Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0913 | 1 Network Security Wizards | 1 Dragon-fire Ids | 2016-10-18 | 10.0 HIGH | N/A |
| dfire.cgi script in Dragon-Fire IDS allows remote users to execute commands via shell metacharacters. | |||||
| CVE-1999-0403 | 1 Cyrix | 1 Linux | 2016-10-18 | 5.0 MEDIUM | N/A |
| A bug in Cyrix CPUs on Linux allows local users to perform a denial of service. | |||||
| CVE-1999-0464 | 1 Tripwire | 1 Tripwire | 2016-10-18 | 2.1 LOW | N/A |
| Local users can perform a denial of service in Tripwire 1.2 and earlier using long filenames. | |||||
| CVE-1999-0897 | 1 Apple | 1 Ichat Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| iChat ROOMS Webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
| CVE-1999-0819 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2016-10-18 | 5.0 MEDIUM | N/A |
| NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it. | |||||
| CVE-1999-0250 | 1 Dan Bernstein | 1 Qmail | 2016-10-18 | 10.0 HIGH | N/A |
| Denial of service in Qmail through long SMTP commands. | |||||
| CVE-1999-0393 | 1 Eric Allman | 1 Sendmail | 2016-10-18 | 5.0 MEDIUM | N/A |
| Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers. | |||||
| CVE-1999-0808 | 1 Isc | 1 Dhcp Client | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple buffer overflows in ISC DHCP Distribution server (dhcpd) 1.0 and 2.0 allow a remote attacker to cause a denial of service (crash) and possibly execute arbitrary commands via long options. | |||||
| CVE-1999-0118 | 1 Ibm | 1 Aix | 2016-10-18 | 7.2 HIGH | N/A |
| AIX infod allows local users to gain root access through an X display. | |||||
| CVE-1999-0364 | 2 Fms Inc., Microsoft | 2 Total Vb Sourcebook, Access | 2016-10-18 | 10.0 HIGH | N/A |
| Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data. | |||||
| CVE-1999-0661 | 2016-10-18 | 10.0 HIGH | N/A | ||
| A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6. | |||||
| CVE-1999-0610 | 1 Mountain Network Systems | 1 Webcart | 2016-10-18 | 5.0 MEDIUM | N/A |
| An incorrect configuration of the Webcart CGI program could disclose private information. | |||||
| CVE-1999-0609 | 1 Mercantec | 1 Softcart | 2016-10-18 | 5.0 MEDIUM | N/A |
| An incorrect configuration of the SoftCart CGI program "SoftCart.exe" could disclose private information. | |||||
| CVE-1999-0347 | 2016-10-18 | 10.0 HIGH | N/A | ||
| Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javascript URL, which causes Internet Explorer to use the domain specified after the character. | |||||
| CVE-1999-0607 | 1 I-soft | 1 Quikstore | 2016-10-18 | 5.0 MEDIUM | N/A |
| quikstore.cgi in QuikStore shopping cart stores quikstore.cfg under the web document root with insufficient access control, which allows remote attackers to obtain the cleartext administrator password and gain privileges. | |||||
| CVE-1999-0604 | 1 Selena Sol | 1 Selena Sol Webstore | 2016-10-18 | 5.0 MEDIUM | N/A |
| An incorrect configuration of the WebStore 1.0 shopping cart CGI program "web_store.cgi" could disclose private information. | |||||
| CVE-1999-0803 | 1 Ibm | 1 Aix Enetwork Firewall | 2016-10-18 | 2.1 LOW | N/A |
| The fwluser script in AIX eNetwork Firewall allows local users to write to arbitrary files via a symlink attack. | |||||
| CVE-1999-0947 | 1 An | 1 An-httpd | 2016-10-18 | 7.5 HIGH | N/A |
| AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters. | |||||
| CVE-1999-0283 | 2016-10-18 | 10.0 HIGH | N/A | ||
| The Java Web Server would allow remote users to obtain the source code for CGI programs. | |||||
| CVE-1999-0798 | 5 Bsdi, Freebsd, Openbsd and 2 more | 7 Bsd Os, Freebsd, Openbsd and 4 more | 2016-10-18 | 10.0 HIGH | N/A |
| Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type. | |||||
| CVE-1999-0946 | 1 Yamaha | 1 Midiplug | 2016-10-18 | 5.1 MEDIUM | N/A |
| Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED tag. | |||||
