Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1493 | 1 Lycos | 1 Htmlgear Guestgear | 2017-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook allows remote attackers to inject arbitrary script via (1) STYLE attributes or (2) SRC attributes in an IMG tag. | |||||
| CVE-2002-1552 | 1 Novell | 1 Edirectory | 2017-10-10 | 7.5 HIGH | N/A |
| Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users with expired passwords to gain inappropriate permissions when logging in from Remote Manager. | |||||
| CVE-2002-1574 | 1 Linux | 1 Linux Kernel | 2017-10-10 | 4.6 MEDIUM | N/A |
| Buffer overflow in the ixj telephony card driver in Linux before 2.4.20 has unknown impact and attack vectors. | |||||
| CVE-2003-0039 | 1 Isc | 1 Dhcpd | 2017-10-10 | 5.0 MEDIUM | N/A |
| ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (packet storm) via a certain BOOTP packet that is forwarded to a broadcast MAC address, causing an infinite loop that is not restricted by a hop count. | |||||
| CVE-2003-0040 | 2 Double Precision Incorporated, Inter7 | 2 Courier Mta, Courier-imap | 2017-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name. | |||||
| CVE-2003-0043 | 1 Apache | 1 Tomcat | 2017-10-10 | 5.0 MEDIUM | N/A |
| Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file. | |||||
| CVE-2003-0045 | 1 Apache | 1 Tomcat | 2017-10-10 | 5.0 MEDIUM | N/A |
| Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp. | |||||
| CVE-2003-0081 | 1 Ethereal Group | 1 Ethereal | 2017-10-10 | 7.5 HIGH | N/A |
| Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers. | |||||
| CVE-2003-0087 | 1 National Language Support | 1 Libim | 2017-10-10 | 7.2 HIGH | N/A |
| Buffer overflow in libIM library (libIM.a) for National Language Support (NLS) on AIX 4.3 through 5.2 allows local users to gain privileges via several possible attack vectors, including a long -im argument to aixterm. | |||||
| CVE-2003-0093 | 1 Lbl | 1 Tcpdump | 2017-10-10 | 5.0 MEDIUM | N/A |
| The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service (crash) via an invalid RADIUS packet with a header length field of 0, which causes tcpdump to generate data within an infinite loop. | |||||
| CVE-2003-0094 | 1 Andries Brouwer | 1 Util-linux | 2017-10-10 | 5.0 MEDIUM | N/A |
| A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed. | |||||
| CVE-2003-0124 | 1 Andries Brouwer | 1 Man | 2017-10-10 | 4.6 MEDIUM | N/A |
| man before 1.5l allows attackers to execute arbitrary code via a malformed man file with improper quotes, which causes the my_xsprintf function to return a string with the value "unsafe," which is then executed as a program via a system call if it is in the search path of the user who runs man. | |||||
| CVE-2003-0143 | 1 Qualcomm | 1 Qpopper | 2017-10-10 | 10.0 HIGH | N/A |
| The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null terminate a message buffer after a call to Qvsnprintf, which could allow authenticated users to execute arbitrary code via a buffer overflow in a mdef command with a long macro name. | |||||
| CVE-2003-0145 | 1 Lbl | 1 Tcpdump | 2017-10-10 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in tcpdump before 3.7.2 related to an inability to "Handle unknown RADIUS attributes properly," allows remote attackers to cause a denial of service (infinite loop), a different vulnerability than CAN-2003-0093. | |||||
| CVE-2003-0924 | 1 Netpbm | 1 Netpbm | 2017-10-10 | 3.7 LOW | N/A |
| netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files. | |||||
| CVE-2003-0966 | 1 Elm Development Group | 1 Elm | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in the frm command in elm 2.5.6 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code via a long Subject line. | |||||
| CVE-2003-0969 | 1 Mpg321 | 1 Mpg321 | 2017-10-10 | 7.5 HIGH | N/A |
| mpg321 0.2.10 allows remote attackers to overwrite memory and possibly execute arbitrary code via an mp3 file that passes certain strings to the printf function, possibly triggering a format string vulnerability. | |||||
| CVE-2003-0988 | 1 Kde | 1 Kde | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file. | |||||
| CVE-2003-0991 | 2 Gnu, Sgi | 2 Mailman, Propack | 2017-10-10 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands. | |||||
| CVE-2003-1022 | 1 Debian | 1 Fsp | 2017-10-10 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in fsp before 2.81.b18 allows remote users to access files outside the FSP root directory. | |||||
| CVE-2004-0001 | 1 Linux | 1 Linux Kernel | 2017-10-10 | 7.2 HIGH | N/A |
| Unknown vulnerability in the eflags checking in the 32-bit ptrace emulation for the Linux kernel on AMD64 systems allows local users to gain privileges. | |||||
| CVE-2004-0004 | 1 Openca | 1 Openca | 2017-10-10 | 7.5 HIGH | N/A |
| The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 and earlier only compares the serial of the signer's certificate and the one in the database, which can cause OpenCA to incorrectly accept a signature if the certificate's chain is trusted by OpenCA's chain directory, allowing remote attackers to spoof requests from other users. | |||||
| CVE-2004-0009 | 1 Apache-ssl | 1 Apache-ssl | 2017-10-10 | 7.5 HIGH | N/A |
| Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user. | |||||
| CVE-2004-0011 | 1 Debian | 1 Fsp | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in fsp before 2.81.b18 allows remote users to execute arbitrary code. | |||||
