CVE List

Id CVE No. Status Description Phase Votes Comments Actions
3349  CVE-2001-0535  Candidate  Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host"s domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script.  Proposed (20011012)  ACCEPT(3) Armstrong, Baker, Cole | MODIFY(2) Foat, Frech | NOOP(1) Christey | REVIEWING(1) Wall  Frech> XF:coldfusion-webpublish-execute-code(6790) | XF:coldfusion-email-view-files(6791) | Foat> Includes ColdFusion Server 4.x and earlier | Christey> Consider adding BID:3154  View
4780  CVE-2002-0388  Candidate  Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries.  Modified (20090716)  ACCEPT(3) Armstrong, Baker, Cole | MODIFY(2) Cox, Frech | NOOP(3) Christey, Foat, Wall  Christey> REDHAT:RHSA-2002:099 | Cox> ADDREF: RHSA-2002:099 RHSA-2002:100 RHSA-2002:101 | Christey> CONECTIVA:CLA-2002:489 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000489 | BID:4825 | URL:http://www.securityfocus.com/bid/4825 | BID:4826 | URL:http://www.securityfocus.com/bid/4826 | XF:mailman-pipermail-index-css(9173) | URL:http://www.iss.net/security_center/static/9173.php | XF:mailman-admin-login-css(9172) | URL:http://www.iss.net/security_center/static/9172.php | Christey> DEBIAN:DSA-147 | Frech> XF:mailman-pipermail-index-css(9173) | Christey> | It"s not clear whether DEBIAN:DSA-147-2 addresses this issue | in addition to, or instead of, CVE-2002-0855  View
8442  CVE-2004-0014  Candidate  Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier allows remote web servers to execute arbitrary code via certain long strings.  Modified (20071113)  ACCEPT(3) Armstrong, Baker, Cole | MODIFY(1) Williams | NOOP(2) Cox, Wall  Williams> need to change desc. i think this was fixed in 0.8.2. | http://www.gohome.org/nd  View
8445  CVE-2004-0017  Candidate  Multiple SQL injection vulnerabilities in the (1) calendar and (2) infolog modules for phpgroupware 0.9.14 allow remote attackers to perform unauthorized database operations.  Modified (20071113)  ACCEPT(3) Armstrong, Baker, Cole | MODIFY(1) Williams | NOOP(2) Cox, Wall  Williams> i believe this affects phpGroupWare 0.9.14.006 and earlier, and phpGroupWare 0.9.16RC1 and earlier. | http://phpgroupware.org/downloads  View
5022  CVE-2002-0632  Candidate  Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4 and earlier allows clients to read arbitrary files on a BDS server.  Modified (20060626)  ACCEPT(3) Armstrong, Baker, Cole | MODIFY(1) Frech | NOOP(4) Christey, Cox, Foat, Wall  Christey> BID:5448 | URL:http://www.securityfocus.com/bid/5448 | XF:irix-bds-unauth-access(9825) | URL:http://www.iss.net/security_center/static/9825.php | | Change desc to "unknown vulnerability" | Frech> XF:irix-bds-unauth-access(9825)  View

Page 20047 of 20943, showing 5 records out of 104715 total, starting on record 100231, ending on 100235

Actions