Note: All the information included in the
following tables has been discussed in newsgroups and on web
sites.
Multiple Operating Systems - Windows / UNIX / Linux / Other |
Vendor & Software Name |
Common Name |
Risk |
Bulletin Issue |
@lexPHPteam
@lex Guestbook |
@lex Guestbook Include File Remote Code Execution |
High |
SB04-280
SB04-273 |
0verkill
0verkill 0.15pre3 a & prior |
0verkill Game Client Multiple Buffer Overflows | High |
CyberNotes-2004-03 |
3Com
3CDaemon 2.0 revision 10 |
3Com 3CDaemon TFTP Service Remote Denial of Service |
Low |
SB04-357 |
| 3Com Corporation
SuperStack 3 Switch, Switch 4400.0 SE, 4400.0 PWR, 4400.0 FX, 4400.0
|
3Com SuperStack Switch Remote Denial of Service
|
Low |
SB04-189 |
3Com
OfficeConnect ADSL Wireless 11g Firewall Router Firmware 1.13, 1.23, 1.24, 1.27 |
3Com OfficeConnect ADSL Wireless 11g
Firewall Router Remote Denial of Service |
Low |
SB04-329
SB04-294 |
| 3Com
OfficeConnect Remote 812 ADSL Router, Router 1.1.9.4
|
OfficeConnect Remote 812 ADSL Router
Telnet Remote Buffer Overflow
CVE Name:
CAN-2004-0476
|
Low |
SB04-161 |
| 3Com
OfficeConnect Remote 812 ADSL, Router 1.1.9 .4
|
OfficeConnect Remote 812 ADSL Router
Web Interface Authentication Bypass
CVE Name:
CAN-2004-0477
|
High |
SB04-161 |
3Com
3Com Super Stack 3 NBX 4.0.17, 4.1.4, 4.1.21, 4.2.7 |
3Com SuperStack 3 NBX Netset
Application Port Scan Denial of Service |
Low |
SB04-133 |
3Com
3CRADSL72 Wireless Router |
3Com 3CRADSL72 ADSL Wireless
Router Information Disclosure & Authentication Bypass |
Medium/
High
(High if administrative access can be obtained)
|
SB04-294 |
| 4D Portal 1.5 |
4D Portal Default Password May Let
Remote Users Access the System |
Medium |
SB04-217
|
68 Designs
Froogle 1.x |
68 Designs Froogle Installation Security Issue |
Medium/ High
(High if arbitrary code can be executed)
|
SB04-357 |
Aborior
Encore Web Forum |
Encore Web Forum Remote Arbitrary
Command Execution |
|
SB04-105 |
Accipiter
Direct Server 6 |
DirectServer Directory Traversal |
Medium |
CyberNotes-2004-02 |
ACLogic
Cesar FTP |
CesarFTP Remote Denial of Service |
Low |
CyberNotes-2004-01 |
Active Campaign Inc.
Knowledge Builder |
Knowledge Builder Arbitrary Code Execution |
High |
CyberNotes-2004-01
CyberNotes-2004-02 |
Adam Webb
Nuke-Jokes 1.7, 2.0 Beta |
NukeJokes Module For PHP-Nuke
Multiple Input Validation |
Medium High
(High if arbitrary code can be executed)
|
SB04-133 |
Admin Access With Levels
Admin Access With Levels Plug-in 1.5.1 |
Admin Access With Levels Plug-in For
osCommerce Administrative Access |
High |
SB04-133 |
Adobe Systems Incorporated
Acrobat 6.0-6.0.2, Acrobat Reader 6.0-6.0.2 |
Adobe Acrobat/Acrobat Reader ETD
File Parser Format String
CVE Name:
CAN-2004-1153
|
High |
SB04-357 |
Adobe
Adobe Reader 6.x;
Adobe Acrobat 6.x |
Adobe Acrobat / Reader File Extension
Buffer Overflow Vulnerability |
High |
SB04-203 |
Ai Graphics & Joe Lumbroso
Jacks FormMail.php 2.0, 5.0 |
Jack's Formmail.php Input Validation |
High |
SB04-058 |
Aiptek Incorporated
NETCam Viewer 1.0.0.28 & prior |
AIPTEK NETCam Webserver Directory Traversal |
Medium |
CyberNotes-2004-02 |
| Albrecht Günther
PHProjekt 4.x |
Albrecht Günther PHProjekt "path_pre"
Parameter Arbitrary File Inclusion Vulnerability
|
High |
SB04-364 |
Albrecht Guenther
PHProjekt 2.0, 2.0.1, 2.1 a, 2.1-2.4, 3.0-3.2, 4.2 |
Albrecht Guenther PHProjekt 'setup.php' File Upload |
High |
SB04-357 |
Albrecht Guenther
PHProjekt 2.0, 2.0.1, 2.1 a, 2.1-2.4, 3.0-3.2, 4.2 |
PHProjekt 'setup.php' File Upload |
High |
SB04-350
SB04-343 |
Alcatel
Omni
Switch 7700, 7800
|
OmniSwitch 7000 Series Security
Scan Denial of Service |
Low |
SB04-077 |
Alcatel
SpeedTouch Pro With Firewall ADSL Router |
Alcatel Speed Touch Pro With Firewall
ADSL Router DNS Poisoning |
Low/Medium
(Low if a DoS)
|
SB04-322 |
alex.ilosuna.org
My Little Forum 1.3 |
My Little Forum ‘Email.PHP’ Cross-Site Scripting |
High |
CyberNotes-2004-01 |
Alivesites
Forum 2.0 |
AliveSites Forum Multiple Unspecified Remote Input Validation |
High |
SB04-294 |
All Enthusiast Inc.
Photopost PHP Pro 3.1-3.3, 4.0, 4.1, 4.6 |
Photopost PHP Pro Multiple Input Validation |
High |
SB04-105
CyberNotes-2004-03 |
All Enthusiast Inc.
Review Post PHP Pro 2.5.1 & prior |
ReviewPost PHP Pro Input Validation
|
High |
CyberNotes-2004-03 |
AllWebScripts
MySQLGuest |
MySQLGuest Cross-Site Scripting |
High |
SB04-273 |
America Online
AOL Instant Messenger (AIM) 5.5 |
AOL Instant Messenger aim:goaway URI Handler Buffer Overflow Vulnerability |
High |
SB04-252
SB04-231 |
America Online, Inc.
