Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0923 | 1 Allaire | 1 Coldfusion Server | 2008-09-05 | 7.5 HIGH | N/A |
| Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls. | |||||
| CVE-1999-1057 | 1 Digital | 1 Vms | 2008-09-05 | 4.6 MEDIUM | N/A |
| VMS 4.0 through 5.3 allows local users to gain privileges via the ANALYZE/PROCESS_DUMP dcl command. | |||||
| CVE-1999-0817 | 1 University Of Kansas | 1 Lynx | 2008-09-05 | 10.0 HIGH | N/A |
| Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet. | |||||
| CVE-1999-1103 | 1 Digital | 1 Osf 1 | 2008-09-05 | 4.6 MEDIUM | N/A |
| dxconsole in DEC OSF/1 3.2C and earlier allows local users to read arbitrary files by specifying the file with the -file parameter. | |||||
| CVE-1999-1115 | 1 Hp | 1 Apollo Domain Os | 2008-09-05 | 7.2 HIGH | N/A |
| Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS sr10.2 and sr10.3 beta, related to the Korn Shell (ksh). | |||||
| CVE-1999-1196 | 1 Hummingbird | 1 Exceed | 2008-09-05 | 5.0 MEDIUM | N/A |
| Hummingbird Exceed X version 5 allows remote attackers to cause a denial of service via malformed data to port 6000. | |||||
| CVE-1999-1197 | 1 Sun | 1 Sunos | 2008-09-05 | 7.2 HIGH | N/A |
| TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a user who tries to redirect console output and input, which could allow a local user to gain privileges. | |||||
| CVE-1999-1198 | 1 Next | 1 Next | 2008-09-05 | 7.2 HIGH | N/A |
| BuildDisk program on NeXT systems before 2.0 does not prompt users for the root password, which allows local users to gain root privileges. | |||||
| CVE-1999-0894 | 1 Redhat | 1 Linux | 2008-09-05 | 10.0 HIGH | N/A |
| Red Hat Linux screen program does not use Unix98 ptys, allowing local users to write to other terminals. | |||||
| CVE-1999-0992 | 1 Hp | 1 Vvos | 2008-09-05 | 10.0 HIGH | N/A |
| HP VirtualVault with the PHSS_17692 patch allows unprivileged processes to bypass access restrictions via the Trusted Gateway Proxy (TGP). | |||||
| CVE-1999-1012 | 1 Lotus | 1 Domino | 2008-09-05 | 5.0 MEDIUM | N/A |
| SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other operating systems, allows a remote attacker to crash the mail server via a long string. | |||||
| CVE-1999-1051 | 1 Matt Wright | 1 Formhandler.cgi | 2008-09-05 | 5.0 MEDIUM | N/A |
| Default configuration in Matt Wright FormHandler.cgi script allows arbitrary directories to be used for attachments, and only restricts access to the /etc/ directory, which allows remote attackers to read arbitrary files via the reply_message_attach attachment parameter. | |||||
| CVE-1999-1053 | 2 Apache, Matt Wright | 2 Http Server, Matt Wright Guestbook | 2008-09-05 | 7.5 HIGH | N/A |
| guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->". | |||||
| CVE-1999-1105 | 1 Microsoft | 1 Windows 95 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary files by mapping the network drive. | |||||
| CVE-1999-0579 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 10.0 HIGH | N/A |
| A Windows NT system's registry audit policy does not log an event success or failure for non-critical registry keys. | |||||
| CVE-1999-0581 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 10.0 HIGH | N/A |
| The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions. | |||||
| CVE-1999-0560 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 10.0 HIGH | N/A |
| A system-critical Windows NT file or directory has inappropriate permissions. | |||||
| CVE-1999-0460 | 1 Linux | 1 Linux Kernel | 2008-09-05 | 2.1 LOW | N/A |
| Buffer overflow in Linux autofs module through long directory names allows local users to perform a denial of service. | |||||
| CVE-1999-0578 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 4.6 MEDIUM | N/A |
| A Windows NT system's registry audit policy does not log an event success or failure for security-critical registry keys. | |||||
| CVE-1999-0570 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 10.0 HIGH | N/A |
| Windows NT is not using a password filter utility, e.g. PASSFILT.DLL. | |||||
| CVE-1999-0451 | 1 Linux | 1 Linux Kernel | 2008-09-05 | 2.1 LOW | N/A |
| Denial of service in Linux 2.0.36 allows local users to prevent any server from listening on any non-privileged port. | |||||
| CVE-1999-0568 | 1 Sun | 1 Solaris | 2008-09-05 | 10.0 HIGH | N/A |
| rpc.admind in Solaris is not running in a secure mode. | |||||
| CVE-1999-0744 | 1 Netscape | 2 Enterprise Server, Fasttrack Server | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request. | |||||
| CVE-1999-0577 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 10.0 HIGH | N/A |
| A Windows NT system's file audit policy does not log an event success or failure for non-critical files or directories. | |||||
