Note: All the information included in the
following tables has been discussed in newsgroups and on web
sites.
Multiple Operating Systems - Windows / UNIX / Linux / Other |
Vendor & Software Name |
Common Name |
Risk |
Bulletin Issue |
@lexPHPteam
@lex Guestbook |
@lex Guestbook Include File Remote Code Execution |
High |
SB04-280
SB04-273 |
0verkill
0verkill 0.15pre3 a & prior |
0verkill Game Client Multiple Buffer Overflows | High |
CyberNotes-2004-03 |
3Com
3CDaemon 2.0 revision 10 |
3Com 3CDaemon TFTP Service Remote Denial of Service |
Low |
SB04-357 |
| 3Com Corporation
SuperStack 3 Switch, Switch 4400.0 SE, 4400.0 PWR, 4400.0 FX, 4400.0
|
3Com SuperStack Switch Remote Denial of Service
|
Low |
SB04-189 |
3Com
OfficeConnect ADSL Wireless 11g Firewall Router Firmware 1.13, 1.23, 1.24, 1.27 |
3Com OfficeConnect ADSL Wireless 11g
Firewall Router Remote Denial of Service |
Low |
SB04-329
SB04-294 |
| 3Com
OfficeConnect Remote 812 ADSL Router, Router 1.1.9.4
|
OfficeConnect Remote 812 ADSL Router
Telnet Remote Buffer Overflow
CVE Name:
CAN-2004-0476
|
Low |
SB04-161 |
| 3Com
OfficeConnect Remote 812 ADSL, Router 1.1.9 .4
|
OfficeConnect Remote 812 ADSL Router
Web Interface Authentication Bypass
CVE Name:
CAN-2004-0477
|
High |
SB04-161 |
3Com
3Com Super Stack 3 NBX 4.0.17, 4.1.4, 4.1.21, 4.2.7 |
3Com SuperStack 3 NBX Netset
Application Port Scan Denial of Service |
Low |
SB04-133 |
3Com
3CRADSL72 Wireless Router |
3Com 3CRADSL72 ADSL Wireless
Router Information Disclosure & Authentication Bypass |
Medium/
High
(High if administrative access can be obtained)
|
SB04-294 |
| 4D Portal 1.5 |
4D Portal Default Password May Let
Remote Users Access the System |
Medium |
SB04-217
|
68 Designs
Froogle 1.x |
68 Designs Froogle Installation Security Issue |
Medium/ High
(High if arbitrary code can be executed)
|
SB04-357 |
Aborior
Encore Web Forum |
Encore Web Forum Remote Arbitrary
Command Execution |
|
SB04-105 |
Accipiter
Direct Server 6 |
DirectServer Directory Traversal |
Medium |
CyberNotes-2004-02 |
ACLogic
Cesar FTP |
CesarFTP Remote Denial of Service |
Low |
CyberNotes-2004-01 |
Active Campaign Inc.
Knowledge Builder |
Knowledge Builder Arbitrary Code Execution |
High |
CyberNotes-2004-01
CyberNotes-2004-02 |
Adam Webb
Nuke-Jokes 1.7, 2.0 Beta |
NukeJokes Module For PHP-Nuke
Multiple Input Validation |
Medium High
(High if arbitrary code can be executed)
|
SB04-133 |
Admin Access With Levels
Admin Access With Levels Plug-in 1.5.1 |
Admin Access With Levels Plug-in For
osCommerce Administrative Access |
High |
SB04-133 |
Adobe Systems Incorporated
Acrobat 6.0-6.0.2, Acrobat Reader 6.0-6.0.2 |
Adobe Acrobat/Acrobat Reader ETD
File Parser Format String
CVE Name:
CAN-2004-1153
|
High |
SB04-357 |
Adobe
Adobe Reader 6.x;
Adobe Acrobat 6.x |
Adobe Acrobat / Reader File Extension
Buffer Overflow Vulnerability |
High |
SB04-203 |
Ai Graphics & Joe Lumbroso
Jacks FormMail.php 2.0, 5.0 |
Jack's Formmail.php Input Validation |
High |
SB04-058 |
Aiptek Incorporated
NETCam Viewer 1.0.0.28 & prior |
AIPTEK NETCam Webserver Directory Traversal |
Medium |
CyberNotes-2004-02 |
| Albrecht Günther
PHProjekt 4.x |
Albrecht Günther PHProjekt "path_pre"
Parameter Arbitrary File Inclusion Vulnerability
|
High |
SB04-364 |
Albrecht Guenther
PHProjekt 2.0, 2.0.1, 2.1 a, 2.1-2.4, 3.0-3.2, 4.2 |
Albrecht Guenther PHProjekt 'setup.php' File Upload |
High |
SB04-357 |
Albrecht Guenther
PHProjekt 2.0, 2.0.1, 2.1 a, 2.1-2.4, 3.0-3.2, 4.2 |
PHProjekt 'setup.php' File Upload |
High |
SB04-350
SB04-343 |
Alcatel
Omni
Switch 7700, 7800
|
OmniSwitch 7000 Series Security
Scan Denial of Service |
Low |
SB04-077 |
Alcatel
SpeedTouch Pro With Firewall ADSL Router |
Alcatel Speed Touch Pro With Firewall
ADSL Router DNS Poisoning |
Low/Medium
(Low if a DoS)
|
SB04-322 |
alex.ilosuna.org
My Little Forum 1.3 |
My Little Forum ‘Email.PHP’ Cross-Site Scripting |
High |
CyberNotes-2004-01 |
Alivesites
Forum 2.0 |
AliveSites Forum Multiple Unspecified Remote Input Validation |
High |
SB04-294 |
All Enthusiast Inc.
Photopost PHP Pro 3.1-3.3, 4.0, 4.1, 4.6 |
Photopost PHP Pro Multiple Input Validation |
High |
SB04-105
CyberNotes-2004-03 |
All Enthusiast Inc.
Review Post PHP Pro 2.5.1 & prior |
ReviewPost PHP Pro Input Validation
|
High |
CyberNotes-2004-03 |
AllWebScripts
MySQLGuest |
MySQLGuest Cross-Site Scripting |
High |
SB04-273 |
America Online
AOL Instant Messenger (AIM) 5.5 |
AOL Instant Messenger aim:goaway URI Handler Buffer Overflow Vulnerability |
High |
SB04-252
SB04-231 |
America Online, Inc.
AOL |
Groups@AOL Group Invitation |
Medium |
SB04-273 |
America OnLine
America Online Webmail |
AOL Web Mail 'msglist.adp' Cross-Site Scripting |
High |
SB04-301 |
America OnLine
AOL
|
AOL Journals Email Address Disclosure |
Medium |
SB04-301 |
Andy's PHP Projects
Andy's PHP Man Page Lookup |
Andy's PHP Projects Man Page Remote Information Disclosure |
Medium |
CyberNotes-2004-02 |
AntoineBajolet
PhpDig 1.6.x |
PHPDig Remote Command Execution
CVE Name:
CAN-2004-0068 |
High |
CyberNotes-2004-02 |
Apache Software Foundation
Apple
Mandrake
Trustix
Apache 2.0.47 2.0.49 |
Apache ap_escape_html Remote
Denial of Service
CVE Name:
CAN-2004-0493
|
Low |
SB04-231
SB04-189 |
Apache Software Foundation
Gentoo
Mandrake
OpenBSD
OpenPKG
RedHat
SGI
Tinysofa
Trustix
Apache 1.3-2.0.49
|
Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow Vulnerability
CVE Name:
CAN-2004-0488
|
Low/ High
(High if arbitrary code can be executed)
|
SB04-189
SB04-161 |
Apache Software Foundation
Apache 1.3.29 & prior |
Apache mod_digest Replayed Response Validation
CVE Name:
CAN-2003-0987
|
Medium |
CyberNotes-2004-03 |
Apache Software Foundation
Xerces C++ 2.5 .0 |
Xerces C++ XML Parsing Remote Denial of Service |
Low |
SB04-280 |
Apache Software Foundation
Apache 1.0, 1.0.2, 1.0.3, 1.0.5, 1.1, 1.1.1, 1.2, 1.2.5, 1.3, 1.3.1, 1.3.3, 1.3.4, 1.3.6, 1.3.7 –dev, 1.3.9, 1.3.11, 1.3.12, 1.3.14, 1.3.17- 1.3.20, 1.3.22- 1.3.29, 2.0 a9, 2.0, 2.0.28 Beta, 2.0.28, 2.0.32, 2.0.35- 2.0.48 |
Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness |
Medium |
SB04-091 |
Apache Software Foundation
Apache 1.3.29 & prior |
Apache ebcdic2ascii() Buffer Overflow |
High |
SB04-119 |
Apache Software Foundation
Jakarta Lucene 1.4.2 |
Apache Jakarta Results.JSP Remote Cross-Site Scripting |
High |
SB04-343 |
APC
WEB/ SNMP Management Card (9606) Firmware 3.0, 3.0.1 |
SmartSlot Web/SNMP Management Card Default Password |
Medium |
SB04-058 |
Apple
Apple Macintosh OS X
Safari 1.x |
Mac OS X Security Update Fixes Multiple Vulnerabilities |
High |
SB04-231 |
Apple
iTunes Player 4.2.72, Quick Time Player 6, 5.0.2, 6.1, 6.5 |
Apple QuickTime Sample-to-Chunk Integer Overflow
CVE Name:
CAN-2004-0431
|
Low/ High
(High if arbitrary code can be executed)
|
SB04-133 |
AppServ
Open Project 2.4-2.4.2, 2.5-2.5.2 |
AppServ Open Project Remote Insecure Default Password |
Medium |
SB04-329 |
Aprox Portal
Aprox Portal 3.x |
Aprox Portal Directory Traversal & Arbitrary Code Execution |
Medium/ High
(High if arbitrary code can be executed)
|
CyberNotes-2004-03 |
Arash Moslehi
iWebNegar |
Arash Moslehi IWebNegar Input Validation
|
High |
SB04-357 |
artmedic webdesign
Artmedic Hpmaker |
Artmedic Webdesign Hpmaker 'index.php' script |
Medium/ High
(High if arbitrary code can be executed)
|
SB04-119 |
artmedic webdesign
artmedic kleinanzeigen |
artmedic kleinanzeigen Inclusion of Arbitrary Files |
Medium |
SB04-217 |
Asante
FM2008 Managed Ethernet Switch v01.06 |
Asante FM2008 Managed Ethernet Switch Default Backdoor |
High |
SB04-357 |
ASN.1
ASN.1 Compiler 0.9.4 |
ASN1 Multiple Vulnerabilities |
Not Specified |
SB04-294 |
ASP-Nuke
ASP-Nuke |
ASP-Nuke Remote Remote Unauthorized Access |
Medium |
CyberNotes-2004-01 |
| Asterisk
Asterisk 0.7 .0-0.7.2
|
Asterisk PBX Multiple Logging Format String Vulnerabilities |
High |
SB04-189 |
AWStats
AWStats 5.0-5.9, 6.0-6.2 |
AWStats 'awstats.pl' Input Validation |
High |
SB04-245 |
Axis Communications
Firmware Version 2.40; Axis 2100/2110/2120/2420/2130, Network Camera, 2400/2401 Video Server |
Axis Network Camera And Video Server Multiple Vulnerabilities
|
Medium/High
(High if arbitrary commands can be executed)
|
SB04-252
SB04-245 |
Axis Communications
StorPoint CD |
StorPoint CD Administrative Backdoor |
High |
SB04-245 |
AzDG
AzDGDatingLite 2.1.1 |
AzDGDating Lite Cross-Site Scripting Vulnerabilities
|
|
SB04-105 |
Baal Systems
Baal Smart Forms 3.x |
Baal Smart Forms 'Admin Change Password' Security Restriction |
High |
SB04-273 |
bblog.com
bBlog 0.7.2, bBlog 0.7.3 |
BBlog RSS.PHP Input Validation |
High |
SB04-280 |
| BEA Systems Inc.
WebLogic Server and WebLogic Express
|
Weblogic & Web Express Unauthorized Access
CVE Name:
CAN-2004-0470
|
Medium |
SB04-175 |
| BEA Systems Inc.
WebLogic Server and WebLogic Express
|
WebLogic Server and WebLogic Express Site Restriction |
Medium |
SB04-147 |
| BEA Systems Inc.
WebLogic Server and WebLogic Express
|
WebLogic Server and WebLogic Express weblogic.xml Access |
Medium |
SB04-147 |
BEA Systems
WebLogic Server & Express 6.1 SP6, 7.0 SP4, 8.1 SP2; and prior service packs |
WebLogic Command & Administrative Scripts Password Disclosure |
Medium |
SB04-259 |
BEA Systems
WebLogic Server & Express 6.1 SP6, 7.0 SP5, 8.1 SP2; and prior service packs |
WebLogic Case-Sensitive 'web.xml' Patterns |
Medium |
SB04-259 |
BEA Systems
WebLogic Server & Express 6.1 SP6, 7.0 SP5, 8.1 SP3; and prior service packs |
WebLogic System Version Information Disclosure |
Medium |
SB04-259 |
BEA Systems
WebLogic Server & Express 7.0 SP5, 8.1 SP2; and prior |
WebLogic 'weblogic.Admin' commands |
Medium/High
(High if arbitrary code can be executed)
|
SB04-259 |
BEA Systems
WebLogic Server & Express 7.0 SP5, 8.1 SP2; and prior service packs |
WebLogic Active Directory LDAP Disabled User's Accounts |
Medium |
SB04-259 |
BEA Systems
WebLogic Server & Express 7.0 SP5, 8.1 SP2; and prior service packs |
WebLogic Server Incomplete Security Deployment |
Medium |
SB04-259 |
BEA Systems
WebLogic Server & Express 7.0, 8.1 |
WebLogic Clear Text Sensitive Information Transmit |
Medium |
SB04-259 |
BEA Systems
WebLogic Server & Express 7.0, 8.1 |
WebLogic Information Disclosure |
Medium |
SB04-259 |
BEA Systems, Inc.
WebLogic Express 8.1, SP1&SP2, WebLogic Express for Win32 8.1, SP1&SP2, Weblogic Server 8.1, SP1&SP2, WebLogic Server for Win32 8.1, SP1&SP2
|
BEA WebLogic Server & WebLogic Express Remote Denial of Service
|
Low |
SB04-175 |
BEA Systems, Inc.
WebLogic Server 8.x, WebLogic Express 8.x |
WebLogic Ant Tasks Administrative Password Disclosure |
Medium |
CyberNotes-2004-02 |
BEA Systems, Inc.
WebLogic Server and Express 7.0, SP1-SP4, |
WebLogic Server User Identity Failure |
Medium |
SB04-105 |
BEA Systems, Inc.
WebLogic Server and Express 8.1 |
WebLogic Server Administrator Password Cleartext Storage |
Medium |
SB04-105 |
| BEA Systems, Inc.
WebLogic Express 6.1, SP1-SP6, 7.0.0.1, SP1-SP4, 7.0, SP1-SP5, 8.1, SP1&SP2, WebLogic Express for Win32 6.1, SP1-SP 6, 7.0 .0.1, SP1&SP2, 7.0, SP1-SP5, 8.1, SP1&SP2, Weblogic Server 6.1, SP1-SP6, 7.0.0.1, SP1-SP4, 7.0, SP1-SP5, 8.1, SP1&SP2, WebLogic Server for Win32 6.1, SP1-SP 6, 7.0 .0.1, SP1&SP2, 7.0, SP1-SP5, 8.1, SP1&SP2
|
BEA WebLogic Server & WebLogic Express Java RMI Incorrect Session Inheritance |
Medium |
SB04-175 |
| BEA Systems, Inc.
WebLogic Express 7.0, SP1-SP5, 8.1, SP1&SP2, WebLogic Express for Win32 7.0, SP1-SP5, 8.1, SP1&SP2, Weblogic Server 7.0, SP1-SP5, 8.1, SP1&SP2, WebLogic Server for Win32 7.0, SP1-SP5, 8.1, SP1&SP2
|
BEA WebLogic Server & WebLogic Express role-name Unauthorized Access
|
Medium |
SB04-189 |
BEA Systems, Inc.
WebLogic Express & Server 6.1, SP1-SP6, 7.0, SP1-SP4, 8.1, SP1&SP2, Win32 6.1, SP1-SP6, Win32 7.0, SP1-SP4, Win32 8.1, SP1&SP2 |
WebLogic Server/Express EJB Object Removal Remote Denial of Service
|
Low |
SB04-119 |
BEA Systems, Inc.
WebLogic Express & Server 6.1, SP1-SP6, 7.0, SP1-SP4, 8.1, SP1&SP2, Win32 6.1, SP1-SP6, Win32 7.0, SP1-SP4, Win32 8.1, SP1&SP2 |
WebLogic Server/Express Potential Password Disclosure |
Medium |
SB04-119 |
BEA Systems, Inc.
WebLogic Express & Server 7.0 .0.1, SP1-SP4, 7.0, SP1-SP4, 8.1, SP1&SP2, Win32 7.0.0.1, SP1&SP2, Win32 7.0, SP1-SP4, Win32 8.1, SP1&SP2 |
WebLogic Server/Express Password Disclosure Vulnerability |
|
SB04-119 |
BEA Systems, Inc.
WebLogic Express & Server 7.0, SP1-SP4, 8.1, SP1&SP2, Win32 7.0, SP1-SP4, Win32 8.1, SP1&SP2 |
WebLogic Server/Express Authentication Provider Privilege Inheritance |
|
SB04-119 |
BEA Systems, Inc.
WebLogic Express & Server 7.0, SP1-SP4, 8.1, SP1&SP2, Win32 7.0, SP1-SP4, Win32 8.1, SP1&SP2 |
WebLogic Server/Express Certificate Chain User Impersonation |
Medium |
SB04-119 |
BEA Systems, Inc.
WebLogic Express & Server 7.0, SP1-SP4, 8.1, SP1, Win32 7.0, SP1-SP4, Win32 8.1, SP1 |
Server & WebLogic Express Illegal URI Pattern Potential |
Medium |
SB04-119 |
BEA Systems, Inc.
WebLogic Express & Server 8.1, SP1&SP2, Win32 8.1, SP1&SP2 |
WebLogic Server/Express 'config.sh' & 'config.cmd' Information Disclosure |
|
SB04-119 |
Belchior Foundry
vCard 2.8 |
VCard Authentication Bypass |
Medium |
SB04-091 |
Ben3W
2Bgal 2.4 and 2.5.1 |
Ben3W 2Bgal "id_album" SQL Injection Vulnerability |
High |
SB04-364 |
| Billion Electric Co. Ltd.
BIPAC-640 AE 3.33
|
Billion BIPAC 640 AE Authentication Bypass
|
Medium |
SB04-175 |
Black board
Black board 5.0, 5.0.2, 5.5, 5.5.1, 6.0 |
Blackboard Learning System Multiple Cross-Site Scripting |
|
SB04-119 |
| Blackboard, Inc.
Blackboard 6.0
|
Blackboard Learning System ‘Digital Dropbox’ Information Disclosure |
Medium |
SB04-175 |
| blosxom.com
Blosxom 2.0
|
Blosxom ‘Writeback’ Plug-in Cross-Site Scripting
|
High |
SB04-175 |
| Blue Coat Systems
ProxySG 3.x
|
Potential Compromise of Private Keys |
Low |
SB04-147 |
BN Soft
Boast Machine 2.6 |
BoastMachine Comment Form HTML Injection |
High |
CyberNotes-2004-01 |
Bodington
Bodington 2.1.0 RC1 & prior |
Bodington Uploaded File Disclosure |
Medium |
CyberNotes-2004-03 |
Bolin Tech
Dream FTP Server 1.02 |
BolinTech Dream FTP Server User Name Format String |
Low/ High
(High if arbitrary code can be executed)
|
SB04-077
SB04-058 |
BolinTech
Dream FTP Server 1.02 |
Dream FTP Server Format String
|
Low/ High
(High if arbitrary code can be executed)
|
SB04-077 |
Borland/ Inprise
Interbase 4.0, 5.0, 6.0, 6.4, 6.5, 7.0, 7.1 |
Borland Interbase Unsafe Default Permissions |
Medium |
SB04-091 |
BosDev, Inc.
BosDates 3.0-3.2
|
BosDates Input Validation
|
Medium |
SB04-058 |
Brandon Tallent
AntiBoard 0.7.3 |
AntiBoard Input Validation |
High |
SB04-315 |
| British Telcom
Voyager 2000 Wireless ADSL Router
|
BT Voyager 2000 Wireless ADSL Router Password Disclosure |
Medium |
SB04-189 |
brooky.com
CubeCart 2.0.1 |
CubeCart Input Validation |
Medium |
SB04-301
SB04-287 |
Business Objects
Crystal Enterprise 8.5, 9, and 10 |
Business Objects Crystal Enterprise Filtering Flaw |
High |
SB04-364 |
Business Objects
InfoView 5.1.4-5.1.8,
WebIntelligence 2.7-2.7.4 |
|
Medium/High
(High if arbitrary code can be executed)
|
SB04-266 |
Byungchan Kim
JSBoard 2.0.7, 2.0.8, JSBoard-win32 1.3.11 |
Byungchan Kim JSBoard 'parse.php' Arbitrary Code Execution |
High |
SB04-357 |
C. Szymanski
Cerbère Proxy Server 1.2 |
Cerbère Proxy Server Remote Denial of Service |
Low |
SB04-252 |
Canon
imageRUNNER IR5000i |
Canon imageRunner Promiscuous Email Printing |
Medium |
SB04-273 |
Canon
VB-C10R Network Camera Firmware 1.0 Rev. 21 |
VB-C10R Network Camera Cross-Site Scripting |
High |
CyberNotes-2004-01 |
| Canon
imageRUNNER 210, 210S
|
ImageRUNNER Port Scan Remote Denial of Service
|
Low |
SB04-161 |
Centrinity
FirstClass 5.50, 5.77, 7.0, 7.1 |
FirstClass ‘Upload.shtml’ Script Cross-Site Scripting
|
|
SB04-091 |
| CGISCRIPT.NET
csFAQ, 1.0
|
csFAQ Installation Path Disclosure
|
Medium |
SB04-189 |
Chaogic Systems
vHost 3.05 r1-r6, 3.0 4r1, 3.0 3r1, 3.02r1 & r2, 3.01r1, 3.0 0r1-r6 |
VHost Cross-Site Scripting
|
High |
SB04-077 |
Check Point Software Technologies
Check Point VPN-1/FireWall-1 VSX NG;
Check Point VPN-1/FireWall-1 NG with Application Intelligence (AI);
Check Point VPN-1/Firewall-1 NG;
Check Point VPN-1 SecuRemote;
Check Point VPN-1 SecureClient;
Check Point SSL Network Extender;
Check Point Provider-1;
Check Point FireWall-1 GX 2.x |
Check Point VPN-1 ASN.1 Decoding Heap Overflow Vulnerability |
High |
SB04-217 |
| Check Point Software
Firewall-1 4.0, SP1-SP8, 4.1, SP1-SP6, Next Generation, FP3, HF1&HF2, FP2, FP1, NG-AI R55, NG-AI R54, NG-AI
|
Check Point Firewall-1 Internet Key Exchange Information Disclosure |
Medium |
SB04-175 |
Check Point Software
FireWall-1 GX 2.0, VSX 2.0.1, VSX NG with Application Intelligence, Next Generation FP3. HF1&2, NG-AI R55, NG-AI R54, Secure Client NG with Application Intelligence R56, Secu Remote NG with Application Intelligence R56, VPN-1 VSX 2.0.1, VPN-1 VSX NG with Application Intelligence |
VPN-1 ISAKMP Remote Buffer Overflow
|
|
SB04-133 |
Check Point Software
Firewall-1 NG FCS, NG FP1- FP3, HF2. NG with Application Intelligence R54 & R55 |
Multiple Firewall-1 Format String Vulnerabilities
CVE Name:
CAN-2004-0039
|
High |
CyberNotes-2004-03 |
Check Point Software
Smart Dashboard |
Firewall-1 SmartDashboard Filter Buffer Overflow |
|
SB04-091 |
Check Point Software
VNP-1-1 4.1, SP1-SP6; Secu Remote/ Secure Client 4.1 build 4200 & prior, NG FP0, FP1 |
|
High |
CyberNotes-2004-03 |
Cherokee
Cherokee 0.x |
Cherokee HTTP Post Remote Denial of Service |
Low |
CyberNotes-2004-01 |
Chi Kien Uong
Advanced Guest-book 2.2 |
Advanced Guestbook Input Validation |
|
SB04-119 |
| Cisco Systems ,
Catalyst 6000 series, 5000 series, 4500 series, 4000 series, 2948G, 2980G, 2980G-A, 4912G, 2901, 2902, 2926[T,F,GS,GL], 2948
|
|
Low |
SB04-175 |
| Cisco Systems ,
IOS 11.x, 12.x, R11.x, R12.x
|
Cisco IOS Border Gateway Protocol Remote Denial of Service
|
Low |
SB04-175 |
Cisco Systems
Cisco IOS 12.x, R12.x |
Cisco Internet Operating System SNMP Message Processing Remote
Denial of Service
|
Low |
SB04-133
SB04-119 |
Cisco Systems
IOS 12.0S, 12.2, 12.3 |
IOS OSPF Remote Denial of Service |
Low |
SB04-245 |
Cisco Systems
IOS 6000, 6500, 7600 routers only; 12.1E, 12.2SY, 12.2ZA |
Cisco IOS MSFC2 Malformed Layer 2 Frame Denial of Service |
Low |
CyberNotes-2004-03 |
Cisco Systems,
2650 Multiservice Platform, 2650XM Multiservice Platform, 2651 Multiservice Platform, 2651XM Multiservice Platform,
Cisco 7200, 7300, 7500, 7600, Catalyst 7600 Sup720/MSFC3,
IOS 12.2 (18)SW, 12.2 (18)SV, 12.2 (18)SE, 12.2 (18)S,12.2 (18)EWA, 12.2 (18)EW, 12.2 (14)SZ |
Cisco IOS DHCP Input Queue Blocking Remote Denial of Service |
Low |
SB04-343
SB04-322 |
Cisco Systems, Inc.
