CVE List

Id CVE No. Status Description Phase Votes Comments Actions
13686  CVE-2005-2480  Candidate  Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter, which is not quoted in an error page, as demonstrated using index.cfm.  Assigned (20050805)  None (candidate not yet proposed)    View
13687  CVE-2005-2481  Candidate  ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive information via an invalid fuseaction parameter, which leaks the full server path in an error message, as demonstrated using the "?" (question mark) character.  Assigned (20050805)  None (candidate not yet proposed)    View
10724  CVE-2004-2298  Candidate  Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the administrator does not change the credential by using the NMAP Credential Generator.  Assigned (20050805)  None (candidate not yet proposed)    View
10725  CVE-2004-2299  Candidate  Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote attackers to execute arbitrary code via an HTTP GET request with a long Range header.  Assigned (20050805)  None (candidate not yet proposed)    View
10726  CVE-2004-2300  Candidate  Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed setuid root, allows local users to execute arbitrary code via a long -p command line argument. NOTE: it is not clear whether there are any standard configurations in which snmpd is installed setuid or setgid. If not, then this issue should not be included in CVE.  Assigned (20050805)  None (candidate not yet proposed)    View

Page 19045 of 20943, showing 5 records out of 104715 total, starting on record 95221, ending on 95225

Actions