CVE List

Id CVE No. Status Description Phase Votes Comments Actions
5660  CVE-2002-1276  Candidate  An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.  Modified (20071113)  ACCEPT(4) Armstrong, Cole, Cox, Green    View
8484  CVE-2004-0056  Candidate  Multiple vulnerabilities in the H.323 protocol implementation for Nortel Networks Business Communications Manager (BCM), Succession 1000 IP Trunk and IP Peer Networking, and 802.11 Wireless IP Gateway allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.  Modified (20071113)  ACCEPT(3) Armstrong, Baker, Green | NOOP(3) Cole, Cox, Wall    View
8486  CVE-2004-0058  Candidate  Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local users to overwrite arbitrary files via a symlink attack on the .pid_antivir_$$ temporary file.  Modified (20071113)  ACCEPT(1) Baker | NOOP(4) Armstrong, Cole, Cox, Wall | REVIEWING(1) Green    View
8487  CVE-2004-0059  Candidate  Directory traversal vulnerability in upload capability of WWW File Share Pro 2.42 and earlier allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in the filename parameter of a Content-Disposition: header.  Modified (20071113)  ACCEPT(2) Baker, Cole | NOOP(3) Armstrong, Cox, Wall    View
8488  CVE-2004-0060  Candidate  WWW File Share Pro 2.42 and earlier allows remote attackers to cause a denial of service (crash) via a large POST request.  Modified (20071113)  ACCEPT(2) Baker, Green | NOOP(4) Armstrong, Cole, Cox, Wall  Green> Acknowledged in 2.46 release notes  View

Page 20480 of 20943, showing 5 records out of 104715 total, starting on record 102396, ending on 102400

Actions