AOL |
Groups@AOL Group Invitation |
Medium |
SB04-273 |
America OnLine
America Online Webmail |
AOL Web Mail 'msglist.adp' Cross-Site Scripting |
High |
SB04-301 |
America OnLine
AOL
|
AOL Journals Email Address Disclosure |
Medium |
SB04-301 |
Andy's PHP Projects
Andy's PHP Man Page Lookup |
Andy's PHP Projects Man Page Remote Information Disclosure |
Medium |
CyberNotes-2004-02 |
AntoineBajolet
PhpDig 1.6.x |
PHPDig Remote Command Execution
CVE Name:
CAN-2004-0068 |
High |
CyberNotes-2004-02 |
Apache Software Foundation
Apple
Mandrake
Trustix
Apache 2.0.47 2.0.49 |
Apache ap_escape_html Remote
Denial of Service
CVE Name:
CAN-2004-0493
|
Low |
SB04-231
SB04-189 |
Apache Software Foundation
Gentoo
Mandrake
OpenBSD
OpenPKG
RedHat
SGI
Tinysofa
Trustix
Apache 1.3-2.0.49
|
Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow Vulnerability
CVE Name:
CAN-2004-0488
|
Low/ High
(High if arbitrary code can be executed)
|
SB04-189
SB04-161 |
Apache Software Foundation
Apache 1.3.29 & prior |
Apache mod_digest Replayed Response Validation
CVE Name:
CAN-2003-0987
|
Medium |
CyberNotes-2004-03 |
Apache Software Foundation
Xerces C++ 2.5 .0 |
Xerces C++ XML Parsing Remote Denial of Service |
Low |
SB04-280 |
Apache Software Foundation
Apache 1.0, 1.0.2, 1.0.3, 1.0.5, 1.1, 1.1.1, 1.2, 1.2.5, 1.3, 1.3.1, 1.3.3, 1.3.4, 1.3.6, 1.3.7 –dev, 1.3.9, 1.3.11, 1.3.12, 1.3.14, 1.3.17- 1.3.20, 1.3.22- 1.3.29, 2.0 a9, 2.0, 2.0.28 Beta, 2.0.28, 2.0.32, 2.0.35- 2.0.48 |
Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness |
Medium |
SB04-091 |
Apache Software Foundation
Apache 1.3.29 & prior |
Apache ebcdic2ascii() Buffer Overflow |
High |
SB04-119 |
Apache Software Foundation
Jakarta Lucene 1.4.2 |
Apache Jakarta Results.JSP Remote Cross-Site Scripting |
High |
SB04-343 |
APC
WEB/ SNMP Management Card (9606) Firmware 3.0, 3.0.1 |
SmartSlot Web/SNMP Management Card Default Password |
Medium |
SB04-058 |
Apple
Apple Macintosh OS X
Safari 1.x |
Mac OS X Security Update Fixes Multiple Vulnerabilities |
High |
SB04-231 |
Apple
iTunes Player 4.2.72, Quick Time Player 6, 5.0.2, 6.1, 6.5 |
Apple QuickTime Sample-to-Chunk Integer Overflow
CVE Name:
CAN-2004-0431
|
Low/ High
(High if arbitrary code can be executed)
|
SB04-133 |
AppServ
Open Project 2.4-2.4.2, 2.5-2.5.2 |
AppServ Open Project Remote Insecure Default Password |
Medium |
SB04-329 |
Aprox Portal
Aprox Portal 3.x |
Aprox Portal Directory Traversal & Arbitrary Code Execution |
Medium/ High
(High if arbitrary code can be executed)
|
CyberNotes-2004-03 |
Arash Moslehi
iWebNegar |
Arash Moslehi IWebNegar Input Validation
|
High |
SB04-357 |
artmedic webdesign
Artmedic Hpmaker |
Artmedic Webdesign Hpmaker 'index.php' script |
Medium/ High
(High if arbitrary code can be executed)
|
SB04-119 |
artmedic webdesign
artmedic kleinanzeigen |
artmedic kleinanzeigen Inclusion of Arbitrary Files |
Medium |
SB04-217 |
Asante
FM2008 Managed Ethernet Switch v01.06 |
Asante FM2008 Managed Ethernet Switch Default Backdoor |
High |
SB04-357 |
ASN.1
ASN.1 Compiler 0.9.4 |
ASN1 Multiple Vulnerabilities |
Not Specified |
SB04-294 |
ASP-Nuke
ASP-Nuke |
ASP-Nuke Remote Remote Unauthorized Access |
Medium |
CyberNotes-2004-01 |
| Asterisk
Asterisk 0.7 .0-0.7.2
|
Asterisk PBX Multiple Logging Format String Vulnerabilities |
High |
SB04-189 |
AWStats
AWStats 5.0-5.9, 6.0-6.2 |
AWStats 'awstats.pl' Input Validation |
High |
SB04-245 |
Axis Communications
Firmware Version 2.40; Axis 2100/2110/2120/2420/2130, Network Camera, 2400/2401 Video Server |
Axis Network Camera And Video Server Multiple Vulnerabilities
|
Medium/High
(High if arbitrary commands can be executed)
|
SB04-252
SB04-245 |
Axis Communications
StorPoint CD |
StorPoint CD Administrative Backdoor |
High |
SB04-245 |
AzDG
AzDGDatingLite 2.1.1 |
AzDGDating Lite Cross-Site Scripting Vulnerabilities
|
|
SB04-105 |
Baal Systems
Baal Smart Forms 3.x |
Baal Smart Forms 'Admin Change Password' Security Restriction |
High |
SB04-273 |
bblog.com
bBlog 0.7.2, bBlog 0.7.3 |
BBlog RSS.PHP Input Validation |
High |
SB04-280 |
| BEA Systems Inc.
WebLogic Server and WebLogic Express
|
Weblogic & Web Express Unauthorized Access
CVE Name:
CAN-2004-0470
|
Medium |
SB04-175 |
| BEA Systems Inc.
WebLogic Server and WebLogic Express
|
WebLogic Server and WebLogic Express Site Restriction |
Medium |
SB04-147 |
| BEA Systems Inc.
WebLogic Server and WebLogic Express
|
WebLogic Server and WebLogic Express weblogic.xml Access |
Medium |
SB04-147 |
BEA Systems
WebLogic Server & Express 6.1 SP6, 7.0 SP4, 8.1 SP2; and prior service packs |
WebLogic Command & Administrative Scripts Password Disclosure |
Medium |
SB04-259 |
BEA Systems
WebLogic Server & Express 6.1 SP6, 7.0 SP5, 8.1 SP2; and prior service packs |
WebLogic Case-Sensitive 'web.xml' Patterns |
Medium |
SB04-259 |
BEA Systems
WebLogic Server & Express 6.1 SP6, 7.0 SP5, 8.1 SP3; and prior service packs |
WebLogic System Version Information Disclosure |
Medium |
SB04-259 |
BEA Systems
WebLogic Server & Express 7.0 SP5, 8.1 SP2; and prior |
WebLogic 'weblogic.Admin' commands |
Medium/High
(High if arbitrary code can be executed)
|
SB04-259 |
BEA Systems
WebLogic Server & Express 7.0 SP5, 8.1 SP2; and prior service packs |
WebLogic Active Directory LDAP Disabled User's Accounts |
Medium |
SB04-259 |
BEA Systems
WebLogic Server & Express 7.0 SP5, 8.1 SP2; and prior service packs |
WebLogic Server Incomplete Security Deployment |
Medium |
SB04-259 |
BEA Systems
WebLogic Server & Express 7.0, 8.1 |
WebLogic Clear Text Sensitive Information Transmit |
Medium |
SB04-259 |
BEA Systems
WebLogic Server & Express 7.0, 8.1 |
WebLogic Information Disclosure |
Medium |
SB04-259 |
BEA Systems, Inc.
