Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1035 | 1 Sap | 2 Sap R 3, Sapgui | 2018-10-19 | 7.5 HIGH | N/A |
| The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does. | |||||
| CVE-2002-0399 | 1 Gnu | 1 Tar | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267. | |||||
| CVE-2000-0256 | 1 Microsoft | 3 Frontpage, Personal Web Server, Windows Nt | 2018-10-19 | 7.5 HIGH | N/A |
| Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and 98 Server Extensions allow a user to conduct activities that are not otherwise available through the web site, aka the "Server-Side Image Map Components" vulnerability. | |||||
| CVE-2003-1029 | 1 Lbl | 1 Tcpdump | 2018-10-19 | 5.0 MEDIUM | N/A |
| The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets. | |||||
| CVE-2003-0168 | 1 Apple | 1 Quicktime | 2018-10-19 | 7.5 HIGH | N/A |
| Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allows remote attackers to execute arbitrary code via a long QuickTime URL. | |||||
| CVE-2003-0035 | 1 Robert Krawitz | 1 Escputil | 2018-10-19 | 7.2 HIGH | N/A |
| Buffer overflow in escputil, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long printer-name command line argument. | |||||
| CVE-2003-1179 | 1 Advanced Poll | 1 Advanced Poll | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Advanced Poll 2.0.2 allow remote attackers to execute arbitrary PHP code via the include_path parameter in (1) booth.php, (2) png.php, (3) poll_ssi.php, or (4) popup.php, the (5) base_path parameter to common.inc.php. | |||||
| CVE-2003-0989 | 1 Redhat | 2 Linux, Tcpdump | 2018-10-19 | 7.5 HIGH | N/A |
| tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057. | |||||
| CVE-2002-2211 | 1 Isc | 1 Bind | 2018-10-19 | 5.0 MEDIUM | N/A |
| BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods. | |||||
| CVE-2003-1304 | 1 Early Impact | 1 Productcart | 2018-10-19 | 5.0 MEDIUM | N/A |
| EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information via a direct request. | |||||
| CVE-2003-0614 | 1 Gallery Project | 1 Gallery | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter. | |||||
| CVE-2003-0036 | 1 Rildo Pragana | 1 Ml85p | 2018-10-19 | 6.2 MEDIUM | N/A |
| ml85p, as included in the printer-drivers package for Mandrake Linux, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable filenames of the form "mlg85p%d". | |||||
| CVE-2003-0147 | 3 Openpkg, Openssl, Stunnel | 3 Openpkg, Openssl, Stunnel | 2018-10-19 | 5.0 MEDIUM | N/A |
| OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). | |||||
| CVE-2003-1178 | 1 Advanced Poll | 1 Advanced Poll | 2018-10-19 | 7.5 HIGH | N/A |
| Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 allows remote attackers to execute arbitrary PHP code via the (1) id, (2) template_set, or (3) action parameter. | |||||
| CVE-2003-0297 | 1 University Of Washington | 3 C-client, Imap-2002b, Pine | 2018-10-19 | 7.5 HIGH | N/A |
| c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors. | |||||
| CVE-2003-1234 | 1 Freebsd | 1 Freebsd | 2018-10-19 | 3.6 LOW | N/A |
| Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to fdrop. | |||||
| CVE-2003-1307 | 1 Apache | 1 Http Server | 2018-10-19 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP." | |||||
| CVE-2002-2208 | 2 Cisco, Extended Interior Gateway Routing Protocol | 2 Ios, Extended Interior Gateway Routing Protocol | 2018-10-19 | 7.8 HIGH | N/A |
| Extended Interior Gateway Routing Protocol (EIGRP), as implemented in Cisco IOS 11.3 through 12.2 and other products, allows remote attackers to cause a denial of service (flood) by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network. | |||||
| CVE-2003-0251 | 1 Nis | 1 Ypserv Nis Server | 2018-10-19 | 5.0 MEDIUM | N/A |
| ypserv NIS server before 2.7 allows remote attackers to cause a denial of service via a TCP client request that does not respond to the server, which causes ypserv to block. | |||||
| CVE-2003-0085 | 2 Hp, Samba | 2 Cifs-9000 Server, Samba | 2018-10-19 | 10.0 HIGH | N/A |
| Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code. | |||||