Catalyst 6500, 2.1, 2.3, 3.1, 5.4, 7.5, 7.6, Catalyst 7600 2.1, 2.2, 3.1, Firewall Services Module, Firewall Services Module 1.1.2 |
Multiple Cisco FWSM Vulnerabilities
CVE Names:
CAN-2003-1001
CAN-2003-1002
|
Low/High
(High if arbitrary code can be executed) |
CyberNotes-2004-01 |
Cisco Systems, Inc.
Cisco PIX 6.x, 5.x, 4.x
|
Multiple Cisco PIX Remote Denial Of Service
CVE Names:
CAN-2003-1003
CAN-2003-1004 |
Low |
CyberNotes-2004-01 |
Cisco Systems
Anomaly Detector 3.0 8, Guard 3.0 8.12, 3.0 8 |
Cisco Guard & Traffic Anomaly Detector Default Backdoor |
High |
SB04-357 |
Cisco Systems
ATA-186 |
ATA-186 HTTP Device Configuration Disclosure & Web Administration Authentication Bypass
CVE Name:
CAN-2002-0769
|
Medium |
SB04-105 |
Cisco Systems
Catalyst 4000 and 5000 images running version 4.5(2) up to 5.5(4) and
5.5(4a);
Catalyst 6000 images running version 5.3(1)CSX, up to and including 5.5(4),
5.5(4a)
|
Cisco Catalyst Memory Leak Denial of Service |
Low |
SB04-105 |
Cisco Systems
CBOS 2.3.9, 2.3.8, 2.3.7.002, 2.3.7, 2.3.5.015, 2.3.5, 2.3.2, 2.2.1a, 2.2.1, 2.2.0, 2.1.0a, 2.1.0, 2.0.1, 2.3 .053, 2.3, 2.4.1, 2.4.2b, 2.4.2ap, 2.4.2, 2.4.3, 2.4.4 |
Cisco Broadband Operating System Remote Denial of Service Vulnerabilities |
Low |
SB04-105 |
Cisco Systems
Cisco 627, 633, 673, 675, 675E, 677, 677I, 678 |
Cisco 600 Series Router Web Management Service Remote
Denial of Service
|
Low |
SB04-105 |
Cisco Systems
Cisco Catalyst 3500 XL |
Cisco Catalyst Remote Arbitrary Command Execution
CVE Name:
CVE-2000-0945
|
|
SB04-105 |
Cisco Systems
Cisco IOS 11.2(11) |
Cisco IOS RST-ACK Packet Access Control Bypass |
Medium |
SB04-105 |
Cisco Systems
Cisco IOS versions
12.0-12.1
|
Cisco IOS “?/” HTTP Request Denial of Service
CVE Name:
CVE-2000-0380
|
Low |
SB04-105 |
Cisco Systems
Cisco VPN Client for Linux 3.5.1, 3.5.2 B, 3.5.2, 3.5.4, 3.6, 3.6.1, VPN Client for Windows 2.0, 3.0, 3.0.5, 3.1, 3.5.1 C, 3.5.1, 3.5.2 B, 3.5.2, 3.5.4, 3.6 (Rel), 3.6, 3.6.1, 4.0.2 C, 4.0.2 A |
Cisco IPsec VPN Client Group Password Disclosure |
Medium |
SB04-119 |
Cisco Systems
CSS11000 Content Services Switch, CSS11050 Content Services Switch, CSS11150 Content Services Switch, CSS11800 Content Services Switch |
Cisco Content Service Switch Management Port UDP Denial of Service |
Low |
SB04-077 |
Cisco Systems
Hosting Solution Engine 1105 1.7-1.7.3, Wireless Lan Solution Engine 1105 2.0, 2.0.2, 2.5, 1130 2.0.2, 2.0, 2.0.5 |
Cisco WLSE/HSE Devices Default Username and Password |
Low/ Medium/ High
(Low if a DoS; Medium if sensitive information is obtained; and High if system control is obtained)
|
SB04-105 |
Cisco Systems
IOS 11.0, 11.2x, 11.3x, 12.0x |
|
Low |
SB04-105 |
Cisco Systems
IOS 11.3 & later |
Cisco IOS HTTP Configuration Arbitrary Administrative Access
CVE Name:
CVE-2001-0537
|
|
SB04-105 |
Cisco Systems
IOS 12.0-12.2 |
|
Low |
SB04-105 |
Cisco Systems
IOS 12.2 ZA, SY, SXB, SXA, (17a) SXA, (14)ZA2, (14)ZA, (14)SY |
IOS Malformed IKE Packet Remote Denial of Service
|
Low |
SB04-105 |
Cisco Systems
IOS R12.x, 12.x
|
Cisco IOS Telnet Service Remote Denial of Service |
Low |
SB04-315
SB04-301
SB04-245 |
Cisco Systems
ONS 15327 Edge Optical Transport Platform, ONS 15454 Optical Transport Platform, ONS 15454 SDH Multiplexor Platform, 15600 Multi-service Switching Platform
|
Cisco ONS Platform Vulnerabilities |
Low/Medium
(Medium if sensitive information can be obtained or unauthorized access is obtained)
|
SB04-077 |
Cisco Systems
Unity Server 2.0-2.4, 2.46, 3.0-3.3, 4.0 |
Cisco Unity With Exchange Default User Accounts and Passwords |
High |
SB04-357 |
Cisco
Cisco ONS 15327, 15454, and 15454 SDH; prior to 4.6(2)
Cisco ONS 15600 |
Cisco ONS Control Cards Malformed Packet Vulnerabilities |
High |
SB04-217 |
Cisco
ServletExec 3.x, 2.x
Cisco Collaboration Server (CSS) 3.x, 4.x
|
Cisco Collaboration Server ServletExec Arbitrary File Upload Vulnerability |
High |
SB04-217 |
cjoverkill.icefire.org
CJOverkill 4.0.3 |
CJOverkill Cross-Site Scripting |
High |
SB04-287 |
clientexec.com
ClientExec 2.2.1 |
ClientExec Default Installation Information Disclosure |
Medium |
SB04-294 |
Codestriker
Codestriker 1.7-1.7.8, 1.8-1.8.4 |
Codestriker Repository Access Control Bypass |
Medium |
SB04-350 |
Comersus Open Technologies
Comersus Shopping Cart 5.098 |
Comersus SQL Injection and Cross-Site Scripting Vulnerabilities |
High |
SB04-217 |
Comersus Open Technologies
Comersus Shopping Cart 5.x, 4.x |
Comersus Shopping Cart Cross-Site Scripting and Price Manipulation |
Medium |
SB04-203 |
Computer Associates
Unicenter TNG 2.4, 2.4.2 |
Unicenter TNG Utilities Multiple Remote Buffer Overflow Vulnerabilities |
High |
SB04-077 |
Conceptronic
CADSLR1 Router with firmware version 3.04n |
Conceptronic CADSLR1 Router Denial of Service Vulnerability |
Low |
SB04-217 |
Concurrent Versions Systems (CVS) 1.11 |
CVS Undocumented Flag Information Disclosure Vulnerability
CVE Name:
CAN-2004-0778 |
Low |
SB04-231 |
Content Management System
DCP-Portal 3.7, 4.0, 4.1, 4.2, 4.5.1, 5.0.1, 5.0.2, 5.1, 5.2, 5.3, 5.3.1, 5.3.2 |
DCP-Portal Multiple Cross-Site Scripting Vulnerabilities |
High |
SB04-287 |
Course Forum Technologies
Project Forum 8.4.2 .1 |
ProjectForum Denial of Service & Cross-Site Scripting |
Low/High
(High if arbitrary code can be executed) |
CyberNotes-2004-01 |
cphp.sourceforge.net
CoolPHP Web Portal 1.0 -stable |
CoolPHP Multiple Remote Input Validation |
Medium/
High
(High if arbitrary code can be executed)
|
SB04-294 |
| craftysyntax.com
Crafty Syntax Live Help 2.7.3
|
Crafty Syntax Live Help Multiple HTML Injection |
High |
SB04-161 |
Craig Knudsen
WebCalendar 0.9.8, 0.9.11, 0.9.15, 0.9.16, 0.9.19-0.9.44 |
Craig Knudsen WebCalendar Multiple Remote Vulnerabilities |
Medium/High
(High if arbitrary code can be executed)
|
SB04-322 |
Crossday
Discuz! Board 2.x, 3.x |
Discuz! Cross-Site Scripting |
High |
CyberNotes-2004-03 |
| CuteNews 1.3.1 |
CuteNews "archive" Parameter Cross-Site Scripting Vulnerability |
High |
SB04-231 |
CutePHP
CuteNews 0.88, 1.3, 1.3.1
|
CuteNews Multiple Cross-Site Scripting |
|
SB04-189 |
CutePHP
CuteNews 0.88, 1.3, 1.3.1, 1.3.2, 1.3.6 |
CutePHP Cross-Site Scripting |
High |
SB04-252 |
Dame Ware Development LLC
Mini Remote Control Server 3.70.0.0, 3.71.0.0, 3.72.0.0 |
Mini Remote Control Buffer Overflow |
High |
CyberNotes-2004-02 |
Darryl Burgdorf
WebLibs 1.0 |
Darryl Burgdorf WebLibs Directory Traversal |
Medium |
SB04-350 |
David Djurback
chacmool Private Message System 1.1.3 |
David Djurback Chacmool Private Message System Multiple Vulnerabilities
|
Medium/High
(High if arbitrary code can be executed)
|
SB04-322 |
Delegate.org
DeleGate 7.7 .0, 7.7.1, 7.8.0- 7.8.2, 7.9.11, 8.3.3, 8.3.4, 8.4.0, 8.5.0, 8.9- 8.9.2 |
DeleGate SSLway Filter Remote Buffer Overflow
|
High |
SB04-133 |
Dell
Open Manage Web Server 3.4, 3.7 |
OpenManage Web Server POST Request Heap Overflow |
High |
SB04-077 |
Der Herberlin
Brem Server 1.2.4 & prior |
BremsServer Cross-Site Scripting & Directory Traversal |
Medium/ High
(High if arbitrary code can be executed)
|
CyberNotes-2004-03 |
DevoyBB
DevoyBB Web Forum 1.0 |
DevoyBB Forum Multiple Unspecified Remote Input Validation
|
High |
SB04-294 |
Digital Illusions
Battlefield 1942 1.6.19, Battlefield Vietnam 1.2 |
Digital Illusions Multiple Games Remote Denial of Service |
Low |
SB04-350 |
D-Link
DCS-900 Internet Camera 2.10, 2.20, 2.28 |
DCS-900 Internet Camera Configuration Manipulation |
Low |
SB04-252 |
D-Link Systems
D-Link DI-624 wireless router, firmware release 1.28 for Revision B. |
D-Link DI-624 Multiple Vulnerabilities
|
Medium |
SB04-203 |
| D-Link
DI-604, DI-614+ 2.30
|
D-Link DI-614+ Router Denial of Service
|
Low |
SB04-189 |
| D-Link
DI-614+ 2.0 f, 2.0 3g, 2.0 3, 2.0, 2.10, 2.18, Dl-704 2.56 b6, 2.56 b5, 2.60 b2
|
D-Link ‘HOSTNAME’ Input Validation |
High |
SB04-189 |
Dom Lachowicz
Fedora
AbiWord 2.0.7 and prior |
AbiWord "wv" Library Buffer Overflow Vulnerability |
Medium |
SB04-217 |
| DSM
Light Web File Browser 2.0
|
DSM Light Explorer.EXE Directory Traversal Vulnerability |
High |
SB04-147 |
DUware
Ducalendar 1.0, 1.1, Declassified 4.0, 4.1, Dudirectory 3.0, Dudownload 1.0, Dugallery 3.0-3.3, Dupics 3.0, Duportal 3.0, Duarticle 1.0, Duclassmate 1.0, Dupoll 3.0, Dunews 1.0, Duamazon 3.0, Dupaypal 3.0, Dufaq 1.0, Duforum 3.0 |
Multiple DUware Software Authentication Vulnerabilities |
High |
CyberNotes-2004-02 |
DUware
DUportal 3.0 SQL, 3.0, Pro 3.2 SQL, Pro 3.2 |
DUportal Multiple Remote Vulnerabilities |
Medium/High
(High if arbitrary code can be executed) |
CyberNotes-2004-01 |
Duware
DUclassified
|
DUclassified Input Validation Vulnerabilities |
High |
SB04-287 |
Duware
DUclassmate |
DUclassmate Password Change Request |
Medium |
SB04-287 |
DUware
DUforum
|
DUforum Input Validation Vulnerabilities |
High |
SB04-287 |
DUware
DUgallery |
DUgallery Database Disclosure |
High |
SB04-322 |
Dynalink
RTA 230 ADSL Router |
Dynalink RTA 230 ADSL Router Default Backdoor Account
|
High |
SB04-252 |
Dynix
WebPac |
WebPAC Input Validation |
High |
SB04-245 |
| e107 |
e107 Input Validation Flaw in 'log.php' Lets Remote Users Conduct Cross-Site Scripting Attacks |
High |
SB04-147 |
e107 Group
e107 |
e107 website system Include File Flaw |
High |
SB04-364 |
| e107.org
e107 website system 0.6 10 -0.6 15a, 0.545, 0.554, 0.555 Beta, 0.603
|
e107 'usersettings.php' Cross-Site Scripting
|
High |
SB04-161 |
| e107.org
e107 website system 0.6 15a, 0.6 15
|
e107 Website System Multiple Vulnerabilities
|
High |
SB04-161 |
e107.org
e107 website system 0.6 10-0.6 14, 0.545, 0.554, 0.555, 0.603 |
e107 Website System Multiple Script HTML Injection |
High |
SB04-133 |
| EasyWeb FileManager 1.0 RC-1 for PostNuke |
EasyWeb FileManager "pathext" Directory Traversal |
Medium |
SB04-217 |
Ecommerce Corporation
Online Store Kit 3.0 Standard, 3.0 Pro, 3.0 Lite |
Online Store Kit Multiple Vulnerabilities
|
High |
SB04-058 |
EDIMAX Technology Co.
AR-6004 Broad band Router |
AR-6004 ADSL Router Management Interface Cross-Site Scripting |
High |
CyberNotes-2004-01 |
| EDIMAX Technology Co.
Edimax 7205APL 2.40 a-00
|
Edimax EW-7205APL Default Account & Password Disclosure
|
High |
SB04-175 |
eGroupWare.org
eGroupWare prior to 1.0.00.006 |
eGroupWare JiNN Directory Traversal |
Medium |
SB04-315 |
eGroupWare.org
GroupWare 1.0, 1.0.3 |
EGroupWare Multiple Input Validation |
High |
SB04-252
SB04-245 |
Endonesia.Com
eNdonesia 8.3 |
eNdonesia 'mod.php' Input Validation Vulnerability in Search 'query' Parameter Permits Cross-Site Scripting Attacks |
High |
SB04-231 |
| Enterasys
XSR-1805 7.0 .0.0, 1850 7.0 .0.0
|
Enterasys XSR-1800 Security Router Remote Denial of Service
|
Low |
SB04-189 |
| Entrust LibKMP ISAKMP Library |
|
Low/High
(High if arbitrary code can be executed)
|
SB04-245 |
| Epic Games
ARUSH Devastation 390.0;
DreamForge TNN; Outdoors Pro Hunter;
Epic Games Unreal Engine 436, 433, 226f, Unreal Tournament 451b, 2003 2225 win32, 2225 macOS, 2199 win32, 2199 macOS, 2199 linux, 2004 win32, macOS; Infogrames TacticalOps 3.4, Infogrames X-com Enforcer; Ion Storm DeusEx 1.112 fm; Nerf Arena Blast Nerf Arena Blast 1.2; Rage Software Mobile Forces 20000.0; Robert Jordan Wheel of Time 333.0 b; Running With Scissors Postal 2 1337
|
Epic Games Unreal Engine ‘Secure” Query Buffer Overflow |
|
SB04-189
SB04-175 |
Epic Games
Unreal Engine 436, 433, 226f, Unreal Tournament 2003 2199 win32, 2003 2199 linux, 2003 Demo Version 2206 win32, 2003 Demo Version 2206 linux, Unreal Tournament Server 436.0 |
Epic Games Unreal Tournament Server Engine Remote Format String |
Low/ High
(High if arbitrary code can be executed)
|
SB04-077 |
Epic Games
Unreal Engine 436, 433, Unreal Tournament 451b, 2003 2225 win32, macOS, 2003 2199 win32, macOS |
Unreal Game Engine UMOD Input Validation
|
Medium |
SB04-119 |
Ethereal Group
Ethereal 0.9.8 up to and including 0.10.3
|
Ethereal SIP, AIM, SPNEGO, and MMSE Dissector Flaws Allow Remote Users to Crash Ethereal or Execute Arbitrary Code |
High |
SB04-147 |
Ethereal Group
Ethereal 0.9- 0.9.16 |
Ethereal SMB Protocol & Q.931 Dissector Remote Denial of Service
CVE Names:
CAN-2003-1012
CAN-2003-1013 |
Low |
CyberNotes-2004-03
CyberNotes-2004-02 |
Ethereal Group
Ethereal 0.8.13, 0.8.14, 0.8.18, 0.8.19, 0.9- 0.9.16, 0.10- 0.10.2 |
|
Low/ Highh
(High if arbitrary code can be executed)
|
SB04-119
SB04-105
SB04-091 |
| Eudora |
Eudora Fails to Correctly Display the Status Bar for URLs Containing Many HTML Character Entities |
Low |
SB04-147 |
EvolutionX
EvolutionX Build 3935, 3921 |
EvolutionX Multiple Remote Buffer Overflow |
Low/ High
(High if arbitrary code can be executed)
|
SB04-058 |
Express-Web
Content Management System |
Express-Web Content Management System Cross-Site Scripting |
High |
SB04-294 |
eZ Systems
eZ 3.4, eZphotoshare 1.0, 1.1, 1.2.1 |
eZ/eZphotoshare Remote Denial of Service |
Low |
SB04-259 |
EZBoard, Inc.
EZBoard 7.3 u |
EZBoard Cross-Site Scripting |
High |
SB04-077 |
e-Zone Media Inc.
FuseTalk 2.0 |
FuzeTalk Multiple Vulnerabilities |
Medium/ High
(High if arbitrary code can be executed)
|
SB04-133 |
| F5
BigIP 4.5- 4.5.10
|
F5 BIG-IP Syncookie Denial Of Service Vulnerability |
Low |
SB04-147 |
Fabien Regost
Kietu.3.1 |
Kietu 'Index.PHP' Remote Code Execution
|
High |
CyberNotes-2004-03 |
Fastream Technologies
Fastream NETFile FTP/Web Server 6.x |
Fastream NETFile FTP/Web Server Directory Traversal Vulnerability |
Medium |
SB04-203 |
Firebird
Borland/Inprise
Firebird 1.0
Borland/Inprise Interbase 4.0, 5.0, 6.0, 6.4, 6.5, 7.0, 7.1, InterBase SuperServer 6.0
|
Firebird Remote Database Name Buffer Overflow
|
Low/High
(High if arbitrary code can be executed)
|
SB04-175 |
| Firebird
Database version 1.0 (1.0.2-2.1)
|
Firebird Database Remote Database Name Overflow |
Low |
SB04-147 |
FishNet Inc.
