Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1310 | 1 Symantec | 1 Norton Antivirus | 2017-07-29 | 4.6 MEDIUM | N/A |
| The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) in Symantec Norton AntiVirus 2002 allows local users to gain privileges by overwriting memory locations via certain control codes (aka "Device Driver Attack"). | |||||
| CVE-2003-1315 | 1 Neocrome | 1 Land Down Under | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in auth.php in Land Down Under (LDU) v601 and earlier allows remote attackers to execute arbitrary SQL commands. | |||||
| CVE-2003-1316 | 1 Endonesia | 1 Endonesia | 2017-07-29 | 5.0 MEDIUM | N/A |
| mod.php in eNdonesia 8.2 allows remote attackers to obtain sensitive information via a ' (quote) value in the lng parameter, which reveals the path in an error message. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2003-1317 | 1 Endonesia | 1 Endonesia | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mod.php in eNdonesia 8.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2003-1319 | 1 Smartftp | 1 Smartftp | 2017-07-29 | 7.6 HIGH | N/A |
| Multiple buffer overflows in SmartFTP 1.0.973, and other versions before 1.0.976, allow remote attackers to execute arbitrary code via (1) a long response to a PWD command, which triggers a stack-based overflow, and (2) a long line in a response to a file LIST command, which triggers a heap-based overflow. | |||||
| CVE-2003-1321 | 1 Avant Force | 1 Avant Browser | 2017-07-29 | 7.5 HIGH | N/A |
| Buffer overflow in Avant Browser 8.02 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL in an HTTP request. | |||||
| CVE-2003-1332 | 2 Linux, Samba | 2 Linux Kernel, Samba | 2017-07-29 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and earlier allows remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201. | |||||
| CVE-2002-2293 | 1 Twofold Photos | 1 Webshots Desktop | 2017-07-29 | 4.6 MEDIUM | N/A |
| Webshots Desktop screensaver allows local users to bypass the password on the screensaver by pressing CTRL-ALT-DELETE and (1) hitting the cancel button or (2) killing the screensaver from the task manager. | |||||
| CVE-2002-2284 | 1 Netscape | 1 Communicator | 2017-07-29 | 6.4 MEDIUM | N/A |
| Netscape Communicator 4.0 through 4.79 allows remote attackers to bypass JVM security and execute arbitrary Java code via an applet that loads user-supplied Java classes. | |||||
| CVE-2002-2282 | 1 Mcafee | 1 Virusscan | 2017-07-29 | 6.9 MEDIUM | N/A |
| McAfee VirusScan 4.5.1, when the WebScanX.exe module is enabled, searches for particular DLLs from the user's home directory, even when browsing the local hard drive, which allows local users to run arbitrary code via malicious versions of those DLLs. | |||||
| CVE-2002-2281 | 1 Symantec | 1 Java | 2017-07-29 | 10.0 HIGH | N/A |
| Symantec Java! JIT (Just-In-Time) Compiler for Netscape Communicator 4.0 through 4.8 allows remote attackers to execute arbitrary Java commands via an applet that uses a jump call, which is not correctly compiled by the JIT compiler. | |||||
| CVE-2002-2275 | 1 Fortres Grand Corporation | 1 Fortres | 2017-07-29 | 2.1 LOW | N/A |
| Fortres 101 4.1 allows local users to bypass Fortres by pressing the Windows and "F" key together for 30 seconds, which opens multiple windows and eventually causes explorer.exe to crash, which then opens an unrestricted explorer.exe. | |||||
| CVE-2001-1581 | 1 Clearswift Limited | 1 Mailsweeper | 2017-07-29 | 7.5 HIGH | N/A |
| The File Blocker feature in Clearswift MAILsweeper for SMTP 4.2 allows remote attackers to bypass e-mail attachment filtering policies via a modified name in a Content-Type header. | |||||
| CVE-2004-2691 | 1 3com | 3 3c17205-us, 3c17210-us, Superstack 3 Switch | 2017-07-29 | 7.1 HIGH | N/A |
| Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. NOTE: the provenance of this information is unknown; details are obtained from third party reports. | |||||
| CVE-2004-2673 | 1 Argosoft | 1 Ftp Server | 2017-07-29 | 9.0 HIGH | N/A |
| Multiple buffer overflows in ArGoSoft FTP Server before 1.4.1.6 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a SITE ZIP command with a long first or second argument, or (2) a SITE COPY with a long argument. | |||||
| CVE-2004-2690 | 1 Newsphp | 1 Newsphp | 2017-07-29 | 8.5 HIGH | N/A |
| Unrestricted file upload vulnerability in the Administration Panel for NewsPHP allows remote authenticated administrators to upload and execute arbitrary code instead of video files. | |||||
| CVE-2004-2675 | 1 Argosoft | 1 Ftp Server | 2017-07-29 | 6.8 MEDIUM | N/A |
| ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users to cause a denial of service (crash) via a SITE PASS command with a long password parameter, which causes the database to be corrupted. | |||||