| CVE-2003-0139 | 1 Mit | 1 Kerberos | 2018-10-19 | 7.5 HIGH | N/A |
| Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing." | |||||
| CVE-2002-2185 | 6 Debian, Mandrakesoft, Microsoft and 3 more | 11 Debian Linux, Mandrake Linux, Windows 98 and 8 more | 2018-10-19 | 4.9 MEDIUM | N/A |
| The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network. | |||||
| CVE-2003-0131 | 1 Openssl | 1 Openssl | 2018-10-19 | 7.5 HIGH | N/A |
| The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack." | |||||
| CVE-2003-0138 | 1 Mit | 1 Kerberos | 2018-10-19 | 7.5 HIGH | N/A |
| Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack. | |||||
| CVE-2003-0086 | 1 Samba | 1 Samba | 2018-10-19 | 1.2 LOW | N/A |
| The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown. | |||||
| CVE-2006-3716 | 1 Oracle | 1 E-business Suite | 2018-10-18 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka Oracle Vuln# (1) APPS01 for Internet Expenses; (2) APPS02, (3) APPS05, (4) APPS06, (5) APPS07, (6) APPS08, (7) APPS09, and (8) APPS10 for Oracle Application Object Library; (9) APPS11, (10) APPS12, and (11) APPS13 for Oracle Applications Technology Stack; (12) APPS14 for Oracle Call Center Technology; (13) APPS15 for Oracle Common Applications; (14) APPS18 for Oracle Self-Service Web Applications; and (15) APPS19 for Oracle Workflow Cartridge. | |||||
| CVE-2006-3717 | 1 Oracle | 1 E-business Suite | 2018-10-18 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.9 have unknown impact and attack vectors, aka Oracle Vuln# (1) APPS03 and (2) APPS04 for Oracle Application Object Library; and (3) APPS20 for Oracle XML Gateway. | |||||
| CVE-2006-3700 | 1 Oracle | 1 Database Server | 2018-10-18 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 9.2.0.6 and 10.1.0.4 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 for Web Distributed Authoring and Versioning (DAV) and (2) DB23 for XMLDB. | |||||
| CVE-2006-3718 | 1 Oracle | 1 Exchange | 2018-10-18 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle Exchange for Oracle E-Business Suite and Applications 6.2.4 have unknown impact and attack vectors, aka Oracle Vuln# (1) APPS16 and (2) APPS17. | |||||
| CVE-2006-3704 | 1 Oracle | 1 Database Server | 2018-10-18 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Oracle ODBC Driver for Oracle Database 10.1.0.4 has unknown impact and attack vectors, aka Oracle Vuln# 10.1.0.4. | |||||
| CVE-2006-3708 | 1 Oracle | 1 Application Server | 2018-10-18 | 10.0 HIGH | N/A |
| Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, 9.0.4.2, 10.1.2.0.2, and 10.1.2.1 has unknown impact and attack vectors, aka Oracle Vuln# AS03. | |||||
| CVE-2006-3710 | 1 Oracle | 1 Application Server | 2018-10-18 | 10.0 HIGH | N/A |
| Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, 9.0.4.2, and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# (1) AS05 and (2) AS08. | |||||
| CVE-2006-3715 | 1 Oracle | 1 Collaboration Suite | 2018-10-18 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Calendar for Oracle Collaboration Suite 10.1.2 has unknown impact and attack vectors, aka Oracle Vuln# OCS01. | |||||
| CVE-2006-3567 | 1 Juniper | 1 Dx | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web administration interface logging feature in Juniper Networks (Redline) DX 5.1.x, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the username login field. | |||||
| CVE-2006-3663 | 1 Finjan | 1 Vital Security | 2018-10-18 | 4.6 MEDIUM | N/A |
| Finjan Vital Security Appliance 5100/8100 NG 8.3.5 stores passwords in plaintext in a backup file, which allows local users to gain privileges. NOTE: the vendor has notified CVE that this issue was fixed in 8.3.6. | |||||
| CVE-2006-3662 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2018-10-18 | 7.5 HIGH | N/A |
| ** DISPUTED ** SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states "The mentioned SQL injection vulnerability is not possible." However, the relevant source code suggests that this issue may be legitimate, and the parameter is cleansed in 1.5.3.1. | |||||
