Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0992 | 1 Proxytunnel | 1 Proxytunnel | 2017-07-11 | 10.0 HIGH | N/A |
| Format string vulnerability in the -a option (daemon mode) in Proxytunnel before 1.2.3 allows remote attackers to execute arbitrary code via format string specifiers in an invalid proxy answer. | |||||
| CVE-2004-0993 | 1 Hp | 1 Sockd | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in hpsockd before 0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code. | |||||
| CVE-2004-0994 | 2 Debian, Zgv | 3 Debian Linux, Xzgv Image Viewer, Zgv Image Viewer | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code via images with large width and height values, which trigger a heap-based buffer overflow, as demonstrated in the read_prf_file function in readprf.c. NOTE: CVE-2004-0994 and CVE-2004-1095 identify sets of bugs that only partially overlap, despite having the same developer. Therefore, they should be regarded as distinct. | |||||
| CVE-2004-0996 | 4 Cscope, Debian, Gentoo and 1 more | 4 Cscope, Debian Linux, Linux and 1 more | 2017-07-11 | 2.1 LOW | N/A |
| main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2004-0998 | 1 Telnetd | 2 Telnetd, Telnetd-ssl | 2017-07-11 | 7.5 HIGH | N/A |
| Format string vulnerability in telnetd-ssl 0.17 and earlier allows remote attackers to execute arbitrary code. | |||||
| CVE-2004-0999 | 1 Zgv | 1 Zgv Image Viewer | 2017-07-11 | 2.6 LOW | N/A |
| zgv 5.5.3 allows remote attackers to cause a denial of service (application crash via segmentation fault) via crafted multiple-image (animated) GIF images. | |||||
| CVE-2004-1000 | 1 Debian | 1 Lintian | 2017-07-11 | 2.1 LOW | N/A |
| lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack. | |||||
| CVE-2004-1003 | 1 Trend Micro | 1 Scanmail Domino | 2017-07-11 | 5.0 MEDIUM | N/A |
| Trend ScanMail allows remote attackers to obtain potentially sensitive information or disable the anti-virus capability via the smency.nsf file. | |||||
| CVE-2004-1004 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact. | |||||
| CVE-2004-1005 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact. | |||||
| CVE-2004-1006 | 1 Isc | 1 Dhcpd | 2017-07-11 | 10.0 HIGH | N/A |
| Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via certain DNS messages, a different vulnerability than CVE-2002-0702. | |||||
| CVE-2004-1007 | 2 Bogofilter, Ubuntu | 2 Email Filter, Ubuntu Linux | 2017-07-11 | 5.0 MEDIUM | N/A |
| The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows remote attackers to cause a denial of service (application crash) via mail headers that cause a line feed (LF) to be replaced by a null byte that is written to an incorrect memory address. | |||||
| CVE-2004-1008 | 2 Putty, Tortoisecvs | 2 Putty, Tortoisecvs | 2017-07-11 | 10.0 HIGH | N/A |
| Integer signedness error in the ssh2_rdpkt function in PuTTY before 0.56 allows remote attackers to execute arbitrary code via a SSH2_MSG_DEBUG packet with a modified stringlen parameter, which leads to a buffer overflow. | |||||
| CVE-2004-1009 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors. | |||||
| CVE-2004-1011 | 6 Carnegie Mellon University, Conectiva, Openpkg and 3 more | 6 Cyrus Imap Server, Linux, Openpkg and 3 more | 2017-07-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015. | |||||
| CVE-2004-1012 | 6 Carnegie Mellon University, Conectiva, Openpkg and 3 more | 6 Cyrus Imap Server, Linux, Openpkg and 3 more | 2017-07-11 | 10.0 HIGH | N/A |
| The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption. | |||||
| CVE-2004-1015 | 3 Carnegie Mellon University, Redhat, Ubuntu | 3 Cyrus Imap Server, Fedora Core, Ubuntu Linux | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011. | |||||
| CVE-2004-1020 | 1 Php | 1 Php | 2017-07-11 | 5.0 MEDIUM | N/A |
