Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2111 | 1 Gianni Tedesco | 1 Fwmon | 2017-07-11 | 5.0 MEDIUM | N/A |
| Fwmon before 1.0.10 allows remote attackers to cause a denial of service (crash) by causing the kernel to return a large packet. | |||||
| CVE-2002-2114 | 1 Netjuke | 1 Netjuke | 2017-07-11 | 7.5 HIGH | N/A |
| Artekopia Netjuke before 1.0 b7 allows remote attackers to execute arbitrary code on the web server, possibly via the section parameter, which is passed to an eval call. | |||||
| CVE-2004-0134 | 1 Sgi | 1 Irix | 2017-07-11 | 7.2 HIGH | N/A |
| cpr (libcpr) in SGI IRIX before 6.5.25 allows local users to gain privileges by loading a user provided library while restarting the checkpointed process. | |||||
| CVE-2004-0133 | 1 Linux | 1 Linux Kernel | 2017-07-11 | 2.1 LOW | N/A |
| The XFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the XFS file system, which allows local users to obtain sensitive information by reading the raw device. | |||||
| CVE-2002-2123 | 1 Gallery Project | 1 Gallery | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in publish_xp_docs.php for Gallery 1.3.2 allows remote attackers to inject arbitrary PHP code by specifying a URL to an init.php file in the GALLERY_BASEDIR parameter. | |||||
| CVE-2002-2124 | 1 Nylon | 1 Nylon | 2017-07-11 | 5.0 MEDIUM | N/A |
| The recvn and sendn functions in nylon 0.2 do not check when the recv function call returns 0, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) by closing the connection while recv is executing. | |||||
| CVE-2002-2127 | 1 Pedestal Software | 1 Integrity Protection Driver | 2017-07-11 | 2.1 LOW | N/A |
| Integrity Protection Driver (IPD) 1.2 and earlier blocks access to \Device\PhysicalMemory by its name, which could allow local privileged processes to overwrite kernel memory by accessing the device through a symlink. | |||||
| CVE-2002-2129 | 1 W-agora | 1 W-agora | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in editform.php for w-Agora 4.1.5 allows remote attackers to execute arbitrary web script via an arbitrary form field name containing the script, which is echoed back to the user when displaying the form. | |||||
| CVE-2003-0291 | 1 3com | 1 3cp4144 | 2017-07-11 | 5.0 MEDIUM | N/A |
| 3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly clear memory from DHCP responses, which allows remote attackers to identify the contents of previous HTTP requests by sniffing DHCP packets. | |||||
| CVE-2002-2153 | 1 Oracle | 1 Application Server | 2017-07-11 | 7.5 HIGH | N/A |
| Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 4.0.8 and 4.0.8 2 allows remote attackers to execute arbitrary code. | |||||
| CVE-2003-0290 | 1 Etype | 1 Eserv | 2017-07-11 | 5.0 MEDIUM | N/A |
| Memory leak in eServ 2.9x allows remote attackers to cause a denial of service (memory exhaustion) via a large number of connections, whose memory is not freed when the connection is terminated. | |||||
| CVE-2003-0289 | 1 Cdrtools | 1 Cdrecord | 2017-07-11 | 7.2 HIGH | N/A |
| Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter. | |||||
| CVE-2003-0288 | 1 Hiroaki Shirouzu | 1 Ip Messenger | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the file & folder transfer mechanism for IP Messenger for Win 2.00 through 2.02 allows remote attackers to execute arbitrary code via file with a long filename, which triggers the overflow when the user saves the file. | |||||
| CVE-2003-0287 | 1 Six Apart | 1 Movable Type | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, and possibly other versions including 2.63, allows remote attackers to insert arbitrary web script or HTML via the Name textbox, possibly when the "Allow HTML in comments?" option is enabled. | |||||
| CVE-2003-0285 | 1 Ibm | 1 Aix | 2017-07-11 | 5.0 MEDIUM | N/A |
| IBM AIX 5.2 and earlier distributes Sendmail with a configuration file (sendmail.cf) with the (1) promiscuous_relay, (2) accept_unresolvable_domains, and (3) accept_unqualified_senders features enabled, which allows Sendmail to be used as an open mail relay for sending spam e-mail. | |||||
| CVE-2003-0283 | 1 Phorum | 1 Phorum | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows remote attackers to inject arbitrary web script and HTML tags via a message with a "<<" before a tag name in the (1) subject, (2) author's name, or (3) author's e-mail. | |||||
| CVE-2003-0281 | 1 Firebirdsql | 1 Firebird | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_inet_server, (2) gds_lock_mgr, or (3) gds_drop. | |||||
| CVE-2003-0280 | 1 Youngzsoft | 1 Cmailserver | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the SMTP Service for ESMTP CMailServer 4.0.2003.03.27 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands. | |||||
| CVE-2003-0279 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 2.6 LOW | N/A |
| Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php. | |||||
| CVE-2003-0278 | 1 Happycgi.com | 1 Happymall | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to insert arbitrary web script via the file parameter. | |||||
| CVE-2003-0277 | 1 Happycgi | 1 Happymall | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the file parameter. | |||||
| CVE-2003-0276 | 1 Pi3 | 1 Pi3web | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GET request with a large number of / characters. | |||||
| CVE-2004-0132 | 1 Visualshapers | 1 Ezcontents | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 and earlier allow remote attackers to execute arbitrary PHP code from a remote web server, as demonstrated using (1) the GLOBALS[rootdp] parameter to db.php, or (2) the GLOBALS[language_home] parameter to archivednews.php, and a malicious version of lang_admin.php. | |||||