WebLogic Express 8.1, SP1&SP2, WebLogic Express for Win32 8.1, SP1&SP2, Weblogic Server 8.1, SP1&SP2, WebLogic Server for Win32 8.1, SP1&SP2
|
BEA WebLogic Server & WebLogic Express Remote Denial of Service
|
Low |
SB04-175 |
BEA Systems, Inc.
WebLogic Server 8.x, WebLogic Express 8.x |
WebLogic Ant Tasks Administrative Password Disclosure |
Medium |
CyberNotes-2004-02 |
BEA Systems, Inc.
WebLogic Server and Express 7.0, SP1-SP4, |
WebLogic Server User Identity Failure |
Medium |
SB04-105 |
BEA Systems, Inc.
WebLogic Server and Express 8.1 |
WebLogic Server Administrator Password Cleartext Storage |
Medium |
SB04-105 |
| BEA Systems, Inc.
WebLogic Express 6.1, SP1-SP6, 7.0.0.1, SP1-SP4, 7.0, SP1-SP5, 8.1, SP1&SP2, WebLogic Express for Win32 6.1, SP1-SP 6, 7.0 .0.1, SP1&SP2, 7.0, SP1-SP5, 8.1, SP1&SP2, Weblogic Server 6.1, SP1-SP6, 7.0.0.1, SP1-SP4, 7.0, SP1-SP5, 8.1, SP1&SP2, WebLogic Server for Win32 6.1, SP1-SP 6, 7.0 .0.1, SP1&SP2, 7.0, SP1-SP5, 8.1, SP1&SP2
|
BEA WebLogic Server & WebLogic Express Java RMI Incorrect Session Inheritance |
Medium |
SB04-175 |
| BEA Systems, Inc.
WebLogic Express 7.0, SP1-SP5, 8.1, SP1&SP2, WebLogic Express for Win32 7.0, SP1-SP5, 8.1, SP1&SP2, Weblogic Server 7.0, SP1-SP5, 8.1, SP1&SP2, WebLogic Server for Win32 7.0, SP1-SP5, 8.1, SP1&SP2
|
BEA WebLogic Server & WebLogic Express role-name Unauthorized Access
|
Medium |
SB04-189 |
BEA Systems, Inc.
WebLogic Express & Server 6.1, SP1-SP6, 7.0, SP1-SP4, 8.1, SP1&SP2, Win32 6.1, SP1-SP6, Win32 7.0, SP1-SP4, Win32 8.1, SP1&SP2 |
WebLogic Server/Express EJB Object Removal Remote Denial of Service
|
Low |
SB04-119 |
BEA Systems, Inc.
WebLogic Express & Server 6.1, SP1-SP6, 7.0, SP1-SP4, 8.1, SP1&SP2, Win32 6.1, SP1-SP6, Win32 7.0, SP1-SP4, Win32 8.1, SP1&SP2 |
WebLogic Server/Express Potential Password Disclosure |
Medium |
SB04-119 |
BEA Systems, Inc.
WebLogic Express & Server 7.0 .0.1, SP1-SP4, 7.0, SP1-SP4, 8.1, SP1&SP2, Win32 7.0.0.1, SP1&SP2, Win32 7.0, SP1-SP4, Win32 8.1, SP1&SP2 |
WebLogic Server/Express Password Disclosure Vulnerability |
|
SB04-119 |
BEA Systems, Inc.
WebLogic Express & Server 7.0, SP1-SP4, 8.1, SP1&SP2, Win32 7.0, SP1-SP4, Win32 8.1, SP1&SP2 |
WebLogic Server/Express Authentication Provider Privilege Inheritance |
|
SB04-119 |
BEA Systems, Inc.
WebLogic Express & Server 7.0, SP1-SP4, 8.1, SP1&SP2, Win32 7.0, SP1-SP4, Win32 8.1, SP1&SP2 |
WebLogic Server/Express Certificate Chain User Impersonation |
Medium |
SB04-119 |
BEA Systems, Inc.
WebLogic Express & Server 7.0, SP1-SP4, 8.1, SP1, Win32 7.0, SP1-SP4, Win32 8.1, SP1 |
Server & WebLogic Express Illegal URI Pattern Potential |
Medium |
SB04-119 |
BEA Systems, Inc.
WebLogic Express & Server 8.1, SP1&SP2, Win32 8.1, SP1&SP2 |
WebLogic Server/Express 'config.sh' & 'config.cmd' Information Disclosure |
|
SB04-119 |
Belchior Foundry
vCard 2.8 |
VCard Authentication Bypass |
Medium |
SB04-091 |
Ben3W
2Bgal 2.4 and 2.5.1 |
Ben3W 2Bgal "id_album" SQL Injection Vulnerability |
High |
SB04-364 |
| Billion Electric Co. Ltd.
BIPAC-640 AE 3.33
|
Billion BIPAC 640 AE Authentication Bypass
|
Medium |
SB04-175 |
Black board
Black board 5.0, 5.0.2, 5.5, 5.5.1, 6.0 |
Blackboard Learning System Multiple Cross-Site Scripting |
|
SB04-119 |
| Blackboard, Inc.
Blackboard 6.0
|
Blackboard Learning System ‘Digital Dropbox’ Information Disclosure |
Medium |
SB04-175 |
| blosxom.com
Blosxom 2.0
|
Blosxom ‘Writeback’ Plug-in Cross-Site Scripting
|
High |
SB04-175 |
| Blue Coat Systems
ProxySG 3.x
|
Potential Compromise of Private Keys |
Low |
SB04-147 |
BN Soft
Boast Machine 2.6 |
BoastMachine Comment Form HTML Injection |
High |
CyberNotes-2004-01 |
Bodington
Bodington 2.1.0 RC1 & prior |
Bodington Uploaded File Disclosure |
Medium |
CyberNotes-2004-03 |
Bolin Tech
Dream FTP Server 1.02 |
BolinTech Dream FTP Server User Name Format String |
Low/ High
(High if arbitrary code can be executed)
|
SB04-077
SB04-058 |
BolinTech
Dream FTP Server 1.02 |
Dream FTP Server Format String
|
Low/ High
(High if arbitrary code can be executed)
|
SB04-077 |
Borland/ Inprise
Interbase 4.0, 5.0, 6.0, 6.4, 6.5, 7.0, 7.1 |
Borland Interbase Unsafe Default Permissions |
Medium |
SB04-091 |
BosDev, Inc.
