Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1392 | 1 Gert Doering | 1 Mgetty | 2017-10-10 | 2.1 LOW | N/A |
| faxspool in mgetty before 1.1.29 uses a world-writable spool directory for outgoing faxes, which allows local users to modify fax transmission privileges. | |||||
| CVE-2002-1268 | 1 Apple | 1 Mac Os X | 2017-10-10 | 4.6 MEDIUM | N/A |
| Mac OS X 10.2.2 allows local users to gain privileges via a mounted ISO 9600 CD, aka "User Privilege Elevation via Mounting an ISO 9600 CD." | |||||
| CVE-2004-0070 | 1 Visualshapers | 1 Ezcontents | 2017-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in module.php for ezContents allows remote attackers to execute arbitrary PHP code by modifying the link parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2002-1267 | 1 Apple | 1 Mac Os X | 2017-10-10 | 5.0 MEDIUM | N/A |
| Mac OS X 10.2.2 allows remote attackers to cause a denial of service by accessing the CUPS Printing Web Administration utility, aka "CUPS Printing Web Administration is Remotely Accessible." | |||||
| CVE-2002-1407 | 1 Adam Megacz | 1 Tinyssl | 2017-10-10 | 7.5 HIGH | N/A |
| TinySSL 1.02 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack. | |||||
| CVE-2002-1412 | 1 Gallery Project | 1 Gallery | 2017-10-10 | 7.5 HIGH | N/A |
| Gallery photo album package before 1.3.1 allows local and possibly remote attackers to execute arbitrary code via a modified GALLERY_BASEDIR variable that points to a directory or URL that contains a Trojan horse init.php script. | |||||
| CVE-2002-1266 | 1 Apple | 1 Mac Os X | 2017-10-10 | 4.6 MEDIUM | N/A |
| Mac OS X 10.2.2 allows local users to gain privileges by mounting a disk image file that was created on another system, aka "Local User Privilege Elevation via Disk Image File." | |||||
| CVE-2002-1265 | 3 Apple, Gnu, Sgi | 4 Mac Os X, Mac Os X Server, Glibc and 1 more | 2017-10-10 | 5.0 MEDIUM | N/A |
| The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang). | |||||
| CVE-2004-0131 | 1 Gnu | 1 Radius | 2017-10-10 | 5.0 MEDIUM | N/A |
| The rad_print_request function in logger.c for GNU Radius daemon (radiusd) before 1.2 allows remote attackers to cause a denial of service (crash) via a UDP packet with an Acct-Status-Type attribute without a value and no Acct-Session-Id attribute, which causes a null dereference. | |||||
| CVE-2002-1371 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2017-10-10 | 7.5 HIGH | N/A |
| filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images, which allows remote attackers to execute arbitrary code via modified chunk headers, as demonstrated by nogif. | |||||
| CVE-2003-1022 | 1 Debian | 1 Fsp | 2017-10-10 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in fsp before 2.81.b18 allows remote users to access files outside the FSP root directory. | |||||
| CVE-2002-1443 | 1 Google | 1 Toolbar | 2017-10-10 | 5.0 MEDIUM | N/A |
| The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an "onkeydown" event handler. | |||||
| CVE-2002-1372 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2017-10-10 | 5.0 MEDIUM | N/A |
| Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta. | |||||
| CVE-2002-1463 | 1 Symantec | 4 Enterprise Firewall, Gateway Security, Raptor Firewall and 1 more | 2017-10-10 | 7.5 HIGH | N/A |
| Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor Models 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 generate easily predictable initial sequence numbers (ISN), which allows remote attackers to spoof connections. | |||||
| CVE-2003-0124 | 1 Andries Brouwer | 1 Man | 2017-10-10 | 4.6 MEDIUM | N/A |
| man before 1.5l allows attackers to execute arbitrary code via a malformed man file with improper quotes, which causes the my_xsprintf function to return a string with the value "unsafe," which is then executed as a program via a system call if it is in the search path of the user who runs man. | |||||
