Full List

Search

Recent Vulnerabilities

• CVE-2004-1427 • published on February 12, 2005 PHP remote file inclusion vulnerability in main.inc in KorWeblog 1.6.2-cvs and earlier allows remote attackers to execute arbitrary PHP code by modifying the G_PATH parameter to reference a URL on a remote web server that contains the code, as demonstrated in index.php when using .. (dot dot) sequences in the lng parameter to cause main.inc to be loaded.
• CVE-2004-1428 • published on February 12, 2005 ArGoSoft FTP before 1.4.2.1 generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid usernames.
• CVE-2004-1180 • published on February 11, 2005 Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash).
• CVE-2005-0114 • published on February 11, 2005 vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm Wireless before 5.5.080.000, Check Point Integrity Client 4.x before 4.5.122.000 and 5.x before 5.1.556.166 do not properly verify that the ServerPortName argument to the NtConnectPort function is a valid memory address, which allows local users to cause a denial of service (system crash) when ZoneAlarm attempts to dereference an invalid pointer.
• CVE-2005-0074 • published on February 11, 2005 Buffer overflow in pcdsvgaview in xpcd 2.08 allows local users to execute arbitrary code.
• CVE-2005-0073 • published on February 11, 2005 Buffer overflow in queue.c in a support script for sympa 3.3.3, when running setuid, allows local users to execute arbitrary code.
• CVE-2005-0349 • published on February 11, 2005 The production release of the UniversalAgent for UNIX in BrightStor ARCserve Backup 11.1 contains hard-coded credentials, which allows remote attackers to access the file system and possibly execute arbitrary commands.
• CVE-2005-0350 • published on February 11, 2005 Heap-based buffer overflow in multiple F-Secure Anti-Virus and Internet Security products allows remote attackers to execute arbitrary code via a crafted ARJ archive.
• CVE-2005-0364 • published on February 11, 2005 Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to cause a denial of service.
• CVE-2005-0366 • published on February 11, 2005 The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed.
• CVE-2005-0369 • published on February 11, 2005 Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 earlier allows remote attackers to cause a denial of service (application crash) via a packet with a large (1) descriptor ID or (2) claim_id, which exceeds the boundaries of an array.
• CVE-2005-0370 • published on February 11, 2005 Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and earlier allow remote attackers to cause a denial of service (network disconnection) via an empty UDP packet, which is not properly distinguished from the "no new packets" state of the associated socket.
• CVE-2005-0367 • published on February 11, 2005 Multiple directory traversal vulnerabilities in ArGoSoft Mail Server 1.8.7.3 allow remote authenticated users to read, delete, or upload arbitrary files via a .. (dot dot) in (1) the filename of an e-mail attachment, (2) the _msgatt.rec file, (3) and the /msg, /delete, /folderadd, and /folderdelete operations for the Folder parameter.
• CVE-2005-0368 • published on February 11, 2005 Multiple SQL injection vulnerabilities in CMScore allow remote attackers to execute arbitrary SQL commands via the (1) EntryID or (2) searchterm parameter to index.php, or (3) username parameter to authenticate.php.
• CVE-2005-0365 • published on February 11, 2005 The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
• CVE-2005-0371 • published on February 11, 2005 Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and earlier allow remote attackers to cause a denial of service (freeze) via a large number of player connections that do not send any data.
• CVE-2005-0088 • published on February 10, 2005 The publisher handler for mod_python 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL.
• CVE-2005-0076 • published on February 10, 2005 Multiple buffer overflows in the XView library 3.2 may allow local users to execute arbitrary code via setuid applications that use the library.
• CVE-2005-0260 • published on February 10, 2005 Stack-based buffer overflow in the Discovery Service for BrightStor ARCserve Backup 11.1 and earlier allows remote attackers to execute arbitrary code via a long packet to UDP port 41524, which is not properly handled in a recvfrom call.
• CVE-2005-0261 • published on February 10, 2005 lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop privileges before processing the -f option, which allows local users to read one line of arbitrary files.