| CVE-2004-0013 | 1 Jabber Software Foundation | 1 Jabber Server | 2017-10-10 | 5.0 MEDIUM | N/A |
| jabber 1.4.2, 1.4.2a, and possibly earlier versions, does not properly handle SSL connections, which allows remote attackers to cause a denial of service (crash). | |||||
| CVE-2004-0015 | 1 Vbox3 | 1 Vbox3 | 2017-10-10 | 7.2 HIGH | N/A |
| vbox3 0.1.8 and earlier does not properly drop privileges before executing a user-provided TCL script, which allows local users to gain privileges. | |||||
| CVE-2004-0016 | 1 Phpgroupware | 1 Phpgroupware | 2017-10-10 | 7.5 HIGH | N/A |
| The calendar module for phpgroupware 0.9.14 does not enforce the "save extension" feature for holiday files, which allows remote attackers to create and execute PHP files. | |||||
| CVE-2004-0028 | 1 Samba | 1 Jitterbug | 2017-10-10 | 7.5 HIGH | N/A |
| jitterbug 1.6.2 does not properly sanitize inputs, which allows remote authenticated users to execute arbitrary commands. | |||||
| CVE-2004-0031 | 1 Phpgedview | 1 Phpgedview | 2017-10-10 | 7.5 HIGH | N/A |
| PHPGEDVIEW 2.61 allows remote attackers to reinstall the software and change the administrator password via a direct HTTP request to editconfig.php. | |||||
| CVE-2004-0032 | 1 Phpgedview | 1 Phpgedview | 2017-10-10 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW 2.61 allows remote attackers to inject arbitrary HTML and web script via the firstname parameter. | |||||
| CVE-2004-0033 | 1 Phpgedview | 1 Phpgedview | 2017-10-10 | 5.0 MEDIUM | N/A |
| admin.php in PHPGEDVIEW 2.61 allows remote attackers to obtain sensitive information via an action parameter with a phpinfo command. | |||||
| CVE-2004-0035 | 1 Phorum | 1 Phorum | 2017-10-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the hide_email parameter. | |||||
| CVE-2004-0036 | 1 Jelsoft | 1 Vbulletin | 2017-10-10 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x before 2.3.4 allows remote attackers to steal sensitive information via the eventid parameter. | |||||
| CVE-2004-0040 | 1 Checkpoint | 2 Firewall-1, Vpn-1 | 2017-10-10 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary code via an ISAKMP packet with a large Certificate Request packet. | |||||
| CVE-2004-0044 | 1 Cisco | 1 Personal Assistant | 2017-10-10 | 7.5 HIGH | N/A |
| Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username. | |||||
| CVE-2004-0045 | 1 Isc | 1 Inn | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code. | |||||
| CVE-2004-0063 | 1 Ncipher | 1 Payshield Spp Library | 2017-10-10 | 7.5 HIGH | N/A |
| The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number. | |||||
| CVE-2004-0068 | 1 Phpdig.net | 1 Phpdig | 2017-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 and earlier allows remote attackers to execute arbitrary PHP code by modifying the $relative_script_path parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2004-0070 | 1 Visualshapers | 1 Ezcontents | 2017-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in module.php for ezContents allows remote attackers to execute arbitrary PHP code by modifying the link parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2004-0075 | 1 Linux | 1 Linux Kernel | 2017-10-10 | 2.1 LOW | N/A |
| The Vicam USB driver in Linux before 2.4.25 does not use the copy_from_user function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service. | |||||
| CVE-2004-0078 | 1 Mutt | 1 Mutt | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages. | |||||
| CVE-2004-0080 | 1 Andries Brouwer | 1 Util-linux | 2017-10-10 | 5.0 MEDIUM | N/A |
| The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data. | |||||
| CVE-2004-0089 | 1 Apple | 1 Mac Os X | 2017-10-10 | 4.6 MEDIUM | N/A |
| Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x allows local users to gain privileges via a long environment variable. | |||||
| CVE-2004-0093 | 1 Xfree86 Project | 1 X11r6 | 2017-10-10 | 7.5 HIGH | N/A |
| XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI). | |||||
| CVE-2004-0094 | 1 Xfree86 Project | 1 X11r6 | 2017-10-10 | 7.5 HIGH | N/A |
| Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI). | |||||
| CVE-2004-0095 | 1 Mcafee | 1 Epolicy Orchestrator | 2017-10-10 | 5.0 MEDIUM | N/A |
| McAfee ePolicy Orchestrator agent allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute arbitrary code via an HTTP POST request with an invalid Content-Length value, possibly triggering a buffer overflow. | |||||
| CVE-2004-0099 | 1 Freebsd | 1 Freebsd | 2017-10-10 | 4.6 MEDIUM | N/A |
| mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when creating a snapshot for a file system, which causes default values for other flags to be used, possibly disabling security-critical settings and allowing a local user to bypass intended access restrictions. | |||||
| CVE-2004-0108 | 3 Redhat, Sgi, Sysstat | 3 Sysstat, Propack, Sysstat | 2017-10-10 | 4.6 MEDIUM | N/A |
| The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107. | |||||
| CVE-2004-0111 | 3 Gnome, Redhat, Sgi | 5 Gdkpixbuf, Enterprise Linux, Gdk Pixbuf and 2 more | 2017-10-10 | 5.0 MEDIUM | N/A |
| gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file. | |||||
| CVE-2004-0114 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2017-10-10 | 4.6 MEDIUM | N/A |
| The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges. | |||||