| CVE-2003-0270 | 1 Apple | 1 802.11n | 2017-07-11 | 7.6 HIGH | N/A |
| The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections. | |||||
| CVE-2003-0269 | 1 Youbin | 1 Youbin | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in youbin allows local users to gain privileges via a long HOME environment variable. | |||||
| CVE-2003-0263 | 1 Floosietek | 1 Ftgatepro | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Floosietek FTGate Pro Mail Server (FTGatePro) 1.22 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands. | |||||
| CVE-2003-0262 | 1 Leksbot | 1 Leksbot | 2017-07-11 | 7.2 HIGH | N/A |
| leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, which allows local users to gain root privileges by exploiting unknown vulnerabilities related to the escalated privileges, which KATAXWR is not designed to have. | |||||
| CVE-2003-0257 | 1 Ibm | 1 Aix | 2017-07-11 | 7.2 HIGH | N/A |
| Format string vulnerability in the printer capability for IBM AIX .3, 5.1, and 5.2 allows local users to gain printq or root privileges. | |||||
| CVE-2003-0333 | 1 Hp | 1 Hp-ux | 2017-07-11 | 7.2 HIGH | N/A |
| Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit 6.0.192 and possibly other versions before 8.0) allow local users to gain privileges via long arguments to (1) ask, (2) askq, (3) define, (4) assign, and (5) getc, some of which may share the same underlying function "doask," a different vulnerability than CVE-2001-0085. | |||||
| CVE-2003-0240 | 1 Axis | 9 2100 Network Camera, 2110 Network Camera, 2120 Network Camera and 6 more | 2017-07-11 | 10.0 HIGH | N/A |
| The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash). | |||||
| CVE-2003-0239 | 1 Mirabilis | 1 Icq | 2017-07-11 | 5.0 MEDIUM | N/A |
| icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service via malformed GIF89a headers that do not contain a GCT (Global Color Table) or an LCT (Local Color Table) after an Image Descriptor. | |||||
| CVE-2003-0238 | 1 Mirabilis | 1 Icq | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Message Session window in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service (CPU consumption) by spoofing the address of an ADS server and sending HTML with a -1 width in a table tag. | |||||
| CVE-2003-0237 | 1 Mirabilis | 1 Icq | 2017-07-11 | 7.5 HIGH | N/A |
| The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack. | |||||
| CVE-2003-0236 | 1 Mirabilis | 1 Icq | 2017-07-11 | 7.5 HIGH | N/A |
| Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 2003a allow remote attackers to execute arbitrary code via the (1) Subject or (2) Date headers. | |||||
| CVE-2003-0235 | 1 Mirabilis | 1 Icq | 2017-07-11 | 7.5 HIGH | N/A |
| Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a allows remote malicious servers to execute arbitrary code via format strings in the response to a UIDL command. | |||||
| CVE-2003-0221 | 1 Hp | 1 Tru64 | 2017-07-11 | 7.2 HIGH | N/A |
| The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and earlier allows local users to overwrite files and possibly gain root privileges via a symlink attack. | |||||
| CVE-2003-0014 | 1 Bmv | 1 Bmv | 2017-07-11 | 4.6 MEDIUM | N/A |
| gsinterf.c in bmv 1.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2003-0026 | 1 Isc | 1 Dhcpd | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute arbitrary code via a DHCP message containing a long hostname. | |||||
| CVE-2003-0037 | 1 Noffle | 1 Noffle | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflows in noffle news server 1.0.1 and earlier allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code. | |||||
| CVE-2003-0038 | 1 Gnu | 1 Mailman | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters. | |||||
| CVE-2003-0042 | 1 Apache | 1 Tomcat | 2017-07-11 | 5.0 MEDIUM | N/A |
| Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character. | |||||
| CVE-2003-0044 | 1 Apache | 1 Tomcat | 2017-07-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML. | |||||
| CVE-2003-0057 | 1 Hypermail | 1 Hypermail | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code (1) via a long attachment filename that is not properly handled by the hypermail executable, or (2) by connecting to the mail CGI program from an IP address that reverse-resolves to a long hostname. | |||||
| CVE-2003-0080 | 1 Gnome | 1 Gnome-lokkit | 2017-07-11 | 7.5 HIGH | N/A |
| The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not include any rules in the FORWARD chain, which could allow attackers to bypass intended access restrictions if packet forwarding is enabled. | |||||
| CVE-2003-0203 | 2 Moxftp, Xftp | 2 Moxftp, Xftp | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP servers to execute arbitrary code via a long FTP banner. | |||||
| CVE-2003-0202 | 1 Brian Renaud | 1 Metrics | 2017-07-11 | 4.6 MEDIUM | N/A |
| The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2003-0144 | 4 Bsd, Freebsd, Lprold and 1 more | 4 Lpr, Freebsd, Lprold and 1 more | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name. | |||||
| CVE-2003-0146 | 1 Netpbm | 1 Netpbm | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly other versions, may allow remote attackers to cause a denial of service or execute arbitrary code via "maths overflow errors" such as (1) integer signedness errors or (2) integer overflows, which lead to buffer overflows. | |||||
| CVE-2003-0193 | 1 Catdoc | 1 Catdoc | 2017-07-11 | 2.1 LOW | N/A |
| msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable temporary file names ("word$$.html"). | |||||
| CVE-2015-8044 | 5 Adobe, Apple, Google and 2 more | 9 Air, Air Sdk, Air Sdk \& Compiler and 6 more | 2017-07-01 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, and CVE-2015-8046. | |||||