| CVE-2005-4261 | 1 Positive Software | 1 Cp\+ | 2016-10-15 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Positive Software Corporation CP+ (cpplus) before 2.5.5 allows attackers to have unknown impact and attack vectors, related to "a possible security flaw caused by a bug in Perl." NOTE: unless CP+ includes its own copy of Perl with CVE-2005-3962, this is a different vulnerability than CVE-2005-3962; however, there is insufficient information to be sure. | |||||
| CVE-2007-6720 | 1 Igno Saitz | 1 Libmikmod | 2016-10-04 | 4.3 MEDIUM | N/A |
| libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels. | |||||
| CVE-1999-0938 | 1 University College London | 1 Sdr | 2016-09-17 | 7.5 HIGH | N/A |
| MBone SDR Package allows remote attackers to execute commands via shell metacharacters in Session Initiation Protocol (SIP) messages. | |||||
| CVE-2000-0322 | 1 Redhat | 1 Linux | 2016-09-17 | 10.0 HIGH | N/A |
| The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execute arbitrary commands via shell metacharacters. | |||||
| CVE-1999-0732 | 1 Debian | 1 Debian Linux | 2016-09-17 | 2.1 LOW | N/A |
| The logging facility of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links. | |||||
| CVE-2002-1054 | 1 Pablo Software Solutions | 1 Pablo Ftp Server | 2016-09-17 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in Pablo FTP server 1.0 build 9 and earlier allows remote authenticated users to list arbitrary directories via "..\" (dot-dot backslash) sequences in a LIST command. | |||||
| CVE-2001-1095 | 1 Ibm | 1 Aix | 2016-09-17 | 4.6 MEDIUM | N/A |
| Buffer overflow in uuq in AIX 4 could allow local users to execute arbitrary code via a long -r parameter. | |||||
| CVE-2002-0473 | 1 Phpbb Group | 1 Phpbb | 2016-09-17 | 10.0 HIGH | N/A |
| db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter. | |||||
| CVE-2006-2191 | 1 Gnu | 1 Mailman | 2016-08-31 | 7.5 HIGH | N/A |
| ** DISPUTED ** Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable." | |||||
| CVE-2015-1594 | 1 Siemens | 5 Simatic Cfc, Simatic Prosave, Simatic Step 7 and 2 more | 2016-08-24 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Siemens SIMATIC ProSave before 13 SP1; SIMATIC CFC before 8.0 SP4 Upd9 and 8.1 before Upd1; SIMATIC STEP 7 before 5.5 SP1 HF2, 5.5 SP2 before HF7, 5.5 SP3, and 5.5 SP4 before HF4; SIMOTION Scout before 4.4; and STARTER before 4.4 HF3 allows local users to gain privileges via a Trojan horse application file. | |||||
| CVE-2015-1051 | 2 Context Project, Fedoraproject | 2 Context, Fedora | 2016-08-23 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Context UI module in the Context module 7.x-3.x before 7.x-3.6 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter. | |||||
| CVE-2015-1921 | 1 Ibm | 1 Websphere Portal | 2016-08-17 | 6.4 MEDIUM | N/A |
| Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. | |||||
| CVE-2014-1750 | 1 Nokia Maps \& Places Project | 1 Nokia Maps \& Places | 2016-05-27 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the href parameter to page/place.html. NOTE: this was originally reported as a cross-site scripting (XSS) vulnerability, but this may be inaccurate. | |||||
| CVE-2005-3461 | 1 Oracle | 1 Peoplesoft Enterprise | 2016-04-30 | 10.0 HIGH | N/A |
| Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.42 up to 8.45.17 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE01. | |||||
| CVE-2014-9386 | 1 Zenoss | 1 Zenoss Core | 2016-03-21 | 6.8 MEDIUM | N/A |
| Zenoss Core before 4.2.5 SP161 sets an infinite lifetime for the session ID cookie, which makes it easier for remote attackers to hijack sessions by leveraging an unattended workstation, aka ZEN-12691. | |||||
| CVE-2014-6255 | 1 Zenoss | 1 Zenoss Core | 2016-03-21 | 6.4 MEDIUM | N/A |
| Open redirect vulnerability in the login form in Zenoss Core before 4.2.5 SP161 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the came_from parameter, aka ZEN-11998. | |||||
| CVE-2015-5204 | 1 Apache | 1 Cordova File Transfer | 2015-12-18 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in the Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) for Android before 1.3.0 allows remote attackers to inject arbitrary headers via CRLF sequences in the filename of an uploaded file. | |||||
