Multiple buffer overflows in YaMT before 0.5_2 allow attackers to execute arbitrary code via the (1) rename or (2) sort options.
Max CVSS
7.5
EPSS Score
0.33%
Published
2005-01-20
Updated
2008-09-05
Multiple directory traversal vulnerabilities in YaMT before 0.5_2 allow attackers to overwrite arbitrary files via the (1) rename or (2) sort options.
Max CVSS
5.0
EPSS Score
0.11%
Published
2005-01-20
Updated
2008-09-05
The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote attackers to cause a denial of service (system panic) via crafted values in the TCP timestamp option, which causes invalid arguments to be used when calculating the retransmit timeout.
Max CVSS
5.0
EPSS Score
4.44%
Published
2005-01-13
Updated
2008-09-05
Buffer overflow in Golden FTP Server Pro (goldenftpd) 2.x allows remote attackers to execute arbitrary code via a long RNTO command.
Max CVSS
7.5
EPSS Score
14.24%
Published
2005-01-22
Updated
2017-07-11
Opera 7.54 and earlier does not properly validate base64 encoded binary data in a data: (RFC 2397) URL, which causes the URL to be obscured in a download dialog, which may allow remote attackers to trick users into executing arbitrary code.
Max CVSS
5.0
EPSS Score
1.00%
Published
2005-01-12
Updated
2022-02-28
Cross-site scripting (XSS) vulnerability in f.aspx in forumKIT 1.0 allows remote attackers to inject arbitrary web script or HTML via the members parameter.
Max CVSS
4.3
EPSS Score
0.28%
Published
2005-01-13
Updated
2017-07-11
PHP remote file inclusion vulnerability in SGallery 1.01 allows local and possibly remote attackers to execute arbitrary PHP code by modifying the DOCUMENT_ROOT parameter to reference a URL on a remote web server that contains (1) config.php or (2) sql_layer.php.
Max CVSS
7.5
EPSS Score
2.48%
Published
2005-01-12
Updated
2017-07-11
Multiple cross-site scripting vulnerabilities in MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to login.html, (2) accountid parameter to accountsettings_add.html, or the (3) note, (4) title, and (5) location fields to calendar.html.
Max CVSS
5.0
EPSS Score
2.18%
Published
2005-01-28
Updated
2017-07-11
Direct remote injection vulnerability in modalfram.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to load external webpages that appear to come from the WebAdmin server, which allows remote attackers to inject arbitrary HTML or web script to facilitate cross-site scripting (XSS) and phishing attacks.
Max CVSS
4.3
EPSS Score
0.19%
Published
2005-01-28
Updated
2017-07-11
useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly validate account edits by the logged in user, which allows remote authenticated users to edit other users' account information via a modified user parameter.
Max CVSS
2.1
EPSS Score
0.13%
Published
2005-01-28
Updated
2016-10-18
Cross-site scripting (XSS) vulnerability in useredit_account.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter.
Max CVSS
4.3
EPSS Score
0.57%
Published
2005-01-28
Updated
2017-07-11
WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote attackers to bypass intended access restrictions.
Max CVSS
7.5
EPSS Score
5.11%
Published
2005-01-28
Updated
2017-07-11
The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify that the IP address in a PORT command is the same as the IP address of the user of the FTP session, which allows remote authenticated users to use the server as an intermediary for port scanning.
Max CVSS
4.6
EPSS Score
0.29%
Published
2005-01-27
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail Server 4.0 Build 1112 allows remote attackers to inject arbitrary web script or HTML via the personal information fields.
Max CVSS
4.3
EPSS Score
0.48%
Published
2005-01-27
Updated
2017-07-11
Multiple directory traversal vulnerabilities in Magic Winmail Server 4.0 Build 1112 allow remote attackers to (1) upload arbitrary files via certain parameters to upload.php or (2) read arbitrary files via certain parameters to download.php, and remote authenticated users to read, create, or delete arbitrary directories and files via the IMAP commands (3) CREATE, (4) EXAMINE, (5) SELECT, or (6) DELETE.
Max CVSS
7.5
EPSS Score
1.58%
Published
2005-01-27
Updated
2017-07-11
WarFTPD 1.82 RC9, when running as an NT service, allows remote authenticated users to cause a denial of service (access violation) via a CWD command with a crafted pathname, as demonstrated using a large string of "%s" sequences, possibly indicating a format string vulnerability.
Max CVSS
2.1
EPSS Score
0.34%
Published
2005-01-27
Updated
2017-07-11
Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php or (2) mod.php in Exponent 0.95 allow remote attackers to inject arbitrary web script or HTML via the module parameter.
Max CVSS
4.3
EPSS Score
0.68%
Published
2005-01-25
Updated
2017-07-11

CVE-2005-0308

Public exploit
Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier allows remote attackers to execute arbitrary code via a large import or export function name.
Max CVSS
7.5
EPSS Score
83.62%
Published
2005-01-24
Updated
2017-07-11
Multiple cross-site scripting (XSS) vulnerabilities in index.php in MercuryBoard 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) s, (2) l, (3) a, (4) t, (5) to, or (6) re parameters.
Max CVSS
4.3
EPSS Score
0.19%
Published
2005-01-25
Updated
2017-07-11
MercuryBoard 1.1.1 allows remote attackers to gain sensitive information via an HTTP request with the n parameter set to 0, which causes a divide-by-zero error and reveals the path in the resulting error message.
Max CVSS
5.0
EPSS Score
0.45%
Published
2005-01-25
Updated
2017-07-11
Directory traversal vulnerability in session.php in JSBoard 2.0.9 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the table parameter.
Max CVSS
5.0
EPSS Score
0.54%
Published
2005-01-20
Updated
2017-07-11
SQL injection vulnerability in Oracle Database 9i and 10g allows remote attackers to execute arbitrary SQL commands and gain privileges.
Max CVSS
7.5
EPSS Score
0.11%
Published
2005-01-18
Updated
2016-10-18
NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the "about" information page. NOTE: the vendor has disputed this issue
Max CVSS
5.0
EPSS Score
1.53%
Published
2005-01-17
Updated
2024-03-21
npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any process that calls it, which allows local users to gain privileges.
Max CVSS
4.6
EPSS Score
0.04%
Published
2005-01-17
Updated
2017-07-11
minis.php in Minis 0.2.1 allows remote attackers to cause a denial of service (infinite loop) via an HTTP request for a file that the web server does not have permission to read, as demonstrated using the month parameter.
Max CVSS
5.0
EPSS Score
1.48%
Published
2005-01-16
Updated
2017-07-11
320 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!