Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-1162 | 1 Sco | 2 Open Desktop, Unix | 2008-09-05 | 6.4 MEDIUM | N/A |
| Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers to cause a denial of service by preventing users from being able to log into the system. | |||||
| CVE-1999-1105 | 1 Microsoft | 1 Windows 95 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary files by mapping the network drive. | |||||
| CVE-1999-1051 | 1 Matt Wright | 1 Formhandler.cgi | 2008-09-05 | 5.0 MEDIUM | N/A |
| Default configuration in Matt Wright FormHandler.cgi script allows arbitrary directories to be used for attachments, and only restricts access to the /etc/ directory, which allows remote attackers to read arbitrary files via the reply_message_attach attachment parameter. | |||||
| CVE-1999-1053 | 2 Apache, Matt Wright | 2 Http Server, Matt Wright Guestbook | 2008-09-05 | 7.5 HIGH | N/A |
| guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->". | |||||
| CVE-1999-1172 | 1 Maximizer | 1 Maximizer Enterprise | 2008-09-05 | 5.0 MEDIUM | N/A |
| By design, Maximizer Enterprise 4 calendar and address book program allows arbitrary users to modify the calendar of other users when the calendar is being shared. | |||||
| CVE-1999-0926 | 1 Apache | 1 Http Server | 2008-09-05 | 10.0 HIGH | N/A |
| Apache allows remote attackers to conduct a denial of service via a large number of MIME headers. | |||||
| CVE-1999-0817 | 1 University Of Kansas | 1 Lynx | 2008-09-05 | 10.0 HIGH | N/A |
| Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet. | |||||
| CVE-1999-1098 | 1 Bsd | 1 Bsd | 2008-09-05 | 5.0 MEDIUM | N/A |
| Vulnerability in BSD Telnet client with encryption and Kerberos 4 authentication allows remote attackers to decrypt the session via sniffing. | |||||
| CVE-1999-1166 | 1 Linux | 1 Linux Kernel | 2008-09-05 | 7.2 HIGH | N/A |
| Linux 2.0.37 does not properly encode the Custom segment limit, which allows local users to gain root privileges by accessing and modifying kernel memory. | |||||
| CVE-1999-0997 | 3 Millenux Gmbh, Redhat, University Of Washington | 3 Anonftp, Linux, Wu-ftpd | 2008-09-05 | 7.5 HIGH | N/A |
| wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress. | |||||
| CVE-1999-1124 | 1 Allaire | 1 Coldfusion | 2008-09-05 | 7.5 HIGH | N/A |
| HTTP Client application in ColdFusion allows remote attackers to bypass access restrictions for web pages on other ports by providing the target page to the mainframeset.cfm application, which requests the page from the server, making it look like the request is coming from the local host. | |||||
| CVE-1999-0894 | 1 Redhat | 1 Linux | 2008-09-05 | 10.0 HIGH | N/A |
| Red Hat Linux screen program does not use Unix98 ptys, allowing local users to write to other terminals. | |||||
| CVE-1999-0923 | 1 Allaire | 1 Coldfusion Server | 2008-09-05 | 7.5 HIGH | N/A |
| Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls. | |||||
| CVE-1999-1042 | 1 Cisco | 1 Resource Manager | 2008-09-05 | 1.2 LOW | N/A |
| Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log files and temporary files, which may expose sensitive information, to local users such as user IDs, passwords and SNMP community strings. | |||||
| CVE-1999-0577 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 10.0 HIGH | N/A |
| A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories. | |||||
| CVE-1999-0477 | 1 Allaire | 1 Coldfusion Server | 2008-09-05 | 7.5 HIGH | N/A |
| The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly. | |||||
| CVE-1999-0744 | 1 Netscape | 2 Enterprise Server, Fasttrack Server | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request. | |||||
| CVE-1999-0453 | 1 Cisco | 1 Router | 2008-09-05 | 5.0 MEDIUM | N/A |
| An attacker can identify a CISCO device by sending a SYN packet to port 1999, which is for the Cisco Discovery Protocol (CDP). | |||||
| CVE-1999-0451 | 1 Linux | 1 Linux Kernel | 2008-09-05 | 2.1 LOW | N/A |
| Denial of service in Linux 2.0.36 allows local users to prevent any server from listening on any non-privileged port. | |||||
| CVE-1999-0460 | 1 Linux | 1 Linux Kernel | 2008-09-05 | 2.1 LOW | N/A |
| Buffer overflow in Linux autofs module through long directory names allows local users to perform a denial of service. | |||||
| CVE-1999-0560 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 10.0 HIGH | N/A |
| A system-critical Windows NT file or directory has inappropriate permissions. | |||||
| CVE-1999-0568 | 1 Sun | 1 Solaris | 2008-09-05 | 10.0 HIGH | N/A |
| rpc.admind in Solaris is not running in a secure mode. | |||||
| CVE-1999-0730 | 1 Debian | 1 Debian Linux | 2008-09-05 | 10.0 HIGH | N/A |
| The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack. | |||||
| CVE-1999-0570 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 10.0 HIGH | N/A |
| Windows NT is not using a password filter utility, e.g. PASSFILT.DLL. | |||||
