The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015

CVE Database

CVE-2004-2483

Kerio WinRoute Firewall before 6.0.9 uses information from PTR queries in response to A queries, which allows remote attackers to poison the DNS cache or cause a denial of service (connection loss).

12/31/2004

CVE-2004-2482

Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code.

12/31/2004

CVE-2004-2481

MyProxy 6.58 allows remote authenticated users in the Users Tab to connect to arbitrary hosts from the MyProxy server, possibly bypassing access restrictions, by connecting to the proxy and issuing a CONNECT command.

12/31/2004

CVE-2004-2480

Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass security controls and access arbitrary websites via "@@" sequences in a URL within Internet Explorer.

12/31/2004

CVE-2004-2479

Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive information via URLs containing invalid hostnames that cause DNS operations to fail, which results in references to previously used error messages.

12/31/2004

CVE-2004-2478

Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.

12/31/2004

CVE-2004-2477

DiamondCS Process Guard Free 2.000 allows local users to disable the process guard protection system by overwriting the current Service Descriptor Table (SDT) in \\device\\physicalmemory with the original SDT found in ntoskrnl.exe.

12/31/2004

CVE-2004-2476

Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (infinite loop and crash) via an IFRAME with "?" as the file source.

12/31/2004

CVE-2004-2475

Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section.  NOTE: some followup posts suggest that the demonstration code\'s use of the res:// protocol does not cross privilege boundaries, since it is not allowed in the Internet Zone. Thus this might not be a vulnerability.

12/31/2004

CVE-2004-2474

SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers to execute arbitrary SQL commands via the mid parameter to sendtofriend.php.

12/31/2004

CVE-2004-2473

wmFrog weather monitor 0.1.6 and other versions before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

12/31/2004

CVE-2004-2472

Agnitum Outpost Pro Firewall 2.1 allows remote attackers to cause a denial of service (CPU consumption) via a flood of small, invalid packets, which can not be processed quickly enough by Outpost Pro.

12/31/2004

CVE-2004-2471

SQL injection vulnerability in the sloth TCL script in QuoteEngine before 1.2.0 allow remote attackers to execute arbitrary SQL commands via unknown vectors.

12/31/2004

CVE-2004-2470

Unspecified vulnerability in MadBMS before 1.1.5 has unknown impact and attack vectors, related to logins.

12/31/2004

CVE-2004-2469

Unspecified vulnerability in Reservation.class.php for phpScheduleIt 1.01 and earlier allows attackers to modify or delete reservations.

12/31/2004

CVE-2004-2468

Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.

12/31/2004

CVE-2004-2467

chat.ghp in Easy Chat Server 1.2 allows remote attackers to add a large number of fake users, then eventually cause a denial of service (server crash).

12/31/2004

CVE-2004-2466

chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username parameter, possibly due to a buffer overflow.  NOTE: it was later reported that 2.2 is also affected.

12/31/2004

CVE-2004-2465

Cross-site scripting (XSS) vulnerability in chat.ghp in Easy Chat Server 1.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter.

12/31/2004

CVE-2004-2464

Directory traversal vulnerability in ADA Image Server (ImgSvr) 0.4 allows remote attackers to read arbitrary files or list directories via hex-encoded "..//" sequences ("%2e%2e%2f%2f").  NOTE: it was later reported that 0.6.21 and earlier is also affected.

12/31/2004

CVE Database 145461 - 145480 of 155727
First | Prev. | 7272 7273 7274 7275 7276 | Next | Last

Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015