) STAT, or (3) LIST.
• CVE-2004-1644 • published on February 20, 2005 Xedus 1.0 allows remote attackers to cause a denial of service (refuse connections) by connecting multiple times from the same IP address.
• CVE-2004-1647 • published on February 20, 2005 SQL injection vulnerability in Password Protect allows remote attackers to execute arbitrary SQL statements and bypass authentication via (1) admin or Pass parameter to index_next.asp, (2) LoginId, OPass, or NPass to CPassChangePassword.asp, (3) users_edit.asp, or (4) users_add.asp.
• CVE-2004-1594 • published on February 20, 2005 Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows remote attackers to execute arbitrary web script via an img src tag.
• CVE-2004-1597 • published on February 20, 2005 RIM Blackberry 7230 running RIM Blackberry OS 3.7 SP1 allows remote attackers to cause a denial of service (device reboot and possibly data corruption) via a calendar message with a long Location field, which triggers a watchdog while the message is being stored.
• CVE-2004-1598 • published on February 20, 2005 Adobe Acrobat and Acrobat Reader 6.0 allow remote attackers to read arbitrary files via a PDF file that contains an embedded Shockwave (swf) file that references files outside of the temporary directory.
• CVE-2004-1599 • published on February 20, 2005 Cross-site scripting (XSS) vulnerability in index.php in CoolPHP 1.0-stable allows remote attackers to execute arbitrary web script or HTML via the (1) query or (2) nick parameters.
• CVE-2004-1600 • published on February 20, 2005 index.php in CoolPHP 1.0-stable allows remote attackers to gain sensitive information via an invalid op parameter, which reveals the path in an error message.
• CVE-2004-1606 • published on February 20, 2005 slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial service (application crash) via an invalid HTTP request, which might also leak sensitive information in the ErrorLogMsg cookie.
• CVE-2004-1608 • published on February 20, 2005 SQL injection vulnerability in SalesLogix 6.1 allows remote attackers to execute arbitrary SQL statements via the id parameter in a view operation.
• CVE-2004-1612 • published on February 20, 2005 Directory traversal vulnerability in SalesLogix 6.1 allows remote attackers to upload arbitrary files via a .. (dot dot) in a ProcessQueueFile request.
• CVE-2004-1621 • published on February 20, 2005 NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2) computed when composed, or (3) computed text element fields. NOTE: the vendor has disputed this issue, saying that it is not a problem with Notes/Domino itself, but with the applications that do not properly handle this feature
• CVE-2004-1625 • published on February 20, 2005 pGina 1.7.6 and possibly older versions, when the Restart or Shutdown options are enabled on the login screen, allows remote attackers to cause a denial of service by connecting via Remote Desktop and clicking restart or shutdown.
• CVE-2004-1627 • published on February 20, 2005 Buffer overflow in Ability Server 2.25, 2.32, 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long APPE command.