Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0044 | 1 Cisco | 1 Personal Assistant | 2017-10-10 | 7.5 HIGH | N/A |
| Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username. | |||||
| CVE-2002-1377 | 1 Vim Development Group | 1 Vim | 2017-10-10 | 4.6 MEDIUM | N/A |
| vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt. | |||||
| CVE-2004-0045 | 1 Isc | 1 Inn | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code. | |||||
| CVE-2002-1117 | 1 Symantec Veritas | 1 Backup Exec | 2017-10-10 | 5.0 MEDIUM | N/A |
| Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares. | |||||
| CVE-2002-1116 | 1 Mantis | 1 Mantis | 2017-10-10 | 7.5 HIGH | N/A |
| The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do not have access to any projects. | |||||
| CVE-2003-0039 | 1 Isc | 1 Dhcpd | 2017-10-10 | 5.0 MEDIUM | N/A |
| ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (packet storm) via a certain BOOTP packet that is forwarded to a broadcast MAC address, causing an infinite loop that is not restricted by a hop count. | |||||
| CVE-2004-0126 | 1 Freebsd | 1 Freebsd | 2017-10-10 | 4.6 MEDIUM | N/A |
| The jail_attach system call in FreeBSD 5.1 and 5.2 changes the directory of a calling process even if the process doesn't have permission to change directory, which allows local users to gain read/write privileges to files and directories within another jail. | |||||
| CVE-2002-1113 | 1 Mantis | 1 Mantis | 2017-10-10 | 7.5 HIGH | N/A |
| summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code. | |||||
| CVE-2002-1112 | 1 Mantis | 1 Mantis | 2017-10-10 | 5.0 MEDIUM | N/A |
| Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the "View Bugs" page. | |||||
| CVE-2004-0095 | 1 Mcafee | 1 Epolicy Orchestrator | 2017-10-10 | 5.0 MEDIUM | N/A |
| McAfee ePolicy Orchestrator agent allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute arbitrary code via an HTTP POST request with an invalid Content-Length value, possibly triggering a buffer overflow. | |||||
| CVE-2002-1108 | 1 Cisco | 1 Vpn Client | 2017-10-10 | 5.0 MEDIUM | N/A |
| Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.6(Rel), when configured with all tunnel mode, can be forced into acknowledging a TCP packet from outside the tunnel. | |||||
| CVE-2002-1107 | 1 Cisco | 1 Vpn Client | 2017-10-10 | 7.5 HIGH | N/A |
| Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.2B, does not generate sufficiently random numbers, which may make it vulnerable to certain attacks such as spoofing. | |||||
| CVE-2002-1106 | 1 Cisco | 1 Vpn Client | 2017-10-10 | 7.5 HIGH | N/A |
| Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks. | |||||
| CVE-2002-1105 | 1 Cisco | 1 Vpn Client | 2017-10-10 | 4.6 MEDIUM | N/A |
| Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, allows local users to use a utility program to obtain the group password. | |||||
| CVE-2002-1104 | 1 Cisco | 1 Vpn Client | 2017-10-10 | 5.0 MEDIUM | N/A |
| Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x before 3.0.5 allows remote attackers to cause a denial of service (crash) via TCP packets with source and destination ports of 137 (NETBIOS). | |||||
| CVE-2002-1403 | 1 Phystech | 1 Dhcpcd | 2017-10-10 | 7.2 HIGH | N/A |
| dhcpcd DHCP client daemon 1.3.22 and earlier allows local users to execute arbitrary code via shell metacharacters that are fed from a dhcpd .info script into a .exe script. | |||||
| CVE-2002-1385 | 1 Open Webmail | 1 Open Webmail | 2017-10-10 | 7.2 HIGH | N/A |
| openwebmail_init in Open WebMail 1.81 and earlier allows local users to execute arbitrary code via .. (dot dot) sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be executed. | |||||
| CVE-2004-0128 | 1 Phpgedview | 1 Phpgedview | 2017-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in the GEDCOM configuration script for phpGedView 2.65.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains a malicious theme.php script. | |||||
| CVE-2004-0094 | 1 Xfree86 Project | 1 X11r6 | 2017-10-10 | 7.5 HIGH | N/A |
| Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI). | |||||
| CVE-2004-0093 | 1 Xfree86 Project | 1 X11r6 | 2017-10-10 | 7.5 HIGH | N/A |
| XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI). | |||||
| CVE-2003-0145 | 1 Lbl | 1 Tcpdump | 2017-10-10 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in tcpdump before 3.7.2 related to an inability to "Handle unknown RADIUS attributes properly," allows remote attackers to cause a denial of service (infinite loop), a different vulnerability than CAN-2003-0093. | |||||
| CVE-2004-0063 | 1 Ncipher | 1 Payshield Spp Library | 2017-10-10 | 7.5 HIGH | N/A |
| The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number. | |||||
| CVE-2003-0143 | 1 Qualcomm | 1 Qpopper | 2017-10-10 | 10.0 HIGH | N/A |
| The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null terminate a message buffer after a call to Qvsnprintf, which could allow authenticated users to execute arbitrary code via a buffer overflow in a mdef command with a long macro name. | |||||
| CVE-2004-0089 | 1 Apple | 1 Mac Os X | 2017-10-10 | 4.6 MEDIUM | N/A |
| Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x allows local users to gain privileges via a long environment variable. | |||||
| CVE-2004-0129 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter. | |||||
| CVE-2004-0080 | 1 Andries Brouwer | 1 Util-linux | 2017-10-10 | 5.0 MEDIUM | N/A |
| The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data. | |||||
| CVE-2002-1284 | 1 Kgpg | 1 Kgpg | 2017-10-10 | 4.6 MEDIUM | N/A |
