The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in the CMD parameter. Date published...
Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 allows remote attackers to obtain sensitive information via a user message that is generated when Mbedthis denies access. Date published : 2005-08-16 http://www.securityfocus.com/bid/10673 http://www.mbedthis.com/products/appWeb/doc/product/newFeatures.html
Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via a GET request containing an MS-DOS device name such as COM1. Date published : 2005-08-16 http://www.securityfocus.com/bid/9494 http://secunia.com/advisories/10710/
Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via an empty OPTIONS request. Date published : 2005-08-16 http://www.securityfocus.com/bid/9494 http://secunia.com/advisories/10710/
The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b 2.2.116 does not have a password by default, which allows remote attackers to gain access. Date published : 2005-08-16 http://www.ciac.org/ciac/bulletins/o-080.shtml http://www.securitytracker.com/alerts/2004/Feb/1008961.html
Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks....
Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, allows local users to gain privileges via a long CC argument. Date published : 2005-08-16 http://www.securityfocus.com/bid/9903 http://archives.neohapsis.com/archives/fulldisclosure/2004-03/0997.html
Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows local users to create folders or determine the existence of files via a .. (dot dot) in the new folder dialog. Date published...
Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows remote attackers to inject arbitrary web script or HTML via a Domino command in the Quick Console. Date published : 2005-08-16 http://www.securityfocus.com/bid/9901...
Directory traversal vulnerability in Crob FTP Server 3.5.1 allows local users to browse outside the FTP root via multiple ../ (dot dot slash) in the DIR command. Date published : 2005-08-16 http://www.securityfocus.com/bid/9546 http://www.securityfocus.com/archive/1/352329
Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html. Date published : 2005-08-16 http://www.securityfocus.com/bid/9853 http://www.securityfocus.com/archive/1/357231
Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service (browser crash) via a shell: URI with double backslashes (\) in an HTML tag such as IFRAME or...
Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has been removed as a result of security hardening, disables mail alerts from the audit_warn script, which might...
Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows remote attackers to bypass virus scanning by including a password-protected file in a ZIP file, which causes eTrust to scan only the password protected file...