BosDates 3.0-3.2
|
BosDates Input Validation
|
Medium |
SB04-058 |
Brandon Tallent
AntiBoard 0.7.3 |
AntiBoard Input Validation |
High |
SB04-315 |
| British Telcom
Voyager 2000 Wireless ADSL Router
|
BT Voyager 2000 Wireless ADSL Router Password Disclosure |
Medium |
SB04-189 |
brooky.com
CubeCart 2.0.1 |
CubeCart Input Validation |
Medium |
SB04-301
SB04-287 |
Business Objects
Crystal Enterprise 8.5, 9, and 10 |
Business Objects Crystal Enterprise Filtering Flaw |
High |
SB04-364 |
Business Objects
InfoView 5.1.4-5.1.8,
WebIntelligence 2.7-2.7.4 |
|
Medium/High
(High if arbitrary code can be executed)
|
SB04-266 |
Byungchan Kim
JSBoard 2.0.7, 2.0.8, JSBoard-win32 1.3.11 |
Byungchan Kim JSBoard 'parse.php' Arbitrary Code Execution |
High |
SB04-357 |
C. Szymanski
Cerbère Proxy Server 1.2 |
Cerbère Proxy Server Remote Denial of Service |
Low |
SB04-252 |
Canon
imageRUNNER IR5000i |
Canon imageRunner Promiscuous Email Printing |
Medium |
SB04-273 |
Canon
VB-C10R Network Camera Firmware 1.0 Rev. 21 |
VB-C10R Network Camera Cross-Site Scripting |
High |
CyberNotes-2004-01 |
| Canon
imageRUNNER 210, 210S
|
ImageRUNNER Port Scan Remote Denial of Service
|
Low |
SB04-161 |
Centrinity
FirstClass 5.50, 5.77, 7.0, 7.1 |
FirstClass ‘Upload.shtml’ Script Cross-Site Scripting
|
|
SB04-091 |
| CGISCRIPT.NET
csFAQ, 1.0
|
csFAQ Installation Path Disclosure
|
Medium |
SB04-189 |
Chaogic Systems
vHost 3.05 r1-r6, 3.0 4r1, 3.0 3r1, 3.02r1 & r2, 3.01r1, 3.0 0r1-r6 |
VHost Cross-Site Scripting
|
High |
SB04-077 |
Check Point Software Technologies
Check Point VPN-1/FireWall-1 VSX NG;
Check Point VPN-1/FireWall-1 NG with Application Intelligence (AI);
Check Point VPN-1/Firewall-1 NG;
Check Point VPN-1 SecuRemote;
Check Point VPN-1 SecureClient;
Check Point SSL Network Extender;
Check Point Provider-1;
Check Point FireWall-1 GX 2.x |
Check Point VPN-1 ASN.1 Decoding Heap Overflow Vulnerability |
High |
SB04-217 |
| Check Point Software
Firewall-1 4.0, SP1-SP8, 4.1, SP1-SP6, Next Generation, FP3, HF1&HF2, FP2, FP1, NG-AI R55, NG-AI R54, NG-AI
|
Check Point Firewall-1 Internet Key Exchange Information Disclosure |
Medium |
SB04-175 |
Check Point Software
FireWall-1 GX 2.0, VSX 2.0.1, VSX NG with Application Intelligence, Next Generation FP3. HF1&2, NG-AI R55, NG-AI R54, Secure Client NG with Application Intelligence R56, Secu Remote NG with Application Intelligence R56, VPN-1 VSX 2.0.1, VPN-1 VSX NG with Application Intelligence |
VPN-1 ISAKMP Remote Buffer Overflow
|
|
SB04-133 |
Check Point Software
Firewall-1 NG FCS, NG FP1- FP3, HF2. NG with Application Intelligence R54 & R55 |
Multiple Firewall-1 Format String Vulnerabilities
CVE Name:
CAN-2004-0039
|
High |
CyberNotes-2004-03 |
Check Point Software
Smart Dashboard |
Firewall-1 SmartDashboard Filter Buffer Overflow |
|
SB04-091 |
Check Point Software
VNP-1-1 4.1, SP1-SP6; Secu Remote/ Secure Client 4.1 build 4200 & prior, NG FP0, FP1 |
|
High |
CyberNotes-2004-03 |
Cherokee
Cherokee 0.x |
Cherokee HTTP Post Remote Denial of Service |
Low |
CyberNotes-2004-01 |
Chi Kien Uong
Advanced Guest-book 2.2 |
Advanced Guestbook Input Validation |
|
SB04-119 |
| Cisco Systems ,
Catalyst 6000 series, 5000 series, 4500 series, 4000 series, 2948G, 2980G, 2980G-A, 4912G, 2901, 2902, 2926[T,F,GS,GL], 2948
|
|
Low |
SB04-175 |
| Cisco Systems ,
IOS 11.x, 12.x, R11.x, R12.x
|
Cisco IOS Border Gateway Protocol Remote Denial of Service
|
Low |
SB04-175 |
Cisco Systems
Cisco IOS 12.x, R12.x |
Cisco Internet Operating System SNMP Message Processing Remote
Denial of Service
|
Low |
SB04-133
SB04-119 |
Cisco Systems
IOS 12.0S, 12.2, 12.3 |
IOS OSPF Remote Denial of Service |
Low |
SB04-245 |
Cisco Systems
IOS 6000, 6500, 7600 routers only; 12.1E, 12.2SY, 12.2ZA |
Cisco IOS MSFC2 Malformed Layer 2 Frame Denial of Service |
Low |
CyberNotes-2004-03 |
Cisco Systems,
2650 Multiservice Platform, 2650XM Multiservice Platform, 2651 Multiservice Platform, 2651XM Multiservice Platform,
Cisco 7200, 7300, 7500, 7600, Catalyst 7600 Sup720/MSFC3,
IOS 12.2 (18)SW, 12.2 (18)SV, 12.2 (18)SE, 12.2 (18)S,12.2 (18)EWA, 12.2 (18)EW, 12.2 (14)SZ |
Cisco IOS DHCP Input Queue Blocking Remote Denial of Service |
Low |
SB04-343
SB04-322 |
Cisco Systems, Inc.
Catalyst 6500, 2.1, 2.3, 3.1, 5.4, 7.5, 7.6, Catalyst 7600 2.1, 2.2, 3.1, Firewall Services Module, Firewall Services Module 1.1.2 |
Multiple Cisco FWSM Vulnerabilities
CVE Names:
CAN-2003-1001
CAN-2003-1002
|
Low/High
(High if arbitrary code can be executed) |
CyberNotes-2004-01 |
Cisco Systems, Inc.