| The addslashes function in PHP 4.3.9 does not properly escape a NULL (/0) character, which may allow remote attackers to read arbitrary files in PHP applications that contain a directory traversal vulnerability in require or include statements, but are otherwise protected by the magic_quotes_gpc mechanism. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. | |||||
| CVE-2004-1021 | 1 Apple | 1 Ical | 2017-07-11 | 7.5 HIGH | N/A |
| iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does not alert the user when handling calendars that use alarms, which allows attackers to execute programs and send e-mail via alarms. | |||||
| CVE-2004-1022 | 1 Kerio | 3 Kerio Mailserver, Serverfirewall, Winroute Firewall | 2017-07-11 | 2.1 LOW | N/A |
| Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software. | |||||
| CVE-1999-0593 | 1 Microsoft | 1 Windows Nt | 2017-07-11 | 4.9 MEDIUM | N/A |
| The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in. | |||||
| CVE-1999-0650 | 2017-07-11 | 5.0 MEDIUM | N/A | ||
| The netstat service is running, which provides sensitive information to remote attackers. | |||||
| CVE-1999-0656 | 1 Linux | 1 Linux Kernel | 2017-07-11 | 5.0 MEDIUM | N/A |
| The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names. | |||||
| CVE-1999-1089 | 1 Hp | 1 Hp-ux | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in chfn command in HP-UX 9.X through 10.20 allows local users to gain privileges via a long command line argument. | |||||
| CVE-1999-1185 | 1 Sco | 5 Cmw, Internet Faststart, Open Desktop and 2 more | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in SCO mscreen allows local users to gain root privileges via a long terminal entry (TERM) in the .mscreenrc file. | |||||
| CVE-1999-1302 | 1 Sco | 5 Open Desktop, Open Desktop Lite, Openserver Enterprise System and 2 more | 2017-07-11 | 7.2 HIGH | N/A |
| Unspecified vulnerability in pt_chmod in SCO UNIX 4.2 and earlier allows local users to gain root access. | |||||
| CVE-1999-1574 | 1 Ibm | 1 Aix | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the lex routines of nslookup for AIX 4.3 may allow attackers to cause a core dump and possibly execute arbitrary code via "long input strings." | |||||
| CVE-1999-1576 | 1 Adobe | 1 Acrobat Reader | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Adobe Acrobat ActiveX control (pdf.ocx, PDF.PdfCtrl.1) 1.3.188 for Acrobat Reader 4.0 allows remote attackers to execute arbitrary code via the pdf.setview method. | |||||
| CVE-1999-1581 | 1 Microsoft | 1 Windows Nt | 2017-07-11 | 5.0 MEDIUM | N/A |
| Memory leak in Simple Network Management Protocol (SNMP) agent (snmp.exe) for Windows NT 4.0 before Service Pack 4 allows remote attackers to cause a denial of service (memory consumption) via a large number of SNMP packets with Object Identifiers (OIDs) that cannot be decoded. | |||||
| CVE-1999-1582 | 1 Cisco | 1 Pix Firewall | 2017-07-11 | 7.5 HIGH | N/A |
| By design, the "established" command on the Cisco PIX firewall allows connections from one host to arbitrary ports of a target host if an alternative conduit has already been allowed, which can cause administrators to configure less restrictive access controls than intended if they do not understand this functionality. | |||||
| CVE-1999-1583 | 1 Ibm | 1 Aix | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in nslookup for AIX 4.3 allows local users to execute arbitrary code via a long hostname command line argument. | |||||
| CVE-1999-1586 | 1 Sun | 1 Sunos | 2017-07-11 | 7.2 HIGH | N/A |
| loadmodule in SunOS 4.1.x, as used by xnews, does not properly sanitize its environment, which allows local users to gain privileges, a different vulnerability than CVE-1999-1584. | |||||
| CVE-2000-0689 | 1 Cgi Script Center | 1 Account Manager | 2017-07-11 | 7.5 HIGH | N/A |
| Account Manager LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the amadmin.pl script with the setpasswd parameter. | |||||
