Max CVSS 10.0 Min CVSS 3.7 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2004-0420 10.0
The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demo
23-07-2021 - 15:02 07-07-2004 - 04:00
CVE-2002-1142 7.5
Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Dat
23-07-2021 - 12:55 29-11-2002 - 05:00
CVE-2003-0815 7.5
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or
23-07-2021 - 12:55 03-02-2004 - 05:00
CVE-2003-1041 7.5
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it
23-07-2021 - 12:55 14-06-2004 - 04:00
CVE-2005-0054 5.1
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to gene
23-07-2021 - 12:18 02-05-2005 - 04:00
CVE-2002-0073 5.0
The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters.
23-11-2020 - 19:49 22-04-2002 - 04:00
CVE-2005-1191 5.0
The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View co
30-04-2019 - 14:27 02-05-2005 - 04:00
CVE-2005-0044 7.5
The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validat
30-04-2019 - 14:27 02-05-2005 - 04:00
CVE-2005-0050 10.0
The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) a
30-04-2019 - 14:27 02-05-2005 - 04:00
CVE-2005-1921 7.5
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) Mail
19-10-2018 - 15:32 05-07-2005 - 04:00
CVE-2004-0230 5.0
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that u
19-10-2018 - 15:30 18-08-2004 - 04:00
CVE-2005-0551 10.0
Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that p
12-10-2018 - 21:36 02-05-2005 - 04:00
CVE-2004-0900 10.0
The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Req
12-10-2018 - 21:35 10-01-2005 - 05:00
CVE-2004-0847 7.5
The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Valid
12-10-2018 - 21:35 03-11-2004 - 05:00
CVE-2005-1111 3.7
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
11-10-2017 - 01:30 02-05-2005 - 04:00
CVE-2004-1357 5.0
The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not properly log IP addresses when SSHD is configured with the ListenAddress as 0.0.0.0, which makes it easier for remote attackers to hide the source of their activities.
11-10-2017 - 01:29 07-04-2004 - 04:00
CVE-2004-1358 5.0
The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module (BSM), which allows attackers to avoid having their activity logged.
11-10-2017 - 01:29 12-03-2004 - 05:00
Back to Top Mark selected
Back to Top