FishCart 3.0 & prior, 3.1 beta |
FishCart Integer Overflow
CVE Name:
CAN-2004-0062 |
Medium |
CyberNotes-2004-02 |
fizmez.com
Fizmez Web Server 1.0
|
Fizmez Web Server Null Connection Denial of Service
|
Low |
SB04-091 |
FocalMedia.Net
Turbo Seek 1.x |
Turbo Seek Information Disclosure |
Medium |
SB04-259 |
forum-aztek.com
Aztek Forum 4.0 |
Aztek Forum Multiple Cross-Site Scripting |
High |
SB04-322 |
Francisco Burzi
osCommerce
Paul Laudanski
Trustix
PHP-Nuke 5.0, 5.0.1, 5.1, 5.2 a, 5.2, 5.3.1, 5.4-5.6, 6.0, 6.5, RC1-RC3, 6.5 FINAL, 6.5 BETA 1, 6.6, 6.7, 6.9, 7.0 FINAL, 7.0-7.3;
osCommerce Osc2Nuke 7x 1.0;
Paul Laudanski BetaNC PHP-Nuke Bundle;
Trustix Secure Enterprise Linux 2.0, Secure Linux 2.1
|
PHP-Nuke Direct Script Access
|
Medium |
SB04-161 |
Francisco Burzi
PHP-Nuke 6.0, 6.5, RC1-RC3, 6.5 BETA 1, FINAL, 6.6, 6.7, 6.9, 7.0, 7.0 FINAL, 7.1 |
PHP-Nuke ‘public_message()’ Input Validation
|
High |
SB04-058 |
Francisco Burzi
PHP-Nuke 6.9 & prior |
PHPNuke Remote SQL Injection
|
High |
SB04-058 |
Francisco Burzi
PHP-Nuke 7.x & prior |
PHP-Nuke Survey Module SQL Injection |
High |
CyberNotes-2004-01 |
| Francisco Burzi
PHP-Nuke 1.0, 2.5, 3.0, 4.0, 4.3, 4.4, 4.4.1 a, 5.0, 5.0.1, 5.1, 5.2 a, 5.2, 5.3.1, 5.4-5.6, 6.0, 6.5, RC1-RC3, BETA1, FINAL, 6.6, 6.7, 6.9, 7.0, FINAL, 7.1-7.3
|
PHP-Nuke Multiple Vulnerabilities
|
Medium/ High
(High if arbitrary code can be executed; and Medium is sensitive information can be obtained, comments deleted, 0r journal entries added)
|
SB04-189 |
| Francisco Burzi
PHP-Nuke 6.0, 6.5, RC1-RC3, BETA 1, 6.6, 6.7, 6.9, 7.0, FINAL, 7.1-7.3
|
PHP-Nuke Multiple Input Validation |
Low/Medium/ High
(High if arbitrary code can be executed; Medium if sensitive information can be obtained; and Low if a DoS)
|
SB04-175 |
Francisco Burzi
PHP-Nuke 1.0 |
PHP-Nuke ‘Gbook’ Module Cross-Site Scripting |
High |
CyberNotes-2004-03 |
Francisco Burzi
PHP-Nuke 6.0, 6.5, RC1- RC3, 6.5 FINAL, 6.5 BETA1, 6.6, 6.7, 6.9, 7.0, 7.0 FINAL, 7.1 |
PHP-Nuke Image Tag Admin Command Execution |
|
SB04-091 |
Francisco Burzi
PHP-Nuke 6.0, 6.5, RC1- RC3, FINAL, BETA 1, 6.6, 6.7, 6.9, 7.0. FINAL, 7.1, 7.2 |
PHP-Nuke ‘cookie decode()’ Cross-Site Scripting |
|
SB04-119 |
Francisco Burzi
PHP-Nuke 6.0, 6.5, RC1-RC3, 6.5 BETA 1, FINAL, 6.6, 6.7, 6.9, 7.0, 7.0 FINAL, 7.1 |
PHP-Nuke 'News' & ‘Reviews’ Modules Cross-Site Scripting |
High |
SB04-058 |
Francisco Burzi
PHP-Nuke 6.0, 6.5, RC1-RC3, 6.5 FINAL, BETA 1, 6.6, 6.7, 6.9, 7.0 FINAL, 7.0, 7.1, 7.2 |
PHPNuke Multiple SQL ‘Modules.php’ |
Medium |
SB04-133 |
Francisco Burzi
PHP-Nuke 6.0, 6.5, RC1-RC3, FINAL, BETA 1, 6.6, 6.7, 6.9, 7.0, FINAL, 7.1, 7.2 |
PHP-Nuke Multiple SQL Injection Vulnerabilities |
Medium/ High
(High if arbitrary code can be executed)
|
SB04-119 |
Francisco Burzi
PHP-Nuke 6.9 & prior |
PHP-Nuke Multiple Vulnerabilities |
High |
CyberNotes-2004-03 |
Francisco Burzi
PHP-Nuke 7.1 |
PHP-Nuke Modules.php Multiple Cross-Site Scripting Vulnerabilities |
|
SB04-091 |
Francisco Burzi
PHP-Nuke 7.2 |
PHP-Nuke Multiple Video Gallery Module SQL Injection |
Medium |
SB04-133 |
Frank Pilhofer
UU-Deview 0.5.18, 0.5.19 |
UUDeview Insecure Temporary File Creation |
Low/ Medium
(Medium if data is lost)
|
SB04-077 |
Free Software Foundation
Ada ImgSvr 0.5 |
Ada ImgSvr Discloses Files to Remote Users and May Execute Arbitrary Code |
Medium |
SB04-203 |
FreeImage
FreeImage 3.0.0-3.0.4, 3.1 .0, 3.2 .0, 3.2.1, 3.3.0, 3.4 .0, 3.5 .0 |
FreeImage Interleaved Bitmap Image Buffer Overflow |
Low/High
(High if arbitrary code can be executed)
|
SB04-343 |
Fritz Berger
yappa-ng prior to 2.3.0 |
yappa-ng Access Control |
Low/Medium
(Medium if sensitive information can be obtained)
|
SB04-280 |
F-Secure
Internet Security 2004, Anti-Virus 2004, 2005, Anti-Virus Client Security 5.50, 5.52, 5.55, Anti-Virus for Linux Gateways 4.51, 4.52, 4.61, Anti-Virus for Linux Servers 4.51, 4.52, 4.61, Anti-Virus for Linux Workstations 4.51, 4.52, Anti-Virus for MIMEsweeper 5.41, 5.42, 5.50, Anti-Virus for MS Exchange 6.0 1, 6.2, 6.3, 6.21 6.30 Service Release 1, 6.31, Anti-Virus for Samba Servers 4.60, Anti-Virus for Windows Servers 5.41, 5.42, 5.50, Anti-Virus for Workstations 5.41, 5.42, 5.43, Anti-Virus Linux Client Security 5.0, Anti-Virus Linux Server Security 5.0, F-Secure for Firewalls 6.20, Internet Gatekeeper 6.3, 6.4, 6.31, 6.32, 6.41, Internet Gatekeeper for Linux 2.6, Internet Security 2005, Personal Express 4.5, 4.6, 4.7, 5.0 |
F-Secure Anti-Virus ZIP Archive Scanner Bypass |
High |
SB04-336 |
F-Secure
Policy Manager 5.11 |
F-Secure Policy Manager FSMSH.DLL CGI Path Disclosure |
Medium |
SB04-350 |
FuseTalk Inc.
FuseTalk 4.0 |
FuseTalk Cross-Site Scripting |
High |
SB04-294 |
| Fusion News 3.6.1 and prior |
Fusion News Lets Remote Users Add User Accounts on the Application |
Medium |
SB04-217 |
Fusionphp
Fusion News 3.6.1 |
Fusion News Cross-Site Scripting |
|
SB04-119 |
FuzzyMonkey.org
My Blog prior to 1.21 |
My Blog Input Validation Errors |
High |
SB04-280 |
FVWM
FVWM 2.4.17, 2.5.8 |
FVWM fvwm_make_ browse_menu. sh Scripts Command Execution |
|
SB04-091 |
FVWM
FVWM 2.4.17, 2.5.8 |
fvwm_make_ directory_ menu.sh Scripts Command Execution |
|
SB04-091 |
Gallery Project
Debian
Gentoo
Debian Linux 3.0 sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha;
Gallery Gallery 1.4 -pl1-pl2, 1.4-1.4.3 -pl1
|
Gallery 'init.php' Authentication Flaw
|
High |
SB04-175
SB04-161 |
Gallery Project
Gallery 1.4 -pl1&pl2, 1.4, 1.4.1, 1.4.2, 1.4.3 -pl1 & pl2; Gentoo Linux |
Gallery Cross-Site Scripting |
High |
SB04-315 |
gallery.devrandom.
org.uk
FsPHPGallery 0.2, 0.3.1, 1.0.1, 1.1 |
FsPHPGallery Multiple Input Validation
|
Low/Medium
(Medium if sensitive information can be obtained)
|
SB04-315 |
GameSpy Industries
GameSpy Software Development Kit |
Gamespy Software Development Kit CD-Key Validation Buffer Overflow |
High |
SB04-350 |
GameSpy
GameSpy Software Development Kit |
Gamespy Software Development Kit Remote Denial of Service |
Low |
SB04-077 |
Gbook MX
Gbook MX 2.0, 3.0, 4.1 |
Gbook MX Multiple Unspecified SQL Injection
|
Medium |
SB04-315 |
Gearbox Software
Halo Combat Evolved 1.2, 1.4, 1.31
|
Halo Combat Evolved Game Server Remote Denial of Service |
Low |
SB04-259 |
Gearbox Software
Halo Combat Evolved 1.2, 1.4, 1.5, 1.31 |
Gearbox Software Halo Game Client Remote Denial of Service
|
Low |
SB04-336 |
Giga-Byte Technology
Gigabyte Gn-B46B |
Gn-B46B Wireless Router Authentication Bypass |
Medium |
SB04-077 |
GNU / GPL
AntiBoard 0.7.2 and prior |
AntiBoard Cross-Site Scripting and SQL Injection Vulnerabilities |
High |
SB04-217 |
GNU / GPL
BLOG:CMS prior to 3.1.4 |
BLOG:CMS Inclusion of Arbitrary Files |
High |
SB04-217 |
GNU / GPL
Nucleus prior to 3.0.1 |
Nucleus Inclusion of Arbitrary Files |
High |
SB04-217
|
GNU / GPL
PunBB prior to 1.1.5
|
PunBB Inclusion of Arbitrary Files |
High |
SB04-217 |
GNU / GPL
Nucleus 3.01 |
Nucleus "itemid" SQL Injection Vulnerability |
High |
SB04-217 |
GNU
0.75-RC3 and 0.726PostNuke-3 with Xanthia module |
PostNuke Multiple Vulnerabilities In Xanthia Module |
High |
SB04-217 |
GNU
Mailman 2.x |
Mailman ‘Admin Page’ Multiple Cross-Site Scripting
CVE Name:
CAN-2003-0965 |
High |
CyberNotes-2004-01 |
GNU
PostNuke 0.73x - 0.75 GOLD |
PostNuke 'install.php' Discloses Administrator Password to Remote Users |
Medium |
SB04-217 |
GNU/GPL
PHP- Nuke 4.1 |
PHP-Nuke Input Validation Error in Search Module 'categ' Variable Permits SQL Injection |
High |
SB04-203 |
GNU/GPL
PHP-Nuke 7.x |
PHP-Nuke Multiple Vulnerabilities |
Medium |
SB04-203 |
GNU/GPL
PostNuke 0.75-RC3, 0.726-3 |
PostNuke Input Validation Hole in Reviews Module |
High |
SB04-203 |
GNU
avelsieve 1.x |
GNU avelsieve "MANAGESIEVE" Denial of Service Security Issue |
Low |
SB04-364 |
GNU
MyProxy 20030629 |
MyProxy Cross-Site Scripting |
High |
SB04-077 |
GNU
phpMyChat 0.14.5 |
GNU phpMyChat 'setup.php3' Access Permissions Vulnerability |
High |
SB04-364
|
GNU
SPIP 1.7 |
GNU SPIP ‘forum.php3"’ PHP Code Injection
|
|
SB04-091 |
GNU
TikiWiki 1.7.9, 1.8.5, and 1.9dr4 |
GNU TikiWiki Pictures Lets Remote Users Execute Arbitrary Commands |
High |
SB04-364 |
GoAhead Software
GoAhead Web Server 2.1.8 |
GoAhead WebServer Post Content-Length Remote Denial of Service |
Low |
CyberNotes-2004-02 |
GoAhead Software
GoAhead Web Server 2.1.8 a & prior |
GoAhead WebServer Input Validation |
Medium |
CyberNotes-2004-02 |
Go-Mega Networks
Megabook Guestbook 2.0 and prior |
Go-Mega Networks Megabook Guestbook Discloses Database to Remote Users |
Medium |
SB04-364 |
Google
Google |
Google Input Validation |
High |
SB04-301 |
Goollery
Goollery 0.3 |
Goollery Multiple Cross-Site Scripting |
High |
SB04-315 |
| GoScript 2.0 |
GoScript Input Validation Hole Lets Remote Users Execute Arbitrary Commands |
High |
SB04-231 |
GoSmart Inc.
GoSmart Message Board |
GoSmart Message Board Multiple Input Validation |
High |
SB04-294 |
| Gregg Kenneth Jewell
Mail Manage EX 3.1.8
|
Mail Manage EX Arbitrary File Inclusion |
High |
SB04-161 |
Gregory DEMAR
Coppermine Photo Gallery 1.0-1.3.2 |
Coppermine Photo Gallery Voting Restriction Failure |
Medium |
SB04-301 |
HAHT Commerce, Inc.
HAHTsite Scenario Server 5.1, Patches 1-6
|
HAHTsite Scenario Server Project Name Buffer Overflow |
|
SB04-105 |
Hand-Crafted Software
FreeProxy 3.61 |
FreeProxy FreeWeb Directory Traversal & Remote Denial of Service |
Low/ Medium
(Medium if sensitive information can be obtained) |
CyberNotes-2004-02 |
hastymail.sourceforge.net
Hastymail 1.0.1, 1.1 |
Hastymail Email 'Download' Arbitrary Code |
High |
SB04-245 |
Hawking Technology
HAR11A DSL Router |
Hawking Technology HAR11A DSL Router Unauthenticated Administrative Access |
High |
SB04-308 |
| Hewlett Packard Company ,
OpenView Select Access 5.0 Patch 4, 5.1 Patch 1, 5.2, 6.0
|
OpenView Select Access Unicode Remote Access
|
Medium |
SB04-161 |
| Hewlett Packard Company
Integrated Lights Out 1.6A, 1.10, 1.15A, 1.15, 1.20A, 1.26A, 1.27A, 1.40A, 1.41A, 1.42A, 1.50A, 1.50, 1.51A
|
Integrated Lights Out Remote Denial of Service
|
Low |
SB04-161 |
Hewlett Packard Company
HTTP Server 5.0, 5.92 |
HP HTTP Server Trusted Certificates |
High |
SB04-077 |
Hewlett Packard Company
LaserJet 4200, 4300 |
HP LaserJet 4200/4300 Printer Arbitrary Firmware Upgrade |
Low/High
(High if arbitrary code can be executed)
|
SB04-280 |
Hewlett Packard Company
Web Jetadmin 6.5, 7.0 |
Web Jetadmin Multiple Vulnerabilities |
Medium/ High
(High if arbitrary code can be executed)
|
SB04-133 |
Hewlett Packard Company
Web Jetadmin 7.5, 7.5.2456 |
HP Web Jetadmin Unspecified Arbitrary Command Execution |
High |
SB04-266 |
| Hewlett Packard
ProCurve Routing Switch 9300m Series
|
HP ProCurve Routing Switch TCP Connection Reset Denial of Service
CAN-2004-0230
|
High |
SB04-147 |
Hewlett-Packard
dced
|
|
High |
SB04-217
|
Hewlett-Packard
OpenVMS, DCE Version 3.1-SSB |
DCE for HP OpenVMS Potential RPC Buffer Overrun Attack |
High |
SB04-203 |
Hewlett-Packard
HP-UX B.11.00, B.11.11,
B.11.22, and
B.11.23
with CIFS Server A.01.11.01 installed |
HP-UX CIFS Server Buffer Overflow Vulnerability
CVE Name:
CAN-2004-0686 |
Medium |
SB04-217 |
Hibyte Ltd.
HiGuest |
HiGuest Message Field HTML Injection |
|
SB04-091 |
Hitachi
Web Page Generator 1.x, 2.x, 3.x, 4.x |
Hitachi Web Page Generator Multiple Vulnerabilities |
High |
SB04-217 |
Hitachi
Cosminexus Portal Framework 02-03 & prior |
Cosminexus Portal Framework Information Disclosure |
Medium |
SB04-252 |
Hitachi
Groupmax World Wide Web 03-11-/B, 03-10-/H, 03-00, 02-31-/I, 02-20-/A, 02-20, 02-00,
World Wide Web Desktop 06-52-/B, 06-52, 06-51-/C, 06-51-/B, 06-51, 06-50-/C, 06-50-/B, 06-00, 05-11-/J, 05-11-/I, 05-11-/F, 05-00, World Wide Web Desktop for Jichitai 06-52, 06-51 |
Groupmax World Wide Web Cross-Site Scripting & Directory Traversal
|
Medium/High
(High if arbitrary code can be executed)
|
SB04-343 |
holbrookau.net
Event Calendar |
Event Calendar Multiple Remote Vulnerabilities |
Medium/High
(High if arbitrary code can be executed)
|
SB04-329 |
Horde Project
Horde 2.0, 2.1, 2.1.3, 2.2, 2.2.1, 2.2.3, 2.2.4, RC1, 2.2.5, 2.2.6 |
Horde Application Framework Help Window Cross-Site Scripting |
High |
SB04-308 |
Hot Open Tickets
Hot Open Tickets 2.0 c |
Hot Open Tickets Unspecified Elevated Privileges |
High |
SB04-077 |
hotnews. Source forge.net
HotNews 0.7.2 & prior |
HotNews Multiple PHP File Include |
High |
CyberNotes-2004-01 |
HotScripts.com
RX Google 1.0 |
RXGoogle. Cross-Site Scripting |
High |
CyberNotes-2004-03 |
httpdpalm.source forge.net
Jim Rees httpd for PalmOS;
shaun2k2 palmhttpd 3.0
|
Palmhttpd Server Remote Denial of Service
|
Low |
SB04-058 |
| Hummingbird
Exceed 9.0
|
Hummingbird Exceed Xconfig Access Validation Vulnerability |
High |
SB04-147 |
Iansoft Enterprises
OpenBB 1.06 |
OpenBB Index.PHP Remote Code Execution |
High |
CyberNotes-2004-01 |
Iansoft Enterprises
OpenBB 1.x |
OpenBB ‘Board.PHP’ Cross-Site Scripting |
High |
CyberNotes-2004-01 |
IBM
DB2 7.x, 8.1 |
IBM DB2 Buffer Overflow in generate_distfile |
High |
SB04-364 |
IBM
DB2 7.x, 8.1 |
IBM DB2 Buffer Overflow in rec2xml |
High |
SB04-364 |
IBM
DB2 Universal Database for AIX 7.0-7.2, 8.1, Universal Database for HP-UX 7.0-7.2, 8.1, Universal Database for Linux 7.0-7.2, 8.1, DB2 Universal Database for Solaris 7.0-7.2, 8.1, Universal Database for Windows 7.1, 7.2, 8.1 |
IBM DB2 Remote Buffer Overflows |
High |
SB04-252 |
IBM
DB2 Universal Database for AIX 8.0, 8.1, DB2 Universal Database for HP-UX 8.0, 8.1, DB2 Universal Database for Linux 8.0, 8.1, DB2 Universal Database for Solaris 8.0, 8.1, DB2 Universal Database for Windows 8.0, 8.1 |
IBM DB2 Multiple Buffer Overflows |
High |
SB04-294
SB04-287 |
| IBM
Directory Server 4.1, 5.1, HTTP Server 1.3.12- 1.3.12 .7, 1.3.19-1.3.19 .5, 1.3.26-1.3.26 .2, 2.0.42, 2.0.42.2, 2.0.47, Tivoli Access Manager for Business Integration 5.1, Manager for e-business 3.9, 4.1, 5.1, WebSphere MQ 5.3 .0.5, 5.3 .0.1, MQ 5.3
|
IBM GSKit SSL Handshake Remote Denial of Service
|
Low |
SB04-175 |
| IBM
Lotus Domino 6.5.0, 6.5.1
|
IBM Lotus Domino IMAP Quota Changing |
Medium |
SB04-189 |
| IBM
Tivoli Access Manager for e-business 3.9, 4.1, 5.1, Tivoli Access Manager Identity Manager Solution 5.1, Tivoli Configuration Manager 4.2, Tivoli Configuration Manager for ATM 2.1, Tivoli SecureWay Policy Director 3.8, WebSphere Everyplace Server 2.1.3-2.15
|
IBM Multiple Product Unspecified Credential Impersonation |
Medium |
SB04-161 |
| IBM
WebSphere Caching Proxy Server 5.0 2, Edge server Caching proxy 5.0 2
|
IBM WebSphere Edge Server Component Caching Proxy Denial of Service |
Low |
SB04-189 |
IBM
IBM Lotus Instant Messaging and Web Conferencing (Sametime) 6.x;
IBM Lotus Sametime 3.x |
IBM Lotus Sametime GSKit Denial of Service Vulnerability |
Medium |
SB04-203 |
IBM
Lotus Notes R6.x;
Lotus Notes R6.x Client |
IBM Lotus Notes Client Unspecified Java Applet Handling |
Medium |
SB04-203 |
IBM
WebSphere Edge Components Caching Proxy version 5.02 using JunctionRewrite with UseCookiedirective, apparently all platforms |
WebSphere Edge Server DoS Through JunctionRewrite Directive |
Low |
SB04-203 |
IBM
Cloudscape 5.1 |
Cloudscape Database Remote Command Execution |
Low/ Medium/ High
(Low if a DoS; Medium is sensitive information can be obtained; and High if arbitrary code can be executed)
|
CyberNotes-2004-03 |
IBM
IBM Directory Server 4.1 and prior |
IBM Directory Server 'ldacgi' Discloses Files to Remote Users |
|
SB04-217 |
IBM
IBM Tivoli Access Manager for e-business 3.x, 4.x, 5.x |
IBM Tivoli Access Manager HTTP Response Splitting Vulnerability |
High |
SB04-231 |
IBM
Lotus Domino 6.0-6.0.3, 6.5.0-6.5.2 |
IBM Lotus Domino Cross-Site Scripting & HTML Injection |
High |
SB04-301 |
IBM
Net.Data 7.x |
Net.Data 'db2www' Cross-Site Scripting |
High |
CyberNotes-2004-03 |
IBM
WebSphere Commerce 5.x |
IBM WebSphere Commerce Default User Information Disclosure |
Medium |
SB04-343 |
ibproarcade.com
ipbProArcade 2.5 |
IPBProArcade 'category' Input Validation
|
Medium |
SB04-329 |
iCab
iCab 2.9.8 |
ICab Web Browser Remote Window Hijacking |
Medium |
SB04-350 |
Icecast.org
Icecast 1.3 .10, 1.3 .0, 1.3.5 -1, 1.3.5, 1.3.7 -1, 1.3.7, 1.3.8
1.3.9 -2, 1.3.9 -1, 1.3.9, 1.3.10 -1, 1.3.11, 1.3.12 |
|
High |
SB04-245 |
Icecast.org
Icecast 2.0, 2.0.1 |
Icecast Server HTTP Header Buffer Overflow
|
High |
SB04-287
SB04-280 |
id Software, Inc.
Quake II Server 3.20, 3.21 |
ID Software Quake II Server Multiple Remote |
Low/Medium/
High
(Low if a DoS: Medium if sensitive information can be obtained; and High if arbitrary code can be executed)
|
SB04-308 |
iGeneric
Free Shopping Cart 1.4 |
IGeneric Free Shopping Cart Cross-Site Scripting |
High |
SB04-077 |
Ikonboard.com
Ikonboard 3.0 .1, 3.1.1, 3.1.2 a |
Ikonboard 'st' & 'keywords' Input Validation |
Medium |
SB04-357 |
IlohaMail
IlohaMail 0.7.0- 0.7.9, 0.8.6- 0.8.10 |
IlohaMail Cross-Site Scripting |
High |
CyberNotes-2004-02 |
ImgSvr project
ImgSvr Picture Web Server 0.4 |
IMGSVR Multiple Vulnerabilities
|
Medium/ High
(High if arbitrary code can be executed)
|
SB04-105 |
ImgSvr project
ImgSvr Picture Web Server 0.4 |
IMGSVR Remote Information Disclosures |
Medium |
SB04-105 |
INCO-GEN
BugPort 1.099 & prior |
BugPort 'conf/config. conf' Information Disclosure
|
Medium |
CyberNotes-2004-03 |
Infinity Ward
Call of Duty 1.4 & prior |
Call of Duty Game Shutdown |
Low |
SB04-252 |
| Infoblox, Inc.
DNS One Appliance 2.4 .0-8A, 2.4 .0-8
|
DNS One Appliance Input Validation |
High |
SB04-175 |
Infopop
UBB.threads 3.4, 3.5 |
UBBThreads Input Validation |
High |
SB04-301 |
Infopop
UBBThreads 6.2.3, 6.5 |
Infopop UBBThreads Cross-Site Scripting |
High |
SB04-350 |
Inkra Networks
1504GX Virtual Service Switch, VSM 2.1.4.b003, 1518TX Virtual Service Switch, 1519TX Virtual Service Switch, 4000 Virtual Service Switch |
Inkra Router Virtual Service Switch Remote Denial of Service |
Low |
SB04-273 |
Inkra Networks Corporation
1504GX VSM 2.1.4.b003 |
Inkra 1504GX Remote Denial of Service |
Low |
SB04-336
SB04-266 |
Innerloop Studios
Pan Vision I.G.I-2 Covert Strike 1.0, 1.1, 1.2, 1.3 |
Pan Vision IGI-2 Covert Strike Remote Format String |
|
SB04-105 |
Internet Security Systems
Real Secure Network 7.0, XPU 20.15- 22.9, Server Sensor 7.0 XPU 20.16- 22.9,
Proventia A Series XPU 20.15- 22.9, G Series XPU 22.3-22.9, M Series XPU 1.3-1.7, Real Secure Desktop 7.0 eba-ebh, 3.6 ebr-ecb,
Real Secure Guard 3.6 ebr-ecb, Real Secure Sentry 3.6 ebr-ecb, BlackICE PC Protection 3.6 cbr-ccb, Server Protection 3.6 cbr-ccb
|
Internet Security Systems Protocol Analysis Module SMB Parsing Heap Overflow |
High |
SB04-077 |
Invision Power Services
Invision Board 2.0 Alpha 3 & prior |
Invision Power Board Index.PHP SQL Injection |
High |
CyberNotes-2004-01 |
Invision Power Services
Invision Board 2.0-2.0.2 |
Invision Power Board 'Index.PHP' Post Action SQL Injection |
Medium |
SB04-329 |
Invision Power Services
Invision Power Board 1.3 FINAL |
Invision Power Board Calendar.PHP SQL Injection |
High |
CyberNotes-2004-01 |
Invision Power Services
Invision Power Top Site List 1.0, List 1.1 |
Invision Power Top Site List Offset SQL Injection |
Medium |
CyberNotes-2004-01 |
Invision Power Services
Power Board 1.3 FINAL |
Power Board Cross-Site Scripting |
High |
CyberNotes-2004-02 |
| Invision Power Services
Invision Board 1.3, Final, 1.3.1 Final
|
Invision Power Board Potential IP Address Spoofing |
Medium |
SB04-175 |
| Invision Power Services
Invision Board 1.3.1 Final |
Invision Power Board Input Validation
|
Medium/ High
(Medium if sensitive information can be obtained or corrupted)
|
SB04-189
SB04-175 |
Invision Power Services
Invision Power Board 2.0 |
Invision Power Board "index.php" Cross Site Scripting Vulnerability |
High |
SB04-217 |
Invision Power Services
Board 1.0, 1.0.1, 1.1.1, 1.1.2, 1.2, 1.3, 2.0, 2.0 Alpha 3 |
Invision Power Board Input Validation |
|
SB04-091
SB04-077 |
Invision Power Services
Invision Board 1.3 |
Invision Power Board Information Disclosure |
Medium |
SB04-077 |
Invision Power Services
Invision Board 1.3 Final |
Invision Power Board Multiple Cross-Site Scripting
|
High |
SB04-077 |
Invision Power Services
Invision Board 1.3 Final |
Invision Power Board Pop Parameter Cross-Site Scripting |
High |
SB04-077 |
Invision Power Services
Invision Board 2.0 |
Invision Power Board Referer Cross-Site Scripting
|
High |
SB04-287 |
Invision Power Services
Invision Gallery 1.0.1 |
Invision Gallery Multiple Input Validation Vulnerabilities |
|
SB04-091 |
Invision Power Services
Invision Power Top Site List 1.0, 1.1 RC2 1.1 |
Invision Power Top Site List Input Validation |
|
SB04-091 |
IP3 Networks
IP3 NetAccess - Campus & MDUs, Hospitality, Wireless HotSpots, Wireless HotZones & Small Hotels, Wireless ISPs & MDUs |
IP3 NetAccess Appliance SQL Injection
|
|
SB04-091
SB04-077 |
Irregular Expression
Help Center Live |
Irregular ExpressionHelp Center Live Include File Flaw |
|
SB04-364 |
ISC
Fedora
Mandrake
SuSE
ISC DHCPD 3.0.1 rc12 & rc13;
RedHat Fedora Core2;
SuSE Linux 8.0, i386, 8.1, 8.2, 9.0, x86_64, 9.1, Admin-CD for Firewall , Connectivity Server, Database Server, Enterprise Server 8, 7, Firewall on CD, Office Server, SuSE eMail Server III
|
|
Low/ High
(High if arbitrary code can be executed; and Low if a DoS)
|
SB04-189 |
isesam. com
isesam Gemitel 3.50 |
Gemitel 'html/affich. php' file Arbitrary Code Execution
|
|
SB04-119 |
iSoft-Solutions, Inc.