| CVE-2015-5245 | 1 Redhat | 1 Ceph | 2015-12-04 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name. | |||||
| CVE-2014-3307 | 1 Cisco | 1 Universal Small Cell Series Firmware | 2015-12-03 | 6.8 MEDIUM | N/A |
| The DHCP client implementation in Universal Small Cell firmware on Cisco Small Cell products allows remote attackers to execute arbitrary commands via crafted DHCP messages, aka Bug ID CSCup47513. | |||||
| CVE-2014-4752 | 1 Ibm | 40 Bladecenter 10g Vfsm, Bladecenter 10g Vfsm Firmware, Bladecenter 1\/10g and 37 more | 2015-11-27 | 10.0 HIGH | N/A |
| IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, and G8264-T switches before 7.9.10.0; EN4093, EN4093R, CN4093, SI4093, EN2092, and G8264CS switches before 7.8.6.0; Flex System Interconnect Fabric before 7.8.6.0; 1G L2-7 SLB switch for Bladecenter before 21.0.21.0; 10G VFSM for Bladecenter before 7.8.14.0; 1:10G switch for Bladecenter before 7.4.8.0; 1G switch for Bladecenter before 5.3.5.0; Server Connectivity Module before 1.1.3.4; System Networking RackSwitch G8332 before 7.7.17.0; and System Networking RackSwitch G8000 before 7.1.7.0 have hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2015-7913 | 1 Tibbo | 1 Aggregate | 2015-11-23 | 7.2 HIGH | N/A |
| ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows local users to execute arbitrary Java code with SYSTEM privileges by using the Apache Axis AdminService deployment method to publish a class. | |||||
| CVE-2015-7912 | 1 Tibbo | 1 Aggregate | 2015-11-23 | 10.0 HIGH | N/A |
| The Ice Faces servlet in ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows remote attackers to upload and execute arbitrary Java code via a crafted XML document. | |||||
| CVE-2014-2928 | 1 F5 | 9 Big-ip Access Policy Manager, Big-ip Application Security Manager, Big-ip Edge Gateway and 6 more | 2015-11-20 | 7.1 HIGH | N/A |
| The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, Enterprise Manager 2.1.0 through 2.3.0 and 3.0.0 through 3.1.1, and BIG-IQ Cloud, Device, and Security 4.0.0 through 4.3.0 allows remote administrators to execute arbitrary commands via shell metacharacters in the hostname element in a SOAP request. | |||||
| CVE-2014-1379 | 1 Apple | 1 Mac Os X | 2015-11-20 | 10.0 HIGH | N/A |
| Graphics Drivers in Apple OS X before 10.9.4 allows attackers to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a 32-bit executable file for a crafted application. | |||||
| CVE-2014-1377 | 1 Apple | 1 Mac Os X | 2015-11-20 | 10.0 HIGH | N/A |
| Array index error in IOAcceleratorFamily in Apple OS X before 10.9.4 allows attackers to execute arbitrary code via a crafted application. | |||||
| CVE-2015-7773 | 1 Bastian Allgeier | 1 Kirby | 2015-11-20 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the Panel component in Bastian Allgeier Kirby before 2.1.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file that lacks an extension, and then renaming this file to have a .php extension. | |||||
| CVE-2015-8113 | 1 Symantec | 1 Endpoint Protection | 2015-11-19 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in the client in Symantec Endpoint Protection (SEP) 12.1 before 12.1-RU6-MP3 allows local users to gain privileges via a Trojan horse DLL in a client install package. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1492. | |||||
| CVE-2015-0884 | 2 Microsoft, Toshiba | 3 Windows, Bluetooth Stack, Service Station | 2015-11-19 | 6.9 MEDIUM | N/A |
| Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character. | |||||
| CVE-2013-6774 | 4 Androidsu, Chainfire, Google and 1 more | 4 Chainsdd Superuser, Supersu, Android and 1 more | 2015-11-10 | 10.0 HIGH | N/A |
| Untrusted search path vulnerability in the ChainsDD Superuser package 3.1.3 for Android 4.2.x and earlier, CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier, and Chainfire SuperSU package before 1.69 for Android 4.2.x and earlier allows attackers to load an arbitrary .jar file and gain privileges via a crafted BOOTCLASSPATH environment variable for a /system/xbin/su process. NOTE: another researcher was unable to reproduce this with ChainsDD Superuser. | |||||