Cisco PIX 6.x, 5.x, 4.x
|
Multiple Cisco PIX Remote Denial Of Service
CVE Names:
CAN-2003-1003
CAN-2003-1004 |
Low |
CyberNotes-2004-01 |
Cisco Systems
Anomaly Detector 3.0 8, Guard 3.0 8.12, 3.0 8 |
Cisco Guard & Traffic Anomaly Detector Default Backdoor |
High |
SB04-357 |
Cisco Systems
ATA-186 |
ATA-186 HTTP Device Configuration Disclosure & Web Administration Authentication Bypass
CVE Name:
CAN-2002-0769
|
Medium |
SB04-105 |
Cisco Systems
Catalyst 4000 and 5000 images running version 4.5(2) up to 5.5(4) and
5.5(4a);
Catalyst 6000 images running version 5.3(1)CSX, up to and including 5.5(4),
5.5(4a)
|
Cisco Catalyst Memory Leak Denial of Service |
Low |
SB04-105 |
Cisco Systems
CBOS 2.3.9, 2.3.8, 2.3.7.002, 2.3.7, 2.3.5.015, 2.3.5, 2.3.2, 2.2.1a, 2.2.1, 2.2.0, 2.1.0a, 2.1.0, 2.0.1, 2.3 .053, 2.3, 2.4.1, 2.4.2b, 2.4.2ap, 2.4.2, 2.4.3, 2.4.4 |
Cisco Broadband Operating System Remote Denial of Service Vulnerabilities |
Low |
SB04-105 |
Cisco Systems
Cisco 627, 633, 673, 675, 675E, 677, 677I, 678 |
Cisco 600 Series Router Web Management Service Remote
Denial of Service
|
Low |
SB04-105 |
Cisco Systems
Cisco Catalyst 3500 XL |
Cisco Catalyst Remote Arbitrary Command Execution
CVE Name:
CVE-2000-0945
|
|
SB04-105 |
Cisco Systems
Cisco IOS 11.2(11) |
Cisco IOS RST-ACK Packet Access Control Bypass |
Medium |
SB04-105 |
Cisco Systems
Cisco IOS versions
12.0-12.1
|
Cisco IOS “?/” HTTP Request Denial of Service
CVE Name:
CVE-2000-0380
|
Low |
SB04-105 |
Cisco Systems
Cisco VPN Client for Linux 3.5.1, 3.5.2 B, 3.5.2, 3.5.4, 3.6, 3.6.1, VPN Client for Windows 2.0, 3.0, 3.0.5, 3.1, 3.5.1 C, 3.5.1, 3.5.2 B, 3.5.2, 3.5.4, 3.6 (Rel), 3.6, 3.6.1, 4.0.2 C, 4.0.2 A |
Cisco IPsec VPN Client Group Password Disclosure |
Medium |
SB04-119 |
Cisco Systems
CSS11000 Content Services Switch, CSS11050 Content Services Switch, CSS11150 Content Services Switch, CSS11800 Content Services Switch |
Cisco Content Service Switch Management Port UDP Denial of Service |
Low |
SB04-077 |
Cisco Systems
Hosting Solution Engine 1105 1.7-1.7.3, Wireless Lan Solution Engine 1105 2.0, 2.0.2, 2.5, 1130 2.0.2, 2.0, 2.0.5 |
Cisco WLSE/HSE Devices Default Username and Password |
Low/ Medium/ High
(Low if a DoS; Medium if sensitive information is obtained; and High if system control is obtained)
|
SB04-105 |
Cisco Systems
IOS 11.0, 11.2x, 11.3x, 12.0x |
|
Low |
SB04-105 |
Cisco Systems
IOS 11.3 & later |
Cisco IOS HTTP Configuration Arbitrary Administrative Access
CVE Name:
CVE-2001-0537
|
|
SB04-105 |
Cisco Systems
IOS 12.0-12.2 |
|
Low |
SB04-105 |
Cisco Systems
IOS 12.2 ZA, SY, SXB, SXA, (17a) SXA, (14)ZA2, (14)ZA, (14)SY |
IOS Malformed IKE Packet Remote Denial of Service
|
Low |
SB04-105 |
Cisco Systems
IOS R12.x, 12.x
|
Cisco IOS Telnet Service Remote Denial of Service |
Low |
SB04-315
SB04-301
SB04-245 |
Cisco Systems
ONS 15327 Edge Optical Transport Platform, ONS 15454 Optical Transport Platform, ONS 15454 SDH Multiplexor Platform, 15600 Multi-service Switching Platform
|
Cisco ONS Platform Vulnerabilities |
Low/Medium
(Medium if sensitive information can be obtained or unauthorized access is obtained)
|
SB04-077 |
Cisco Systems
Unity Server 2.0-2.4, 2.46, 3.0-3.3, 4.0 |
Cisco Unity With Exchange Default User Accounts and Passwords |
High |
SB04-357 |
Cisco
Cisco ONS 15327, 15454, and 15454 SDH; prior to 4.6(2)
Cisco ONS 15600 |
Cisco ONS Control Cards Malformed Packet Vulnerabilities |
High |
SB04-217 |
Cisco
ServletExec 3.x, 2.x
Cisco Collaboration Server (CSS) 3.x, 4.x
|
Cisco Collaboration Server ServletExec Arbitrary File Upload Vulnerability |
High |
SB04-217 |
cjoverkill.icefire.org
CJOverkill 4.0.3 |
CJOverkill Cross-Site Scripting |
High |
SB04-287 |
clientexec.com
ClientExec 2.2.1 |
ClientExec Default Installation Information Disclosure |
Medium |
SB04-294 |
Codestriker
Codestriker 1.7-1.7.8, 1.8-1.8.4 |
Codestriker Repository Access Control Bypass |
Medium |
SB04-350 |
Comersus Open Technologies
Comersus Shopping Cart 5.098 |
Comersus SQL Injection and Cross-Site Scripting Vulnerabilities |
High |
SB04-217 |
Comersus Open Technologies
Comersus Shopping Cart 5.x, 4.x |
Comersus Shopping Cart Cross-Site Scripting and Price Manipulation |
Medium |
SB04-203 |
Computer Associates
Unicenter TNG 2.4, 2.4.2 |
Unicenter TNG Utilities Multiple Remote Buffer Overflow Vulnerabilities |
High |
SB04-077 |
Conceptronic
CADSLR1 Router with firmware version 3.04n |
Conceptronic CADSLR1 Router Denial of Service Vulnerability |
Low |
SB04-217 |
Concurrent Versions Systems (CVS) 1.11 |
CVS Undocumented Flag Information Disclosure Vulnerability
CVE Name:
CAN-2004-0778 |
Low |
SB04-231 |
Content Management System
DCP-Portal 3.7, 4.0, 4.1, 4.2, 4.5.1, 5.0.1, 5.0.2, 5.1, 5.2, 5.3, 5.3.1, 5.3.2 |
DCP-Portal Multiple Cross-Site Scripting Vulnerabilities |
High |
SB04-287 |
Course Forum Technologies
Project Forum 8.4.2 .1 |