QuikStore 2.12 |
QuikStore Shopping Cart Directory Traversal |
Medium |
CyberNotes-2004-01 |
JamesOff
Quote Engine 1.0, 1.1 |
QuoteEngine Multiple Parameter Unspecified SQL Injection |
|
SB04-105 |
Jason Morriss
PsychoStats 2.2.4 beta |
Jason Morriss PsychoStats "login" Cross-Site Scripting Vulnerability |
High |
SB04-364 |
| jcifs.samba.org
jCIFS 0.6.6, 0.6.8, 0.7 0b5, 0.7-0.7.3, 0.8.1-0.8.3, 0.9 .0b, 0.9 .0
|
jCIFS Authentication Invalid Username
|
Medium |
SB04-175 |
Jelsoft Enterprises
vBulletin 1.0 Lite, 1.1, 1.1.6,
2.0, beta 2&3, 2.0.1, 2.0.2, 2.2.0- 2.2.9 can, 2.3, 2.3.3, 2.3.4
|
VBulletin Cross-Site Scripting |
High |
SB04-058 |
| Jelsoft Enterprises
VBulletin 3.0, Gamma, beta2-beta7, 3.0.1
|
vBulletin newreply.php Cross-Site Scripting |
High |
SB04-189 |
| Jelsoft Enterprises
VBulletin 3.0.1
|
VBulletin the 'newreply.php' & 'newthread.php' Cross-Site Scripting |
High |
SB04-189 |
Jelsoft Enterprises
vBulletin 2.0, beta 2&3, 2.0.1- 2.0.2, 2.2.0- 2.2.9 can, 2.3, 2.3.3, 2.3.4 |
VBulletin ‘Private.PHP’ Cross-Site Scripting |
|
SB04-091 |
Jelsoft Enterprises
vBulletin 2.0, beta 2&3, 2.0.1- 2.0.2, 2.2.0- 2.2.9 can, 2.3, 2.3.3, 2.3.4, 3.0.0 can4, 3.0.0 |
VBulletin Multiple Module Index.PHP Cross-Site Scripting |
|
SB04-091 |
Jelsoft Enterprises
vBulletin 2.0, beta 2&3, 2.0.1, 2.0.2, 2.2.0- 2.2.9 can, 2.3, 2.3.3, 2.3.4
|
VBulletin Multiple Cross-Site Scripting
|
|
SB04-091 |
Jelsoft Enterprises
VBulletin 2.3.x |
vBulletin Calendar Script Input Validation
CVE Name:
CAN-2004-0036 |
High |
CyberNotes-2004-01 |
Jelsoft
vBulletin 2.0, beta 2&3, 2.0.1, 2.0.2, 2.2.0- 2.2.9 can, 2.3, 2.3.3, 2.3.4, 3.0.0 can4, 3.0.0, 3.1.0, 3.2.0, 3.3.0 |
VBulletin Forum Creation HTML Injection |
High |
SB04-133 |
Jeremy Schef
Aardvark Topsites PHP 4.1 |
Aardvark Topsites PHP Multiple Vulnerabilities |
Medium/High
(High if arbitrary code can be executed) |
CyberNotes-2004-01 |
JForum
Forum
RC1&2, beta, beta2&3
|
JForum Unauthorized Forum Access |
Medium |
SB04-133 |
Journalness Project
Project Journal-ness 1.11-1.13, 2.1-2.1.4, 3.0.0- 3.0.5. 3.0.7
|
Journalness Unspecified Post Access |
Medium |
SB04-119 |
jpage.free.fr
Jbrowser 2.4 & prior |
JBrowser Multiple Vulnerabilities |
Medium/ High
(High if arbitrary code can be executed)
|
CyberNotes-2004-03 |
jspwiki.org
JSPWiki 2.1.120, 2.1.121, 2.1.122 |
JSPWiki Cross-Site Scripting |
High |
SB04-336 |
| Juniper Networks
JUNOS 6.1-6.3
|
Juniper JUNOS Packet Forwarding Engine (PFE) IPv6 Remote Denial of Service
CVE Name:
CAN-2004-0468
|
Low |
SB04-189 |
Juniper
Juniper Networks NetScreen firewalls with SSHv1 enabled - ScreenOS prior to 5.0.0r8 |
NetScreen Firewalls ScreenOS Can Be Crashed By Remote Users Due to an SSHv1 Implementation Bug |
Low |
SB04-231 |
Kayako Web Solutions
eSupport 2.1.2, 2.1.8, 2.2, 2.2.5, 2.3 |
Kayako ESupport Multiple Cross-Site Scripting and SQL Injection |
High |
SB04-357 |
Kerio Technologies
Kerio Personal Firewall 2.1.5 |
Kerio Personal Firewall SYSTEM Privileges |
High |
CyberNotes-2004-03 |
Konrad Mitchell Lawson
Owl's Workshop 1.0 |
Owl's Workshop Multiple Remote Information Disclosure
|
Medium |
SB04-058 |
KorWeblog
KorWeblog 1.6.2-cvs |
KorWeblog Remote Directory Listing
|
Medium |
SB04-336 |
| kyberdigi labs
php-exec-dir 4.3.2-4.3.7
|
php-exec-dir Patch Security Restrictions Bypass |
Medium |
SB04-189 |
l2tpd.org
Debian
Gentoo
l2tpd 0.62 0.69 |
L2TPD Buffer Overflow
|
High |
SB04-217 |
Last 10 Posts
Last 10 Posts 2.0.1 |
Last 10 Posts Add-On Script For VBulletin SQL Injection
|
Medium |
SB04-350 |
Lavtech. Com Corporation
MnoGo Search 3.1.19, 3.1.20, 3.2.10, 3.2.13- 3.2.15 |
mnoGoSearch ‘UdmDocTo TextBuf()’ Buffer Overflow |
High |
SB04-058 |
| ldu.neocrome.net
Land Down Under 700-01-03, 602, 601
|
Land Down Under BBCode Cross-Site Scripting
|
High |
SB04-161 |
ldu.neocrome.net
Land Down Under 701 |
Land Down Under Input Validation |
Medium |
SB04-308 |
Leif M. Wright
Web Blog 1.1 & prior |
Web Blog Directory Traversal |
Medium |
CyberNotes-2004-03 |
Leif M. Wright
Web Blog 1.1.5 |
Web Blog Remote Command Execution |
High |
CyberNotes-2004-03 |
Lexar
Lexar JumpDrive Secure USB Flash Drive 1.x |
Lexar JumpDrive Password Disclosure |
Medium |
SB04-259 |
| Liferay
Enterprise Portal version 2.1.1 & prior |
Liferay Cross Site Scripting |
High |
SB04-336 |
| Liferay
Enterprise Portal version 2.1.1 and prior
|
Liferay Cross Site Scripting Flaw |
High |
SB04-147 |
Linksys
WAP55AG 1.0.7 |
WAP55AG SNMP Community String Insecure Configuration
|
Medium |
SB04-058 |
| Linksys
Linksys BEFCMU10, BEFN2PS4 1.42.7, BEFSR41W, BEFSR81, BEFSX41 1.42.7-1.45.3, BEFVP41 1.40 .4-1.42.7, Linksys EtherFast BEFN2PS4 Router, Linksys EtherFast BEFSR11 Router 1.40.2-1.44, Linksys EtherFast BEFSR41 Router 1.35-1.44, Linksys EtherFast BEFSR81 Router 2.42.7-2.44, Linksys EtherFast BEFSRU31 Router 1.40.2-1.44, Linksys RV082, Linksys WAP55AG 1.0.7, Linksys WRT54G v1.0 1.42.3 (Firmware)-v2.0 2.0 0.8 (Firmware)
|
Multiple Linksys Devices DHCP Information Disclosure and Denial of Service Vulnerability |
Low |
SB04-147 |
| Linksys
Linksys BEFSR41 v1/v2 (firmware 1.45.7, 1.44.2z & possibly prior), BEFSR41 v3, BEFSRU31, BEFSR11, BEFSX41, BEFSR81 v2/v3, BEFW11S4 v3, BEFW11S4 v4
|
Multiple Linksys Routers ‘Gozila.CGI’ Denials of Service
|
Low |
SB04-161 |
| Linksys
Linksys WRT54G v1.0 1.42.3 (Firmware), v2.0 2.0 0.8 (Firmware),
Sveasoft Samadhi2 2.0.8 .6sv
|
Linksys WRT54G Router Remote Administration Access |
High |
SB04-161 |
| Linksys
Web Camera Software 2.10
|
Linksys Web Camera Software Cross-Site Scripting |
High |
SB04-175 |
| Linksys
Web Camera Software 2.10
|
Linksys Web Camera Software Directory Traversal |
Medium |
SB04-175 |
Linksys
Linksys Wireless Internet Camera version 2.12 |
Linksys Wireless Internet Camera File Disclosure |
Medium |
SB04-203 |
Liu Die Yu
WinBlox 6.0 |
WinBlox My_Create FileW Buffer Overflows
|
Low/ High
(High if arbitrary code can be executed)
|
SB04-105 |
Macromedia
JRun 3.0, 3.1, 4.0; Hitachi Cosminexus Enterprise Enterprise Edition 01-02 (*2), 01-01 (*1), Enterprise Standard Edition 01-02 (*2), 01-01 (*1), Server Web Edition 01-02 (*2), 01-01 (*1) |
Macromedia JRun Multiple Remote Vulnerabilities
CVE Name:
CAN-2004-0646
|
Low/ Medium/High
(Low if a DoS; Medium if sensitive information can be obtained; and High if arbitrary code can be executed)
|
SB04-357
SB04-294
SB04-273 |
Macromedia
Cold Fusion MX 6.1
|
ColdFusion MX Remote Denial of Service
|
Low |
CyberNotes-2004-03 |
Macromedia
Cold Fusion MX 6.1 Enterprise, MX 6.1 J2EE (all editions) |
ColdFusion MX Security Sandbox Circumvention |
Medium |
CyberNotes-2004-03 |
Macromedia
Cold Fusion MX 6.0, J2EE 5.0, J2EE 6.0 |
ColdFusion MX Oversized Error Message Remote Denial of Service
|
Low |
SB04-119 |
Macromedia
Cold Fusion MX 6.1, J2EE 6.1 |
ColdFusion MX File Upload Remote Denial of Service
|
Low |
SB04-119 |
Macromedia
Coldfusion 6.0, 6.1; MX |
Macromedia ColdFusion Default Configuration Elevated Privileges |
Medium |
SB04-287 |
Macromedia
ColdFusion MX 6.0, 6.1, J2EE
|
Macromedia ColdFusion MX Source Code Disclosure |
Low/ Medium
(Low if a DoS; Medium if sensitive information can be obtained)
|
SB04-273 |
Macromedia
ColdFusion MX 6.1 |
ColdFusion MX Template Information Disclosure |
Medium |
SB04-280 |
Macromedia
ColdFusion MX 6.1 |
Macromedia ColdFusion MX Remote File Content Disclosure
CVE Name:
CAN-2004-0928
|
Medium |
SB04-287 |
Macromedia
Dream weaver MX 2004, 6.0, 6.1, Ultradev 4.0 |
Dreamweaver Test Scripts |
Medium/ High
(High if arbitrary code can be executed)
|
SB04-105 |
Mambo
Mambo Open Source 4.5.1 (1.0.9) |
Mambo Server Input Validation
|
High |
SB04-273 |
Mambo server. com
Mambo Open Source 4.5, 4.6 |
Mambo Open Source Cross-Site Scripting
|
High |
CyberNotes-2004-03 |
Mambo
Mambo Open Source 4.5 (1.0.1), (1.0.0) |
Mambo Open Source Index.PHP Cross-Site Scripting |
|
SB04-091 |
Mantis
Mantis 0.19 .0a |
Mantis 't_core_dir' Variable |
High |
SB04-245 |
Mantis
Mantis 0.9, 0.9.1, 0.10-0.10.2, 0.11, 0.11.1, 0.12, 0.13, 0.13.1, 0.14-14.8, 0.15-0.15.12, 0.16 .0, 0.16-0.16.1, 0.17.0, 0.17-0.17.5, 0.18 a1, 0.18 0rc1, 0.18 0a2-0a4, 0.18, 0.18.2 |
Mantis Unspecified SQL Injection |
Medium |
SB04-357 |
Mantis
Mantis Mantis 0.9, 0.9.1, 0.10-0.10.2, 0.11, 0.11.1, 0.12, 0.13, 0.13.1, 0.14- 0.14.8, 0.15-0-0.15.12, 0.16.0, 0.16.1, 0.17.0
-0.17.5, 0.18a1, 0.180rc1, 0.18 0a4, 0.18 0a3, 0.18 0a2, 0.18, 0.19 .0a |
Mantis Cross-Site Scripting & HTML Injection |
High |
SB04-245 |
Mantis
Mantis prior to 0.19.1 |
Mantis Access Control Information Disclosure
|
Medium |
SB04-322 |
Marc Druilhe
W-Agora 4.1.5 |
W-Agora Multiple Remote Vulnerabilities |
High |
CyberNotes-2004-01 |
Marc Druilhe
W-Agora 4.1.6 a |
W-Agora Multiple Remote Input Validation Vulnerabilities |
Medium/High
(High if arbitrary code can be executed)
|
SB04-280 |
Mario and Angel Stoitsov
Easy Dynamic Pages 2.0 |
EasyDynamic Pages Remote Code Execution |
High |
CyberNotes-2004-01 |
Mark Burgess
Cfengine 2.0.0 to 2.1.7p1. |
Cfengine RSA Authentication Heap Corruption
|
High |
SB04-231 |
Mark Zuckerberg
Thefacebook |
Mark Zuckerberg Thefacebook Multiple Cross-Site Scripting |
High |
SB04-322 |
Markus Triska
CGI Forum 1.0.9, CGINews 1.0.7 |
CGINews & CGIForum Information Disclosure |
Medium |
CyberNotes-2004-01 |
Mateo & Mewis AG
EasyIns Stadtportal 4 and prior |
EasyIns Stadtportal Include File Bug Lets Remote Users Execute Arbitrary Code |
High |
SB04-217 |
Matt Johnston
Dropbear SSH Server 0.42 |
Dropbear SSH Server DSS Verification Vulnerability |
High |
SB04-231
SB04-217 |
Matt Smith
ReMOSitory |
ReMOSitory SQL Injection |
High |
SB04-266 |
Matthew Phillips
Sticker 3.1 .0 beta 1
|
Sticker Unauthorized Secure Message
|
Medium |
SB04-287 |
Maty Scripts
MS-Analysis Website Traffic Analyzer 2.0 |
MS-Analysis Module Multiple Remote Vulnerabilities |
Medium/ High
(High if arbitrary code can be executed)
|
SB04-091 |
MaxWeb Portal. com
MaxWeb Portal 1.30, 1.31 |
MaxWebPortal Multiple Input Validation
|
High |
SB04-058 |
Mbedthis Software
Mbedthis AppWeb 1.x |
Mbedthis AppWeb Multiple Vulnerabilities |
Medium |
SB04-203 |
Meik Sievertsen
Opentools Attachment Mod 2.3.4-2.3.10
|
Opentools Attachment Mod Multiple Remote Vulnerabilities |
Medium |
SB04-357 |
meindlSOFT
Cute PHP Library (cphplib) 0.42-0.46 |
Cute PHP Library (cphplib) Input Validation |
High |
SB04-245 |
Mephis-toles
Mephis-toles Internet Suite 0.6.0 final |
Mephistoles HTTPD Cross-Site Scripting |
High |
CyberNotes-2004-02 |
MetaDot Corporation
MetaDot 5.6.5.4b5 & prior |
MetaDot Portal Server Multiple Vulnerabilities |
Medium/High
(High if arbitrary code can be executed) |
CyberNotes-2004-02 |
Michael Dean
Double Choco Latte 0.9.3 |
Double Choco Latte Multiple Module Remote Vulnerabilities |
High |
CyberNotes-2004-01 |
Michael Kohn
asp2php 0.76.23 |
Michael Kohn ASP2PHP Remote Buffer Overflows |
High |
SB04-357 |
Microsoft
Apple
Opera
Internet Explorer 5.0, 5.0.1, SP1-SP4, 5.5, SP1 & SP2, 6.0, SP1;
Internet Explorer Macintosh Edition 5.0 MRJ 2.2, MRJ 2.1.4, 5.0, 5.1, 5.1.1, 5.2.2;
Opera Software Opera Web Browser 7.51
|
Microsoft Internet Explorer URI Obfuscation |
Medium |
SB04-175 |
Microsoft
Internet Explorer 5.5 |
Internet Explorer HTTP Referer Information Disclosure |
Medium |
CyberNotes-2004-01 |
miniBB. net
MiniBB 1.7 & prior |
MiniBB Profile Cross-Site Scripting |
High |
CyberNotes-2004-01 |
miniBB.net
miniBB prior to 1.7f |
miniBB 'user' Parameter Input Validation |
Medium |
SB04-322 |
Mister
Protector System 1.15 b1 |
Multiple Protector System Multiple Vulnerabilities |
Medium/ High
(High if arbitrary code can be executed)
|
SB04-133
SB04-119 |
mnoGoSearch
mnoGoSearch 3.1.19, 3.1.20, 3.2.10, 3.2.13-3.2.26 |
mnoGoSearch Multiple Cross-Site Scripting
CVE Name:
CAN-2004-1059
|
High |
SB04-357 |
mod SSL Project
Gentoo
Slackware
Mandrake
mod_ssl 2.x |
mod_proxy Hook Functions Format String Vulnerability in mod_ssl |
|
SB04-217
SB04-203 |
moinmoin.
