eUpload 1.0 stores the password.txt password file in plaintext under the web document root, which allows remote attackers to overwrite arbitrary files by reading password.txt. Date published : 2003-03-18 http://www.securityfocus.com/bid/5369 http://archives.neohapsis.com/archives/bugtraq/2002-07/0412.html
Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows remote attackers to execute script as other users via a link to a non-existent page whose name contains the script, which is inserted into the...
The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6.0, allows remote attackers to cause a denial of service (crash with an exception in oleaut32.dll) via malicious HTML, possibly related to small...
The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com...
Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow remote attackers to execute arbitrary code via (1) the Steelarrow Service (Steelarrow.exe) using a long UserIdent Cookie header, (2) DLLHOST.EXE (Steelarrow.dll) via a request for...
The Gateway GS-400 server has a default root password of "0001n" that can not be changed via the administrative interface, which can allow attackers to gain root privileges. Date published : 2003-03-18 http://www.securityfocus.com/bid/5472 http://archives.neohapsis.com/archives/bugtraq/2002-08/0126.html
Unknown vulnerability related to stack corruption in the TGA daemon for HP-UX 11.04 (VVOS) Virtualvault 4.0, 4.5, and 4.6 may allow attackers to obtain access to system files. Date published : 2003-03-18 http://www.securityfocus.com/bid/5459 http://archives.neohapsis.com/archives/hp/2002-q3/0050.html
Multiple cross-site scripting (XSS) vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs. Date published : 2003-03-18 http://www.securityfocus.com/bid/5507 http://archives.neohapsis.com/archives/bugtraq/2002-08/0183.html
Kerio MailServer 5.0 allows remote attackers to cause a denial of service (hang) via SYN packets to the supported network services. Date published : 2003-03-18 http://www.securityfocus.com/bid/5505 http://archives.neohapsis.com/archives/bugtraq/2002-08/0183.html
MidiCart stores the midicart.mdb database file under the Web document root, which allows remote attackers to steal sensitive information by directly requesting the database. Date published : 2003-03-18 http://www.securityfocus.com/bid/5438 http://archives.neohapsis.com/archives/bugtraq/2002-08/0074.html
Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the source IP address of internal packets to that of the router’s external interface when forwarding a request from an internal host to an internal web...
Cross-site scripting vulnerability in board.php of endity.com ShoutBOX allows remote attackers to inject arbitrary HTML into the shoutbox page via the site parameter. Date published : 2003-03-18 http://www.securityfocus.com/bid/5354 http://archives.neohapsis.com/archives/bugtraq/2002-07/0389.html
index.php in dotProject 0.2.1.5 allows remote attackers to bypass authentication via a cookie or URL with the user_cookie parameter set to 1. Date published : 2003-03-18 http://www.securityfocus.com/bid/5347 http://archives.neohapsis.com/archives/bugtraq/2002-07/0366.html
The print_html_to_file function in edit.cgi for Easy Homepage Creator 1.0 does not check user credentials, which allows remote attackers to modify home pages of other users. Date published : 2003-03-18 http://www.securityfocus.com/bid/5340 http://archives.neohapsis.com/archives/bugtraq/2002-07/0350.html