ProjectForum Denial of Service & Cross-Site Scripting |
Low/High
(High if arbitrary code can be executed) |
CyberNotes-2004-01 |
cphp.sourceforge.net
CoolPHP Web Portal 1.0 -stable |
CoolPHP Multiple Remote Input Validation |
Medium/
High
(High if arbitrary code can be executed)
|
SB04-294 |
| craftysyntax.com
Crafty Syntax Live Help 2.7.3
|
Crafty Syntax Live Help Multiple HTML Injection |
High |
SB04-161 |
Craig Knudsen
WebCalendar 0.9.8, 0.9.11, 0.9.15, 0.9.16, 0.9.19-0.9.44 |
Craig Knudsen WebCalendar Multiple Remote Vulnerabilities |
Medium/High
(High if arbitrary code can be executed)
|
SB04-322 |
Crossday
Discuz! Board 2.x, 3.x |
Discuz! Cross-Site Scripting |
High |
CyberNotes-2004-03 |
| CuteNews 1.3.1 |
CuteNews "archive" Parameter Cross-Site Scripting Vulnerability |
High |
SB04-231 |
CutePHP
CuteNews 0.88, 1.3, 1.3.1
|
CuteNews Multiple Cross-Site Scripting |
|
SB04-189 |
CutePHP
CuteNews 0.88, 1.3, 1.3.1, 1.3.2, 1.3.6 |
CutePHP Cross-Site Scripting |
High |
SB04-252 |
Dame Ware Development LLC
Mini Remote Control Server 3.70.0.0, 3.71.0.0, 3.72.0.0 |
Mini Remote Control Buffer Overflow |
High |
CyberNotes-2004-02 |
Darryl Burgdorf
WebLibs 1.0 |
Darryl Burgdorf WebLibs Directory Traversal |
Medium |
SB04-350 |
David Djurback
chacmool Private Message System 1.1.3 |
David Djurback Chacmool Private Message System Multiple Vulnerabilities
|
Medium/High
(High if arbitrary code can be executed)
|
SB04-322 |
Delegate.org
DeleGate 7.7 .0, 7.7.1, 7.8.0- 7.8.2, 7.9.11, 8.3.3, 8.3.4, 8.4.0, 8.5.0, 8.9- 8.9.2 |
DeleGate SSLway Filter Remote Buffer Overflow
|
High |
SB04-133 |
Dell
Open Manage Web Server 3.4, 3.7 |
OpenManage Web Server POST Request Heap Overflow |
High |
SB04-077 |
Der Herberlin
Brem Server 1.2.4 & prior |
BremsServer Cross-Site Scripting & Directory Traversal |
Medium/ High
(High if arbitrary code can be executed)
|
CyberNotes-2004-03 |
DevoyBB
DevoyBB Web Forum 1.0 |
DevoyBB Forum Multiple Unspecified Remote Input Validation
|
High |
SB04-294 |
Digital Illusions
Battlefield 1942 1.6.19, Battlefield Vietnam 1.2 |
Digital Illusions Multiple Games Remote Denial of Service |
Low |
SB04-350 |
D-Link
DCS-900 Internet Camera 2.10, 2.20, 2.28 |
DCS-900 Internet Camera Configuration Manipulation |
Low |
SB04-252 |
D-Link Systems
D-Link DI-624 wireless router, firmware release 1.28 for Revision B. |
D-Link DI-624 Multiple Vulnerabilities
|
Medium |
SB04-203 |
| D-Link
DI-604, DI-614+ 2.30
|
D-Link DI-614+ Router Denial of Service
|
Low |
SB04-189 |
| D-Link
DI-614+ 2.0 f, 2.0 3g, 2.0 3, 2.0, 2.10, 2.18, Dl-704 2.56 b6, 2.56 b5, 2.60 b2
|
D-Link ‘HOSTNAME’ Input Validation |
High |
SB04-189 |
Dom Lachowicz
Fedora
AbiWord 2.0.7 and prior |
AbiWord "wv" Library Buffer Overflow Vulnerability |
Medium |
SB04-217 |
| DSM
Light Web File Browser 2.0
|
DSM Light Explorer.EXE Directory Traversal Vulnerability |
High |
SB04-147 |
DUware
Ducalendar 1.0, 1.1, Declassified 4.0, 4.1, Dudirectory 3.0, Dudownload 1.0, Dugallery 3.0-3.3, Dupics 3.0, Duportal 3.0, Duarticle 1.0, Duclassmate 1.0, Dupoll 3.0, Dunews 1.0, Duamazon 3.0, Dupaypal 3.0, Dufaq 1.0, Duforum 3.0 |
Multiple DUware Software Authentication Vulnerabilities |
High |
CyberNotes-2004-02 |
DUware
DUportal 3.0 SQL, 3.0, Pro 3.2 SQL, Pro 3.2 |
DUportal Multiple Remote Vulnerabilities |
Medium/High
(High if arbitrary code can be executed) |
CyberNotes-2004-01 |
Duware
DUclassified
|
DUclassified Input Validation Vulnerabilities |
High |
SB04-287 |
Duware
DUclassmate |
DUclassmate Password Change Request |
Medium |
SB04-287 |
DUware
DUforum
|
DUforum Input Validation Vulnerabilities |
High |
SB04-287 |
DUware
DUgallery |
DUgallery Database Disclosure |
High |
SB04-322 |
Dynalink
RTA 230 ADSL Router |
Dynalink RTA 230 ADSL Router Default Backdoor Account
|
High |
SB04-252 |
Dynix
WebPac |
WebPAC Input Validation |
High |
SB04-245 |
| e107 |
e107 Input Validation Flaw in 'log.php' Lets Remote Users Conduct Cross-Site Scripting Attacks |
High |
SB04-147 |
e107 Group
e107 |
e107 website system Include File Flaw |
High |
SB04-364 |
| e107.org
e107 website system 0.6 10 -0.6 15a, 0.545, 0.554, 0.555 Beta, 0.603
|
e107 'usersettings.php' Cross-Site Scripting
|
High |
SB04-161 |
| e107.org
e107 website system 0.6 15a, 0.6 15
|
e107 Website System Multiple Vulnerabilities
|
High |
SB04-161 |
e107.org
e107 website system 0.6 10-0.6 14, 0.545, 0.554, 0.555, 0.603 |
e107 Website System Multiple Script HTML Injection |
High |
SB04-133 |
| EasyWeb FileManager 1.0 RC-1 for PostNuke |
EasyWeb FileManager "pathext" Directory Traversal |
Medium |
SB04-217 |
Ecommerce Corporation
Online Store Kit 3.0 Standard, 3.0 Pro, 3.0 Lite |
Online Store Kit Multiple Vulnerabilities
|
High |
SB04-058 |
EDIMAX Technology Co.
AR-6004 Broad band Router |
AR-6004 ADSL Router Management Interface Cross-Site Scripting |
High |
CyberNotes-2004-01 |
| EDIMAX Technology Co.
