CVE-2004-1715
Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via "..\", "..", and similar dot dot sequences in the URL. Date published : 2005-02-26...
Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via "..\", "..", and similar dot dot sequences in the URL. Date published : 2005-02-26...
BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify...
Unknown vulnerability in HP Process Resource Manager (PRM) C.02.01[.01] and earlier, as used by HP-UX Workload Manager (WLM), allows local users to corrupt data files. Date published : 2005-02-26 http://www.securityfocus.com/bid/10907 http://marc.info/?l=bugtraq&m=109215093809027&w=2
Cross-site scripting (XSS) vulnerability in TypePad allows remote attackers to inject arbitrary Javascript via the name parameter. Date published : 2005-02-26 http://marc.info/?l=bugtraq&m=109189453302959&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/19664
Cross-site scripting (XSS) vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary web script or HTML via the reply parameter. Date published : 2005-02-26 http://www.securityfocus.com/bid/10884 http://marc.info/?l=bugtraq&m=109182851216921&w=2
page.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the url parameter. Date published : 2005-02-26 http://marc.info/?l=bugtraq&m=109181771832634&w=2 http://www.osvdb.org/8936
Datakey Rainbow iKey2032 USB token, when using the CIP client package, does not encrypt communications between the token and the driver, which could allow local users to obtain the PINs of other users. Date...
Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of service (crash) via a large number of connections. Date published : 2005-02-26 http://www.securityfocus.com/bid/10842 http://marc.info/?l=bugtraq&m=109156450320855&w=2
The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges,...
The U.S. Robotics USR808054 wireless access point allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via an HTTP GET request with a long version string. Date...
Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers to cause a denial of service via a long username. Date published : 2005-02-26 http://www.securityfocus.com/bid/10833 http://marc.info/?l=bugtraq&m=109121546120575&w=2
WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain privileges via a direct request to adminrestore.php in the extras directory. Date published : 2005-02-26 http://marc.info/?l=bugtraq&m=109122270013514&w=2 http://www.osvdb.org/8321
Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is...
Lexar Safe Guard for JumpDrive Secure 1.0 stores the password insecurely in memory using XOR encryption, which allows local users to read the password directly from the device and access the password protected part...