Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0030 | 1 Sgi | 1 Irix | 2008-09-09 | 7.2 HIGH | N/A |
| root privileges via buffer overflow in xlock command on SGI IRIX systems. | |||||
| CVE-1999-0029 | 1 Sgi | 1 Irix | 2008-09-09 | 7.2 HIGH | N/A |
| root privileges via buffer overflow in ordist command on SGI IRIX systems. | |||||
| CVE-1999-0028 | 1 Sgi | 1 Irix | 2008-09-09 | 7.2 HIGH | N/A |
| root privileges via buffer overflow in login/scheme command on SGI IRIX systems. | |||||
| CVE-1999-0026 | 1 Sgi | 1 Irix | 2008-09-09 | 4.6 MEDIUM | N/A |
| root privileges via buffer overflow in pset command on SGI IRIX systems. | |||||
| CVE-1999-0093 | 1 Ibm | 1 Aix | 2008-09-09 | 7.2 HIGH | N/A |
| AIX nslookup command allows local users to obtain root access by not dropping privileges correctly. | |||||
| CVE-1999-0021 | 1 Muhammad A. Muquit | 1 Wwwcount | 2008-09-09 | 7.5 HIGH | N/A |
| Arbitrary command execution via buffer overflow in Count.cgi (wwwcount) cgi-bin program. | |||||
| CVE-1999-0020 | 2008-09-09 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-0032. Reason: This candidate is a duplicate of CVE-1999-0032. Notes: All CVE users should reference CVE-1999-0032 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-1999-0019 | 7 Data General, Ibm, Ncr and 4 more | 10 Dg Ux, Aix, Mp-ras and 7 more | 2008-09-09 | 5.0 MEDIUM | N/A |
| Delete or create a file via rpc.statd, due to invalid information. | |||||
| CVE-1999-0017 | 9 Caldera, Freebsd, Gnu and 6 more | 11 Openlinux, Freebsd, Inet and 8 more | 2008-09-09 | 7.5 HIGH | N/A |
| FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. | |||||
| CVE-1999-0016 | 6 Cisco, Gnu, Hp and 3 more | 8 Ios, Inet, Hp-ux and 5 more | 2008-09-09 | 5.0 MEDIUM | N/A |
| Land IP denial of service. | |||||
| CVE-1999-0014 | 3 Cde, Hp, Ibm | 4 Cde, Hp-ux, Vvos and 1 more | 2008-09-09 | 7.2 HIGH | N/A |
| Unauthorized privileged access or denial of service via dtappgather program in CDE. | |||||
| CVE-1999-0013 | 1 Ssh | 1 Ssh | 2008-09-09 | 7.5 HIGH | N/A |
| Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user. | |||||
| CVE-1999-0012 | 2 Microsoft, Netscape | 5 Frontpage, Internet Information Server, Personal Web Server and 2 more | 2008-09-09 | 5.0 MEDIUM | N/A |
| Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. | |||||
| CVE-1999-0196 | 1 Webgais Development Team | 1 Webgais | 2008-09-09 | 5.0 MEDIUM | N/A |
| websendmail in Webgais 1.0 allows a remote user to access arbitrary files and execute arbitrary code via the receiver parameter ($VAR_receiver variable). | |||||
| CVE-1999-0195 | 2 Linux, Sgi | 2 Linux Kernel, Irix | 2008-09-09 | 5.0 MEDIUM | N/A |
| Denial of service in RPC portmapper allows attackers to register or unregister RPC services or spoof RPC services using a spoofed source IP address such as 127.0.0.1. | |||||
| CVE-1999-0194 | 2008-09-09 | 5.0 MEDIUM | N/A | ||
| Denial of service in in.comsat allows attackers to generate messages. | |||||
| CVE-1999-0193 | 1 Ascend | 1 Cascadeview Ux | 2008-09-09 | 5.0 MEDIUM | N/A |
| Denial of service in Ascend and 3com routers, which can be rebooted by sending a zero length TCP option. | |||||
| CVE-1999-0192 | 2 Redhat, Slackware | 2 Linux, Slackware Linux | 2008-09-09 | 10.0 HIGH | N/A |
| Buffer overflow in telnet daemon tgetent routing allows remote attackers to gain root access via the TERMCAP environmental variable. | |||||
| CVE-1999-0006 | 1 Qualcomm | 1 Qpopper | 2008-09-09 | 10.0 HIGH | N/A |
| Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command. | |||||
| CVE-1999-0005 | 2 Netscape, University Of Washington | 2 Messaging Server, Imap | 2008-09-09 | 10.0 HIGH | N/A |
| Arbitrary command execution via IMAP buffer overflow in authenticate command. | |||||
| CVE-1999-0191 | 1 Microsoft | 1 Internet Information Server | 2008-09-09 | 6.4 MEDIUM | N/A |
| IIS newdsn.exe CGI script allows remote users to overwrite files. | |||||
| CVE-1999-0187 | 2008-09-09 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-0022. Reason: This candidate is a duplicate of CVE-1999-0022. Notes: All CVE users should reference CVE-1999-0022 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-1999-0186 | 1 Sun | 1 Solaris | 2008-09-09 | 10.0 HIGH | N/A |
| In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters. | |||||
| CVE-1999-0184 | 1 Isc | 1 Bind | 2008-09-09 | 6.4 MEDIUM | N/A |
| When compiled with the -DALLOW_UPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records. | |||||
| CVE-1999-0183 | 2 Linux, Tftp | 2 Linux Kernel, Tftp | 2008-09-09 | 6.4 MEDIUM | N/A |
| Linux implementations of TFTP would allow access to files outside the restricted directory. | |||||
| CVE-1999-0182 | 1 Samba | 1 Samba | 2008-09-09 | 10.0 HIGH | N/A |
| Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password. | |||||