| CVE-2003-0991 | 2 Gnu, Sgi | 2 Mailman, Propack | 2017-10-10 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands. | |||||
| CVE-2003-0988 | 1 Kde | 1 Kde | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file. | |||||
| CVE-2004-0075 | 1 Linux | 1 Linux Kernel | 2017-10-10 | 2.1 LOW | N/A |
| The Vicam USB driver in Linux before 2.4.25 does not use the copy_from_user function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service. | |||||
| CVE-2003-0093 | 1 Lbl | 1 Tcpdump | 2017-10-10 | 5.0 MEDIUM | N/A |
| The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service (crash) via an invalid RADIUS packet with a header length field of 0, which causes tcpdump to generate data within an infinite loop. | |||||
| CVE-2003-0969 | 1 Mpg321 | 1 Mpg321 | 2017-10-10 | 7.5 HIGH | N/A |
| mpg321 0.2.10 allows remote attackers to overwrite memory and possibly execute arbitrary code via an mp3 file that passes certain strings to the printf function, possibly triggering a format string vulnerability. | |||||
| CVE-2002-1493 | 1 Lycos | 1 Htmlgear Guestgear | 2017-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook allows remote attackers to inject arbitrary script via (1) STYLE attributes or (2) SRC attributes in an IMG tag. | |||||
| CVE-2003-0966 | 1 Elm Development Group | 1 Elm | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in the frm command in elm 2.5.6 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code via a long Subject line. | |||||
| CVE-2002-1382 | 1 Macromedia | 1 Flash Player | 2017-10-10 | 7.5 HIGH | N/A |
| Macromedia Flash Player before 6.0.65.0 allows remote attackers to execute arbitrary code via certain malformed data headers in Shockwave Flash file format (SWF) files, a different issue than CAN-2002-0846. | |||||
| CVE-2004-0001 | 1 Linux | 1 Linux Kernel | 2017-10-10 | 7.2 HIGH | N/A |
| Unknown vulnerability in the eflags checking in the 32-bit ptrace emulation for the Linux kernel on AMD64 systems allows local users to gain privileges. | |||||
| CVE-2004-0004 | 1 Openca | 1 Openca | 2017-10-10 | 7.5 HIGH | N/A |
| The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 and earlier only compares the serial of the signer's certificate and the one in the database, which can cause OpenCA to incorrectly accept a signature if the certificate's chain is trusted by OpenCA's chain directory, allowing remote attackers to spoof requests from other users. | |||||
| CVE-2004-0009 | 1 Apache-ssl | 1 Apache-ssl | 2017-10-10 | 7.5 HIGH | N/A |
| Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user. | |||||
| CVE-2004-0011 | 1 Debian | 1 Fsp | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in fsp before 2.81.b18 allows remote users to execute arbitrary code. | |||||
| CVE-2003-0094 | 1 Andries Brouwer | 1 Util-linux | 2017-10-10 | 5.0 MEDIUM | N/A |
| A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed. | |||||
| CVE-2003-0081 | 1 Ethereal Group | 1 Ethereal | 2017-10-10 | 7.5 HIGH | N/A |
| Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers. | |||||
| CVE-2004-0013 | 1 Jabber Software Foundation | 1 Jabber Server | 2017-10-10 | 5.0 MEDIUM | N/A |
| jabber 1.4.2, 1.4.2a, and possibly earlier versions, does not properly handle SSL connections, which allows remote attackers to cause a denial of service (crash). | |||||
| CVE-2002-0850 | 1 Pgp | 1 Corporate Desktop | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in PGP Corporate Desktop 7.1.1 allows remote attackers to execute arbitrary code via an encrypted document that has a long filename when it is decrypted. | |||||
| CVE-2002-1381 | 1 University Of Cambridge | 1 Exim | 2017-10-10 | 7.2 HIGH | N/A |
| Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value. | |||||