| CVE-2000-0704 | 3 Freewnn, Omron, Wnn | 3 Freewnn, Worldview, Wnn4 | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in SGI Omron WorldView Wnn allows remote attackers to execute arbitrary commands via long JS_OPEN, JS_MKDIR, or JS_FILE_INFO commands. | |||||
| CVE-2000-0963 | 3 Freebsd, Immunix, Redhat | 3 Freebsd, Immunix, Linux | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS. | |||||
| CVE-2000-1028 | 1 Hp | 1 Hp-ux | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in cu program in HP-UX 11.0 may allow local users to gain privileges via a long -l command line argument. | |||||
| CVE-2000-1029 | 1 Isc | 1 Bind | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in host command allows a remote attacker to execute arbitrary commands via a long response to an AXFR query. | |||||
| CVE-2000-1030 | 1 Csandt | 1 Corporatetime For The Web | 2017-07-11 | 5.0 MEDIUM | N/A |
| CS&T CorporateTime for the Web returns different error messages for invalid usernames and invalid passwords, which allows remote attackers to determine valid usernames on the server. | |||||
| CVE-2000-1066 | 1 Freebsd | 1 Freebsd | 2017-07-11 | 5.0 MEDIUM | N/A |
| The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows a remote attacker to cause a denial of service via a long DNS hostname. | |||||
| CVE-2000-1093 | 1 Aol | 1 Instant Messenger | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in AOL Instant Messenger before 4.3.2229 allows remote attackers to execute arbitrary commands via a long "goim" command. | |||||
| CVE-2000-1215 | 1 Ibm | 1 Lotus Domino | 2017-07-11 | 5.0 MEDIUM | N/A |
| The default configuration of Lotus Domino server 5.0.8 includes system information (version, operating system, and build date) in the HTTP headers of replies, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2000-1220 | 2 Redhat, Sgi | 2 Linux, Irix | 2017-07-11 | 10.0 HIGH | N/A |
| The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file. | |||||
| CVE-2000-1221 | 3 Debian, Redhat, Sgi | 3 Debian Linux, Linux, Irix | 2017-07-11 | 10.0 HIGH | N/A |
| The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modifying the DNS for the attacking IP. | |||||
| CVE-2000-1222 | 1 Ibm | 1 Aix | 2017-07-11 | 7.2 HIGH | N/A |
| AIX sysback before 4.2.1.13 uses a relative path to find and execute the hostname program, which allows local users to gain privileges by modifying the path to point to a malicious hostname program. | |||||
| CVE-2000-1224 | 1 Caucho Technology | 1 Resin | 2017-07-11 | 5.0 MEDIUM | N/A |
| Caucho Technology Resin 1.2 and possibly earlier allows remote attackers to view JSP source via an HTTP request to a .jsp file with certain characters appended to the file name, such as (1) "..", (2) "%2e..", (3) "%81", (4) "%82", and others. | |||||
| CVE-2000-1238 | 1 Bea | 1 Weblogic Server | 2017-07-11 | 7.5 HIGH | N/A |
| BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages. | |||||
| CVE-2001-0199 | 1 Guido Frassetto | 1 Sedum | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SEDUM HTTP Server 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the HTTP GET request. | |||||
| CVE-2001-0201 | 1 Umut Gokbayrak | 1 Postaci | 2017-07-11 | 7.5 HIGH | N/A |
| The Postaci frontend for PostgreSQL does not properly filter characters such as semicolons, which could allow remote attackers to execute arbitrary SQL queries via the deletecontact.php program. | |||||
| CVE-2001-0216 | 1 Mnscu Pals | 1 Webpals | 2017-07-11 | 7.5 HIGH | N/A |
| PALS Library System pals-cgi program allows remote attackers to execute arbitrary commands via shell metacharacters in the documentName parameter. | |||||
| CVE-2001-0217 | 1 Mnscu Pals | 1 Webpals | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PALS Library System pals-cgi program allows remote attackers to read arbitrary files via a .. (dot dot) in the documentName parameter. | |||||