CVE List
Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
---|---|---|---|---|---|---|---|
3349 | CVE-2001-0535 | Candidate | Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host"s domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script. | Proposed (20011012) | ACCEPT(3) Armstrong, Baker, Cole | MODIFY(2) Foat, Frech | NOOP(1) Christey | REVIEWING(1) Wall | Frech> XF:coldfusion-webpublish-execute-code(6790) | XF:coldfusion-email-view-files(6791) | Foat> Includes ColdFusion Server 4.x and earlier | Christey> Consider adding BID:3154 | View |
4780 | CVE-2002-0388 | Candidate | Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries. | Modified (20090716) | ACCEPT(3) Armstrong, Baker, Cole | MODIFY(2) Cox, Frech | NOOP(3) Christey, Foat, Wall | Christey> REDHAT:RHSA-2002:099 | Cox> ADDREF: RHSA-2002:099 RHSA-2002:100 RHSA-2002:101 | Christey> CONECTIVA:CLA-2002:489 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000489 | BID:4825 | URL:http://www.securityfocus.com/bid/4825 | BID:4826 | URL:http://www.securityfocus.com/bid/4826 | XF:mailman-pipermail-index-css(9173) | URL:http://www.iss.net/security_center/static/9173.php | XF:mailman-admin-login-css(9172) | URL:http://www.iss.net/security_center/static/9172.php | Christey> DEBIAN:DSA-147 | Frech> XF:mailman-pipermail-index-css(9173) | Christey> | It"s not clear whether DEBIAN:DSA-147-2 addresses this issue | in addition to, or instead of, CVE-2002-0855 | View |
8442 | CVE-2004-0014 | Candidate | Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier allows remote web servers to execute arbitrary code via certain long strings. | Modified (20071113) | ACCEPT(3) Armstrong, Baker, Cole | MODIFY(1) Williams | NOOP(2) Cox, Wall | Williams> need to change desc. i think this was fixed in 0.8.2. | http://www.gohome.org/nd | View |
8445 | CVE-2004-0017 | Candidate | Multiple SQL injection vulnerabilities in the (1) calendar and (2) infolog modules for phpgroupware 0.9.14 allow remote attackers to perform unauthorized database operations. | Modified (20071113) | ACCEPT(3) Armstrong, Baker, Cole | MODIFY(1) Williams | NOOP(2) Cox, Wall | Williams> i believe this affects phpGroupWare 0.9.14.006 and earlier, and phpGroupWare 0.9.16RC1 and earlier. | http://phpgroupware.org/downloads | View |
5022 | CVE-2002-0632 | Candidate | Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4 and earlier allows clients to read arbitrary files on a BDS server. | Modified (20060626) | ACCEPT(3) Armstrong, Baker, Cole | MODIFY(1) Frech | NOOP(4) Christey, Cox, Foat, Wall | Christey> BID:5448 | URL:http://www.securityfocus.com/bid/5448 | XF:irix-bds-unauth-access(9825) | URL:http://www.iss.net/security_center/static/9825.php | | Change desc to "unknown vulnerability" | Frech> XF:irix-bds-unauth-access(9825) | View |
Page 20047 of 20943, showing 5 records out of 104715 total, starting on record 100231, ending on 100235