| CVE-2004-0015 | 1 Vbox3 | 1 Vbox3 | 2017-10-10 | 7.2 HIGH | N/A |
| vbox3 0.1.8 and earlier does not properly drop privileges before executing a user-provided TCL script, which allows local users to gain privileges. | |||||
| CVE-2004-0016 | 1 Phpgroupware | 1 Phpgroupware | 2017-10-10 | 7.5 HIGH | N/A |
| The calendar module for phpgroupware 0.9.14 does not enforce the "save extension" feature for holiday files, which allows remote attackers to create and execute PHP files. | |||||
| CVE-2002-1552 | 1 Novell | 1 Edirectory | 2017-10-10 | 7.5 HIGH | N/A |
| Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users with expired passwords to gain inappropriate permissions when logging in from Remote Manager. | |||||
| CVE-2004-0028 | 1 Samba | 1 Jitterbug | 2017-10-10 | 7.5 HIGH | N/A |
| jitterbug 1.6.2 does not properly sanitize inputs, which allows remote authenticated users to execute arbitrary commands. | |||||
| CVE-2004-0111 | 3 Gnome, Redhat, Sgi | 5 Gdkpixbuf, Enterprise Linux, Gdk Pixbuf and 2 more | 2017-10-10 | 5.0 MEDIUM | N/A |
| gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file. | |||||
| CVE-2004-0031 | 1 Phpgedview | 1 Phpgedview | 2017-10-10 | 7.5 HIGH | N/A |
| PHPGEDVIEW 2.61 allows remote attackers to reinstall the software and change the administrator password via a direct HTTP request to editconfig.php. | |||||
| CVE-2003-0045 | 1 Apache | 1 Tomcat | 2017-10-10 | 5.0 MEDIUM | N/A |
| Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp. | |||||
| CVE-2004-0032 | 1 Phpgedview | 1 Phpgedview | 2017-10-10 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW 2.61 allows remote attackers to inject arbitrary HTML and web script via the firstname parameter. | |||||
| CVE-2004-0033 | 1 Phpgedview | 1 Phpgedview | 2017-10-10 | 5.0 MEDIUM | N/A |
| admin.php in PHPGEDVIEW 2.61 allows remote attackers to obtain sensitive information via an action parameter with a phpinfo command. | |||||
| CVE-2003-0043 | 1 Apache | 1 Tomcat | 2017-10-10 | 5.0 MEDIUM | N/A |
| Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file. | |||||
| CVE-2004-0035 | 1 Phorum | 1 Phorum | 2017-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the hide_email parameter. | |||||
| CVE-2004-0036 | 1 Jelsoft | 1 Vbulletin | 2017-10-10 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x before 2.3.4 allows remote attackers to steal sensitive information via the eventid parameter. | |||||
| CVE-2004-0114 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2017-10-10 | 4.6 MEDIUM | N/A |
| The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges. | |||||
| CVE-2003-0040 | 2 Double Precision Incorporated, Inter7 | 2 Courier Mta, Courier-imap | 2017-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name. | |||||
| CVE-2004-0040 | 1 Checkpoint | 2 Firewall-1, Vpn-1 | 2017-10-10 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary code via an ISAKMP packet with a large Certificate Request packet. | |||||
| CVE-2004-0099 | 1 Freebsd | 1 Freebsd | 2017-10-10 | 4.6 MEDIUM | N/A |
| mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when creating a snapshot for a file system, which causes default values for other flags to be used, possibly disabling security-critical settings and allowing a local user to bypass intended access restrictions. | |||||
| CVE-2002-1574 | 1 Linux | 1 Linux Kernel | 2017-10-10 | 4.6 MEDIUM | N/A |
| Buffer overflow in the ixj telephony card driver in Linux before 2.4.20 has unknown impact and attack vectors. | |||||
| CVE-2002-0906 | 1 Sendmail | 1 Sendmail | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in Sendmail before 8.12.5, when configured to use a custom DNS map to query TXT records, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malicious DNS server. | |||||