| CVE-2004-2674 | 1 Argosoft | 1 Ftp Server | 2017-07-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users to determine the existence of arbitrary files via ".." sequences in the SITE UNZIP argument. | |||||
| CVE-2004-2676 | 1 Webroot Software | 1 Spy Sweeper Enterprise | 2017-07-29 | 7.2 HIGH | N/A |
| The Spy Sweeper Enterprise Client (SpySweeperTray.exe) in WebRoot Spy Sweeper before 2.0 does not drop privileges when using the help functionality, which allows local users to gain privileges. | |||||
| CVE-2004-2671 | 1 Endonesia | 1 Endonesia | 2017-07-29 | 5.0 MEDIUM | N/A |
| mod.php in eNdonesia 8.3 allows remote attackers to obtain sensitive information via certain direct requests, and certain requests with invalid parameter values, which reveal the path in various error messages, as demonstrated by the (1) mod and (2) cid parameters. | |||||
| CVE-2004-2670 | 1 Endonesia | 1 Endonesia | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in mod.php in eNdonesia 8.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewcat operation or (2) the query parameter in a search operation in the publisher module. | |||||
| CVE-2004-2681 | 1 Peersec Networks | 1 Matrixssl | 2017-07-29 | 7.5 HIGH | N/A |
| PeerSec MatrixSSL before 1.1 caches session keys for an indefinitely long time, which might make it easier for remote attackers to hijack a session. | |||||
| CVE-2005-4869 | 1 Ibm | 1 Db2 | 2017-07-29 | 2.1 LOW | N/A |
| The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local users to cause a denial of service (application crash) via an empty string in the second parameter, which causes a null pointer dereference. | |||||
| CVE-2004-2678 | 1 Hp | 1 Tru64 | 2017-07-29 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in HP Tru64 UNIX 5.1B PK2(BL22) and PK3(BL24), and 5.1A PK6(BL24), when using IPsec/IKE (Internet Key Exchange) with Certificates, allows remote attackers to gain privileges via unknown attack vectors. | |||||
| CVE-2004-2669 | 1 Neocrome | 1 Land Down Under | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Land Down Under (LDU) v701 allow remote attackers to execute arbitrary SQL commands or obtain the installation path via parameters including (1) s, w, and d in users.php, (2) id in comments.php, (3) rusername in auth.php, or (4) h in plug.php. | |||||
| CVE-2004-2679 | 1 Checkpoint | 1 Firewall-1 | 2017-07-29 | 7.8 HIGH | N/A |
| Check Point Firewall-1 4.1 up to NG AI R55 allows remote attackers to obtain potentially sensitive information by sending an Internet Key Exchange (IKE) with a certain Vendor ID payload that causes Firewall-1 to return a response containing version and other information. | |||||
| CVE-2005-4817 | 1 Tmsnc | 1 Tmsnc | 2017-07-29 | 7.5 HIGH | N/A |
| Format string vulnerability in ui.c in Textbased MSN Client (TMSNC) before 0.2.5 allows attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors that cause format strings to be injected into the wprintw function. | |||||
| CVE-2005-4820 | 1 Smc Networks | 1 Smc7904wbra | 2017-07-29 | 5.0 MEDIUM | N/A |
| SMC Wireless Router model SMC7904WBRA allows remote attackers to cause a denial of service (reboot) by flooding the router with traffic. | |||||
| CVE-2005-4832 | 1 Oracle | 1 Oracle10g | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTION_NAME parameter in the (1) SYS.DBMS_CDC_SUBSCRIBE and (2) SYS.DBMS_CDC_ISUBSCRIBE packages, a different vector than CVE-2005-1197. | |||||
| CVE-2005-4819 | 1 Ibm | 1 Lotus Domino | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Lotus Domino versions before 6.5.4 fix pack 1 (FP1) and versions before 7.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-4822 | 1 Digger Solutions | 1 Intranet Open Source | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in projects/project-edit.asp in Digger Solutions Intranet Open Source (IOS) version 2.7.2 allows remote attackers to execute arbitrary SQL commands via the project_id parameter. | |||||
| CVE-2003-1330 | 2 Clearswift Limited, Microsoft | 2 Mailsweeper, All Windows | 2017-07-29 | 5.0 MEDIUM | N/A |
| Clearswift MAILsweeper for SMTP 4.3.6 SP1 does not execute custom "on strip unsuccessful" hooks, which allows remote attackers to bypass e-mail attachment filtering policies via an attachment that MAILsweeper can detect but not remove. | |||||
| CVE-2002-2266 | 1 Netscreen | 1 Screenos | 2017-07-29 | 5.0 MEDIUM | N/A |
| NetScreen ScreenOS 2.8 through 4.0, when forwarding H.323 or Netmeeting traffic, allows remote attackers to cause a denial of service (firewall session table consumption) by establishing multiple half-open H.323 sessions, which are not cleaned up on garbage removal and do not time out for 36 hours. | |||||