| CVE-1999-0400 | 1 Linux | 1 Linux Kernel | 2008-09-05 | 4.6 MEDIUM | N/A |
| Denial of service in Linux 2.2.0 running the ldd command on a core file. | |||||
| CVE-1999-0730 | 1 Debian | 1 Debian Linux | 2008-09-05 | 10.0 HIGH | N/A |
| The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack. | |||||
| CVE-1999-0453 | 1 Cisco | 1 Router | 2008-09-05 | 5.0 MEDIUM | N/A |
| An attacker can identify a CISCO device by sending a SYN packet to port 1999, which is for the Cisco Discovery Protocol (CDP). | |||||
| CVE-1999-0477 | 1 Allaire | 1 Coldfusion Server | 2008-09-05 | 7.5 HIGH | N/A |
| The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly. | |||||
| CVE-1999-0784 | 1 Oracle | 1 Database Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed string to the listener port, aka NERP. | |||||
| CVE-1999-0299 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 9.3 HIGH | N/A |
| Buffer overflow in FreeBSD lpd through long DNS hostnames. | |||||
| CVE-1999-0248 | 1 Ssh | 1 Ssh | 2008-09-05 | 10.0 HIGH | N/A |
| A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials. | |||||
| CVE-1999-0119 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 10.0 HIGH | N/A |
| Windows NT 4.0 beta allows users to read and delete shares. | |||||
| CVE-1999-0231 | 1 Seattle Lab Software | 1 Slmail | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in IP-Switch IMail and Seattle Labs Slmail 2.6 packages using a long VRFY command, causing a denial of service and possibly remote access. | |||||
| CVE-1999-0053 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 5.0 MEDIUM | N/A |
| TCP RST denial of service in FreeBSD. | |||||
| CVE-1999-0285 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 10.0 HIGH | N/A |
| Denial of service in telnet from the Windows NT Resource Kit, by opening then immediately closing a connection. | |||||
| CVE-1999-0123 | 1 Slackware | 1 Slackware Linux | 2008-09-05 | 3.7 LOW | N/A |
| Race condition in Linux mailx command allows local users to read user files. | |||||
| CVE-1999-0140 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 5.0 MEDIUM | N/A |
| Denial of service in RAS/PPTP on NT systems. | |||||
| CVE-1999-0088 | 1 Ibm | 1 Aix | 2008-09-05 | 10.0 HIGH | N/A |
| IRIX and AIX automountd services (autofsd) allow remote users to execute root commands. | |||||
| CVE-1999-0089 | 1 Ibm | 1 Aix | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in AIX libDtSvc library can allow local users to gain root access. | |||||
| CVE-2008-3939 | 1 Avtech | 1 Pager Enterprise | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI. | |||||
| CVE-2008-3937 | 1 Opendb | 1 Opendb | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Open Media Collectors Database (OpenDb) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) user_id parameter in an edit action to user_admin.php, the (2) title parameter to listings.php, and the (3) redirect_url parameter to user_profile.php. | |||||
| CVE-2008-3938 | 1 Opendb | 1 Opendb | 2008-09-05 | 5.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in user_admin.php in Open Media Collectors Database (OpenDb) 1.0.6 allows remote attackers to change arbitrary passwords via an update_password action. | |||||
| CVE-2008-3935 | 1 D-ic | 2 Shop V50, Shop V52 | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in DIC shop_v50 3.0 and earlier and shop_v52 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-2173 | 1 Yamaha | 1 Router | 2008-09-05 | 7.1 HIGH | N/A |
| Unspecified vulnerability in Yamaha routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372. | |||||
| CVE-2008-2170 | 1 Century Software | 1 Router | 2008-09-05 | 7.1 HIGH | N/A |
| Unspecified vulnerability in Century routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372. | |||||
| CVE-2008-2169 | 2 Avici, Hitachi | 4 Router, Gr2000, Gr3000 and 1 more | 2008-09-05 | 7.1 HIGH | N/A |
| Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372. | |||||
| CVE-2008-3397 | 1 Runesoft | 1 Cerberus Cms | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Runesoft Cerberus CMS before 3_1.4_0.9 allows remote attackers to inject arbitrary web script or HTML via a cerberus_user cookie. | |||||
| CVE-2004-2182 | 1 Macromedia | 1 Jrun | 2008-09-05 | 7.5 HIGH | N/A |
| Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server. | |||||
| CVE-2004-2706 | 1 Phrozensmoke | 1 Gyach Enhanced | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service (crash) via conference packets with error messages. | |||||
| CVE-2002-2230 | 1 Ikonboard | 1 Ikonboard | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows remote attackers to inject arbitrary web script or HTML via a private message with a javascript: URL in the IMG tag, in which the URL ends in a ".gif" or ".jpg" string, a variant of CVE-2002-0328. | |||||
