Full List

Search

Recent Vulnerabilities

• CVE-2004-0724 • published on July 23, 2004 The Half-Life engine before July 7 2004 allows remote attackers to cause a denial of service (server or client crash) via an empty fragmented packet.
• CVE-2004-0728 • published on July 23, 2004 The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address.
• CVE-2004-0738 • published on July 23, 2004 Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to execute arbitrary SQL via the (1) min or (2) categ parameters.
• CVE-2004-0740 • published on July 23, 2004 The HTTP server in Lexmark T522 and possibly other models allows remote attackers to cause a denial of service (server crash, reload, or hang) via an HTTP header with a long Host field, possibly triggering a buffer overflow.
• CVE-2004-0742 • published on July 23, 2004 Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote authenticated users to obtain Calendar Server privileges and modify Calendar data by changing the display options to a non-default view.
• CVE-2003-1048 • published on July 21, 2004 Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.
• CVE-2004-0566 • published on July 21, 2004 Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value.
• CVE-2004-0706 • published on July 21, 2004 Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, which could allow local users to view the password in the web server log files.
• CVE-2004-0708 • published on July 21, 2004 MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges by creating a user with the same name as an existing group that has higher privileges.
• CVE-2004-0709 • published on July 21, 2004 HP OpenView Select Access 5.0 through 6.0 does not correctly decode UTF-8 encoded unicode characters in a URL, which could allow remote attackers to bypass access restrictions.
• CVE-2004-0712 • published on July 21, 2004 The configuration tools (1) config.sh in Unix or (2) config.cmd in Windows for BEA WebLogic Server 8.1 through SP2 create a log file that contains the administrative username and password in cleartext, which could allow local users to gain privileges.
• CVE-2004-0714 • published on July 21, 2004 Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts to process SNMP solicited operations on improper ports (UDP 162 and a randomly chosen UDP port), which allows remote attackers to cause a denial of service (device reload and memory corruption).
• CVE-2004-0715 • published on July 21, 2004 The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges.
• CVE-2004-0703 • published on July 21, 2004 Unknown vulnerability in the administrative controls in Bugzilla 2.17.1 through 2.17.7 allows users with "grant membership" privileges to grant memberships to groups that the user does not control.
• CVE-2004-0704 • published on July 21, 2004 Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in Bugzilla 2.16.x before 2.16.6, 2.18 before 2.18rc1, when configured to hide products, allows remote attackers to view hidden products.
• CVE-2004-0713 • published on July 21, 2004 The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remove EJB objects from remote views before the security exception is thrown.
• CVE-2004-0700 • published on July 21, 2004 Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
• CVE-2004-0701 • published on July 21, 2004 Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 does not properly detect a smartcard removal when the card is quickly removed, reinserted, and removed again, which could cause a user session to stay logged in and allow local users to gain unauthorized access.
• CVE-2004-0707 • published on July 21, 2004 SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to grant membership to any group to execute arbitrary SQL.
• CVE-2004-0710 • published on July 21, 2004 IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series Switch and the Cisco 7600 Series Internet Routers running IOS before 12.2(17b)SXA, before 12.2(17d)SXB, or before 12.2(14)SY03 could allow remote attackers to cause a denial of service (device crash and reload) via a malformed Internet Key Exchange (IKE) packet.