wikiwikiweb.de
MoniWiki 1.0.8, 1.0.9 .1, 1.0.9 |
MoniWiki 'UploadFile.php' Arbitrary Code Execution |
High |
SB04-357 |
moinmoin.wikiwikiweb.de
MoniWiki 1.0.8 & prior |
MoniWiki 'wiki.php' Cross-Site Scripting |
High |
SB04-301 |
Monolith Productions
Contract Jack 1.1, No One Lives Forever 1.0 .004, 2 1.3, Tron 2.0 1.0, 2.0 1.42 |
Monolith Lithtech Game Engine Remote Denial of Service |
Low |
SB04-357 |
Moodle
moodle 1.1.1, 1.2, 1.2.1, 1.3-1.3.4, 1.4.1, 1.4.2 |
Moodle Remote Glossary Module SQL Injection
|
High |
SB04-315 |
Moodle
Moodle 1.2.x, 1.3.x |
Moodle Unspecified Front Page Vulnerability |
Low |
SB04-203 |
Moodle
Moodle 1.3.2+ stable; 1.4 dev |
Moodle Input Validation Bug in 'help.php' |
High |
SB04-203
|
moodle. org
moodle 1.1.1, 1.2, 1.2.1 |
Moodle Cross-Site Scripting |
High |
SB04-133 |
moodle.org
Moodle versions prior to 1.3 |
Moodle Input Validation Flaw in 'post.php' in reply Variable Permits Cross-Site Scripting Attacks |
High |
SB04-231 |
Motorola
WR850G 4.0 3 firmware |
Motorola Wireless Router WR850G Authentication Circumvention |
High |
SB04-294
SB04-273 |
Motorola
Motorola T720 |
Motorola T720 Phone Remote Denial of Service
|
Low |
SB04-077 |
Mozilla Organization
Mozilla 1.6 and prior
Netscape 7.0, 7.1, and prior |
Netscape/Mozilla SOAPParameter Constructor Integer Overflow Vulnerability
CVE Name:
CAN-2004-0722 |
|
SB04-308
SB04-301
SB04-287
SB04-217 |
Mozilla,.org
Firefox 0.8, 0.9-0.9.3, 0.10, 0.10.1 |
Mozilla Firefox Multiple Vulnerabilities |
Low/Medium
(Low if a DoS)
|
SB04-322 |
Mozilla. org
Mozilla Browser 0.8, 0.9.2.1, 0.9.2- 0.9.9, 0.9.35, 0.9.48, 1.0, RC1& RC2, 1.0.1, 1.0.2, 1.1- 1.5 |
Mozilla Browser Zombie Document Cross-Site Scripting Vulnerability
CVE Name:
CAN-2004-0191
|
High |
SB04-308
SB04-105
SB04-077
SB04-091 |
Mozilla. org
Mozilla Browser M16, M15, 0.8, 0.9.2 .1, 0.9.2- 0.9.9, 0.9.35, 0.9.48, 1.0, RC1& RC2, 1.0.1, 1.0.2, 1.1, Alpha, Beta, 1.2, Alpha, Beta, 1.2.1, 1.3, 1.3.1, 1.4, a&b, 1.4.1, 1.4.2, 1.4.5 |
Mozilla Messenger Remote Denial of Service
|
Low |
SB04-119 |
Mozilla.org
Firefox 1.x, 0.x,
Mozilla 1.7.x, 1.6, 1.5, 1.4, 1.3, 1.2, 1.1, 1.0, 0.x |
Mozilla Browser and Mozilla Firefox Remote Window Hijacking
CVE Name:
CAN-2004-1156
|
Medium |
SB04-350 |
Mozilla.org
Firefox Preview Release, 0.8, 0.9 rc, 0.9-0.9.3, 0.10 |
Mozilla Firefox DATA URI File Deletion |
Medium |
SB04-287 |
Mozilla.org
Firefox Preview Release, 0.8, 0.9 rc, 0.9-0.9.3, 0.10 |
Mozilla Firefox Save Dialog File Deletion |
Medium |
SB04-280 |
| Mozilla.org
Mozilla 1.6;
Mozilla 1.7.x;
Mozilla Firefox 0.x |
Mozilla / Firefox Certificate Store Corruption Vulnerability
CVE Name:
CAN-2004-0758
|
Low |
SB04-308
SB04-301
SB04-287
SB04-203 |
Mozilla.org
Mandrakesoft
Slackware
Mozilla 1.7 and prior;
Firefox 0.9 and prior;
Thunderbird 0.7 and prior |
|
High |
SB04-308
SB04-301
SB04-287
SB04-280
SB04-273
SB04-245
SB04-231 |
Mozilla.org
Mozilla 0.x, 1.0-1.7.x, Firefox 0.x, Thunderbird 0.x; Netscape Navigator 7.0, 7.0.2, 7.1, 7.2 |
|
Medium/High
(High if arbitrary code can be executed)
|
SB04-308
SB04-301
SB04-280
SB04-287
SB04-273
SB04-266 |
Mozilla.org
Mozilla Browser 1.0, RC1&2, 1.0.1, 1.0.2, 1.1 Beta, 1.1 Alpha, 1.1, 1.2 Beta, 1.2 Alpha, 1.2, 1.2.1, 1.3, 1.3.1, 1.4 b, 1.4 a, 1.4, 1.4.1, 1.4.2. 1.5, 1.6, 1.7 rc3, 1.7-1.7.3, 1.8 Alpha 2 |
Mozilla Multiple Memory Corruption & Invalid Pointer
|
Low/High
(High if arbitrary code can be executed)
|
SB04-301 |
Mozilla.org
Mozilla Browser M16, M15, 0.8, 0.9.2 .1, 0.9.2-0.9.9, 0.9.35, 0.9.48, 1.0, RC1, 1.0.1, 1.0.2, 1.1, Beta, Alpha, 1.2, Beta, Alpha, 1.2.1, 1.3, 1.3.1, 1.4 b, 1.4 a, 1.4, 1.4.1, 1.4.2, 1.5, 1.5.1, 1.6, 1.7, alpha, beta, rc1-rc3, 1.7.1-1.7.3, 1.8 Alpha 1-Alpha 4 |
Mozilla Browser Infinite Array Sort Denial of Service |
Low |
SB04-336 |
Mozilla.org
Mozilla Firefox 0.9.2 and Mozilla 1.7.1 on Windows
Mozilla Firefox 0.9.2 on Linux |
Mozilla / Mozilla Firefox "onunload" SSL Certificate Spoofing
CVE Name:
CAN-2004-0763
|
Medium |
SB04-357
SB04-308
SB04-301
SB04-287
SB04-217 |
| Multiple Vendors |
Multiple Networking Devices 'Secure' Cookie Attribute Failure
CVE Name:
CAN-2004-0462
|
Medium |
SB04-294 |
Multiple Vendors
Apple
Gentoo
iCab Company
KDE
MacWarriors
Mandrake
Microsoft
Mozilla
Omni Group
Opera Software
Apple Safari Beta 2, 1.0, 1.1; iCab Company iCab 2.9.8, Pre 2.7-2.71; KDE KDE 3.1.4, 3.1.5, kdelibs 2.0, 2.0.1, 2.1-2.1.2, 3.1-3.1.3, 3.2, 3.2.1, 3.2.2;
MacWarriors TrailBlazer 0.52; Microsoft Internet Explorer 5.0-6.0; Mozilla Firefox 0.8; Omni Group OmniWeb 4.0.6-4.5; Opera Software Opera Web Browser 7.23 |
Multiple Vendor URI Protocol Handler Arbitrary File Creation/Modification |
Low/ High
(High if arbitrary code can be executed)
|
SB04-161
SB04-147 |
Multiple Vendors
AVG
Clam AntiVirus
Computer Associates
Dr. Web
Frisk Software
McAfee
Panda
RAV
Symantec
AVG Anti-Virus 7.0.251; Clam Anti-Virus ClamAV 0.70; Computer Associates eTrust Antivirus 6.0, InoculateIT 6.0; Dr.Web; Frisk Software F-Prot Antivirus for Linux and BSD 4.4.2; McAfee UVscan scan for Linux 4.3.20, McAfee VirusScan 6.0, VirusScan Enterprise 7.1; Panda Antivirus Platinum 2.0; RAV AntiVirus Online Virus Scan; Symantec AntiVirus for Handhelds 3.0, Norton AntiVirus 2002, 2002 Professional Edition, Norton Antivirus 2003, 2003 Professional Edition, Norton AntiVirus Corporate Edition 7.60.build 926 |
Multiple Vendor Anti-Virus Scanner Remote Denial of Service |
Low |
SB04-175 |
Multiple Vendors
Linksys
Microsoft
NetGeat
Linksys BEFSR41 v1-v3, Router 1.0 5.00, 1.35, 1.36, EtherFast BEFSR41 Router 1.37, 1.38, 1.39, 1.40.2, 1.41, 1.42.3, 1.42.7, 1.43, 1.43.3, 1.44, 1.45.7;
Microsoft MN-500; NetGear FVS318 1.0, 1.1-1.3
|
Multiple Vendor Broadband Router Web-Based Administration Denial of Service |
Low |
SB04-189 |
Multiple Vendors
Cisco Systems Call Manager, IP Interactive Voice Response (IP IVR), IP Call Center Express (IPCC Express), Personal Assistant (PA), Emergency Responder (CER), Confer-enc Connection (CCC), Internet Service Node (ISN) running on an IBM with an affected OS version; IBM X330 (8654 or 8674), X340, X342, X345, MCS-7815-1000, MCS-7815I-2.0, MCS-7835I-2.4, MCS-7835I-3.0 |
Cisco Voice Product IBM Director Agent Unauthorized Remote Administrative Access & Remote Denial of Service |
Low/High
(High if administrative access can be obtained) |
CyberNotes-2004-02 |
Multiple Vendors
IEEE 802.11 wireless networking protocol |
IEEE 802.11 wireless network protocol DSSS CCA algorithm vulnerable to denial of service
CVE Name:
CAN-2004-0459
|
Low |
SB04-147 |
Multiple Vendors
Kaspersky AntiVirus for Linux 5.0.1.0, Trend Micro InterScan VirusWall 3.8 Build 1130, McAfee Virus Scan for Linux v4.16.0 |
Multiple Vendor bzip2 Remote Denial of Service |
Low |
CyberNotes-2004-02 |
Multiple Vendors
Metamail 2.7 & prior;
RedHat Advanced Work-station for the Itanium Processor 2.1, Enterprise Linux WS 2.1, ES 2.1, AS 2.1
|
|
High |
SB04-077
SB04-058 |
Multiple Vendors
Microsoft Internet Explorer 6, Microsoft Outlook Express 6,
Apple Safari 1.2.3 (v125.9) |
Multiple Web Browsers TABLE Elements Interpretation
|
Medium |
SB04-315 |
Multiple Vendors
Microsoft Internet Explorer 6.0
Apple Safari 1.2.3 (v125.9) |
Multiple Web Browsers Font Tag Denial Of Service
|
Low |
SB04-315 |
Multiple Vendors
Mozilla Browser 1.7.2, 1.7.3, Camino 0.8, Firefox 0.10.1; Netscape Navigator 7.2 |
Multiple Vendors Browser Cross-Domain Dialog Box Spoofing |
Medium |
SB04-301 |
Multiple Vendors
Samba 3.0 - 3.0.7; RedHat Advanced Workstation for the Itanium Processor 2.1, IA64, Desktop 3.0, Enterprise Linux WS 3, WS 2.1 IA64, 2.1, ES 3, 2.1 IA64, 2.1, AS 3, 2.1 IA64, 2.1; Ubuntu Linux 4.1 ppc, ia64, ia32 |
|
High |
SB04-329
SB04-322 |
Multiple Vendors
Simon Tatham PuTTY 0.48- 0.55;
TortoiseCVS TortoiseCVS 1.8 |
PuTTY Remote SSH2_MSG_DEBUG Remote Buffer Overflow |
High |
SB04-308 |
Multiple Vendors
Voice over Internet Protocol (VoIP) devices & software; Video conferencing equipment & software; Session Initiation Protocol (SIP) devices & software; Media Gateway Control Protocol (MGCP) devices & software; other networking equipment that may process H.323 traffic (e.g., routers and firewalls) |
Multiple Vendor H.323 Protocol Implementation Vulnerabilities
CVE Name:
CAN-2003-0819 |
Low/High
(Low if a DoS; High if arbitrary code can be executed) |
|
| Multiple Vendors
Mozilla Browser 1.0-1.4.2
|
Mozilla Browser Cookie Path Restriction Bypass Vulnerability
CVE Name:
CAN-2003-0594
|
Low |
SB04-147 |
Multiple Vendors
Active state ActivePerl 5.6.1 .630, 5.6.1- 5.6.3, 5.7.1- 5.7.3, 5.8-5.8.3, 5.9 dev; Larry Wall Perl 5.0 05_003, 5.0 05, 5.0 04_05, 5.0 04, 5.0 03, 5.6, 5.6.1, 5.8, 5.8.3 |
Perl ‘win32_stat()’ Function Remote Buffer Overflow
CVE Name:
CAN-2004-0377
|
|
SB04-105 |
Multiple Vendors
Agnitum Outpost Firewall 2.1, 2.5;
ATGuard ATGuard Personal Firewall 3.2;
Check Point Software FireWall-1 Next Generation FP0-FP3, VPN-1 Next Generation FP0-FP2;
Internet Security Systems BlackICE PC Protection 3.6 cch, ccg, ccf, cce, ccd, ccc, ccb, cca, cbz, cbr, cbd, cno, cbz;
Kerio Personal Firewall 4.0.6-4.0.10, 4.0.16;
Microsoft Windows XP Home SP2, XP Professional SP2;
Tiny Firewall Pro 6.0.100;
Zone Labs ZoneAlarm Pro with Web Filtering 4.5.594 |
Multiple Vendor Content Filtering Bypass
|
High |
SB04-308 |
Multiple Vendors
AJ-Fork AJ-Fork 16-;
CutePHP CuteNews 0.88, 1.3-1.3.2, 1.3.6 |
AJ-Fork Insecure Default Permissions |
Medium |
SB04-287
SB04-280 |
Multiple Vendors
Apple Safari 1.0, 1.1;
KDE Konqueror 2.x, 3.x, Embedded 0.1;
Microsoft Internet Explorer 5.0.1, SP1-SP4, 5.5 SP1&SP2, 6.0, SP1; Opera Software Opera Web Browser 5.x, 6.x, 7.x; RedHat Advanced Work-station for the Itanium Processor 2.1, Enterprise Linux WS 2.1, ES 2.1, AS 2.1, RedHat kdelibs-3.1-10.i386. rpm, kdelibs-devel-3.1-10.i386. rpm |
Multiple Vendor Internet Browser Cookie Path Argument Restriction Bypass |
Medium |
SB04-077 |
Multiple Vendors
Archive::Zip 1.13,
F-Secure Anti-Virus for Microsoft Exchange 6.30, 6.30 SR1, and 6.31,
Computer Associates,
Eset,
Kaspersky,
McAfee,
Sophos,
RAV |
|
High |
SB04-343
SB04-329
SB04-322
SB04-315 |
Multiple Vendors
Axis Communications 2100 Network Camera 2.0-2.03, 2.12, 2.30-2.34, 2.40, 2.41, 2110 Network Camera 2.12, 2.30-2.32, 2.34, 2.40, 2.41, 2120 Network Camera 2.12, 2.30-2.32, 2.34, 2.40, 2.41, 2400+ Video Server 3.11, 3.12, 2401 Video Server 3.12, 2420 Network Camera 2.12, 2.30-2.34, 2.40, 2.41, 2460 Digital Video Recorder 3.12;
dnrd dnrd 1.0-1.4, 2.0-2.10; Don Moore MyDNS 0.6 ,x, 0.7 ,x, 0.8 ,x, 0.9 ,x 0.10 .0;
Posadis Posadis m5pre1&2, 0.50.4-0.50.9, 0.60 .0, 0.60.1 |
Multiple Vendor DNS Remote Denial of Service
CVE Name:
CAN-2004-0789
|
Low |
SB04-329
SB04-322 |
Multiple Vendors
Brocade Fabric OS 2.1.2, 2.2, 3.1, SilkWorm 3200, 3250, 3800, 3850, 3900, SilkWorm Fiber Channel Switch 2010, 2040, 2050;
Engenio 2822 Storage Controller, 2882 Storage Controller, 4884 Storage Controller, 5884 Storage Controller; IBM DS4100;
Storagetek D280 |
Engenio Storage Controller Remote Denial Of Service |
Low |
SB04-252 |
Multiple Vendors
Coppermine Photo Gallery 1.0 RC3, 1.1 beta 2, 1.1 .0, 1.2, 1.2.1, 1.2.2 b;
Francisco Burzi PHP-Nuke 6.9, 7.0, FINAL, 7.1, 7.2
|
Photo Gallery Multiple Input Validation Vulnerabilities |
Medium/ High
(High if arbitrary code can be executed)
|
SB04-133 |
Multiple Vendors
CVSTrac 1.1-1.1.4; OpenPKG Current, 2.1, 2.2 |
|
High |
SB04-357 |
Multiple Vendors
Debian Linux 3.0 spar, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, alpha; Ethereal Group Ethereal 0.9-0.9.16, 0.10-0.10.7
|
|
Low/High
(High if arbitrary code can be executed)
|
SB04-357 |
Multiple Vendors
Double Precision Incorporated Courier MTA 0.43, 0.43.1, 0.43.2, 0.44, 0.44.2, SqWeb Mail 3.5.2, 3.5.3, 3.6.0- 3.6.2;
Inter7 Courier-IMAP 1.6, 1.7, 2.0 .0, 2.1-2.1.2, 2.2 .0, 2.2.1
|
Courier Multiple Remote Buffer Overflows
|
High |
SB04-077 |
Multiple Vendors
Eudora Qpopper 3.1.2; Ipswitch IMail 6.0.6; ProFTPD Project ProFTPD 1.2-1.2.9; RhinoSoft Serv-U 3.0;
Washington University wu-ftpd 2.4.1, 2.4.2 VR17, 2.4.2 VR16, 2.5 .0, 2.6.0-2.6.2 |
Multiple Vendor Server Response Filtering |
Medium |
SB04-322 |
Multiple Vendors
Francisco Burzi PHP-Nuke 6.0, 6.5, BETA 1, FINAL, RC1-RC3, 6.6, 6.7, 6.9, 7.0, FINAL, 7.1; phpBB Group phpBB 2.0 .0, Beta 1, RC1-RC4, 2.0.1- 2.0.8 |
PHPBB 'privmsg.php' Arbitrary Code Execution |
|
SB04-091 |
Multiple Vendors
Gentoo Linux 0.5, 0.7, 1.1 a, 1.2, 1.4, _rc1-rc3;
PHP PHP 4.0-4.0.7, 4.1.0-4.1.2, 4.2.0-4.2.3, 4.3-4.3.8, 5.0.0, 5.0.1 |
PHP PHP_Variables Remote Memory Disclosure |
Medium |
SB04-287 |
Multiple Vendors
Gentoo Linux;
Pavuk Pavuk 0.9pl28i, 0.928 r1&r2, 0.9 pl30b, 0.9 pl28 |
|
High |
SB04-322 |
Multiple Vendors
HP Carrier Grade Server cc2300 A6899A, A6898A, cc3300 A6901A, A6900A, cc3310 A9863A, A9862A;
Intel Server Management 5.x,
Intel Server Control 3.x
|
Intel LAN Management Server Setup Utilities Configuration |
Medium |
SB04-105 |
Multiple Vendors
HP HP-UX B.11.23, 11.11, 11.00;
Mozilla Network Security Services (NSS) 3.2, 3.2.1, 3.3-3.3.2, 3.4-3.4.2, 3.5, 3.6, 3.6.1, 3.7-3.7.3, 3.7.5, 3.7.7, 3.8, 3.9; Netscape Certificate Server 1.0 P1, 4.2, Directory Server 1.3, P1&P5, 3.12, 4.1, 4.11-.4.13, Enterprise Server 2.0 a, 2.0, 2.0.1 C, 3.0 L, 3.0, 3.0.1 B, 3.0.1, 3.1, 3.2, 3.5, 3.6, SP1-SP3, 3.51, 4.0, 4.1, SP3-SP8, Enterprise Server for NetWare 4/5 3.0.7 a, 4/5 4.1.1, 4/5 5.0, Enterprise Server for Solaris 3.5, 3.6,
Netscape Personalization Engine; Sun ONE Application Server 6.0, SP1-SP4, 6.5, SP1 MU1&MU2, 6.5 SP1, 6.5 MU1-MU3, 7.0 UR2 Upgrade Standard, 7.0 UR2 Upgrade Platform, Standard Edition, Platform Edition, 7.0 UR1 Standard Edition, Platform Edition, 7.0 Standard Edition, Platform Edition, Certificate Server 4.1, Directory Server 4.16, SP1, 5.0, SP1&SP2, 5.1 x86
SP3 x86, 5.1, SP1-SP3, 5.2, Web Server 4.1, SP1-SP14, 6.0, SP1-SP7, 6.1 |
NSS Buffer Overflow |
High |
SB04-308
SB04-266
SB04-252
SB04-245 |
Multiple Vendors
IBM Trading Partner Interchange (TPI) 4.2.1, 4.2.2;
Jetty Jetty 3.1.6, 3.1.7, 4.1 .0RC4, 4.1 .0, 4.1.1, 4.2.4-4.2.7, 4.2.9, 4.2.11, 4.2.12, 4.2.14-4.2.19 |
Jetty Directory Traversal |
Medium |
SB04-287 |
Multiple Vendors
Linux kernel 2.4.0-test1-test12, 2.4.1-2.4.27;
Microsoft Windows 2000 Advanced Server, SP1-SP4,
2000 Datacenter Server, SP1-SP4, 2000 Professional, SP1-SP4, 2000 Server, SP1-SP4, XP Home, SP1&SP2, XP Professional, SP1&SP2 |
Multiple Vendor TCP Packet Fragmentation Handling Denial of Service |
Low |
SB04-280 |
Multiple Vendors
Linux Kernel USB Driver prior to 2.4.27 |
|
Medium |
SB04-301 |
Multiple Vendors
Macro-media Cold Fusion MX 6.0, 6.1, J2EE 6.0, J2EE 6.1, JRun 4.0, SP1a & SP1, 4.0 build 61650;
Sun ONE Application Server 7.0 UR2 Upgrade Standard, Upgrade Platform, Standard Edition, Platform Edition, 7.0 UR1 Standard Edition, Platform Edition, 7.0 Standard Edition, Platform Edition
|
Multiple Vendor SOAP Server Remote Denial of Service
|
Low |
SB04-091 |
Multiple Vendors
Microsoft Internet Explorer 6.0, SP1&SP2; Mozilla Firefox 0.8, 0.9 rc, 0.9-0.9.3, 0.10, 0.10.1;
Netscape Navigator 7.0, 7.0.2, 7.1, 7.2, Netscape 7.0 |
Multiple Browser IMG Tag Multiple Vulnerabilities |
Low/Medium
(Medium if sensitive information can be obtained)
|
SB04-322 |
Multiple Vendors
Microsoft Internet Explorer 6.0, SP1&SP2; Mozilla Firefox 0.9.2
|
|
Medium |
SB04-266 |
Multiple Vendors
Mozilla Browser M16, M15, 0.8, 0.9.2 .1, 0.9.2-0.9.9, 0.9.35, 0.9.48, 1.0 RC1&RC2, 1.0-1.0.2, 1.1 Beta, Alpha, 1.1, 1.2 Beta, Alpha, 1.2, 1.2.1, 1.3, 1.3.1, 1.4 b, 1.4 a, 1.4-1.4.2, 1.5, 1.5.1, 1.6, 1.7 rc1-rc3, beta, alpha, 1.7-1.7.3, 1.8 Alpha 1-Alpha 4, Firebird 0.5, 0.6.1, 0.7, Firefox Preview Release, 0.8, 0.9 rc, 0.9-0.9.3, 0.10, 0.10.1, 1.0;
Netscape Navigator 3.0 4, 4.0 x, 4.0 7, 4.06, 4.0.8, 6.0, 7.0, 7.0.2, 7.1, 7.2 |
Mozilla/Netscape/ Firefox Browsers JavaScript IFRAME Rendering Denial of Service
|
Low |
SB04-350 |
Multiple Vendors
Multiple (See advisory
located at:
http://www.uniras.gov.uk/vuls/2004/236929/
index.htm
for complete list)
|
Multiple Vendor TCP Sequence Number Approximation
CVE Name:
CAN-2004-0230
|
Low/ High
(High if arbitrary code can be executed)
|
SB04-280
SB04-133
SB04-119
|
Multiple Vendors
Netscape Enterprise Server for NetWare 4/5 3.0.7 a, 4.1.1, 5.0; Novell Netware 5.1, SP4-SP6, 6.0, SP1-SP3
|
NetWare Perl Handler Cross-Site Scripting |
|
SB04-105 |
MyServer.org
MyServer 0.6.2 |
MyServer Bugs in math_sum.mscgi May Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting Attacks |
High |
SB04-217 |
myserverproject.net
MyServer 0.7
|
MyServer Directory Traversal |
Medium |
SB04-266 |
myserverproject.net
MyServer 0.7.1 |
MyServer HTTP POST Request Remote Denial of Service |
Low |
SB04-273 |
MySQL AB
MaxDB 7.5 .00.18, 7.5 .00.11-7.5.00.16, 7.5.00.08 |
|
Low/High
(High if arbitrary code can be executed)
|
SB04-350 |
MySQL AB
MaxDB 7.5.00.16, 7.5.00.15, 7.5.00.14, 7.5.00.12, 7.5.00.11, 7.5.00.08, SAP DB 7.5 |
MySQL MaxDB WebDBM Server Name Denial of Service
CVE Name:
CAN-2004-0931
|
Low |
SB04-287 |
MySQL AB
MySQL 4.1.3 -beta, 4.1.4 |
MySQL Bounded Parameter Statement Execution Remote Buffer Overflow |
Low/High
(High if arbitrary code can be executed)
|
SB04-280 |
MySQL.com
MySQL 3.x, 4.x
|
|
Low/ Medium
(Low if a DoS; and Medium if security restrictions can be bypassed)
|
SB04-287 |
Nadeo
Track Mania Demo, Virtual Skipper 3 |
Nadeo Game Engine Remote Denial of Service
|
Low |
SB04-058 |
Nagl
XOOPS Dictionary Module 1.0 |
XOOPS Dictionary Cross-Site Scripting |
High |
SB04-252 |
Native Solutions
TBE Banner Engine
5.0
|
TBE Banner Engine Server Remote Code Execution |
High |
CyberNotes-2004-03 |
NCipher
PayShield 1.3.12, 1.5.18, 1.6.18 |
nCipher payShield SPP Library Bad Request Verification |
Medium |
CyberNotes-2004-02 |
| nCipher
netHSM 2.0, 2.1
|
netHSM Logged Passphrase Information Disclosure |
Medium |
SB04-189 |
nCipher
nShield 1.71.11, 1.71.15, 1.71.90, 1.75.15, 1.77.9, 1.77.93, 1.77.97, 1.79.12, 1.79.80, 1.79.81, 2.0, 2.0.4, 2.12, 2.12.2 |
nCipher HSM Firmware Secret Data Disclosure
|
Medium |
SB04-077 |
Netcordia
Chesapeake TFTP Server 1.0 |
Netcordia Chesapeake TFTP Server Directory Traversal & Remote Denial of Service |
Low/Medium
(Medium if sensitive information can be obtained)
|
SB04-308 |
| Netegrity
IdentityMinder Web Edition 5.6, SP1&SP2, Policy Server 5.5
|
IdentityMinder Cross-Site Scripting |
High |
SB04-189 |
Netegrity
Side Minder Affiliate Agent 4.0 |
SiteMinder Affiliate Agent ‘SMPROFILE’ Cookie Remote Buffer Overflow
CVE Name:
CAN-2004-0425
|
|
SB04-119 |
Netgear
DG834 ADSL Firewall Router |
Netgear DG834 ADSL Firewall Router Multiple Vulnerabilities |
Low/ Medium
(Medium if access restrictions can by bypassed)
|
SB04-322 |
NetGear
ProSafe Dual Band Wireless VPN Firewall FWAG114 |
