Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0664 | 1 Libexif | 1 Libexif | 2018-10-03 | 2.6 LOW | N/A |
| Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly validate the structure of the EXIF tags, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a JPEG image with a crafted EXIF tag. | |||||
| CVE-2005-0718 | 1 Squid | 1 Squid | 2018-10-03 | 5.0 MEDIUM | N/A |
| Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory. | |||||
| CVE-2005-0736 | 3 Conectiva, Linux, Redhat | 5 Linux, Linux Kernel, Enterprise Linux and 2 more | 2018-10-03 | 2.1 LOW | N/A |
| Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events. | |||||
| CVE-2005-0806 | 1 Ximian | 1 Evolution | 2018-10-03 | 5.0 MEDIUM | N/A |
| Evolution 2.0.3 allows remote attackers to cause a denial of service (application crash or hang) via crafted messages, possibly involving charsets in attachment filenames. | |||||
| CVE-2012-2180 | 1 Ibm | 1 Db2 | 2018-10-02 | 4.3 MEDIUM | N/A |
| The chaining functionality in the Distributed Relational Database Architecture (DRDA) module in IBM DB2 9.7 before FP6 and 9.8 before FP5 allows remote attackers to cause a denial of service (NULL pointer dereference, and resource consumption or daemon crash) via a crafted request. | |||||
| CVE-2005-3506 | 1 Sambar | 1 Sambar Server | 2018-09-27 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in proxy.asp in Sambar Server 6.3 BETA 2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the (1) Remote Proxy Server or (2) Proxy Filter IPs field. | |||||
| CVE-2005-4753 | 1 Bea | 1 Weblogic Server | 2018-09-27 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, in certain "heavy usage" scenarios, report incorrect severity levels for an audit event, which might allow attackers to perform unauthorized actions and avoid detection. | |||||
| CVE-2005-4749 | 1 Bea | 1 Weblogic Server | 2018-09-27 | 5.0 MEDIUM | N/A |
| HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allows remote attackers to inject arbitrary HTTP headers via unspecified attack vectors. | |||||
| CVE-2005-4751 | 1 Bea | 1 Weblogic Server | 2018-09-27 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and WebLogic Express 9.0, 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allow remote attackers to inject arbitrary web script or HTML and gain administrative privileges via unknown attack vectors. | |||||
| CVE-2005-4680 | 1 Sophos | 1 Sophos Anti-virus | 2018-09-27 | 5.0 MEDIUM | N/A |
| Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, and 5.x before 5.1.4 allow remote attackers to hide arbitrary files and data via crafted ARJ archives, which are not properly scanned. | |||||
| CVE-2005-4026 | 1 Geeklog | 1 Geeklog | 2018-09-27 | 5.0 MEDIUM | N/A |
| search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before 1.3.11sr3, allows remote attackers to obtain sensitive information via invalid (1) datestart and (2) dateend parameters, which leaks the web server path in an error message. | |||||
| CVE-2005-4752 | 1 Bea | 1 Weblogic Server | 2018-09-27 | 4.6 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, might allow local users to gain privileges by using the run-as deployment descriptor element to change the privileges of a web application or EJB from the Deployer security role to the Admin security role. | |||||
| CVE-2005-4758 | 1 Bea | 1 Weblogic Server | 2018-09-27 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Administration server in BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allows remote authenticated Admin users to read arbitrary files via unknown attack vectors related to an "internal servlet" accessed through HTTP. | |||||
| CVE-2005-4760 | 1 Bea | 1 Weblogic Server | 2018-09-27 | 5.1 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, when fullyDelegatedAuthorization is enabled for a servlet, does not cause servlet deployment to fail when failures occur in authorization or role providers, which might prevent the servlet from being "fully protected." | |||||
| CVE-2005-4754 | 1 Bea | 1 Weblogic Server | 2018-09-27 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allow remote attackers to obtain sensitive information (intranet IP addresses) via unknown attack vectors involving "network address translation." | |||||
| CVE-2005-4755 | 1 Bea | 1 Weblogic Server | 2018-09-27 | 2.1 LOW | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nodemanager.config; or, during domain creation with the Configuration Wizard, renders an SSL private key passphrase in cleartext (2) on a terminal or (3) in a log file, which might allow local users to obtain cryptographic keys. | |||||