| The wizard in KGPG 0.6 through 0.8.2 does not properly provide the passphrase to gpg when creating new keys, which causes secret keys to be created with an empty passphrase and allows local attackers to steal the keys if they can be read. | |||||
| CVE-2007-1524 | 1 Zomplog | 1 Zomplog | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/. | |||||
| CVE-2004-0173 | 1 Apache | 1 Http Server | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences. | |||||
| CVE-2004-0257 | 2 Netbsd, Openbsd | 2 Netbsd, Openbsd | 2017-10-10 | 5.0 MEDIUM | N/A |
| OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a denial of service (crash) by sending an IPv6 packet with a small MTU to a listening port and then issuing a TCP connect to that port. | |||||
| CVE-2004-0270 | 1 Clam Anti-virus | 1 Clamav | 2017-10-10 | 5.0 MEDIUM | N/A |
| libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling program. | |||||
| CVE-2004-0194 | 1 Adobe | 1 Acrobat Reader | 2017-10-10 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the OutputDebugString function for Adobe Acrobat Reader 5.1 allows remote attackers to execute arbitrary code via a PDF document with XML Forms Data Format (XFDF) data. | |||||
| CVE-2004-0297 | 1 Ipswitch | 1 Imail | 2017-10-10 | 10.0 HIGH | N/A |
| Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag length. | |||||
| CVE-2004-0193 | 1 Iss | 11 Blackice Agent Server, Blackice Pc Protection, Blackice Server Protection and 8 more | 2017-10-10 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username. | |||||
| CVE-2004-0159 | 1 Samhain Labs | 1 Hsftp | 2017-10-10 | 7.5 HIGH | N/A |
| Format string vulnerability in hsftp 1.11 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via file names containing format string characters that are not properly handled when executing an "ls" command. | |||||
| CVE-2004-0160 | 1 Synaesthesia | 1 Synaesthesia | 2017-10-10 | 7.2 HIGH | N/A |
| Synaesthesia 2.2 and earlier allows local users to execute arbitrary code via a symlink attack on the configuration file. | |||||
| CVE-2004-0191 | 1 Mozilla | 1 Mozilla | 2017-10-10 | 6.8 MEDIUM | N/A |
| Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events. | |||||
| CVE-2004-0320 | 1 Ncipher | 1 Nshield | 2017-10-10 | 2.1 LOW | N/A |
| Unknown vulnerability in nCipher Hardware Security Modules (HSM) 1.67.x through 1.99.x allows local users to access secrets stored in the module's run-time memory via certain sequences of commands. | |||||
| CVE-2004-0336 | 1 Software602 | 1 602pro Lan Suite | 2017-10-10 | 5.0 MEDIUM | N/A |
| LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive information via the mail login form, which contains the path to the mail directory. | |||||
| CVE-2004-0190 | 1 Symantec | 3 Firewall Vpn Appliance 100, Firewall Vpn Appliance 200, Firewall Vpn Appliance 200r | 2017-10-10 | 7.5 HIGH | N/A |
| Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges. | |||||
| CVE-2004-0171 | 2 Freebsd, Openbsd | 2 Freebsd, Openbsd | 2017-10-10 | 5.0 MEDIUM | N/A |
| FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of memory buffers and system crash) via a large number of out-of-sequence TCP packets, which prevents the operating system from creating new connections. | |||||
| CVE-2004-0169 | 1 Apple | 1 Darwin Streaming Server | 2017-10-10 | 5.0 MEDIUM | N/A |
| QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (crash) via DESCRIBE requests with long User-Agent fields, which causes an Assert error to be triggered in the BufferIsFull function. | |||||
| CVE-2004-0347 | 1 Netscreen | 1 Netscreen-sa 5000 Series | 2017-10-10 | 6.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in delhomepage.cgi in NetScreen-SA 5000 Series running firmware 3.3 Patch 1 (build 4797) allows remote authenticated users to execute arbitrary script as other users via the row parameter. | |||||
| CVE-2004-0263 | 2 Apache, Ibm | 2 Http Server, Http Server | 2017-10-10 | 5.0 MEDIUM | N/A |
| PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information. | |||||
| CVE-2004-0189 | 1 Squid | 1 Squid | 2017-10-10 | 7.5 HIGH | N/A |
| The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists. | |||||
| CVE-2004-0185 | 1 Washington University | 1 Wu-ftpd | 2017-10-10 | 10.0 HIGH | N/A |
| Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name. | |||||
| CVE-2004-0274 | 1 Eggheads | 1 Eggdrop Irc Bot | 2017-10-10 | 7.5 HIGH | N/A |
| Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can mistakenly assign STAT_OFFERED status to a bot that is not a sharebot, which allows remote attackers to use STAT_OFFERED to promote a bot to a sharebot and conduct unauthorized activities. | |||||
| CVE-2002-0395 | 1 Red-m | 1 1050ap Lan Acess Point | 2017-10-10 | 10.0 HIGH | N/A |
| The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be disabled and makes it easier for remote attackers to crack the administration password via brute force methods. | |||||
| CVE-2002-0396 | 1 Red-m | 1 1050ap Lan Acess Point | 2017-10-10 | 7.5 HIGH | N/A |
| The web management server for Red-M 1050 (Bluetooth Access Point) does not use session-based credentials to authenticate users, which allows attackers to connect to the server from the same IP address as a user who has already established a session. | |||||
| CVE-2004-0068 | 1 Phpdig.net | 1 Phpdig | 2017-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 and earlier allows remote attackers to execute arbitrary PHP code by modifying the $relative_script_path parameter to reference a URL on a remote web server that contains the code. | |||||