Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0148 | 1 Oracle | 1 Mysql | 2019-10-07 | 7.5 HIGH | N/A |
| MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string. | |||||
| CVE-2001-1275 | 1 Oracle | 1 Mysql | 2019-10-07 | 7.2 HIGH | N/A |
| MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking. | |||||
| CVE-2001-1274 | 1 Oracle | 1 Mysql | 2019-10-07 | 7.5 HIGH | N/A |
| Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges. | |||||
| CVE-2000-0045 | 1 Oracle | 1 Mysql | 2019-10-07 | 6.4 MEDIUM | N/A |
| MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege. | |||||
| CVE-2001-1255 | 2 Mysql, Oracle | 2 Winmysqladmin, Mysql | 2019-10-07 | 4.6 MEDIUM | N/A |
| WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database. | |||||
| CVE-1999-1188 | 1 Oracle | 1 Mysql | 2019-10-07 | 4.6 MEDIUM | N/A |
| mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database. | |||||
| CVE-2000-0981 | 1 Oracle | 1 Mysql | 2019-10-07 | 7.2 HIGH | N/A |
| MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password. | |||||
| CVE-2007-0955 | 1 Mailenable | 1 Mailenable | 2019-10-02 | 7.8 HIGH | N/A |
| The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable Professional 2.35 and earlier allows remote attackers to cause a denial of service (application crash) via certain base64-encoded data following an AUTHENTICATE NTLM command to the imap port (143/tcp), which results in an out-of-bounds read. | |||||
| CVE-2014-4769 | 1 Ibm | 1 Websphere Commerce | 2019-09-30 | 4.0 MEDIUM | N/A |
| IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-4834 | 1 Ibm | 1 Websphere Commerce | 2019-09-30 | 4.3 MEDIUM | N/A |
| IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application crash) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | |||||
| CVE-2009-1431 | 1 Symantec | 5 Antivirus, Antivirus Central Quarantine Server, Client Security and 2 more | 2019-09-20 | 9.3 HIGH | N/A |
| XFR.EXE in the Intel File Transfer service in the console in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary code by placing the code on a (1) share or (2) WebDAV server, and then sending the UNC share pathname to this service. | |||||
| CVE-2005-0249 | 1 Symantec | 11 Antivirus Scan Engine, Brightmail Antispam, Client Security and 8 more | 2019-09-20 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header. | |||||
| CVE-2006-5484 | 1 Ssh | 4 Tectia Client, Tectia Connector, Tectia Manager and 1 more | 2019-08-28 | 5.0 MEDIUM | N/A |
| SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 and earlier, and other products, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents Tectia from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339. | |||||
| CVE-2003-0841 | 1 Oracle | 1 Peopletools | 2019-08-19 | 5.0 MEDIUM | N/A |
| The grid option in PeopleSoft 8.42 stores temporary .xls files in guessable directories under the web document root, which allows remote attackers to steal search results by directly accessing the files via a URL request. | |||||
| CVE-2007-2040 | 1 Cisco | 3 Aironet 1000-series, Aironet 1500-series, Wireless Lan Controller Software | 2019-08-14 | 6.2 MEDIUM | N/A |
| Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192. | |||||
| CVE-2006-4847 | 2 Ipswitch, Progress | 2 Ws Ftp Server, Ipswitch Ws Ftp Server | 2019-08-13 | 6.5 MEDIUM | N/A |
| Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands. | |||||
| CVE-2002-0826 | 1 Progress | 1 Ipswitch Ws Ftp Server | 2019-08-13 | 7.5 HIGH | N/A |
| Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated users to execute arbitrary code via a long SITE CPWD command. | |||||
| CVE-2004-1885 | 1 Progress | 1 Ipswitch Ws Ftp Server | 2019-08-13 | 7.2 HIGH | N/A |
| Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify certain iFtpSvc options that are handled by iftpmgr.exe. | |||||
| CVE-2004-1883 | 1 Progress | 1 Ipswitch Ws Ftp Server | 2019-08-13 | 7.2 HIGH | N/A |
| Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow remote authenticated users to execute arbitrary code by causing a large error string to be generated by the ALLO handler, or (2) may allow remote FTP administrators to execute arbitrary code by causing a long hostname or username to be inserted into a reply to a STAT command while a file is being transferred. | |||||
| CVE-2004-1884 | 2 Ipswitch, Progress | 3 Ws Ftp Pro, Ws Ftp Server, Ipswitch Ws Ftp Server | 2019-08-13 | 7.5 HIGH | N/A |
| Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access. | |||||
| CVE-2004-1643 | 1 Progress | 1 Ipswitch Ws Ftp Server | 2019-08-13 | 5.0 MEDIUM | N/A |
| WS_FTP 5.0.2 allows remote authenticated users to cause a denial of service (CPU consumption) via a CD command that contains an invalid path with a "../" sequence. | |||||
| CVE-2003-0772 | 2 Ipswitch, Progress | 2 Ws Ftp Server, Ipswitch Ws Ftp Server | 2019-08-13 | 7.5 HIGH | N/A |
| Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via long (1) APPE (append) or (2) STAT (status) arguments. | |||||
| CVE-2006-5000 | 2 Ipswitch, Progress | 2 Ws Ftp Server, Ipswitch Ws Ftp Server | 2019-08-13 | 6.5 MEDIUM | N/A |
| Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote authenticated attack vectors via the (1) XCRC, (2) XMD5, and (3) XSHA1 commands. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue. | |||||
| CVE-2001-1021 | 1 Progress | 1 Ipswitch Ws Ftp Server | 2019-08-13 | 7.5 HIGH | N/A |
| Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLST, (4) MKD, (5) RMD, (6) RNFR, (7) RNTO, (8) SIZE, (9) STAT, (10) XMKD, or (11) XRMD. | |||||
| CVE-1999-1171 | 2 Ipswitch, Progress | 2 Imail, Ipswitch Ws Ftp Server | 2019-08-13 | 4.6 MEDIUM | N/A |
| IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920. | |||||
| CVE-1999-1170 | 2 Ipswitch, Progress | 2 Imail, Ipswitch Ws Ftp Server | 2019-08-13 | 4.6 MEDIUM | N/A |
| IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920. | |||||
| CVE-2013-0333 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2019-08-08 | 7.5 HIGH | N/A |
| lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156. | |||||
| CVE-2006-5278 | 1 Cisco | 2 Unified Callmanager, Unified Communications Manager | 2019-08-01 | 10.0 HIGH | N/A |
| Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow. | |||||
| CVE-2004-1179 | 1 Debian | 1 Debmake | 2019-07-31 | 2.1 LOW | N/A |
| The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before 3.7.7 allows local users to overwrite arbitrary files via a symlink attack on temporary directories. | |||||
| CVE-2006-4911 | 1 Cisco | 1 Ips Sensor Software | 2019-07-31 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 before 5.1(2), when running in inline or promiscuous mode, allows remote attackers to bypass traffic inspection via a "crafted sequence of fragmented IP packets". | |||||
| CVE-2006-5201 | 1 Sun | 9 Jdk, Jre, Jsse and 6 more | 2019-07-31 | 4.0 MEDIUM | N/A |
| Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1. | |||||
| CVE-2006-0615 | 1 Sun | 3 Jdk, Jre, Sdk | 2019-07-31 | 4.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 4 and earlier, SDK and JRE 1.4.x through 1.4.2_09 allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "second and third issues." | |||||
| CVE-2005-3671 | 3 Frees Wan, Openswan, Xelerance | 3 Frees Wan, Openswan, Openswan | 2019-07-29 | 7.8 HIGH | N/A |