| CVE-2005-4757 | 1 Bea | 1 Weblogic Server | 2018-09-27 | 7.5 HIGH | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, do not properly "constrain" a "/" (slash) servlet root URL pattern, which might allow remote attackers to bypass intended servlet protections. | |||||
| CVE-2005-4756 | 1 Bea | 1 Weblogic Server | 2018-09-27 | 7.5 HIGH | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not properly validate derived Principals with multiple PrincipalValidators, which might allow attackers to gain privileges. | |||||
| CVE-2006-1136 | 1 Xerox | 6 Copycentre C65, Copycentre C75, Copycentre C90 and 3 more | 2018-09-27 | 5.0 MEDIUM | N/A |
| Buffer overflow in the PostScript file interpreter code for Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allows attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2006-4506 | 1 Netiq | 1 Identity Manager | 2018-09-27 | 3.6 LOW | N/A |
| idmlib.sh in nxdrv in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors, possibly involving the " (quote) and \ (backslash) characters and eval injection. | |||||
| CVE-2006-4803 | 1 Netiq | 1 Identity Manager | 2018-09-27 | 7.2 HIGH | N/A |
| The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors involving certain environment variables and "code injection." | |||||
| CVE-2014-4509 | 1 Netiq | 1 Identity Manager | 2018-09-27 | 4.6 MEDIUM | N/A |
| The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out Platform Services in Novell Identity Manager (aka IDM) 4.0.2 allows local users to execute arbitrary commands by leveraging eDirectory POSIX attribute changes to insert shell metacharacters. | |||||
| CVE-2002-1639 | 1 Oracle | 1 Configurator | 2018-09-26 | 7.5 HIGH | N/A |
| Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to obtain sensitive information via a request to the oracle.apps.cz.servlet.UiServlet servlet with the test parameter set to "version" or "host". | |||||
| CVE-2002-1640 | 1 Oracle | 1 Configurator | 2018-09-26 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to inject arbitrary web script or HTML via (1) Text Features in the DHTML UI or (2) the test parameter to the oracle.apps.cz.servlet.UiServlet servlet. | |||||
| CVE-2004-0167 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2018-09-26 | 7.5 HIGH | N/A |
| DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly initialize writeable removable media. | |||||
| CVE-2003-0098 | 2 Apcupsd, Debian | 2 Apcupsd, Debian Linux | 2018-09-26 | 10.0 HIGH | N/A |
| Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server. | |||||
| CVE-2004-0168 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2018-09-26 | 10.0 HIGH | N/A |
| Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related to "notification logging." | |||||
| CVE-2005-0597 | 1 Cisco | 1 Application And Content Networking Software | 2018-09-26 | 5.0 MEDIUM | N/A |
| Cisco devices running Application and Content Networking System (ACNS) 5.0 before 5.0.17.6 and 5.1 before 5.1.11.6 allow remote attackers to cause a denial of service (process restart) via a "crafted TCP connection." | |||||
| CVE-2005-1670 | 1 Extremenetworks | 3 Blackdiamond 10808, Blackdiamond 8800, Extremeware Xos | 2018-09-26 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches running ExtremeWare XOS 11.1 before 11.1.3.3, 11.0 before 11.0.2.4, and 10.x allows remote authenticated users to execute arbitrary commands. | |||||
| CVE-2001-1056 | 1 Linux | 1 Linux Kernel | 2018-09-20 | 7.5 HIGH | N/A |
| IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows remote attackers to bypass intended firewall restrictions by causing the target system to send a "DCC SEND" request to a malicious server which listens on port 6667, which may cause the module to believe that the traffic is a valid request and allow the connection to the port specified in the DCC SEND request. | |||||
| CVE-2000-1099 | 1 Sun | 1 Jdk | 2018-09-20 | 5.1 MEDIUM | N/A |
| Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and earlier can allow an untrusted Java class to call into a disallowed class, which could allow an attacker to escape the Java sandbox and conduct unauthorized activities. | |||||
| CVE-2001-0907 | 1 Linux | 1 Linux Kernel | 2018-09-20 | 2.1 LOW | N/A |
| Linux kernel 2.2.1 through 2.2.19, and 2.4.1 through 2.4.10, allows local users to cause a denial of service via a series of deeply nested symlinks, which causes the kernel to spend extra time when trying to access the link. | |||||