| CVE-2003-1327 | 2 Linux, Washington University | 2 Linux Kernel, Wu-ftpd | 2017-07-29 | 9.3 HIGH | N/A |
| Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator. | |||||
| CVE-2006-3096 | 1 Ipostmx | 1 Ipostmx 2005 | 2017-07-21 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in iPostMX 2005 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) forum parameter in messagepost.cfm and (2) topic parameter in topics.cfm. NOTE: this item was created based on information in a blog entry that was apparently removed after CVE analysis. As of 20060619, CVE is attempting to determine the cause of the removal. | |||||
| CVE-2006-2577 | 1 Docebo | 1 Docebo | 2017-07-21 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) where_cms, (2) where_lms, (3) where_upgrade, (4) BBC_LIB_PATH, and (5) BBC_LANGUAGE_PATH parameters in various unspecified scripts. NOTE: the provenance of some of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1472 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-21 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 allows remote attackers to determine names of unauthorized files and folders via unknown vectors related to the search results. | |||||
| CVE-2006-1599 | 1 V-creator.com | 1 V-creator | 2017-07-21 | 7.5 HIGH | N/A |
| Unspecified vulnerability in VCEngine.php in v-creator before 1.3-pre3, when the VC_CRYPTO_METHOD option is OPENSSL, allows remote attackers to execute arbitrary commands, possibly due to problems in the (1) encrypt and (2) decrypt functions. | |||||
| CVE-2006-1333 | 1 Betaparticle | 1 Betaparticle Blog | 2017-07-21 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in BetaParticle Blog 6.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp or (2) fldGalleryID parameter to template_gallery_detail.asp. | |||||
| CVE-2006-1037 | 1 Oracle | 2 Diagnostics, E-business Suite | 2017-07-21 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Oracle Diagnostics module 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | |||||
| CVE-2006-5980 | 1 Renasoft | 1 Netjetserver | 2017-07-20 | 10.0 HIGH | N/A |
| adm_lgn_admin.asp in Renasoft NetJetServer 2.5.3.939, and possibly earlier, does not properly perform login authentication, which allows remote attackers to obtain administrative privileges. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||
| CVE-2006-5950 | 1 Altools | 1 Alftp Ftp Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote authenticated users to obtain the installation path via unknown vectors related to the REN command, probably due to response messages. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||
| CVE-2006-6064 | 1 Fuzzball Muck | 1 Fuzzball Muck | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the Message Parsing Interpreter (MPI) in Fuzzball MUCK before 6.07 allow remote attackers to execute arbitrary code via crafted messages. | |||||
| CVE-2006-6091 | 1 Grimbb | 1 Grimbb | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Grim Pirate GrimBB before 2006_11_21 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-5947 | 1 Conxint | 1 Conxint Ftp Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Conxint FTP Server 2.2.0603, and possibly earlier, allow remote attackers to read arbitrary files and list arbitrary directories via directory traversal sequences in (1) DIR (LIST or NLST) and (2) GET (RETR) commands. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||
| CVE-2006-6085 | 1 Kile | 1 Kile | 2017-07-20 | 5.0 MEDIUM | N/A |
| Kile before 1.9.3 does not assign a backup file the same permissions as the original file, which might allow local users to obtain sensitive information. | |||||
| CVE-2006-6052 | 1 Netepi Case Manager | 1 Netepi Case Manager | 2017-07-20 | 5.0 MEDIUM | N/A |
| NetEpi Case Manager before 0.98 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames. | |||||
| CVE-2006-5960 | 1 Web Inhabit | 1 A\+ Store E-commerce | 2017-07-20 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in account_login.asp in A+ Store E-Commerce allow remote attackers to inject arbitrary web script or HTML via the (1) username (txtUserName) and (2) password (txtPassword) parameters. NOTE: portions of these details are obtained from third party information. | |||||
| CVE-2006-5878 | 1 Edgewall Software | 1 Trac | 2017-07-20 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors. | |||||
| CVE-2006-5969 | 1 Fvwm | 1 Fvwm | 2017-07-20 | 4.6 MEDIUM | N/A |
| CRLF injection vulnerability in the evalFolderLine function in fvwm 2.5.18 and earlier allows local users to execute arbitrary commands via carriage returns in a directory name, which is not properly handled by fvwm-menu-directory, a variant of CVE-2003-1308. | |||||