Edimax 7205APL 2.40 a-00
|
Edimax EW-7205APL Default Account & Password Disclosure
|
High |
SB04-175 |
eGroupWare.org
eGroupWare prior to 1.0.00.006 |
eGroupWare JiNN Directory Traversal |
Medium |
SB04-315 |
eGroupWare.org
GroupWare 1.0, 1.0.3 |
EGroupWare Multiple Input Validation |
High |
SB04-252
SB04-245 |
Endonesia.Com
eNdonesia 8.3 |
eNdonesia 'mod.php' Input Validation Vulnerability in Search 'query' Parameter Permits Cross-Site Scripting Attacks |
High |
SB04-231 |
| Enterasys
XSR-1805 7.0 .0.0, 1850 7.0 .0.0
|
Enterasys XSR-1800 Security Router Remote Denial of Service
|
Low |
SB04-189 |
| Entrust LibKMP ISAKMP Library |
|
Low/High
(High if arbitrary code can be executed)
|
SB04-245 |
| Epic Games
ARUSH Devastation 390.0;
DreamForge TNN; Outdoors Pro Hunter;
Epic Games Unreal Engine 436, 433, 226f, Unreal Tournament 451b, 2003 2225 win32, 2225 macOS, 2199 win32, 2199 macOS, 2199 linux, 2004 win32, macOS; Infogrames TacticalOps 3.4, Infogrames X-com Enforcer; Ion Storm DeusEx 1.112 fm; Nerf Arena Blast Nerf Arena Blast 1.2; Rage Software Mobile Forces 20000.0; Robert Jordan Wheel of Time 333.0 b; Running With Scissors Postal 2 1337
|
Epic Games Unreal Engine ‘Secure” Query Buffer Overflow |
|
SB04-189
SB04-175 |
Epic Games
Unreal Engine 436, 433, 226f, Unreal Tournament 2003 2199 win32, 2003 2199 linux, 2003 Demo Version 2206 win32, 2003 Demo Version 2206 linux, Unreal Tournament Server 436.0 |
Epic Games Unreal Tournament Server Engine Remote Format String |
Low/ High
(High if arbitrary code can be executed)
|
SB04-077 |
Epic Games
Unreal Engine 436, 433, Unreal Tournament 451b, 2003 2225 win32, macOS, 2003 2199 win32, macOS |
Unreal Game Engine UMOD Input Validation
|
Medium |
SB04-119 |
Ethereal Group
Ethereal 0.9.8 up to and including 0.10.3
|
Ethereal SIP, AIM, SPNEGO, and MMSE Dissector Flaws Allow Remote Users to Crash Ethereal or Execute Arbitrary Code |
High |
SB04-147 |
Ethereal Group
Ethereal 0.9- 0.9.16 |
Ethereal SMB Protocol & Q.931 Dissector Remote Denial of Service
CVE Names:
CAN-2003-1012
CAN-2003-1013 |
Low |
CyberNotes-2004-03
CyberNotes-2004-02 |
Ethereal Group
Ethereal 0.8.13, 0.8.14, 0.8.18, 0.8.19, 0.9- 0.9.16, 0.10- 0.10.2 |
|
Low/ Highh
(High if arbitrary code can be executed)
|
SB04-119
SB04-105
SB04-091 |
| Eudora |
Eudora Fails to Correctly Display the Status Bar for URLs Containing Many HTML Character Entities |
Low |
SB04-147 |
EvolutionX
EvolutionX Build 3935, 3921 |
EvolutionX Multiple Remote Buffer Overflow |
Low/ High
(High if arbitrary code can be executed)
|
SB04-058 |
Express-Web
Content Management System |
Express-Web Content Management System Cross-Site Scripting |
High |
SB04-294 |
eZ Systems
eZ 3.4, eZphotoshare 1.0, 1.1, 1.2.1 |
eZ/eZphotoshare Remote Denial of Service |
Low |
SB04-259 |
EZBoard, Inc.
EZBoard 7.3 u |
EZBoard Cross-Site Scripting |
High |
SB04-077 |
e-Zone Media Inc.
FuseTalk 2.0 |
FuzeTalk Multiple Vulnerabilities |
Medium/ High
(High if arbitrary code can be executed)
|
SB04-133 |
| F5
BigIP 4.5- 4.5.10
|
F5 BIG-IP Syncookie Denial Of Service Vulnerability |
Low |
SB04-147 |
Fabien Regost
Kietu.3.1 |
Kietu 'Index.PHP' Remote Code Execution
|
High |
CyberNotes-2004-03 |
Fastream Technologies
Fastream NETFile FTP/Web Server 6.x |
Fastream NETFile FTP/Web Server Directory Traversal Vulnerability |
Medium |
SB04-203 |
Firebird
Borland/Inprise
Firebird 1.0
Borland/Inprise Interbase 4.0, 5.0, 6.0, 6.4, 6.5, 7.0, 7.1, InterBase SuperServer 6.0
|
Firebird Remote Database Name Buffer Overflow
|
Low/High
(High if arbitrary code can be executed)
|
SB04-175 |
| Firebird
Database version 1.0 (1.0.2-2.1)
|
Firebird Database Remote Database Name Overflow |
Low |
SB04-147 |
FishNet Inc.
