Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long CWD command, as demonstrated in one example by using the "cd" command in an interactive FTP client.
Max CVSS
7.5
EPSS Score
19.10%
Published
2004-03-24
Updated
2017-07-11
Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access.
Max CVSS
7.5
EPSS Score
5.14%
Published
2004-03-23
Updated
2023-10-11
Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) account parameter to ignorelist.html, (5) account parameter to showlog.html, (6) db parameter to repairdb.html, (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm, or (9) ip parameter to del.html. NOTE: the dnslook.html vector was later reported to exist in cPanel 10.
Max CVSS
9.3
EPSS Score
64.81%
Published
2004-03-30
Updated
2017-07-11
Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to gain users' passwords via the (1) photo parameter to addfav.php, (2) photo parameter to comments.php, (3) credit parameter to comments.php, (4) cat parameter to index.php, (5) ppuser parameter to showgallery.php, (6) cat parameter to showgallery.php, (7) cat parameter to uploadphoto.php, (8) albumid parameter to useralbums.php, or (9) albumid parameter to useralbums.php.
Max CVSS
7.5
EPSS Score
0.56%
Published
2004-03-29
Updated
2017-07-11
Stack-based buffer overflow in WinSig.exe in eSignal 7.5 and 7.6 allows remote attackers to execute arbitrary code via a long STREAMQUOTE tag.
Max CVSS
7.5
EPSS Score
54.76%
Published
2004-03-25
Updated
2017-07-11
SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta allows remote attackers to execute arbitrary SQL commands via the restrict parameter to (1) member.php, (2) misc.php, or (3) today.php.
Max CVSS
7.5
EPSS Score
1.88%
Published
2004-03-26
Updated
2021-04-29
Buffer overflow in the logging function in Picophone 1.63 and earlier allows remote attackers to execute arbitrary code via a large packet.
Max CVSS
7.5
EPSS Score
31.39%
Published
2004-03-24
Updated
2017-07-11
Dameware Mini Remote Control 4.1.0.0 uses insufficiently random data to create the encryption key, which makes it easier for remote attackers to obtain sensitive information via brute force guessing.
Max CVSS
7.5
EPSS Score
1.90%
Published
2004-03-24
Updated
2017-07-11
News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN cookie.
Max CVSS
7.5
EPSS Score
2.09%
Published
2004-03-20
Updated
2017-07-11
Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the (1) ID parameter to more.asp, (2) ID parameter to category_news.asp, or (3) filter parameter to news_sort.asp.
Max CVSS
7.5
EPSS Score
0.75%
Published
2004-03-20
Updated
2017-07-11
SQL injection vulnerability in Member Management System 2.1 allows remote attackers to execute arbitrary SQL via the ID parameter to (1) resend.asp or (2) news_view.asp.
Max CVSS
7.5
EPSS Score
0.53%
Published
2004-03-20
Updated
2017-07-11
The admin.ib file in Borland Interbase 7.1 for Linux has default world writable permissions, which allows local users to gain database administrative privileges.
Max CVSS
7.5
EPSS Score
0.29%
Published
2004-03-20
Updated
2017-07-11
SQL injection vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.62%
Published
2004-03-16
Updated
2017-07-11
SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to gain privileges or perform unauthorized database operations via the gid parameter.
Max CVSS
7.5
EPSS Score
1.31%
Published
2004-03-15
Updated
2017-07-11
PHP remote file inclusion vulnerability in displaycategory.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary PHP code by modifying the basepath parameter to reference a URL on a remote web server that contains fileFunctions.php.
Max CVSS
7.5
EPSS Score
6.53%
Published
2004-03-15
Updated
2017-07-11
The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter.
Max CVSS
10.0
EPSS Score
13.01%
Published
2004-03-11
Updated
2017-07-11
The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass.
Max CVSS
10.0
EPSS Score
11.93%
Published
2004-03-11
Updated
2017-07-11
Stack-based buffer overflow in the OutputDebugString function for Adobe Acrobat Reader 5.1 allows remote attackers to execute arbitrary code via a PDF document with XML Forms Data Format (XFDF) data.
Max CVSS
7.5
EPSS Score
13.80%
Published
2004-03-29
Updated
2017-10-10
Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username.
Max CVSS
7.5
EPSS Score
24.42%
Published
2004-03-15
Updated
2017-10-10
Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges.
Max CVSS
7.5
EPSS Score
0.13%
Published
2004-03-15
Updated
2017-10-10
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.
Max CVSS
7.5
EPSS Score
2.71%
Published
2004-03-15
Updated
2017-10-10
Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local users to execute arbitrary code via a long password.
Max CVSS
7.2
EPSS Score
0.04%
Published
2004-03-15
Updated
2018-05-03
smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.
Max CVSS
7.2
EPSS Score
0.04%
Published
2004-03-15
Updated
2017-10-10
Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name.
Max CVSS
10.0
EPSS Score
7.52%
Published
2004-03-15
Updated
2017-10-10
Heap-based buffer overflow in the search_for_command function of ltrace 0.3.10, if it is installed setuid, could allow local users to execute arbitrary code via a long filename. NOTE: It is unclear whether there are any packages that install ltrace as a setuid program, so this candidate might be REJECTed.
Max CVSS
7.2
EPSS Score
0.04%
Published
2004-03-15
Updated
2017-07-11
67 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!