| CVE-1999-0181 | 1 Rpc.walld | 1 Rpc.walld | 2008-09-09 | 6.8 MEDIUM | N/A |
| The wall daemon can be used for denial of service, social engineering attacks, or to execute remote commands. | |||||
| CVE-1999-0180 | 2008-09-09 | 7.5 HIGH | N/A | ||
| in.rshd allows users to login with a NULL username and execute commands. | |||||
| CVE-1999-0509 | 2008-09-09 | 10.0 HIGH | N/A | ||
| Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands. | |||||
| CVE-1999-0572 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2008-09-09 | 9.3 HIGH | N/A |
| .reg files are associated with the Windows NT registry editor (regedit), making the registry susceptible to Trojan Horse attacks. | |||||
| CVE-2008-3901 | 2 Linux, Suspend2 | 2 Linux Kernel, Software Suspend 2 | 2008-09-05 | 2.1 LOW | N/A |
| Software suspend 2 2-2.2.1, when used with the Linux kernel 2.6.16, stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. | |||||
| CVE-2008-3891 | 1 Google | 1 Google Apps | 2008-09-05 | 7.5 HIGH | N/A |
| The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field. | |||||
| CVE-2008-3590 | 1 Egi Zaberl | 1 E.z. Poll | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/login.asp in E. Z. Poll 2 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3754 | 1 Yourfreeworld | 1 Stylish Text Ads Script | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in trl.php in YourFreeWorld Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3671 | 2 Acronis, Linux | 2 True Image Echo Server, Linux Kernel | 2008-09-05 | 5.0 MEDIUM | N/A |
| Acronis True Image Echo Server 9.x build 8072 on Linux does not properly encrypt backups to an FTP server, which allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3442 | 1 Winzip | 1 Winzip | 2008-09-05 | 7.5 HIGH | N/A |
| WinZip before 11.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | |||||
| CVE-2008-3433 | 1 Speedbit | 1 Download Accelerator Plus | 2008-09-05 | 7.5 HIGH | N/A |
| SpeedBit Download Accelerator Plus (DAP) before 8.6.3.9 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | |||||
| CVE-2008-3435 | 1 Linkedin | 1 Browser Toolbar | 2008-09-05 | 7.5 HIGH | N/A |
| LinkedIn Browser Toolbar 3.0.3.1100 and earlier does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | |||||
| CVE-2008-3436 | 1 Notepad\+\+ | 1 Notepad\+\+ | 2008-09-05 | 7.5 HIGH | N/A |
| The GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | |||||
| CVE-2008-3437 | 1 Openoffice | 1 Openoffice.org | 2008-09-05 | 7.5 HIGH | N/A |
| OpenOffice.org (OOo) before 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | |||||
| CVE-2008-3439 | 1 Speedbit | 1 Speedbit Video Accelerator | 2008-09-05 | 7.5 HIGH | N/A |
| SpeedBit Video Acceleration before 2.2.1.8 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | |||||
| CVE-2008-3438 | 1 Apple | 1 Mac Os X | 2008-09-05 | 7.5 HIGH | N/A |
| Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | |||||
| CVE-2008-3233 | 1 Wordpress | 1 Wordpress | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN development versions only, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-3376 | 1 Jamroom | 1 Jamroom | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in JamRoom before 3.4.0 have unknown impact and attack vectors. | |||||
| CVE-2008-2788 | 1 Opendocman | 1 Opendocman | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter. | |||||
| CVE-2008-2840 | 1 Exerocms | 1 Exero Cms | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to (1) custompage.php, (2) errors/404.php, (3) members/memberslist.php, (4) members/profile.php, (5) news/fullview.php, (6) news/index.php, (7) nopermission.php, (8) usercp/avatar.php, or (9) usercp/editpassword.php in themes/Default/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-2858 | 1 Webchamado | 1 Webchamado | 2008-09-05 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in WebChamado 1.1 allows remote attackers to execute arbitrary SQL commands via the eml parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1432 | 1 Manageengine | 1 Supportcenter Plus | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine SupportCenter Plus 7.0.0 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, a related issue to CVE-2008-1299. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1342 | 1 Polymita Technologies | 2 Bpm Suite, Collageportal | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the search feature in Polymita BPM-Suite and CollagePortal allow remote attackers to inject arbitrary web script or HTML via the (1) _q and (2) lucene_index_field_value parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1174 | 1 Flicks Software | 1 Authentix | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in editUser.asp in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||