NetGear ProSafe Dual Band Wireless VPN Firewall Default SNMP Community String |
Medium |
SB04-315 |
| NetGear
RP114 3.26
|
Netgear RP114 Content Filter Bypass |
Medium/ High
(High if arbitrary code can be executed)
|
SB04-161 |
| NetGear
WG602 Access Point Firmware 1.04.0, 1.7.14
|
Netgear WG602 Wireless Access Point Default Backdoor Account |
High |
SB04-161 |
| Netscape
Navigator 7.1
|
Netscape Navigator Embedded Image URI Obfuscation Weakness |
Low |
SB04-147 |
Netscape
Netscape Web Mail |
Netscape Web Mail 'msglist.adp' Cross-Site Scripting |
High |
SB04-301 |
NetScreen
NetScreen Security Manager 2004 |
NetScreen Security Manager Insecure Communications Encryption |
Medium |
CyberNotes-2004-02 |
NetScreen
NetScreen-SA 5000 Series |
NetScreen SA 5000 Series Cross-Site Scripting |
High |
SB04-077 |
NetWin Limited
SurgeFTP 2.2k1 |
SurgeFTP Remote Denial of Service
|
Low |
CyberNotes-2004-03 |
| NetWin
SurgeMail 1.8 g3, 1.8 e, 1.8 d, 1.8 b3, 1.8 a, 1.9 b2, 1.9, 2.0 a2,
WebMail 3.1 d
|
NetWin SurgeMail/ WebMail Multiple Input Validation
|
Medium/ High
(High if arbitrary code can be executed)
|
SB04-175 |
NetWin
Surge LDAP 1.0g, 1.0e, 1.0 d |
SurgeLDAP User.CGI Directory Traversal |
Medium |
SB04-119 |
NetWin
SurgeMail 2.x, 1.x |
NetWin SurgeMail Unspecified Webmail Security Issue |
Not Specified |
SB04-364 |
Network Everywhere
NR041 1.2 Release 03 |
Network Everywhere Router Remote Script Injection |
High |
SB04-245 |
Niti Telecom
Caravan Business Server 2.00/03D & prior |
Caravan Business Server Remote Directory Traversal
|
Medium |
CyberNotes-2004-03 |
Nokia
Nokia 6310i |
Nokia OBEX Remote Denial of Service
|
Low |
SB04-058 |
Nokia
Nokia IPSO 3.5, 3.5.1, 3.6, 3.7, 3.7.1, 3.8 |
Nokia IPSO Denial of Service Vulnerability |
Low |
SB04-231 |
Nortel Networks
WLAN Access Point 2225, 2221, 2220 |
Nortel Wireless LAN Access Point 2200 Series Remote Denial of Service
|
Low |
SB04-077 |
Novell
iChain Server 2.3 |
iChain Multiple Unspecified Remote Vulnerabilities |
Low/Medium/High
(Low if a DoS; Medium if sensitive information can be obtained; and High if arbitrary code can be executed)
|
SB04-245 |
Novell
iChain Server 2.x |
iChain Web Server Cross-Site Scripting |
High |
CyberNotes-2004-02 |
| Novell
iChain Server 2.2 SP1, 2.2 FP1a, 2.2 FP1, 2.2, 2.3
|
Novell iChain Cross-Site Scripting |
High |
SB04-175 |
| Novell
Netware 5.x-6.x
|
Novell NetWare TCP Connection Reset Denial of Service |
Low |
SB04-147 |
Novell
Group wise 6.0, SP1-SP4, 6.5, SP1& SP2 |
Novell GroupWise WebAccess Unauthorized Access |
Medium |
SB04-091 |
Novell
Group Wise 6.5 |
GroupWise Webacc Cross-Site Scripting |
High |
CyberNotes-2004-03 |
Novell
NetMail 3.x
|
Novell NetMail Default Authentication Credentials |
Medium |
SB04-343 |
Novell
Netware 5, 5.1, 6.0, 6.5 |
Novell NetWare Console Screen Saver Authentication |
Medium |
SB04-350 |
Novell
Netware 6.5 SP1.1(a) |
NetWare Admin/Install Password Disclosure |
Medium |
SB04-091 |
Novell
NetWare Enterprise Server 5.x, 6.x |
NetWare Enterprise Web Server Multiple Vulnerabilities |
Medium/ High
(High if arbitrary code can be executed)
|
CyberNotes-2004-03 |
Novell
Nsure Identity Manager 2.0 |
Nsure Identity Manager Password Hint Plaintext Storage |
Medium |
SB04-119 |
NTSOFT
BBS E-Market Professional |
BBS e-Market Professional Vulnerabilities |
Medium/High
(High if arbitrary code can be executed)
|
SB04-259 |
Nucleus CMS
Nucleus CMS 3.1 |
Nucleus CMS Multiple Input Validation |
High |
SB04-322 |
Nuked-Klan
Nuked-Klan 1.2 beta, 1.2, 1.3 beta, 1.3, 1.4, 1.5 SP2, 1.5 |
NuKed-Klan Cross-Site Scripting |
High |
SB04-336 |
nuked-klan.org
NuKed-KlaN |
NuKed-KlaN Cross-Site Scripting |
High |
SB04-322 |
Nuked-Klan
Nuked-Klan 1.2, 1.2 beta, 1.3 , 1.3 beta, 1.4, 1.5, SP2 |
Nuked-Klan Multiple Vulnerabilities |
Low/ Medium/ High
(Low if a DoS; Medium is sensitive information can be obtained; and High if arbitrary code can be executed)
|
SB04-119 |
nzeo
Zeroboard 4.1pl4 and prior |
nzeo Zeroboard Input Validation Holes in out_login.php and write.php |
High |
SB04-364 |
ocportal.com
Ocportal Web Content Management System 1.0-1.0.3 |
ocPortal 'index.php' Remote Code Execution |
High |
SB04-294 |
Open Source Development Network
PlaySMS - SMS Gateway, versions prior to 0.7 |
PlaySMS SMS Gateway SQL and Command Injection Vulnerabilities |
High |
SB04-203
|
Open Source Development Network
OpenDocMan 1.x |
OpenDocMan "commitchange.php" Unauthorized Commitment of Changes |
Medium |
SB04-217 |
Open Text Corporation
FirstClass 7.1 |
FirstClass Local File Reference
CVE Name:
CAN-2004-0037 |
High |
CyberNotes-2004-01 |
Open Text Corporation
FirstClass 7.1 |
FirstClass Restriction Bypass & Code Execution |
High |
CyberNotes-2004-03 |
OpenBB
OpenBB 1.0 .0 beta1, RC1-RC3, 1.0.5, 1.0.6 |
OpenBB Multiple Input Validation Vulnerabilities |
Medium/ High
(High if arbitrary code can be executed)
|
SB04-133 |
OpenBB
OpenBB 1.0.6 |
OpenBB MyHome.PHP SQL Injection |
Medium |
SB04-105 |
opendchub.sourceforge. net
Open DC Hub Direct Connect Peer-to-peer Client 0.7.14 |
Open DC Hub Remote Buffer Overflow |
High |
SB04-350
SB04-336 |
OpenRDF.org
Sesame RDF container 1.0,
PRE-1 -PRE4
|
Sesame Unauthorized Repository Access |
Medium |
SB04-133 |
openwfe.org
Work Flow Engine 1.4-1.4.5 |
OpenWFE Remote Cross-Site Scripting & Connection Proxy |
Medium/
High
(High if arbitrary code can be executed)
|
SB04-308 |
Opera Software
Opera Web Browser 5.0 2 win32, 5.0 Mac, 5.0 Linux, 5.1 0-5.12 win32, 5.1, 6.0 win32, 6.0 6, 6.0.6win32, 6.0, 6.0.1 win32, 6.0.1 linux, 6.0.1, 6.0.2 win32, 6.0.2 linux, 6.0.3 win32, 6.0.3 linux, 6.0.4 win32, 6.0.5 win32, 6.10 linux, 7.0 win32 Beta 1&2, 7.0 win32, 7.03win32, 7.0 2win32, 7.0 1win32, 7.10, 7.11 j, 7.11 b, 7.11, 7.20 Beta 1 build 2981, 7.20-7.23, 7.50-7.54 |
Opera Web Browser Infinite Array Sort Remote Denial of Service |
Low |
SB04-336 |
Opera Software
Opera Web Browser 7.0 win32, Beta 1 & Beta2,
Opera Software Opera Web Browser 7.0 1win32-7.03win32, 7.10, 7.11 j, 7.11 b, 7.11, 7.20 Beta 1 build 2981, 7.20-7.23, 7.50-7.53 |
Opera Web Browser Name Spoofing |
Medium |
SB04-350 |
Opera Software
Opera Web Browser 7.23 |
Opera Embed Tag Remote Denial of Service |
Low |
SB04-252 |
Opera Software
Opera Web Browser 7.52, 7.53 |
Opera Web Browser Resource Detection |
Medium |
SB04-245 |
Opera Software
Opera Web Browser 7.54 |
Opera Web Browser Remote Window Hijacking
CVE Name:
CAN-2004-1157
|
Medium |
SB04-350 |
Opera Software
Opera 7.53 |
Opera Browser Spoofing Vulnerability |
|
SB04-231 |
Opera Software
Opera Web Browser 6.0 win32, 6.0 6, 6.0.6win32, 6.0, 6.0.1-6.0.5 win32, 6.0.1-6.0.3 linux, 6.10 linux, 7.0 win32 Beta 1&2,
7.0 -7.0.3 win32, 7.10, 7.11 j, 7.11 b, 7.11, 7.20 Beta 1 build 2981, 7.20-7.23, 7.50-7.54 |
Opera TBODY COL SPAN Memory Corruption |
Low/ High
(High if arbitrary code can be executed)
|
SB04-301 |
Opera Software
Opera Web Browser 7.0 3win32 |
Opera Web Browser Remote IFRAME Denial of Service |
Low |
SB04-105 |
Opera Software
Opera Web Browser 7.22, 7.23 |
Opera Web Browser Large JavaScript Array Remote Denial of Service |
Low |
SB04-091 |
Opera Software
Opera Web Browser 7.54 |
Opera Web Browser Cross-Domain Dialog Box Spoofing |
Medium |
SB04-301 |
Opera Software
Opera Web Browser 7.54 |
Opera Web Browser Java Implementation Multiple Remote Vulnerabilities |
Low/ Medium
(Medium if sensitive information can be obtained)
|
SB04-329 |
| Opera
Opera Web Browser 7.23
|
Opera Telnet URI Handler File Creation/Truncation Vulnerability
CVE Name:
CAN-2004-0473
|
High |
SB04-147 |
Opera
Opera Web Browser prior to 7.50
|
Opera Web Browser URL Redirect Error Lets Remote Users Spoof the Status Bar Address |
Medium |
SB04-147 |
| Oracle Corporation
Oracle Applications 11.0, E-Business Suite 11.0, E-Business Suite 11i 11.5.1-11.5.8
|
Oracle E-Business Suite Multiple Input Validation |
High |
SB04-161 |
Oracle Corporation
Application Server Web Cache 10g 9.0.4.0, Oracle9i Application Server Web Cache 2.0.0.4, 9.0.2 .3, 9.0.2 .2, 9.0.3 .1 |
Oracle Application Server Web Cache Multiple Unspecified |
|
SB04-091 |
Oracle Corporation
Oracle9i Application Server 1.0.2 .2, 9.0.3 .1, 9.0.3, Enterprise Edition 9.0.1 .4, 9.2 .0.2, Personal Edition 9.0.1 .4, 9.2 .0.2, Standard Edition 9.0.1 .4, 9.2 .0.2 |
Oracle 9i Application/Database Server Remote Denial of Service
|
Low |
SB04-091
SB04-077 |
Oracle Corporation
Oracle9i Enterprise Edition 9.0.1 .4, 9.2 .0.4, 9.2 .0.3, Personal Edition 9.0.1 .4, 9.2 .0.4, 9.2 .0.3, Standard Edition 9.0.1 .4, 9.2 .0.4, 9.2 .0.3 |
Oracle9i Database Server Unspecified Security Vulnerabilities |
Low |
SB04-077 |
Oracle Corporation
Oracle9i Lite 5.0.2.9.0, 5.0 .2.0.0, 5.0 .1.0.0, 5.0 .0.0.0 |
Oracle9i Lite Multiple Unspecified Vulnerabilities |
Medium |
SB04-077 |
Oracle Corporation
Single Sign-On |
Single Sign-On Customized Login Page Information Disclosure |
Medium |
SB04-105 |
| osCommerce
osCommerce 2.1-2.2 cvs
|
osCommerce Directory Traversal Flaw in 'admin/file_manager.php' Discloses Files to Remote Authenticated Administrators |
High |
SB04-147 |
OsCommerce
OsCommerce 2.2 ms1 |
osCommerce manufacturers_id Parameter Cross-Site Scripting |
High |
CyberNotes-2004-01 |
OsCommerce
OsCommerce 2.2 ms1 |
osCommerce SQL Injection |
High |
CyberNotes-2004-01 |
OsCommerce
OsCommerce 2.2, ms1 & ms2 |
osCommerce ‘osCsid‘ Cross-Site Scripting |
High |
CyberNotes-2004-01 |
OSI Codes Inc.
PHP Live! 2.8.1 |
PHP Live! Unspecified Remote Configuration File Include |
Not Specified |
SB04-350 |
OSTicket.com
osTicket STS 1.2
|
OSTicket Multiple Vulnerabilities |
Medium/ High
(High if arbitrary code can be executed; and Medium is sensitive information can be obtained)
|
SB04-189 |
Outblaze
Outblaze E-mail |
Outblaze E-mail Javascript Filtering Error |
High |
SB04-203 |
Pablo Hernandez
GFHost 0.2 |
Pablo Hernandez GFHost Cross-Site Scripting & Server-Side Script Execution |
High |
SB04-329
SB04-322 |
Pablo Software Solutions
Pablos FTP Server 1.77 |
Pablos FTP Server Information Disclosure |
Medium |
CyberNotes-2004-02 |
ParaChat Group
ParaChat Server 5.5 |
ParaChat Server Directory Traversal |
Medium |
SB04-280 |
| Pawel Jaczewski
JPortal Web Portal 2.2.1
|
JPortal‘Print.php’ SQL Injection
|
High |
SB04-161 |
paystream.
sourceforge.net
AudienceConnect RemoteEditor prior to 0.1.1 |
AudienceConnect RemoteEditor Oversized Submission |
Not Specified |
SB04-322 |
paystream.
sourceforge.net
AudienceConnect RemoteEditor prior to 0.1.6 |
AudienceConnect RemoteEditor Unauthorized Access |
Medium |
SB04-322 |
paystream.sourceforge.
net
AudienceConnect SecureEditor
|
AudienceConnect SecureEditor Unauthorized Access |
Medium |
SB04-315 |
PBLang-Team
PBLang 4.x |
PBLang Multiple Security Flaws |
Not Specified |
SB04-301 |
Pegasi Web Server
Pegasi Web Server 0.2.2 |
Pegasi Web Server Multiple Input Validation |
Medium/ High
(High if arbitrary code can be executed)
|
SB04-077 |
PeopleSoft
PeopleSoft HRMS 7
|
PeopleSoft Human Resources Management System (HRMS) Cross-Site Scripting |
High |
SB04-273 |
Phorum
Phorum 5.0.11 |
Phorum Cross-Site Scripting & SQL Injection |
High |
SB04-308 |
Phorum
Phorum 5.0.3 BETA, 5.0.7 BETA, 5.0.9-5.0.12 |
Phorum 'follow.php' Input Validation
|
High |
SB04-322 |
| Phorum
4.3.7
|
Phorum Sessions Can Be Hijacked By Remote Users |
Medium |
SB04-147 |
Phorum. org
Phorum 3.4.5 & prior |
Phorum Multiple Cross-Site Scripting/ HTML Injection
CVE Names:
CAN-2004-0034
CAN-2004-0035 |
High |
CyberNotes-2004-01 |
Phorum
Phorum 3.1-3.1.2, 3.2-3.2.8, 3.3.1- 3.3.2, 3.4- 3.4.6, 5.0.3 BETA |
Phorum Multiple Module Cross-Site Scripting
|
|
SB04-091 |
PhotoADay.net
PhotoADay |
PhotoADay Pad_selected Parameter Cross-Site Scripting |
High |
SB04-245 |
PHP Foundry
Jetbox One 2.0.8 |
JetBoxOne CMS Arbitrary File Upload Vulnerability
JetBoxOne Leaves Account Database Unencrytped |
High |
SB04-231 |
PHP Group
Apple
Caldera
Conectiva
Debian
Engarde
FreeBSD
Gentoo
HP
IBM
Mandrake
OpenPKG
RedHat
Slackware
Sun Microsystems
SuSE
Trustix
PHP 3.0, 3.0 .13- 3.0 .18, 3.0.1-3.0.13, 3.0.16, 4.0, 4.0.1 pl1&pl2, 4.0.1-4.0.7, RC1-RC3, 4.1.0-4.1.2, 4.2 .0, 4.2 –dev, 4.2.1-4.2.3, 4.3-4.3.3, 4.3.6, 5.0 candidate 1 & 2
|
PHP ‘include()’ function Remote Command Execution
|
High |
SB04-161 |
PHP Group
PHP 4.0-4.0.7, 4.0.7 RC1-RC3, 4.1 .0-4.1.2, 4.2 .0-4.2.3, 4.3-4.3.8, 5.0 candidate 1-3, 5.0 .0-5.0.2 |
PHP cURL Open_Basedir Restriction Bypass |
Medium |
SB04-308 |
PHP Group Ware ,
PHP Group Ware 0.9.14. 006, 0.9.16 RC1, & prior |
PHPGroup Ware Multiple SQL Injection
CVE Name:
CAN-2004-0016
CAN-2004-0017 |
High |
CyberNotes-2004-02 |
PHP Group
PHP 4.3.7 and prior versions;
5.0.0RC3 and prior versions |
|
High |
SB04-203 |
PHP Group
PHP 4.3.6-4.3.9, 5.0 candidate 1-canidate 3, 5.0 .0-5.0.2 |
|
Medium/High
(High if arbitrary code can be executed)
|
SB04-357 |
PHP Group
PHP 5.0 - 5.0.1
|
PHP 'phpinfo()' Function Information Disclosure |
Medium |
SB04-266 |
Phpbb Group
phpbb |
phpBB Privmsg.PHP Cross-Site Scripting |
High |
CyberNotes-2004-01 |
phpBB Group
PhpBB 2,x |
phpBB GroupCP.PHP Arbitrary SQL Injection |
High |
CyberNotes-2004-01 |
phpBB Group
PhpBB 2.0.6 |
phpBB ‘search.php’ Input Validation |
High |
CyberNotes-2004-01 |
phpBB Group
phpBB 2.0.7 a, 2.0.7 |
PHPBB IMG Tag HTML Injection
|
High |
SB04-357 |
phpBB Group
phpBB 2.0.8 |
phpBB Input Validation Holes |
High |
SB04-203
|
phpBB Group
phpBB 1.0 .0, 1.2 .0, 1.2.1, 1.4 .0-1.4.2, 1.4.4, 2.0 .0, rc1-rc4, Beta 1, 2.0.1-2.0.10 |
PHPBB Admin_cash.PHP Remote PHP File Include |
|
SB04-336
SB04-329 |
phpBB Group
phpBB 1.0 .0, 1.2.0-1.2.1, 1.4.0-1.4.2, 1.4.4, 2.0.0, 2.0 Beta 1, 2.0 RC1-RC4, 2.0.1- 2.0.7 |
phpBB Multiple Input Validation Vulnerabilities |
|
SB04-091 |
phpBB Group
phpBB 1.0.0, 1.2.0, 1.2.1, 1.4.0- 1.4.2, 1.4.4, 2.0.0, 2.0 Beta 1, 2.0 RC1-RC4, 2.0.1- 2.0.6 |
PHPBB ‘Search.PHP’ SQL Command Injection |
|
SB04-091 |
phpBB Group
phpBB 2.0 .0, 2.0 RC1-RC4, 2.0.1- 2.0.6, 2.0.6 c, 2.0.6 d |
PHPBB Cross-Site Scripting & SQL Injection
|
|
SB04-091 |
phpBB Group
phpBB 2.0 .0, 2.0 RC4, 2.0.1- 2.0.7
|
PHPBB ViewTopic. PHP Cross-Site Scripting
|
|
SB04-091
SB04-077 |
phpBB Group
phpBB 2.0.0-2.0.9 |
phpBB Group phpBB Login Form Multiple Input Validation |
High |
SB04-364
|
phpBB Group
phpBB 2.0.0-2.0.9 |
PHPBB Login Form Multiple Input Validation |
High |
SB04-357
SB04-336
SB04-329 |
phpBB Group
phpBB 2.0.6 c |
PhpBB Multiple Vulnerabilities |
|
SB04-091 |
phpBB Group
phpBB 2.0.6 d |
phpBB ‘profile.php’ Cross-Site Scripting |
|
SB04-091 |
phpcms.de
phpCMS 1.1.9, 1.2 .0, 1.2.1 |
PHPCMS Cross-Site Scripting |
High |
SB04-336 |
phpCodeGenie
phpCodeGenie 1.1, 1.4, 1.21, 3.0 Alpha |
phpCodeGenie Remote Arbitrary Code Execution |
High |
SB04-308 |
phpformmail.
sourceforge.net
PHPFormMail prior to 1.07.0
|
PHPFormMail Cross-Site Scripting |
High |
SB04-357 |
PHP-Fusion
PHP-Fusion 4.0 1 |
PHP-Fusion Multiple SQL & HTML Injection |
High |
SB04-280 |
PhpGed View
PhpGed View 2.6.1 |
PhpGedView Multiple Vulnerabilities
CVE Names:
CAN-2004-0030
CAN-2004-0031
CAN-2004-0032
CAN-2004-0033 |
Medium/High
(High if arbitrary code can be executed) |
CyberNotes-2004-01 |
PhpGed View
PhpGed View 2.65.1 & prior |
|
Medium/ High
(High if arbitrary code can be executed)
|
CyberNotes-2004-03 |
PhpGedView
PhpGedView 2.52.3, 2.60, 2.61, 2.61.1, 2.65 beta5 |
PhpGedView Source.PHP Cross-Site Scripting
CVE Name:
CAN-2004-0067
|
High |
SB04-357
SB04-350 |
PHPGroupWare
PHPGroupWare 0.9.12-0.9.16 |
PHPGroupWare Cross-Site Scripting |
High |
SB04-266 |
| phpHeaven
phpMyChat 0.14.5
|
PHPHeaven PHPMyChat Multiple Remote Vulnerabilities |
Medium/ High
(High if arbitrary code can be executed or admin access obtained; Medium is sensitive information can be obtained)
|
SB04-175 |
phpix.org
PHPix 2.0.3 & prior |
PHPix Remote Arbitrary Command Execution |
High |
CyberNotes-2004-02 |
phpkit.de
PHPKIT 1.6.1, 1.6.03, 1.6.02 |
PHPKIT Multiple Input Validation |
Medium/High
(High if arbitrary code can be executed)
|
SB04-336 |
PHPKIT
PHPKIT 1.6 .03 |
PHPKit Multiple HTML Injection Vulnerabilities |
|
SB04-105 |
phplinks.sourceforge.net
PHPLinks |
PHPLinks Installation Path Disclosure |
Medium |
SB04-280 |
phpMyAdmin Development Team
phpMyAdmin 2.5 .0-2.5.7, 2.6 .0pl1&2 |
PHPMyAdmin Multiple Remote Cross-Site Scripting
|
High |
SB04-329 |
phpMyBackupPro
phpMyBackupPro 0.6.2 |
PhpMyBackupPro Input Validation |
Medium |
SB04-252 |
| Phpmyfamily
phpmyfamily 1.2.4, 1.2.5, 1.3
|
PHPMyFamily Authentication Bypass |
Medium |
SB04-189 |
phpMyFAQ Team
phpMyFAQ 1.4.0 |
phpMyFaq ImageManager Plugin Missing User Authentication |
Low |
SB04-217 |
| phpMyFAQ
phpMyFAQ 1.3.12 and prior (stable version); 1.4.0-alpha1 and prior (dev)
|
phpMyFAQ local file inclusion vulnerability |
Low |
SB04-147 |
| PHP-Nuke
PHP-Nuke 6.x-7.3
|
PHP-Nuke $modpath Include File Flaw May Let Remote Users Execute Arbitrary Commands in Certain Cases |
High |
SB04-147 |
| PHP-Nuke
PHP-Nuke 6.x-7.3
|
PHP-Nuke Input Validation Flaw in Union Tap Prevention Feature Permits Cross-Site Scripting Attacks |
High |
SB04-147 |
Phpnuke. org
Error Manager PHP-Nuke Module 2.1 |
PHP-Nuke Error Manager Module Multiple Vulnerabilities |
|
SB04-091 |
Phpnuke.org
PHP-Nuke 7.x |
PHP-Nuke Search Box Cross-Site Scripting Vulnerabilities |
High |
SB04-231 |
| PHPoto
PHPoto 0.1.2, 0.2.5, 0.3.6, 0.4 .0-pre-1-pre-5
|
PHPoto ‘Picture_view’ Script Unauthorized Access |
Medium |
SB04-161 |
phpScheduleIt
phpScheduleIt 1.0.0RC1, 1.0 |
PHPScheduleIt 'Reservation.Class.PHP' Security Restriction Bypass |
Medium |
SB04-329 |
phpscheduleit.sourceforge.net
phpScheduleIt 1.0 .0RC1 |
phpScheduleIt Cross-Site Scripting |
High |
SB04-273
SB04-252 |
phpshop. org
phpShop 0.6.1-b |
PHPShop Project Multiple Vulnerabilities |
Medium/High
(High if arbitrary code can be executed) |
CyberNotes-2004-02 |
phpWebSite Development Team
phpWebsite 0.7.3, 0.8.2, 0.8.3, 0.9.3, -1-4 |
phpWebSite HTTP Response Splitting |
High |
SB04-322 |
phpWebSite Development Team
phpWebsite 0.7.3, e 0.8.2, 0.8.3, 0.9.3 -4, 0.9.3 |
|
High |
SB04-294
SB04-252 |
PhpwsBB/ phpws-Contacts
phpwsbb 0.8, 0.8.1, 0.9.1;
phpws Contacts 0.8, 0.8.1, 0.8.2
|
PhpwsBB/ phpwsContacts Modules Information Disclosure |
Medium |
SB04-133 |
phpx.org
PHPX 3.0-3.0.7, 3.1.0- 3.1.4, 3.2.0- 3.2.6 |
PHPX Multiple Administrator Command Execution
|
High |
SB04-133 |
phpx.org
PHPX 3.0-3.0.7, 3.1.0- 3.1.4, 3.2.0- 3.2.6 |
PHPX Multiple Cross-Site Scripting
|
High |
SB04-133 |
PHPX
PHPX 3.2.3 |
PHPX Multiple Vulnerabilities |
High |
SB04-091
CyberNotes-2004-03 |
Picosearch
Picosearch |
Picosearch Input Validation Flaw |
High |
SB04-364 |
Pierre Chifflier
wzdftpd prior to 0.4.3 |
Pierre Chifflier wzdftpd ident Processing Remote Denial of Service
|
Low |
SB04-315 |
Pingtel Corp.