| CVE-2001-0497 | 1 Isc | 1 Bind | 2018-09-20 | 4.6 MEDIUM | N/A |
| dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates. | |||||
| CVE-1999-1442 | 1 Linux | 1 Linux Kernel | 2018-09-11 | 7.2 HIGH | N/A |
| Bug in AMD K6 processor on Linux 2.0.x and 2.1.x kernels allows local users to cause a denial of service (crash) via a particular sequence of instructions, possibly related to accessing addresses outside of segments. | |||||
| CVE-1999-1341 | 1 Linux | 1 Linux Kernel | 2018-09-11 | 4.6 MEDIUM | N/A |
| Linux kernel before 2.3.18 or 2.2.13pre15, with SLIP and PPP options, allows local unprivileged users to forge IP packets via the TIOCSETD option on tty devices. | |||||
| CVE-1999-0103 | 2018-08-22 | 5.0 MEDIUM | N/A | ||
| Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm. | |||||
| CVE-1999-0104 | 4 Caldera, Hp, Microsoft and 1 more | 5 Openlinux, Hp-ux, Windows 95 and 2 more | 2018-08-22 | 5.0 MEDIUM | N/A |
| A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2. | |||||
| CVE-1999-1579 | 1 Microsoft | 1 Windows Nt | 2018-08-13 | 5.0 MEDIUM | N/A |
| The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions of Windows NT 4.0 and Windows NT Server 4.0 before SP6 allows remote attackers to cause a denial of service (resource consumption) by creating a large number of arbitrary files on the target machine. | |||||
| CVE-2004-2463 | 1 Ada | 1 Imgsvr | 2018-08-13 | 7.5 HIGH | N/A |
| Buffer overflow in ADA Image Server (ImgSvr) 0.4 allows remote attackers to cause a denial of service (web server crash) or execute arbitrary code via a long GET request. | |||||
| CVE-2005-0385 | 1 Frank Mcingvale | 1 Luxman | 2018-08-13 | 7.2 HIGH | N/A |
| Buffer overflow in luxman before 0.41, if used with certain insecure svgalib libraries, allows local users to execute arbitrary code via a long -f command line argument. | |||||
| CVE-2004-2117 | 1 Tinyserver | 1 Tinyserver | 2018-08-13 | 5.0 MEDIUM | N/A |
| Tiny Server 1.1 allows remote attackers to cause a denial of service (crash) via malformed HTTP requests such as (1) a GET request without the HTTP version (HTTP/1.1), or (2) a request without GET or the HTTP version. | |||||
| CVE-2004-2119 | 1 Tinyserver | 1 Tinyserver | 2018-08-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Tiny Server 1.1 allows remote attackers to inject arbitrary web script or HTML via the URL. | |||||
| CVE-2005-0156 | 7 Ibm, Larry Wall, Redhat and 4 more | 9 Aix, Perl, Enterprise Linux and 6 more | 2018-08-13 | 2.1 LOW | N/A |
| Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree. | |||||
| CVE-2005-0155 | 1 Larry Wall | 1 Perl | 2018-08-13 | 4.6 MEDIUM | N/A |
| The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable. | |||||
| CVE-2005-0125 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2018-08-13 | 7.2 HIGH | N/A |
| The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop privileges, which allows local users to (1) delete arbitrary files via atrm, (2) execute arbitrary programs via the -f argument to batch, or (3) read arbitrary files via the -f argument to batch, which generates a job file that is readable by the local user. | |||||
| CVE-2004-2118 | 1 Tinyserver | 1 Tinyserver | 2018-08-13 | 5.0 MEDIUM | N/A |
| Tiny Server 1.1 allows remote attackers to cause a denial of service (crash) via a GET request with a long filename, possibly due to a buffer overflow. | |||||
| CVE-2004-2116 | 1 Tinyserver | 1 Tinyserver | 2018-08-13 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Tiny Server 1.1 allows remote attackers to read or download arbitrary files via a .. (dot dot) in the URL. | |||||
| CVE-2006-5328 | 2 Apple, Openbase International Ltd | 2 Xcode, Openbase | 2018-08-13 | 7.2 HIGH | N/A |
| OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to create arbitrary files via a symlink attack on the simulation.sql file. | |||||
| CVE-2006-4627 | 1 Microsoft | 1 System Information Activex Control | 2018-08-13 | 5.0 MEDIUM | N/A |
| System Information ActiveX control (msinfo.dll), when accessed via Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via a SaveFile function with a long (1) computer and possibly (2) filename and (3) category argument. | |||||
| CVE-2006-5327 | 2 Apple, Openbase International Ltd | 2 Xcode, Openbase | 2018-08-13 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain TAR_OPTIONS environment variable settings, when gnutar is invoked by OpenBase. | |||||