Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long CWD command, as demonstrated in one example by using the "cd" command in an interactive FTP client.
Max CVSS
7.5
EPSS Score
19.10%
Published
2004-03-24
Updated
2017-07-11
Aldo's Web Server (aweb) 1.5 allows remote attackers to gain sensitive information via an arbitrary character, which reveals the full path and the user running the aweb process, possibly due to a malformed request.
Max CVSS
5.0
EPSS Score
4.46%
Published
2004-03-03
Updated
2017-07-11
Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access.
Max CVSS
7.5
EPSS Score
5.14%
Published
2004-03-23
Updated
2023-10-11
LINBOX LIN:BOX allows remote attackers to bypass authentication, obtain sensitive information, or gain access via a direct request to admin/user.pl preceded by // (double leading slash).
Max CVSS
5.0
EPSS Score
0.53%
Published
2004-03-30
Updated
2017-07-11
The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password.
Max CVSS
2.6
EPSS Score
1.66%
Published
2004-03-30
Updated
2017-07-11
The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon (clamd) before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name.
Max CVSS
4.6
EPSS Score
0.04%
Published
2004-03-30
Updated
2017-07-11
Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) account parameter to ignorelist.html, (5) account parameter to showlog.html, (6) db parameter to repairdb.html, (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm, or (9) ip parameter to del.html. NOTE: the dnslook.html vector was later reported to exist in cPanel 10.
Max CVSS
9.3
EPSS Score
64.81%
Published
2004-03-30
Updated
2017-07-11
Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp and (2) billing.asp in A-CART Pro and A-CART 2.0 allow remote attackers to inject arbitrary web script or HTML via the user information forms.
Max CVSS
4.3
EPSS Score
0.40%
Published
2004-03-29
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in WebCT Campus Edition 4.1.1.5 allows remote attackers to inject arbitrary web script or HTML via the @import URL function in a CSS style tag.
Max CVSS
4.3
EPSS Score
0.35%
Published
2004-03-29
Updated
2017-07-11
Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ppuser, (2) password, (3) stype, (4) perpage, (5) sort, (6) page, (7) si, or (8) cat parameters to showmembers.php, or the (9) photo name, (10) photo description, (11) album name, or (12) album description fields.
Max CVSS
4.3
EPSS Score
0.98%
Published
2004-03-29
Updated
2017-07-11
Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to gain users' passwords via the (1) photo parameter to addfav.php, (2) photo parameter to comments.php, (3) credit parameter to comments.php, (4) cat parameter to index.php, (5) ppuser parameter to showgallery.php, (6) cat parameter to showgallery.php, (7) cat parameter to uploadphoto.php, (8) albumid parameter to useralbums.php, or (9) albumid parameter to useralbums.php.
Max CVSS
7.5
EPSS Score
0.56%
Published
2004-03-29
Updated
2017-07-11
Stack-based buffer overflow in WinSig.exe in eSignal 7.5 and 7.6 allows remote attackers to execute arbitrary code via a long STREAMQUOTE tag.
Max CVSS
7.5
EPSS Score
54.76%
Published
2004-03-25
Updated
2017-07-11
nstxd in Nstx 1.1 beta3 and earlier allows remote attackers to cause a denial of service (crash) via a large packet, which triggers a null dereference.
Max CVSS
5.0
EPSS Score
3.94%
Published
2004-03-26
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name ($blogname). NOTE: if administrators are normally allowed to add HTML by other means, e.g. through Smarty templates, then this issue would not give any additional privileges, and thus would not be considered a vulnerability.
Max CVSS
4.8
EPSS Score
0.33%
Published
2004-03-26
Updated
2020-12-08
SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta allows remote attackers to execute arbitrary SQL commands via the restrict parameter to (1) member.php, (2) misc.php, or (3) today.php.
Max CVSS
7.5
EPSS Score
1.88%
Published
2004-03-26
Updated
2021-04-29
Multiple cross-site scripting (XSS) vulnerabilities in Extreme Messageboard (XMB) 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) xmbuser parameter to xmb.php, (2) folder parameter to u2u.php, (3) viewmost, replymost, or latest parameter to stats.php, (4) message or icons parameter to post.php, (5) threadlist, pagelinks, forumlist, navigation, or (6) forumdisplay parameter to forumdisplay.php.
Max CVSS
4.3
EPSS Score
2.27%
Published
2004-03-26
Updated
2021-04-29
Invision NetSupport School Pro uses a weak encryption algorithm to encrypt passwords, which allows local users to obtain passwords.
Max CVSS
4.6
EPSS Score
0.04%
Published
2004-03-25
Updated
2017-07-11
Directory traversal vulnerability in Trend Micro Interscan Web Viruswall in InterScan VirusWall 3.5x allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
Max CVSS
5.0
EPSS Score
87.51%
Published
2004-03-24
Updated
2017-07-11
Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter.
Max CVSS
2.1
EPSS Score
92.35%
Published
2004-03-24
Updated
2017-07-11
devices_update_printer_fw_upload.hts in HP Web JetAdmin 7.5.2546, when no password is set, allows remote attackers to upload arbitrary files to the printer directory.
Max CVSS
5.0
EPSS Score
89.80%
Published
2004-03-24
Updated
2017-07-11
Dark Age of Camelot before 1.68 live patch does not sign the RSA public key, which could allow remote malicious servers to gain sensitive information via a man-in-the-middle attack.
Max CVSS
5.0
EPSS Score
0.51%
Published
2004-03-23
Updated
2017-07-11
Buffer overflow in the logging function in Picophone 1.63 and earlier allows remote attackers to execute arbitrary code via a large packet.
Max CVSS
7.5
EPSS Score
31.39%
Published
2004-03-24
Updated
2017-07-11
Buffer overflow in Terminator 3: War of the Machines 1.0 allows remote attackers to cause a denial of service via a long ServerInfo variable.
Max CVSS
5.0
EPSS Score
2.56%
Published
2004-03-19
Updated
2017-07-11
DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transmits the Blowfish encryption key in plaintext, which allows remote attackers to gain sensitive information.
Max CVSS
5.0
EPSS Score
1.80%
Published
2004-03-23
Updated
2024-01-25
Dameware Mini Remote Control 4.1.0.0 uses insufficiently random data to create the encryption key, which makes it easier for remote attackers to obtain sensitive information via brute force guessing.
Max CVSS
7.5
EPSS Score
1.90%
Published
2004-03-24
Updated
2017-07-11
141 vulnerabilities found
1 2 3 4 5 6
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!