Model PX-1, Core Apps firmware 2.1.11.24, Kernel firmware 2.1.11.24 |
Pingtel xpressa Remote Denial of Service |
Low |
SB04-259 |
| pivotlog.net
Pivot Web Log Tool 1.0 02, 1.0, RC1&RC2, Final, 1.0 beta2b, 1.0 beta2, 1.10
|
Pivot Multiple Vulnerabilities
|
High |
SB04-175 |
Plain Black Software
WebGUI 6.2-6.2.8 |
Plain Black Software WebGUI 'User profile' |
Not Specified |
SB04-336 |
Platform Computing Inc.
Load Sharing Facility (LSF) 4.0, 4.2, 5.0, 5.1, 6.0 |
Load Sharing Facility ‘Eauth’ Local/RemoteBuffer Overflow
|
High |
SB04-077 |
Platform Computing Inc.
Load Sharing Facility (LSF) 4.0, 4.2, 5.0, 5.1, 6.0 |
Load Sharing Facility ‘Eauth’ Vulnerabilities |
Medium/ High
(High if arbitrary code can be executed)
|
SB04-077 |
plogworld.org
pLog 0.1-0.1.2, 0.2, 0.2.1, 0.3-0.3.2 |
pLog 'regoster.php' Input Validation |
High |
SB04-252 |
PluggedOut
Blog 1.6 alpha and prior |
PluggedOut Blog Input Validation Hole in 'blogid' |
High |
SB04-231 |
pmsys. Source-forge.net
Private Message System (PMSys) 2.2.9 & prior |
Private Message System Cross-Site Scripting |
High |
CyberNotes-2004-01 |
PNG Development Group
Conectiva
Debian
Fedora
Gentoo
Mandrakesoft
RedHat
SuSE
Sun Solaris
HP-UX
GraphicsMagick
ImageMagick
Slackware
libpng 1.2.5 and 1.0.15 |
Multiple Vulnerabilities in libpng
CVE Names:
CAN-2004-0597
CAN-2004-0598
CAN-2004-0599 |
High |
SB04-287
SB04-231 |
PostNuke Development Team
Post Calendar 4.0.0 |
PostCalendar Search Function Insufficient Validation |
High |
CyberNotes-2004-01 |
PostNuke Development Team
PostNuke 0.75 |
PostNuke Trojan Horse |
High |
SB04-308 |
PostNuke Modules Factory
Subjects Module 2.0 |
PostNuke Modules Factory Subjects Module Input Validation |
High |
SB04-259 |
Power Ju live world
PJ CGI Neo review |
PJ CGI Neo Review Directory Traversal |
Medium |
CyberNotes-2004-03 |
| PowerPortal
PowerPortal 1.1 b, 1.3 b, 1.3
|
PowerPortal Multiple Input Validation |
Medium/ High
(Medium if arbitrary code can be executed; and Medium is sensitive information can be obtained)
|
SB04-189 |
powerportal. sourceforge.net
PowerPortal 1.3 |
PowerPortal 'index_page' Input Validation |
High |
SB04-322 |
powerportal.sourceforge.net
PowerPortal 1.3 |
PowerPortal Input Validation Hole in Private Message Title Permits Cross-Site Scripting Attacks |
High |
SB04-217 |
PROPS
PROPS 0.6.1 |
PROPS Information Disclosure & Cross-Site Scripting
|
Medium/ High
(High if arbitrary code can be executed)
|
SB04-133 |
proxytunnel
proxytunnel 1.0.6, 1.1.3 |
Proxytunnel Local Proxy Credential Disclosure |
Medium |
SB04-280 |
Prozilla
Real Estate Web Template |
Real Estate Payment Process Bypass
|
Medium |
SB04-105 |
PScript
PForum 1.24, 1.25 |
PScript PForum Cross-Site Scripting |
High |
SB04-245 |
psnews.sourceforge.net
PSnews 1.1 |
PSnews Cross-Site Scripting
|
High |
SB04-259 |
PSOProxy
PSOProxy Server 0.91 |
PSOProxy Remote Buffer Overflow
|
High |
SB04-077 |
psyon.org
psInclude 1.41 |
PSInclude ‘open()’ call Remote Arbitrary Command Execution |
|
SB04-105 |
PvPGN
PvPGN 1.6.0-1.6.6 |
PvPGN GameReport Packet Handler Remote Buffer Overflow |
High |
SB04-322 |
pvpgn.org
PvPGN 1.6 .0-1.6.3
|
PvPGN Information Disclosure
|
Medium |
SB04-245 |
pvpgn.org
PvPGN 1.6.0-1.6.5 |
PvPGN Remote Buffer Overflow |
High |
SB04-252 |
Pweb Server
PWeb Server 0.3.0, 0.3.2, 0.3.3 |
PWebServer Remote Directory Traversal |
Medium |
SB04-077 |
Python Software Foundation
Python 2.2, 2.2.1 |
Python ‘getaddrinfo ‘ Function Remote Buffer Overflow
CVE Name:
CAN-2004-0150
|
High |
SB04-077 |
QNX Software Systems Ltd.
QNX RTP 6.1 |
QNX Binaries Buffer Overflows in '-s' Switch |
High |
SB04-259 |
QNX Software Systems Ltd.
QNX RTP 6.1 |
QNX crrtrap Race Condition |
High |
SB04-259 |
QNX Software Systems Ltd.
RTOS 2.4, 4.25, 6.1 .0, 6.2 .0 Update Patch A, 6.2 .0 |
QNX PPPoEd Buffer Overflows |
High |
SB04-252 |
| Qualcomm
Eudora 3.0 X-6.1
|
Qualcomm Eudora To: Field Memory Corruption Vulnerability |
Low/High
(High if arbitrary code can be executed)
|
SB04-147 |
| Qualcomm
Eudora Internet Mail Server for Mac OS 7
|
Eudora Internet Mail Server For Mac OS 7 Remote Buffer Overflow |
Low/ High
(High if arbitrary code can be executed)
|
SB04-161 |
Qualcomm
Eudora 6.0.3 |
Eudora Nested MIME Content Remote Denial of Service
|
Low |
SB04-119 |
Qualiteam Corporation
X-Cart 3.4.3
|
X-Cart Multiple Remote Vulnerabilities
|
Medium/ High
(High if arbitrary code can be executed)
|
CyberNotes-2004-03 |
QualiTeam
Litecommerce 2.0.0 |
Litecommerce Installation Script May Let Remote Users Gain Administrative Access |
Medium |
SB04-217 |
Quicksilver Software
Master of Orion III 1.2.5 |
Quicksilver Master of Orion III Multiple Remote Denials of Service |
Low |
SB04-308 |
| QuiXplorer - Quick (PHP) Explorer 2.3 and prior |
QuiXplorer Input Validation Hole in 'item' Parameter Discloses Files to Remote Users |
Medium |
SB04-231 |
Raditha Dissanayake
Mega Upload Progress Bar 1.30, 1.35, 1.43, 1.44 |
Raditha Dissanayake Mega Upload Filenames |
Medium |
SB04-308 |
| RARLAB
UnRar 2.60, 2.70, 2.71, 2.80, 2.90
|
UnRAR Format String
|
High |
SB04-161 |
Raven Software
Soldier Of Fortune 2 1.0 3, 21.0 2 |
Soldier Of Fortune 2 Buffer Overflow Remote Denial of Service |
Low |
SB04-336 |
Real Estate Management Software
Real Estate Management Software 1.0
|
Real Estate Management Information Disclosure |
Medium |
SB04-280 |
Real Networks
Helix Universal Mobile Server & Gateway 10, 10.1.1.120 & prior,
Helix Universal Server & Gateway 9, version 9.0.2.881 & prior |
Helix Server/ Gateway Administration Service Remote Denial of Service |
Low |
CyberNotes-2004-02 |
| Real Networks
RealPlayer G2, 6.0 Win32, 6.0 Unix, 7.0 Win32, 7.0 Unix, 7.0 Mac, 8.0 Win32, 8.0 Unix. 8.0 Mac, 10.0 BETA, 10.0 v6.0.12.690, RealPlayer for Windows 7.0
|
RealNetworks RealPlayer Remote Code Execution |
High |
SB04-161 |
Real Networks
Helix Universal Server 9.01, 9.0.2.881, 9.0.2.802,
Real Networks Helix Universal Server 9.0.2 .794
|
Helix Universal Server Remote Denial of Service
CVE Name:
CAN-2004-0389
|
Low |
SB04-119 |
Real Networks
Real Player 8, 10 Beta Enterprise; RealOne Player, v2, Enterprise Desktop |
Multiple RealPlayer/ RealOne Player Remote Buffer Overflows
|
High |
CyberNotes-2004-03 |
Real Networks
RealOne Enterprise Desktop 6.0.11 .774, RealOne Player 2.0, 6.0.11 .872, 6.0.11. 868, 6.0.11 .853, 6.0.11 .841, 6.0.11 .830, 6.0.11 .818, 2.0 for Windows, 8.0 Win32, 8.0 Unix, 8.0 Mac, 10.0 BETA |
RealOne Player/ RealPlayer Remote Buffer Overflow
|
Low/ High
(High if arbitrary code can be executed)
|
SB04-105 |
Real Networks
RealPlayer 8, 10,
RealOne Player v1 & v2,
Helix Player 1.x,
RealPlayer Enterprise |
RealOne Player / RealPlayer / Helix Player Multiple Vulnerabilities |
Medium/High
(High if arbitrary code can be executed)
|
SB04-280 |
RealNetworks
RealOne Player 1.0, 2.0, RealPlayer 10.0 BETA, 10.0 v6.0.12.690, 10.0, 10.5 v6.0.12.1053, 10.5 v6.0.12.1040, 10.5 Beta v6.0.12.1016, 10.5 |
RealPlayer Skin File Buffer Overflow |
High |
SB04-308 |
RealNetworks
Helix Universal Gateway 9.0, 9.0.2 .881, Helix Universal Mobile Gateway 10.1.1 .120, 10.3.1 .716, Helix Universal Mobile Server 10.1.1 .120, 10.3.1 .716 |
Real Networks Helix Universal Server Remote Denial of Service
CVE Name:
CAN-2004-0774
|
Low |
SB04-287 |
recipants.pants-blazing.
com
ReciPants 1.0, 1.0.1, 1.1, 1.1.1 |
ReciPants SQL Injection and Cross-Site Scripting |
High |
SB04-133 |
Recruitment Agency Software
Recruitment Agency Software 1.0 |
Online Recruitment Agency Information Disclosure |
Medium |
SB04-280 |
Red-M
Red-Alert 3.1 |
Multiple Red-Alert Remote Vulnerabilities
|
Low/Medium
(Medium if unauthorized access can be obtained or detection evades)
|
SB04-058 |
Research In Motion Limited
BlackBerry Wireless Handheld 3.7.1.41; Model 7230 |
Blackberry Operating System Remote Denial of Service |
Low |
SB04-294 |
Richard Ellerbrock
IPplan 2.91, 2.92, 2.99, 3.0 1, 3.0, 3.2 |
Richard Ellerbrock IPplan Input Validation |
High |
SB04-308 |
Ricoh
Aficio 450 PCL Printer, 455 PCL Printer |
Ricoh Aficio 450/455 PCL Printer Remote ICMP Denial of Service |
Low |
SB04-357 |
Rosiello Security
Sphiro HTTPD 0.1 B |
Security Sphiro HTTPD Remote Heap Buffer Overflow |
Low/ High
(High if arbitrary code can be executed)
|
SB04-133 |
Ryan Walberg
PHP Gift Registry 1.3.5 |
PHP Gift Registry Multiple Cross-Site Scripting |
High |
SB04-350 |
S9Y
Serendipity 0.3, 0.4, 0.5, -pl, 0.6, rc1&rc2, pl1-pl3, 0.7 -beta1-beta4 |
Serendipity Input Validation |
Medium |
SB04-301 |
S9Y
Serendipity 0.3, 0.4, 0.5-pl1, 0.5, 0.6 -rc1&2, 0.6 -pl1-13, 0.6, 0.7 -rc1, 0.7 -beta1-beta4, 0.7 |
S9Y Serendipity Remote Cross-Site Scripting |
High |
SB04-343 |
Salims Softhouse
JAF CMS 1.0, 1.5, 2.0, 2.0.5, 2.1 .0, 2.5, 3.0 RC |
JAF CMS Directory Traversal |
Medium |
SB04-322 |
Sambar Technologies
Sambar Server 6.0, Beta3 |
Sambar Server Results.STM Post Request Buffer Overflow |
Low/ High
(High if arbitrary code can be executed)
|
SB04-058 |
Samsung
Smart Ether SS6215S Switch |
SmartEther Switch Authentication Bypass |
High |
SB04-133 |
| Secure Computing
Sidewinder G2 6.1 .0.01
|
Sidewinder G2 Security Appliance SMTP denial of service |
Low |
SB04-147 |
Seyeon Tech Co.
Flex WATCH Network Video Server 2.2 |
FlexWATCH Server Network Video Server Cross-Site Scripting
|
High |
SB04-077 |
Shawn Keaney
GWeb HTTP Server 0.5, 0.6 |
GWeb HTTP Server Directory Traversal |
Medium |
SB04-077 |
shiba-design
Nuke Calendar 1.1 .a |
NukeCalendar Multiple Vulnerabilities |
Medium/ High
(High if arbitrary code can be executed)
|
SB04-105 |
Siemens
S55 |
S55 Cellular Telephone Unauthorized SMS Messages |
Medium |
SB04-133 |
Sierra Entertainment, Inc.
Half-Life (versions prior to July 7, 2004) |
Half-Life Game Server and Client Can Be Crashed |
Low |
SB04-203 |
silent-storm.co.uk
Silent-Storm Portal 2.1 |
Silent Storm Portal Multiple Input Validation |
High |
SB04-280 |
siliconsys.com
PHP Catalog 2.6.7 & prior |
PHPCatalog ID Parameter Input Validation |
High |
CyberNotes-2004-01 |
| SIMM-Comm
SCI Photo Chat 3.4.9
|
SCI Photo Chat Server Cross-Site Scripting |
High |
SB04-189 |
Simon Tatham
Gentoo
PuTTY 0.54 and previous |
PuTTY System Compromise Vulnerability |
High |
SB04-231 |
Simple Machines
SMF 1.0 -beta5p, beta4p, beta4.1 |
SMF Size Tag
|
High |
SB04-133 |
Singapore
singapore 0.9 a beta, 0.9 beta, 0.9.1 beta-0.9.10 beta, 0.9.10 |
Singapore Image Gallery Multiple Remote Vulnerabilities |
Medium/High
(High if arbitrary code can be executed)
|
SB04-357 |
Singapore
Singapore prior to 0.9.10 |
Singapore 'thumb.php' Input Validation |
Not Specified |
SB04-301 |
Singularity Software
Team Factor 1.25, 1.25m |
Team Factor Integer Overflow |
Low/ High
(High if arbitrary code can be executed)
|
SB04-077 |
SIR
GNUBoard 3.30-3.39 |
GNUBoard 'doc' Parameter Arbitrary File Inclusion |
High |
SB04-357 |
Site Interactive
Subscribe Me Enterprise, Pro |
Subscribe Me ‘Setup.PL’ Arbitrary Command Execution |
High |
CyberNotes-2004-01 |
SiteCubed
MailWorks Professional |
MailWorks Professional Authentication Bypass |
High |
SB04-252 |
SK Soft
SKForum 1.0, 1.1, 1.1.5, 1.2, 1.3, 1.4 |
SKForum 'my wiki' & 'wiki'
|
Not Specified |
SB04-308 |
SkinTech
phpNewsManager 1.36 |
PhpNews Manager Directory Traversal |
Medium |
SB04-077 |
| Skype Technologies S.A.
Skype 0
|
Skype CallTo URI Handler Buffer Overflow
|
Medium/ High
(Medium if memory can be corrupted)
|
SB04-175 |
SmartPeer
SmartPeer 0.1 |
SmartPeer Undisclosed Local Vulnerability |
Medium |
SB04-133 |
| SMC Networks
SMC Broadband Router SMC7008ABR (1.032, SMC7004VBR (1.231)
|
SMC Broadband Routers Unauthorized Administrative Access |
High |
SB04-175
SB04-133 |
SMC
SMC7004VWBR 1.21 a, 1.22, 1.23, SMC7008ABR 1.32 |
SMC7004VWBR & SMC7008ABR Authentication Bypass |
High |
SB04-266 |
| Snitz Communications
Snitz Forums 2000 3.0, 3.1, 3.3.01-3.3.03, 3.3, 3.4 .02-3.4.04
|
Snitz Forums 2000 Cross-Site Scripting
|
High |
SB04-175 |
SOL-METRA
SPAW PHP Editor 1.0-1.0.3 |
SPAW Editor Remote Code Execution |
High |
CyberNotes-2004-01 |
Something4 Limited
ClickandBuild 3.1, 5.0 |
ClickandBuild 'listPos' Parameter Cross-Site Scripting |
High |
SB04-329 |
SoniSonic WALL
Sonic OS 6.2 .0.0, 6.3.1.4, 6.3.1 .0,
6.4 .0.2, 6.4 .0.1, 6.5 .0.4, 6.5 .0.3
cWall
|
SonicWall Firewall/VPN Appliance Multiple ARP Request Handling |
Medium |
SB04-077 |
Sophos
Anti-Virus 3.4.6, 3.78 |
Anti-Virus Remote Denial of Service & Scanner Bypass
|
Low/ High
(High if arbitrary code can be executed)
|
SB04-058 |
Sourceforge.net
Jaws 0.4 |
Jaws 'controlpanel.php' Input Validation Error |
High |
SB04-217 |
Squirrel Mail Development Team
Squirrel mail |
Squirrelmail G/PGP Encryption |
High |
CyberNotes-2004-01 |
SquirrelMail Development Team
SquirrelMail 1.x |
|
High |
SB04-343
SB04-329
SB04-322 |
SquirrelMail version 1.5.1 and earlier;
IMP 3.2.3 (from Horde project);
OpenWebmail 2.32;
IlohaMail 0.8.12;
Sqwebmail 4.0.4; |
Content-Type XSS Vulnerability in Multiple Webmail Programs
|
High |
SB04-203 |
STAL-LION Networking
Cyclonic webmail 4.0 |
Cyclonic webmail Information Disclosure |
Medium |
CyberNotes-2004-01 |
Stuart Caie
cabextract 0.6, 1.0 |
cabextract Remote Directory Traversal |
Medium |
SB04-301 |
Stuart Caie
cabextract 0.6, 1.0 |
Stuart Caie cabextract Remote Directory Traversal
CVE Name:
CAN-2004-0916
|
Medium |
SB04-308 |
SugarCRM Inc.
Sugar Sales 2.0.1c & prior |
SugarSales Input Validation |
Low/Medium
(Medium if sensitive information can be obtained)
|
SB04-350 |
SugarCRM Inc.
SurgarCRM 2.5 & prior |
SugarCRM Multiple Input Validation |
Medium/High
(High if arbitrary code can be executed)
|
SB04-343 |
| Sun Microsystems Inc.
JSSE 1.0.3, 1.0.3_01 and 1.0.3_02 for Windows, Solaris and Linux
|
Java Secure Socket Extension (JSSE) May Incorrectly Validate Server Certificate |
Medium |
SB04-147 |
Sun Microsystems
SDK and JRE
1.4.2_04 or earlier;
1.4.1_07 or earlier;
1.4.0_04 or earlier |
Sun Java JRE/SDK XSLT Processor Vulnerability |
Medium |
SB04-217 |
Sun Microsystems
Sun Java System Portal Server 6.2 |
Sun Java System Portal Server Proxy Authentication Failure |
Medium |
SB04-217 |
Sun Microsystems
Sun Solaris 7, 8, 9 |
Sun Solaris XDMCP Parsing Vulnerability |
Low |
SB04-231 |
Sun Microsystems, Inc.
HP
JRE & SDL (Linux Production Release) 1.4.2 _03, 1.4.2, JRE & SDK (Solaris Production Release) 1.4.2 _03, 1.4.2, JRE & SDK (Windows Production Release) 1.4.2 _03, 1.4.2
|
Sun Java Runtime Environment Remote Denial of Service
|
Low |
SB04-161
SB04-133 |
Sun Microsystems, Inc.
Java 2 Micro Edition (J2ME) |
Sun Java 2 Micro Edition (J2ME) Sandbox Bypass Restrictions |
Medium |
SB04-301 |
Sun Microsystems, Inc.
Java System Application Server 7.0 Standard Edition, Platform Edition, 7.0 2004Q2, Java System Web Server 6.0, SP1-SP7, 6.1, SP1 |
Sun Java System Web & Application Servers Remote Denial of Service
|
Low |
SB04-315 |
Sun Microsystems, Inc.
Sun Java JRE 1.3.x, 1.4.x,
Sun Java SDK 1.3.x, 1.4.x; Conectiva Linux 10.0; Gentoo Linux;
HP HP-UX B.11.23, B.11.22, B.11.11, B.11.00,
HP Java SDK/RTE for HP-UX PA-RISC 1.3,
HP Java SDK/RTE for HP-UX PA-RISC 1.4 |
|
Medium |
SB04-343
SB04-336
SB04-329
|
| Sun Microsystems, Inc.
Java System Application Server 7.0 Standard Edition, 7.0 Platform Edition, 7.0 Enterprise Edition, 8.0 Platform Edition
|
Sun Java System Application Server Remote Installation Path Disclosure |
Medium |
SB04-161 |
Sun Microsystems, Inc.
Java System Application Server 7.0 Standard Edition, Platform Edition, 7.0 2004Q2 |
Sun Java System Application Server HTTP TRACE Information Disclosure |
Medium |
SB04-315 |
Sun Microsystems, Inc.
Java System Web Server (Sun ONE/iPlanet) 6.x, Java System Application Server (Sun ONE) 7.x |
Sun Java System Web Server / Application Server Active Sessions Access |
Medium |
SB04-350 |
Sun Microsystems, Inc.
Java Web Proxy Server 3.6, SP1-SP4 |
Sun Java System Web Proxy Server Multiple Buffer Overflows |
Low/High
(High if arbitrary code can be executed)
|
SB04-308 |
Sun Microsystems, Inc.