| CVE-1999-0581 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 10.0 HIGH | N/A |
| The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions. | |||||
| CVE-1999-0400 | 1 Linux | 1 Linux Kernel | 2008-09-05 | 4.6 MEDIUM | N/A |
| Denial of service in Linux 2.2.0 running the ldd command on a core file. | |||||
| CVE-1999-0578 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 4.6 MEDIUM | N/A |
| A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys. | |||||
| CVE-1999-0579 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 10.0 HIGH | N/A |
| A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys. | |||||
| CVE-1999-0784 | 1 Oracle | 1 Database Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed string to the listener port, aka NERP. | |||||
| CVE-1999-0123 | 1 Slackware | 1 Slackware Linux | 2008-09-05 | 3.7 LOW | N/A |
| Race condition in Linux mailx command allows local users to read user files. | |||||
| CVE-1999-0299 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 9.3 HIGH | N/A |
| Buffer overflow in FreeBSD lpd through long DNS hostnames. | |||||
| CVE-1999-0053 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 5.0 MEDIUM | N/A |
| TCP RST denial of service in FreeBSD. | |||||
| CVE-1999-0285 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 10.0 HIGH | N/A |
| Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection. | |||||
| CVE-1999-0248 | 1 Ssh | 1 Ssh | 2008-09-05 | 10.0 HIGH | N/A |
| A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials. | |||||
| CVE-1999-0231 | 1 Seattle Lab Software | 1 Slmail | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in IP-Switch IMail and Seattle Labs Slmail 2.6 packages using a long VRFY command, causing a denial of service and possibly remote access. | |||||
| CVE-1999-0089 | 1 Ibm | 1 Aix | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in AIX libDtSvc library can allow local users to gain root access. | |||||
| CVE-1999-0140 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 5.0 MEDIUM | N/A |
| Denial of service in RAS/PPTP on NT systems. | |||||
| CVE-1999-0088 | 1 Ibm | 1 Aix | 2008-09-05 | 10.0 HIGH | N/A |
| IRIX and AIX automountd services (autofsd) allow remote users to execute root commands. | |||||
| CVE-1999-0119 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 10.0 HIGH | N/A |
| Windows NT 4.0 beta allows users to read and delete shares. | |||||
| CVE-2008-3935 | 1 D-ic | 2 Shop V50, Shop V52 | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in DIC shop_v50 3.0 and earlier and shop_v52 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-3939 | 1 Avtech | 1 Pager Enterprise | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI. | |||||
| CVE-2008-3938 | 1 Opendb | 1 Opendb | 2008-09-05 | 5.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in user_admin.php in Open Media Collectors Database (OpenDb) 1.0.6 allows remote attackers to change arbitrary passwords via an update_password action. | |||||
| CVE-2008-3937 | 1 Opendb | 1 Opendb | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Open Media Collectors Database (OpenDb) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) user_id parameter in an edit action to user_admin.php, the (2) title parameter to listings.php, and the (3) redirect_url parameter to user_profile.php. | |||||
| CVE-2008-3397 | 1 Runesoft | 1 Cerberus Cms | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Runesoft Cerberus CMS before 3_1.4_0.9 allows remote attackers to inject arbitrary web script or HTML via a cerberus_user cookie. | |||||
| CVE-2005-4849 | 1 Apache | 1 Derby | 2008-09-05 | 5.0 MEDIUM | N/A |
| Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information. | |||||
| CVE-2007-3651 | 1 Fascript | 1 Faname | 2008-09-05 | 4.3 MEDIUM | N/A |
| class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to obtain sensitive information via a '; (quote semicolon) sequence in the id parameter, which reveals the installation path in an error message. | |||||
| CVE-2007-3652 | 1 Fascript | 1 Faname | 2008-09-05 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might be the same issue as CVE-2008-0328. | |||||
| CVE-2007-3967 | 1 Dirlist | 1 Dirlist Php | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in PHP Directory Lister (dirLIST) before 0.1.1 allows remote attackers to list the contents of a parent directory via a .. (dot dot) in the folder parameter. | |||||
| CVE-2007-3968 | 1 Dirlist | 1 Dirlist Php | 2008-09-05 | 5.0 MEDIUM | N/A |
| index.php in dirLIST before 0.1.1 allows remote attackers to list the contents of an excluded folder via a modified URL containing the folder name. | |||||
| CVE-2007-5954 | 1 Jlmforo System | 1 Jlmforo System | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in buscador.php in JLMForo System allows remote attackers to inject arbitrary web script or HTML via the clave parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||