FishCart 3.0 & prior, 3.1 beta |
FishCart Integer Overflow
CVE Name:
CAN-2004-0062 |
Medium |
CyberNotes-2004-02 |
fizmez.com
Fizmez Web Server 1.0
|
Fizmez Web Server Null Connection Denial of Service
|
Low |
SB04-091 |
FocalMedia.Net
Turbo Seek 1.x |
Turbo Seek Information Disclosure |
Medium |
SB04-259 |
forum-aztek.com
Aztek Forum 4.0 |
Aztek Forum Multiple Cross-Site Scripting |
High |
SB04-322 |
Francisco Burzi
osCommerce
Paul Laudanski
Trustix
PHP-Nuke 5.0, 5.0.1, 5.1, 5.2 a, 5.2, 5.3.1, 5.4-5.6, 6.0, 6.5, RC1-RC3, 6.5 FINAL, 6.5 BETA 1, 6.6, 6.7, 6.9, 7.0 FINAL, 7.0-7.3;
osCommerce Osc2Nuke 7x 1.0;
Paul Laudanski BetaNC PHP-Nuke Bundle;
Trustix Secure Enterprise Linux 2.0, Secure Linux 2.1
|
PHP-Nuke Direct Script Access
|
Medium |
SB04-161 |
Francisco Burzi
PHP-Nuke 6.0, 6.5, RC1-RC3, 6.5 BETA 1, FINAL, 6.6, 6.7, 6.9, 7.0, 7.0 FINAL, 7.1 |
PHP-Nuke ‘public_message()’ Input Validation
|
High |
SB04-058 |
Francisco Burzi
PHP-Nuke 6.9 & prior |
PHPNuke Remote SQL Injection
|
High |
SB04-058 |
Francisco Burzi
PHP-Nuke 7.x & prior |
PHP-Nuke Survey Module SQL Injection |
High |
CyberNotes-2004-01 |
| Francisco Burzi
PHP-Nuke 1.0, 2.5, 3.0, 4.0, 4.3, 4.4, 4.4.1 a, 5.0, 5.0.1, 5.1, 5.2 a, 5.2, 5.3.1, 5.4-5.6, 6.0, 6.5, RC1-RC3, BETA1, FINAL, 6.6, 6.7, 6.9, 7.0, FINAL, 7.1-7.3
|
PHP-Nuke Multiple Vulnerabilities
|
Medium/ High
(High if arbitrary code can be executed; and Medium is sensitive information can be obtained, comments deleted, 0r journal entries added)
|
SB04-189 |
| Francisco Burzi
PHP-Nuke 6.0, 6.5, RC1-RC3, BETA 1, 6.6, 6.7, 6.9, 7.0, FINAL, 7.1-7.3
|
PHP-Nuke Multiple Input Validation |
Low/Medium/ High
(High if arbitrary code can be executed; Medium if sensitive information can be obtained; and Low if a DoS)
|
SB04-175 |
Francisco Burzi
PHP-Nuke 1.0 |
PHP-Nuke ‘Gbook’ Module Cross-Site Scripting |
High |
CyberNotes-2004-03 |
Francisco Burzi
PHP-Nuke 6.0, 6.5, RC1- RC3, 6.5 FINAL, 6.5 BETA1, 6.6, 6.7, 6.9, 7.0, 7.0 FINAL, 7.1 |
PHP-Nuke Image Tag Admin Command Execution |
|
SB04-091 |
Francisco Burzi
PHP-Nuke 6.0, 6.5, RC1- RC3, FINAL, BETA 1, 6.6, 6.7, 6.9, 7.0. FINAL, 7.1, 7.2 |
PHP-Nuke ‘cookie decode()’ Cross-Site Scripting |
|
SB04-119 |
Francisco Burzi
PHP-Nuke 6.0, 6.5, RC1-RC3, 6.5 BETA 1, FINAL, 6.6, 6.7, 6.9, 7.0, 7.0 FINAL, 7.1 |
PHP-Nuke 'News' & ‘Reviews’ Modules Cross-Site Scripting |
High |
SB04-058 |
Francisco Burzi
PHP-Nuke 6.0, 6.5, RC1-RC3, 6.5 FINAL, BETA 1, 6.6, 6.7, 6.9, 7.0 FINAL, 7.0, 7.1, 7.2 |
PHPNuke Multiple SQL ‘Modules.php’ |
Medium |
SB04-133 |
Francisco Burzi
PHP-Nuke 6.0, 6.5, RC1-RC3, FINAL, BETA 1, 6.6, 6.7, 6.9, 7.0, FINAL, 7.1, 7.2 |
PHP-Nuke Multiple SQL Injection Vulnerabilities |
Medium/ High
(High if arbitrary code can be executed)
|
SB04-119 |
Francisco Burzi
PHP-Nuke 6.9 & prior |
PHP-Nuke Multiple Vulnerabilities |
High |
CyberNotes-2004-03 |
Francisco Burzi
PHP-Nuke 7.1 |
PHP-Nuke Modules.php Multiple Cross-Site Scripting Vulnerabilities |
|
SB04-091 |
Francisco Burzi
PHP-Nuke 7.2 |
PHP-Nuke Multiple Video Gallery Module SQL Injection |
Medium |
SB04-133 |
Frank Pilhofer
UU-Deview 0.5.18, 0.5.19 |
UUDeview Insecure Temporary File Creation |
Low/ Medium
(Medium if data is lost)
|
SB04-077 |
Free Software Foundation
Ada ImgSvr 0.5 |
Ada ImgSvr Discloses Files to Remote Users and May Execute Arbitrary Code |
Medium |
SB04-203 |
FreeImage
FreeImage 3.0.0-3.0.4, 3.1 .0, 3.2 .0, 3.2.1, 3.3.0, 3.4 .0, 3.5 .0 |
FreeImage Interleaved Bitmap Image Buffer Overflow |
Low/High
(High if arbitrary code can be executed)
|
SB04-343 |
Fritz Berger
yappa-ng prior to 2.3.0 |
yappa-ng Access Control |
Low/Medium
(Medium if sensitive information can be obtained)
|
SB04-280 |
F-Secure
Internet Security 2004, Anti-Virus 2004, 2005, Anti-Virus Client Security 5.50, 5.52, 5.55, Anti-Virus for Linux Gateways 4.51, 4.52, 4.61, Anti-Virus for Linux Servers 4.51, 4.52, 4.61, Anti-Virus for Linux Workstations 4.51, 4.52, Anti-Virus for MIMEsweeper 5.41, 5.42, 5.50, Anti-Virus for MS Exchange 6.0 1, 6.2, 6.3, 6.21 6.30 Service Release 1, 6.31, Anti-Virus for Samba Servers 4.60, Anti-Virus for Windows Servers 5.41, 5.42, 5.50, Anti-Virus for Workstations 5.41, 5.42, 5.43, Anti-Virus Linux Client Security 5.0, Anti-Virus Linux Server Security 5.0, F-Secure for Firewalls 6.20, Internet Gatekeeper 6.3, 6.4, 6.31, 6.32, 6.41, Internet Gatekeeper for Linux 2.6, Internet Security 2005, Personal Express 4.5, 4.6, 4.7, 5.0 |
F-Secure Anti-Virus ZIP Archive Scanner Bypass |
High |
SB04-336 |
F-Secure
Policy Manager 5.11 |
F-Secure Policy Manager FSMSH.DLL CGI Path Disclosure |
Medium |
SB04-350 |
FuseTalk Inc.
FuseTalk 4.0 |
FuseTalk Cross-Site Scripting |
High |
SB04-294 |
| Fusion News 3.6.1 and prior |
Fusion News Lets Remote Users Add User Accounts on the Application |
Medium |
SB04-217 |
Fusionphp
Fusion News 3.6.1 |
Fusion News Cross-Site Scripting |
|
SB04-119 |
FuzzyMonkey.org
My Blog prior to 1.21 |
My Blog Input Validation Errors |
High |
SB04-280 |
FVWM
FVWM 2.4.17, 2.5.8 |
FVWM fvwm_make_ browse_menu. sh Scripts Command Execution |
|
SB04-091 |
FVWM
FVWM 2.4.17, 2.5.8 |
fvwm_make_ directory_ menu.sh Scripts Command Execution |
|
SB04-091 |
Gallery Project
Debian
Gentoo
Debian Linux 3.0 sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha;
Gallery Gallery 1.4 -pl1-pl2, 1.4-1.4.3 -p |
Mailing Lists & Feeds