Sun JRE (Linux Production Release)1.2.2 _010-1.2.2_015, 1.2.2 _003-1.2.2_007, 1.2.2, 1.3 .0-1.3.0_05, 1.3.1-1.3.1 _03, 1.3.1 _05-1.3.1 _09, 1.4, 1.4 .0_02-1.4 .0_04, 1.4.1-1.4.1_03, 1.4.2-1.4.2 _06, JRE (Solaris Production Release) 1.1.6, 1.1.7 B, 1.1.8, 1.1.8 _009, 1.1.8 _010, 1.1.8 _12-1.1.8_14, 1.1.8 _009, 1.1.8, 1.2, 1.2.1, 1.2.2_11, 1.2.2 _07, 1.2.2 _05a, .2.2 _010-2.2._014, 1.2.2, 1.3.0_05, 1.3 .0_02, 1.3, 1.3.1 _01-1.3.1 _09, 1.4.0_011.4.0_04, 1.4, 1.4.1 _03, 1.4.1 _02, 1.4.1 _01, .4.1, 1.4.2_01-1.4.2 _06, 1.4.2, Windows Production Release) 1.1.6 _009, 1.1.7 B_007, 1.1.8 _009, 1.1.8 _008, 1.1.8 _007, 1.1.8 _005, 1.1.8, 1.2, 1.2.1, 1.2.2 _12, 1.2.2_015, 1.2.2 _014, 1.2.2 _013, 1.2.2 _011, 1.2.2 _010, 1.2.2 _007, 1.2.2, 1.3 .0_05, 1.30_04, 1.3 .0_02, 1.3, 1.3.1 _01-1.3.1 _09, 1.4.0_01-1.4.0_04, 1.4, 1.4.1 _07, 1.4.1 _03, 1.4.1 _02, 1.4.1 _01, 1.4.1, 1.4.2 _01-1.4.2_06, 1.4.2
|
Sun Java Applet Invocation Version Specification
|
Medium |
SB04-336 |
Sun Microsystems
Solaris 9 |
Sun Solaris Volume Manager (SVM) fails to properly handle malformed probe requests |
Low |
SB04-217 |
Sun
Sun Java System Web Server (Sun ONE/iPlanet) 6.x |
Sun Java System Web Server Cross Site Scripting Vulnerability |
Low |
SB04-217 |
SureCom Technology Corp.
SureCom EP-4504AX,
EP-9510AX
|
SureCom Network Device Remote Denial of Service
|
Low |
SB04-077 |
Sweex Europe BV
Sweex Wireless Broadband Router LC000060
|
Sweex Wireless Broadband Router Disclosed Administrative Password to Remote Users |
Medium |
SB04-147 |
SWSoft
Confixx Pro 2 |
Confixx DB Input Validation & Debugging Utility |
High |
SB04-077 |
sy9.org
Serendipity 0.7 beta1 & prior |
Serendipity Multiple Input Validation |
High |
SB04-280 |
Sybari Software
Antigen for Lotus Domino 7.0 Build 722 (SR2) |
Sybari AntiGen For Lotus Domino Remote Denial of Service
|
Low |
SB04-091 |
Sygate
Personal Firewall |
Sygate Personal Firewall Authentication Bypass |
Medium |
CyberNotes-2004-01 |
Symantec
Firewall/VPN Appliance 100, 200, 200R, Gateway Security 320, 360, 360R |
Symantec Enterprise Firewall/VPN Appliance Multiple Remote Denials of Service & Configuration Modification |
Low |
SB04-301
SB04-273 |
Symantec
Web Security versions 2.5, 3.0.0, 3.0.1 |
Web Security Cross-Site Scripting |
High |
CyberNotes-2004-02 |
| Symantec
Gateway Security 360R 2.1 Build 415, 360R 2.1 Build 300
|
Symantec Gateway Security 360R Wireless VPN Bypass |
Medium |
SB04-175 |
Symantec
Brightmail Anti-Spam 6.0.1 |
Symantec Brightmail Remote Denials of Service |
Low |
SB04-357 |
Symantec
Clientless VPN Gateway Version 5.0, Model 4000 |
Symantec Clientless VPN Gateway 4400 Credential Modification |
Medium |
SB04-301 |
Symantec
Norton Internet Security 2004, Professional Edition, Personal Firewall 2004 |
Internet Security/ Personal Firewall Remote Denial of Service
|
Low |
SB04-091 |
Symantec
ON Command CCM 5.0-5.4 |
ON Command Default Usernames & Passwords |
Medium |
SB04-280
SB04-273 |
Sysbotz
Simple Data 4.0.1 a & prior |
SimpleData Access Validation |
Medium |
CyberNotes-2004-01 |
Targem Games
Battle Mages 1.0 |
Targem Games Battle Mages Remote Denial of Service
|
Low |
SB04-077 |
The BNC Project
BNC 2.2.4, 2.4.6, 2.4.8, 2.6, 2.6.2, 2.8.8 |
BNC Buffer Overflow |
High |
SB04-294
SB04-287 |
The Ignition Project
Ignition Server 0.1.2, Release 2 |
IgnitionServer Global IRC Operator Privilege Escalation |
Medium |
SB04-077 |
| The Miller Group
Centre 0.92, 1.0 1, 1.0
|
Centre ‘modules.php’ Remote PHP Code Execution |
High |
SB04-189 |
The Webmaster Guide, Inc.
Board Power v2.04 PF |
Board Power forum contains cross-site scripting vulnerability |
High |
SB04-231 |
The XMB Group
XMB Forum 1.8 SP3, 1.9 beta |
XMB Forum Multiple Vulnerabilities |
Medium/ High
(High if arbitrary code can be executed)
|
SB04-091 |
The XMB Group
XMB Forum 1.8, SP1&SP2 |
XMB Forum Multiple Input Validation Vulnerabilities
|
High |
SB04-077 |
theworldsend.net
PHP-Ping 1.x |
php-ping ‘$count’ Variable Remote Command Execution |
High |
CyberNotes-2004-01 |
Thomas Ehrhardt
Powies PSCRIPT Forum 1.26 & prior |
Powie's PSCRIPT Forum Input Validation |
High |
SB04-294 |
Thompson
SpeedTouch Home ADSL Modem firmware version GV8BAA3.270 (1003825) and earlier |
Thompson SpeedTouch Home ADSL Modem Predictable TCP ISN Generation
CVE Name:
CAN-2004-0641 |
Medium |
SB04-231 |
Thomson
Speed Touch Pro ADSL |
Thomson Speed Touch Pro ADSL Remote DNS Modification |
Medium |
SB04-322 |
ThWb Group
Th-Wboard 2.x |
ThWboard board.php Cross-Site Scripting |
High |
CyberNotes-2004-01 |
TikiWiki Project
TikiWiki 1.8-1.8.3 |
TikiWiki Unauthorized Access & Information Disclosure |
Medium |
SB04-245 |
TikiWiki Project
TikiWiki 1.8, 1.8.1 |
TikiWiki Project Multiple Input Validation Vulnerabilities |
Medium/ High
(Medium is sensitive information can be obtained; and High if arbitrary code can be executed)
|
SB04-119 |
Top Layer Networks
TopLayer Attack Mitigator 5500 3.11 .008 |
Top Layer Attack Mitigator IPS 5500 Remote Denial of Service
|
Low |
SB04-245 |
Topher ZiCornell
Xephyrus Java Simple Template Engine (JST) 0.9, 1.0, 1.1, 2.0, 2.1 (limited distro), 3.0 (public distro) |
Xephyrus Java Simple Template Directory Traversal |
Medium |
SB04-245 |
TorrentTrader
BitTorrent Tracker 1.0 beta, RC1&RC2, alpha, 2.0 |
TorrentTrader Download.PHP SQL Injection |
Medium |
SB04-252 |
| Trend Micro
InterScan VirusWall 3.0.1, 3.2.3, 3.3, 3.6, Build 1166, Build 1182, 3.7, Build 1190, 3.8 Build 1130, 3.32, 3.52, (HP-UX) 3.6, (Linux) 3.0.1, (Linux) 3.6, (Solaris) 3.6
Unix 3.0.1, 3.6 x, Windows NT 3.4, 3.5, 3.6, 3.51, 3.52, build 1466, 5.1, InterScan WebManager 1.2, 2.0, 2.1, OfficeScan Corporate Edition 3.0, 3.5, 3.11, 3.13, 3.54, 5.02, 5.58, OfficeScan Corporate Edition for Windows NT Server 3.0, 3.1.1, 3.5, 3.11, 3.13, OfficeScan For Microsoft SBS 4.5, Micro PC-cillin 2003, 2002, 2000, 6.0, ScanMail 1.0, ScanMail for Microsoft Exchange 3.8, 3.81, 6.1, Scanning Engine 7.1, Virus Buster Corporate Edition 3.52-3.54, Virusbuster 2001 8.0.1, 8.0.2, Viruswall 3.0.1
|
Trend Micro Scanning Engine Report Generation HTML Injection |
High |
SB04-161 |
Trend Micro
InterScan VirusWall for Windows NT 3.4- 3.6, 3.51, 3.52, build 1466 |
Interscan Viruswall Directory Traversal |
Medium |
SB04-091 |
Tripwire, Inc.
Gentoo
Mandrake
Tripwire 2.2.1, 2.3.0, 2.3.1 -2, 2.3.1, 2.4 .0, 2.4.2, 3.0 1, 3.0, 4.0, 4.0.1, 4.1, 4.2, Tripwire Open Source 2.3.0, 2.3.1 |
|
High |
SB04-301 |
TurboTrafficTrader.com
Nitro 1.0 |
Turbo Traffic Trader Nitro Cross-Site Scripting & SQL Injection |
High |
SB04-287 |
U.S. Robotics
Wireless Router Model 8054 |
U.S. Robotics Wireless Router Can Be Crashed By Remote Users |
High |
SB04-217 |
| U.S.Robotics
Broadband Router 8003
|
U.S. Robotics Broadband Router 8003 Administration Web Interface |
High |
SB04-175 |
Ueli Weiss
IMG2ASCII 1.15, 1.16 |
Ueli Weiss IMG2ASCII Unauthorized File Upload |
High |
SB04-357 |
Ulrik Petersen
Emdros Database Engine 1.1.14-1.1.19 |
Emdros Remote Denial of Service
|
Low |
SB04-259 |
usemod.com
UseModWiki 1.0 |
UseModWiki Cross-Site Scripting |
High |
SB04-350 |
UtilMind Solutions
Site News 1.1 |
Site News Authentication Bypass |
Medium |
SB04-259 |
Uwe E Schirm
Frezno Shop 1.3.0 RC1 & prior |
FreznoShop Cross-Site Scripting |
High |
CyberNotes-2004-01 |
Valve Software
Half-Life Dedicated Server 3.1.0.4- 3.1.0.9 Linux, 3.1, 3.1.1.1d Linux, 3.1.1.1c1 Linux, 3.1.1.0 Linux, 3.1.3, 4.1.0.6 -4.1.0.9 Win32, 4.1.0.4 Win32, 4.1.1.1c1 Win32, 4.1.1.0 Win32 |
Half-Life Dedicated Server Information Disclosure & Denial of Service |
Low/Medium
(Medium if sensitive information can be obtained) |
CyberNotes-2004-01 |
VBulletin
VBulletin 3.0.1-3.0.3 |
VBulletin 'last.php' Input Validation |
High |
SB04-322 |
vcard4j.sourceforge.net
VCard4J Toolkit 1.1.3 |
VCard4J Toolkit Cross-Site Scripting |
High |
CyberNotes-2004-01 |
Veritas Software
Net Backup Professional 3.50, 3.51, 3.51.10, 3.51.15, 3.51.20, 3.51.30 |
Net Backup Professional Open Transaction Manager Remote Drive Access |
Medium |
CyberNotes-2004-02 |
Veritas Software
NetBackup BusinesServer 3.4, 3.4.1, 4.5, NetBackup DataCenter 3.4, 3.4.1, 4.5, NetBackup Enterprise Server 5.1, NetBackup Server 5.0, 5.1 |
VERITAS NetBackup Input Validation |
High |
SB04-301 |
Veritas
Veritas Cluster Server 4.0 & prior |
VERITAS Cluster Server Remote Code Execution |
High |
SB04-294 |
| VICE
VICE 1.6, 1.13, 1.14 |
|
High |
SB04-252
SB04-175
|
ViewCVS
ViewCVS 0.x |
ViewCVS Cross-Site Scripting |
High |
CyberNotes-2004-01 |
ViewCVS
ViewCVS 0.9.2 & prior |
ViewCVS Ignores 'hide_cvsroot' and 'forbidden' Settings |
Medium |
SB04-343 |
Vignette Corporation
Application Portal |
Vignette Application Portal Remote Information Disclosure |
Medium |
SB04-280 |
Virtua Systems
Virtua News Pro 1.0-1.0.3 |
VirtuaNews Multiple Module Cross-Site Scripting
|
High |
SB04-077 |
Virtual Programming
VP-ASP 4.0, 4.50, 5.0 |
VP-ASP Shopping Cart ‘CatalogID’ Arbitrary Code Execution |
|
SB04-091 |
Visual Shapers
EContents 1.x |
EZContents ‘module.php’ Remote Command Execution |
High |
CyberNotes-2004-02 |
Visual Shapers
EContents 2.0.2 & prior |
|
Medium/ High
(High if arbitrary code can be executed)
|
SB04-058 |
VocalTec Communications
VocalTec VGW4/8 Telephony Gateway |
VocalTec VGW4/8 Telephony Gateway Remote Authentication Bypass |
Medium |
SB04-091 |
| VocalTec
VGW120 Telephony Gateway, VGW480 Telephony Gateway
|
VGW120/ VGW480 Telephony Gateway Remote H.225 Denial of Service |
Low |
SB04-161 |
Voice Of Web
AllMy Guests 0.1.2, 0.3, 0.4, 0.4.1, AllMy Links 0.3, 0.4, 0.4.1, 0.4.3, 0.4.4, 0.4.9, 0.5, AllMy Visitors 0.3, 0.4 |
AllMyPHP Remote Code Execution |
High |
SB04-058 |
Volition, Inc
Red Faction 1.0, 1.1, 1.20 |
Red Faction Game Client Remote Buffer Overflow
|
High |
SB04-077 |
Volker Rattel
phpBB Fetch All 2.0.10 and 2.0.11
|
phpBB Fetch All SQL Injection Vulnerability |
High |
SB04-231 |
| vRating 4.0, 4.01 |
vRating Discloses Sensitive Information and Grants Administrative Access to Remote Users |
Medium |
SB04-231 |
| Vsftpd
Vsftpd 1.2.1
|
Vsftpd Listener Denial of Service Vulnerability |
Low |
SB04-147 |
W3C
Jigsaw 2.0-2.0.5, 2.1-2.1.2, 2.2-2.2.3 |
Jigsaw Input Validation
|
High |
SB04-077 |
WackoWiki 3.x |
WackoWiki textsearch Cross-Site Scripting Vulnerability |
High |
SB04-231 |
Warp Speed
4nAlbum Module 0.92 |
WarpSpeed 4nAlbum Module For PHPNuke Multiple Vulnerabilities |
Medium/ High
(High if arbitrary code can be executed)
|
SB04-091 |
Web Crossing Inc.
Web Crossing 4.x, 5.x |
Web Crossing Remote Denial of Service
|
Low |
CyberNotes-2004-03 |
Web Merchant Services
Storefront Shopping Cart |
Web Merchant Services Storefront Shopping Cart ‘login.asp’ |
High |
CyberNotes-2004-01 |
Web Trends
Web Trends 6.1a |
WebTrends Reporting Center ‘viewreport.pl’ Information Disclosure |
Medium |
CyberNotes-2004-02 |
WebCT
WebCT Campus Edition 4.0 SP3 Hotfix 40833, 4.0, 4.1 SP2 Hotfix 40832, 4.1, 4.1.1 .5
|
WebCT Input Validation Holes in Discussion Board Permit Cross-Site Scripting Attacks |
High |
SB04-147 |
WebCT
WebCT Campus Edition 4.1, 4.1.1.5 |
WebCT Campus Cross-Site Scripting |
|
SB04-105 |
Webfroot
Shoutbox |
Shoutbox Viewshoutbox.PHP Cross-Site Scripting |
High |
CyberNotes-2004-01 |
| WebSoft
Infinity WEB 1.0
|
WebSoft Infinity WEB Input Validation |
High |
SB04-189 |
| WebSoft
HelpDesk PRO 2.0
|
WebSoft HelpDesk PRO Input Validation |
High |
SB04-189 |
Whale Communications
e-Gap 2.5 |
e-Gap Information Disclosure |
Medium |
CyberNotes-2004-02 |
Whitefyre
PHProxy 0.3 |
Whitefyre PHProxy Input Validation Hole in 'error' Parameter |
High |
SB04-364 |
Whorl Limited
E-Commerce J-Shop Professional v3, JShop Server |
JShop E-Commerce Suite xSearch Cross-Site Scripting |
High |
SB04-058 |
Whorl Limited
JShop E-Commerce, Professional v3, JShop Server |
E-Commerce Suite Page.PHP Cross-Site Scripting |
High |
SB04-245 |
wikipedia.
sourceforge.net
MediaWiki prior to 1.3.6 |
MediaWiki Multiple Vulnerabilities |
Medium/High
(High if arbitrary code can be executed)
|
SB04-294 |
winkled.
sourceforge.net
MediaWiki prior to 1.3.7 |
MediaWiki 'Title.php' Cross-Site Scripting |
Medium/High
(High if arbitrary code can be executed)
|
SB04-301 |
wordpress.org
WordPress 1.2, 1.2.1 |
Wordpress Multiple Cross-Site Scripting |
High |
SB04-357
SB04-294
SB04-287
SB04-280 |
WorkBoard
WorkBoard 1.2 |
WorkBoard Multiple Cross-Site Scripting |
High |
SB04-357 |
Working Resources Inc.
BadBlue 2.4 |
BadBlue Server ‘phptest.php’ Path Disclosure |
Medium |
SB04-077 |
WowBB
WowBB Web Forum |
WowBB Forum Multiple Unspecified Remote Input Validation |
High |
SB04-294 |
| WWW File Share Pro 2.60 |
WWW File Share Pro HTTP Request Denial of Service Vulnerability
|
Low |
SB04-217 |
Xavier Cirac
Shuttle FTP Suite 3.2 |
Shuttle FTP Suite Directory Traversal Vulnerability |
Medium |
SB04-231 |
Xerox
Xerox_ Micro Server/ Xerox11 0.19.5 .509 |
Xerox_Micro Server/ Xerox11 Directory Traversal |
Medium |
CyberNotes-2004-01
CyberNotes-2004-02 |
X-Micro
WLAN 11b Broad-band Router Firmware 1.2.2 .4, 1.2.2 .3, 1.2.2, 1.6.0.1, 1.6 .0 |
WLAN 11b Broadband Router Built-in Backdoor Administrator Account |
|
SB04-119 |
Xoops
Xoops 2.0.5 .1 |
Xoops Myheader.php Cross-Site Scripting |
High |
CyberNotes-2004-02
CyberNotes-2004-01 |
Xoops
Xoops 2.x |
Xoops 'newbb/view topic.php' Cross-Site Scripting
|
High |
CyberNotes-2004-03 |
YaBB SE
YaBB SE 1.5.3, 1.5.4 |
YABB SE SSI.PHP ID_MEMBER SQL Injection |
High |
CyberNotes-2004-02 |
YaBB SE
YaBB SE 1.5.4, 1.5.5 b, SE 1.5.5 |
YABB SE Multiple Input Validation Vulnerabilities |
|
SB04-091
SB04-077 |
YaBB
YaBB 1 Gold Release, SP 1, SP 1.2, SP 1.3-1.3.2, YaBB 1.40, 1.41, 9.1.2000, 9.11.2000 |
YaBB Shadow BBCode Tag JavaScript Injection |
High |
SB04-336 |
YaBB
YaBB 1 Gold Release, SP 1.3.1, SP 1.3, SP 1.2, SP 1 |
YaBB 1 Gold Multiple Input Validation |
High |
SB04-273 |
YaBB.org
YaBB 1 Gold - SP 1.3.1 |
YaBB Information Disclosure |
Medium |
SB04-058 |
YaBB.org
YaBB SE 1.5.4, 1.5.5 |
YABB SE ‘post.php’ Arbitrary Code Execution |
High |
SB04-058 |
YaBBSE.org
YaBB 1 Gold Release, SP 1.3.1, SP 1.3, SP 1.2,
SP 1, YaBB 1.40, 1.41, 9.1.2000, 9.11.2000 |
YaBB Administrator Command Execution & Cross-Site Scripting
|
High |
SB04-266 |
YaBBSE.org
YaBB SE 1.5.1 |
YaBB SE 'Admin.php' Information Disclosure |
Medium |
SB04-252 |
YaBB
YaBB 1 Gold - SP 1.2, SP 1 |
YaBB 'Subject' Field Input Validation
|
Medium |
SB04-133 |
YaBB
YaBB 1 Gold - SP 1.3,
YaBB SE Simple Machines SMF 1.0b,
YaBB SE 1.5.1
|
YABB/YABB SE Multiple Cross-Site Scripting |
|
SB04-091 |
Yahoo!
Yahoo! Messenger |
Yahoo! Mail Scripting Filter Bypass
|
|
SB04-119 |
Yahoo!
Yahoo! Messenger 5.6.0.1358 5.6.0.1356 5.6.0.1355
5.6.0.135, 5.6.0.134, 5.6 |
Yahoo! Messenger YInsthelper. DLL Multiple Buffer Overflow |
|
SB04-119 |
Yahoo!
Yahoo! Store
|
Yahoo! Store Commerce System Price Modification |
Medium |
SB04-273 |
yahoopops.sourceforge.net
YPOPs! 0.x |
YPOPs! Buffer Overflows |
High |
SB04-322
SB04-301
SB04-294
SB04-273 |
yapig.sourceforge.net
YaPiG prior to 0.92.2b |
YaPiG Input Validation |
High |
SB04-294 |
Yoshi Melrose
Psycho Blogger |
Psychoblogger Multiple Cross-Site Scripting |
High |
CyberNotes-2004-01 |
Yoshi Melrose
Psycho Blogger |
Psychoblogger Multiple SQL Injection Vulnerabilities |
Medium |
CyberNotes-2004-01 |
Yves Goergen
BlackBoard Internet Newsboard System 1.5.1 |
BlackBoard Internet Newsboard System Remote File Include |
Medium/High
(High if arbitrary code can be executed)
|
SB04-287 |
| ZaireWeb Solutions
Newsletter ZWS
|
ZaireWeb Solutions Newsletter ZWS Administrative Interface Authentication Bypass |
Medium |
SB04-189 |
Zanfi Solutions
ZanfiCmsLite 1.1 |
Zanfi CMS Multiple Vulnerabilities |
Medium/High
(High if arbitrary code can be executed)
|
SB04-287 |
Zen Cart
Web Shopping Cart 1.1.2 d
|
Zen Cart Password Input Validation Flaw Lets Remote Users Inject SQL Commands |
Medium |
SB04-147 |
Zonet
Zonet ZSR1104WE 2.41 |
Zonet Wireless Router NAT Implementation Design Flaw |
Medium |
SB04-133 |
Zoom
Zoom X3 ADSL Modem |
Backdoor Menu on Conexant Chipset Dsl Router (Zoom X3) |
Low |
SB04-203 |
Zope
Zope 2.6.2 & prior, Development releases 2.7.0 beta3. |
Zope Multiple Vulnerabilities |
Low/ Medium/High
(Low if a DoS; Medium is sensitive information can be obtained; and High if arbitrary code can be executed) |
CyberNotes-2004-02 |
ZyXEL Communications Corp.
Prestige 681 |
ZyXEL P681
ARP Request Information Disclosure
|
Medium |
SB04-266 |
ZyXEL Communications Corp.
Prestige 645R-A1, 650H, 650HW, 650HW-31, 650R, ZyNOS V3.40(ES.5), IS.5, IS.3, 3.40 |
ZyXEL Prestige Router HTTP Remote Administration Configuration Reset |
Medium |
SB04-336 |
ZyXEL
ZyWALL 10 |
ZyWALL 10 Management Interface Cross-Site Scripting |
High |
CyberNotes-2004-01 |
| ZyXEL
Prestige 650HW-31,
650R-11
|
ZyXEL Prestige Router Authentication Interface Remote Denial of Service |
Low |
SB04-189 |
Mailing Lists & Feeds
Get Adobe Reader
US-CERT is part of the Department of Homeland Security