| CVE-2006-3614 | 1 Orbitcoders | 1 Orbitmatrix | 2018-10-18 | 7.5 HIGH | N/A |
| index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to trigger a SQL error via the page_name parameter, possibly due to a SQL injection vulnerability. | |||||
| CVE-2006-3618 | 1 Pixelated By Lev | 1 Pixelated By Lev Guestbook | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pblguestbook.php in Pixelated By Lev (PBL) Guestbook 1.32 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) website, (4) comments, (5) rate, and (6) private parameters. | |||||
| CVE-2006-3617 | 1 Pixelated By Lev | 1 Pixelated By Lev Guestbook | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pblguestbook.php in Pixelated By Lev (PBL) Guestbook 1.32 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) message (aka comments), (3) website, and (4) email parameters, which bypasses XSS protection mechanisms that check for SCRIPT tags but not others, as demonstrated by a javascript URI in an onMouseOver attribute and the src attribute in an iframe tag. NOTE: some vectors might overlap CVE-2006-2975, although the use of alternate manipulations makes it unclear. | |||||
| CVE-2006-3616 | 1 Carbonize | 1 Lazarus Guestbook | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Carbonize Lazarus Guestbook 1.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the show parameter in codes-english.php and (2) the img parameter in picture.php, after the name of an existing file. | |||||
| CVE-2006-3654 | 1 Microsoft | 1 Works | 2018-10-18 | 2.6 LOW | N/A |
| Buffer overflow in wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted Excel files. | |||||
| CVE-2006-3653 | 1 Microsoft | 1 Works | 2018-10-18 | 2.6 LOW | N/A |
| wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted (1) Works, (2) Excel, and (3) Lotus 1-2-3 files. | |||||
| CVE-2006-3679 | 1 Fatwire | 1 Fatwire Content Server | 2018-10-18 | 7.5 HIGH | N/A |
| FatWire Content Server 5.5.0 allows remote attackers to bypass access restrictions and obtain administrative privileges via unspecified attack vectors in the authentication process. | |||||
| CVE-2006-3675 | 1 Counterpane | 1 Passwordsafe | 2018-10-18 | 2.1 LOW | N/A |
| Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the configuration settings for locking the password database when certain dialogue windows are open, which might allow attackers with physical access to obtain the database contents. | |||||
| CVE-2006-3680 | 1 Photocycle | 1 Photocycle | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in photocycle in Photocycle 1.0 allows remote attackers to inject arbitrary web script or HTML via the phpage parameter. | |||||
| CVE-2006-3584 | 1 Jetbox | 1 Jetbox Cms | 2018-10-18 | 7.5 HIGH | N/A |
| Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2.1 SR1 allows remote attackers to overwrite configuration variables via URL parameters, which are evaluated as PHP variable variables. | |||||
| CVE-2006-3585 | 1 Jetbox | 1 Jetbox Cms | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 SR1 allow remote attackers to inject arbitrary web script or HTML via the (1) login parameter in admin/cms/index.php, (2) unspecified parameters in the "Supply news" page in formmail.php, (3) the URL in the "Site statistics" page, and the (5) query_string parameter when performing a search. | |||||
| CVE-2006-3586 | 1 Jetbox | 1 Jetbox Cms | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to execute arbitrary SQL commands via the (1) frontsession COOKIE parameter and (2) view parameter in index.php, and the (3) login parameter in admin/cms/index.php. | |||||
| CVE-2006-3670 | 1 Rabox | 1 Winlpd | 2018-10-18 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Winlpd 1.26 allows remote attackers to execute arbitrary code via a long string in a request to TCP port 515. | |||||
| CVE-2006-3683 | 1 Flipper Poll | 1 Flipper Poll | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in poll.php in Flipper Poll 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | |||||