CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 8696 | CVE-2004-0268 | Candidate | Multiple buffer overflows in EvolutionX 3921 and 3935 allow remote attackers to cause a denial of service (hang) via (1) a long cd command to the FTP server, or (2) a long dir command to the telnet server. | Proposed (20040318) | ACCEPT(2) Armstrong, Cole | NOOP(2) Cox, Wall | View | |
| 8697 | CVE-2004-0269 | Candidate | SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module. | Proposed (20040318) | ACCEPT(1) Cole | NOOP(3) Armstrong, Cox, Wall | View | |
| 7420 | CVE-2003-0593 | Candidate | Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. | Proposed (20040318) | ACCEPT(4) Armstrong, Baker, Balinsky, Cole | MODIFY(1) Frech | NOOP(1) Cox | REVIEWING(2) Christey, Wall | Frech> XF:web-browser-cookie-bypass(15424) | http://xforce.iss.net/xforce/xfdb/15424 | Christey> Consider whether this is really a design-level problem that applies to | the interaction between any vulnerable XSS, its associated domain, and | any web browser, because browsers enforce security boundaries at the | domain level. If so, then the "%2e%2e" problem may be a red herring, | or a single attack vector of any number of vectors. | | CVE-2003-0513, CVE-2003-0514, CVE-2003-0592, CVE-2003-0593, | and CVE-2003-0594 all cover this specific issue (each for a | different browser). | View |
| 8700 | CVE-2004-0272 | Candidate | SQL injection vulnerability in MaxWebPortal allows remote attackers to inject arbitrary SQL code and gain sensitive information via the SendTo parameter in Personal Messages. | Proposed (20040318) | ACCEPT(1) Cole | NOOP(3) Armstrong, Cox, Wall | View | |
| 8703 | CVE-2004-0275 | Candidate | SQL injection vulnerability in calendar_download.php in BosDates 3.2 and earlier allows remote attackers to obtain sensitive information and gain access via the calendar parameter. | Proposed (20040318) | NOOP(4) Armstrong, Cole, Cox, Wall | View |
Page 20943 of 20943, showing 5 records out of 104715 total, starting on record 104711, ending on 104715