| The Internet Key Exchange version 1 (IKEv1) implementation in Openswan 2 (openswan-2) before 2.4.4, and freeswan in SUSE LINUX 9.1 before 2.04_1.5.4-1.23, allow remote attackers to cause a denial of service via (1) a crafted packet using 3DES with an invalid key length, or (2) unspecified inputs when Aggressive Mode is enabled and the PSK is known, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | |||||
| CVE-2013-6466 | 1 Xelerance | 1 Openswan | 2019-07-29 | 5.0 MEDIUM | N/A |
| Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. | |||||
| CVE-2011-3380 | 1 Xelerance | 1 Openswan | 2019-07-29 | 5.0 MEDIUM | N/A |
| Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto IKE daemon crash) via an ISAKMP message with an invalid KEY_LENGTH attribute, which is not properly handled by the error handling function. | |||||
| CVE-2005-0162 | 2 Openswan, Xelerance | 2 Openswan, Openswan | 2019-07-29 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code. | |||||
| CVE-2013-0733 | 1 Corel | 2 Paintshop Pro X5, Paintshop Pro X6 | 2019-07-18 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in Corel PaintShop Pro X5 and X6 16.0.0.113, 15.2.0.2, and earlier allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .jpg file. | |||||
| CVE-2006-6589 | 1 Apache | 2 Ofbiz, Opentaps | 2019-07-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6587 | 1 Apache | 1 Ofbiz | 2019-07-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message. | |||||
| CVE-2006-6588 | 1 Apache | 1 Ofbiz | 2019-07-17 | 7.5 HIGH | N/A |
| The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact. | |||||
| CVE-2014-4459 | 1 Apple | 5 Iphone Os, Itunes, Mac Os X and 2 more | 2019-07-16 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document. | |||||
| CVE-2007-1278 | 2 Adobe, Microsoft | 3 Coldfusion, Jrun, Internet Information Server | 2019-07-03 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root. | |||||
| CVE-2001-0899 | 2 Phpnuke, Rick Fournier | 2 Php-nuke, Network Tools | 2019-07-01 | 7.5 HIGH | N/A |
| Network Tools 0.2 for PHP-Nuke allows remote attackers to execute commands on the server via shell metacharacters in the $hostinput variable. | |||||
| CVE-2007-1679 | 1 Horde | 1 Groupware | 2019-06-18 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in (1) imp/search.php and (2) ingo/rule.php. NOTE: this issue has been disputed by the vendor, noting that the search.php issue was resolved in CVE-2006-4255, and attackers can only use rule.php to inject XSS into their own pages. | |||||
| CVE-2004-0281 | 1 Caucho | 1 Resin | 2019-06-12 | 5.0 MEDIUM | N/A |
| Caucho Technology Resin 2.1.12 allows remote attackers to gain sensitive information and view the contents of the /WEB-INF/ directory via an HTTP request for "WEB-INF..", which is equivalent to "WEB-INF" in Windows. | |||||
| CVE-1999-0095 | 1 Eric Allman | 1 Sendmail | 2019-06-11 | 10.0 HIGH | N/A |
| The debug command in Sendmail is enabled, allowing attackers to execute commands as root. | |||||
| CVE-1999-0145 | 1 Eric Allman | 1 Sendmail | 2019-06-11 | 7.2 HIGH | N/A |
| Sendmail WIZ command enabled, allowing root access. | |||||
| CVE-2015-1414 | 3 Debian, Freebsd, Netgate | 3 Debian Linux, Freebsd, Pfsense | 2019-05-30 | 7.8 HIGH | N/A |
| Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of insufficient memory. | |||||
| CVE-2014-4695 | 2 Netgate, Pfsense | 2 Pfsense, Snort Package | 2019-05-30 | 5.8 MEDIUM | N/A |
| Multiple open redirect vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to snort_rules_flowbits.php or (2) the returl parameter to snort_select_alias.php. | |||||
| CVE-2014-4696 | 2 Netgate, Pfsense | 2 Pfsense, Suricata Package | 2019-05-30 | 5.8 MEDIUM | N/A |
| Multiple open redirect vulnerabilities in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the referer parameter to suricata_rules_flowbits.php or (2) the returl parameter to suricata_select_alias.php. | |||||