gtkhtml before 1.1.10, as used in Evolution, allows remote attackers to cause a denial of service (crash) via a malformed message that causes a null pointer dereference. Date published : 2003-09-12 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000737 http://www.debian.org/security/2005/dsa-710
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different...
Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers to obtain the IP addresses of internal interfaces via certain SecuRemote requests to TCP ports 256 or 264, which leaks the IP addresses...
Directory traversal vulnerability in sitebuilder.cgi in SiteBuilder 1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the selectedpage parameter. Date published : 2003-09-06 http://archives.neohapsis.com/archives/bugtraq/2003-09/0011.html
Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows remote attackers to execute arbitrary code by creating long directory names and listing them with a LIST command. Date published : 2003-09-06 http://archives.neohapsis.com/archives/vuln-dev/2003-q3/0101.html
nphpd.php in newsPHP 216 and earlier allows remote attackers to bypass authentication via an HTTP request with a modified nphp_users array, which is used for authentication. Date published : 2003-09-06 http://archives.neohapsis.com/archives/bugtraq/2003-08/0345.html
nphpd.php in newsPHP 216 and earlier allows remote attackers to read arbitrary files via a full pathname to the target file in the nphp_config[LangFile] parameter. Date published : 2003-09-06 http://archives.neohapsis.com/archives/bugtraq/2003-08/0345.html
SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and possibly earlier versions, allows remote attackers to bypass authentication via a modified cook_id parameter. Date published : 2003-09-06 http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0090.html
SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and earlier allows remote attackers to execute arbitrary SQL queries via the email parameter. Date published : 2003-09-06 http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0089.html
secure.php in PY-Membres 4.2 and earlier allows remote attackers to bypass authentication by setting the adminpy parameter. Date published : 2003-09-06 http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0089.html
Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to insert arbitrary web script and steal cookies via the ~service parameter. Date published : 2003-09-06 http://www.securityfocus.com/bid/8517 http://archives.neohapsis.com/archives/bugtraq/2003-08/0361.html
Directory traversal vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to read arbitrary files via .. (dot-dot backslash) sequences in the ~theme parameter and a ~template parameter with a...
wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to obtain potentially sensitive information such as directory structure and operating system via incorrect parameters (1) ~service, (2) ~templatelanguage, (3) ~language, (4) ~theme,...
Various Distributed Computing Environment (DCE) implementations, including HP OpenView, allow remote attackers to cause a denial of service (process hang or termination) via certain malformed inputs, as triggered by attempted exploits against the vulnerabilities...