Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0126 | 1 Freebsd | 1 Freebsd | 2017-10-10 | 4.6 MEDIUM | N/A |
| The jail_attach system call in FreeBSD 5.1 and 5.2 changes the directory of a calling process even if the process doesn't have permission to change directory, which allows local users to gain read/write privileges to files and directories within another jail. | |||||
| CVE-2004-0128 | 1 Phpgedview | 1 Phpgedview | 2017-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in the GEDCOM configuration script for phpGedView 2.65.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains a malicious theme.php script. | |||||
| CVE-2004-0129 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter. | |||||
| CVE-2004-0131 | 1 Gnu | 1 Radius | 2017-10-10 | 5.0 MEDIUM | N/A |
| The rad_print_request function in logger.c for GNU Radius daemon (radiusd) before 1.2 allows remote attackers to cause a denial of service (crash) via a UDP packet with an Acct-Status-Type attribute without a value and no Acct-Session-Id attribute, which causes a null dereference. | |||||
| CVE-2004-0159 | 1 Samhain Labs | 1 Hsftp | 2017-10-10 | 7.5 HIGH | N/A |
| Format string vulnerability in hsftp 1.11 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via file names containing format string characters that are not properly handled when executing an "ls" command. | |||||
| CVE-2004-0160 | 1 Synaesthesia | 1 Synaesthesia | 2017-10-10 | 7.2 HIGH | N/A |
| Synaesthesia 2.2 and earlier allows local users to execute arbitrary code via a symlink attack on the configuration file. | |||||
| CVE-2004-0165 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-10-10 | 5.0 MEDIUM | N/A |
| Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges. | |||||
| CVE-2004-0169 | 1 Apple | 1 Darwin Streaming Server | 2017-10-10 | 5.0 MEDIUM | N/A |
| QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (crash) via DESCRIBE requests with long User-Agent fields, which causes an Assert error to be triggered in the BufferIsFull function. | |||||
| CVE-2004-0171 | 2 Freebsd, Openbsd | 2 Freebsd, Openbsd | 2017-10-10 | 5.0 MEDIUM | N/A |
| FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of memory buffers and system crash) via a large number of out-of-sequence TCP packets, which prevents the operating system from creating new connections. | |||||
| CVE-2004-0173 | 1 Apache | 1 Http Server | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences. | |||||
| CVE-2004-0185 | 1 Washington University | 1 Wu-ftpd | 2017-10-10 | 10.0 HIGH | N/A |
| Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name. | |||||
| CVE-2004-0186 | 2 Linux, Samba | 2 Linux Kernel, Samba | 2017-10-10 | 7.2 HIGH | N/A |
| smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted. | |||||
| CVE-2004-0189 | 1 Squid | 1 Squid | 2017-10-10 | 7.5 HIGH | N/A |
| The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists. | |||||
| CVE-2004-0190 | 1 Symantec | 3 Firewall Vpn Appliance 100, Firewall Vpn Appliance 200, Firewall Vpn Appliance 200r | 2017-10-10 | 7.5 HIGH | N/A |
| Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges. | |||||
| CVE-2004-0191 | 1 Mozilla | 1 Mozilla | 2017-10-10 | 6.8 MEDIUM | N/A |
| Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events. | |||||
| CVE-2004-0193 | 1 Iss | 11 Blackice Agent Server, Blackice Pc Protection, Blackice Server Protection and 8 more | 2017-10-10 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username. | |||||
| CVE-2004-0194 | 1 Adobe | 1 Acrobat Reader | 2017-10-10 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the OutputDebugString function for Adobe Acrobat Reader 5.1 allows remote attackers to execute arbitrary code via a PDF document with XML Forms Data Format (XFDF) data. | |||||
| CVE-2004-0257 | 2 Netbsd, Openbsd | 2 Netbsd, Openbsd | 2017-10-10 | 5.0 MEDIUM | N/A |
| OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a denial of service (crash) by sending an IPv6 packet with a small MTU to a listening port and then issuing a TCP connect to that port. | |||||
| CVE-2004-0263 | 2 Apache, Ibm | 2 Http Server, Http Server | 2017-10-10 | 5.0 MEDIUM | N/A |
| PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information. | |||||
| CVE-2004-0270 | 1 Clam Anti-virus | 1 Clamav | 2017-10-10 | 5.0 MEDIUM | N/A |
| libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling program. | |||||
| CVE-2004-0273 | 1 Realnetworks | 3 Realone Desktop Manager, Realone Enterprise Desktop, Realone Player | 2017-10-10 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file. | |||||
| CVE-2004-0274 | 1 Eggheads | 1 Eggdrop Irc Bot | 2017-10-10 | 7.5 HIGH | N/A |
| Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can mistakenly assign STAT_OFFERED status to a bot that is not a sharebot, which allows remote attackers to use STAT_OFFERED to promote a bot to a sharebot and conduct unauthorized activities. | |||||
| CVE-2004-0297 | 1 Ipswitch | 1 Imail | 2017-10-10 | 10.0 HIGH | N/A |
| Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag length. | |||||
| CVE-2004-0309 | 1 Zonelabs | 2 Integrity, Zonealarm | 2017-10-10 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the SMTP service support in vsmon.exe in Zone Labs ZoneAlarm before 4.5.538.001, ZoneLabs Integrity client 4.0 before 4.0.146.046, and 4.5 before 4.5.085, allows remote attackers to execute arbitrary code via a long RCPT TO argument. | |||||
| CVE-2004-0320 | 1 Ncipher | 1 Nshield | 2017-10-10 | 2.1 LOW | N/A |
| Unknown vulnerability in nCipher Hardware Security Modules (HSM) 1.67.x through 1.99.x allows local users to access secrets stored in the module's run-time memory via certain sequences of commands. | |||||
| CVE-2004-0336 | 1 Software602 | 1 602pro Lan Suite | 2017-10-10 | 5.0 MEDIUM | N/A |
| LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive information via the mail login form, which contains the path to the mail directory. | |||||
| CVE-2004-0347 | 1 Netscreen | 1 Netscreen-sa 5000 Series | 2017-10-10 | 6.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in delhomepage.cgi in NetScreen-SA 5000 Series running firmware 3.3 Patch 1 (build 4797) allows remote authenticated users to execute arbitrary script as other users via the row parameter. | |||||
| CVE-2004-0356 | 1 Seattle Lab Software | 1 Slmail Pro | 2017-10-10 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in Supervisor Report Center in SL Mail Pro 2.0.9 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a long HTTP sub-version. | |||||
| CVE-2007-1524 | 1 Zomplog | 1 Zomplog | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/. | |||||
| CVE-2015-1867 | 2 Clusterlabs, Redhat | 3 Pacemaker, Enterprise Linux High Availability, Enterprise Linux Resilient Storage | 2017-10-10 | 7.5 HIGH | N/A |
| Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command. | |||||
| CVE-2017-11735 | 2017-10-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in the originally named product. Notes: none. | |||||
| CVE-2017-9837 | 2017-10-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-1999-0077 | 1 Microsoft | 1 Windows Nt | 2017-10-10 | 5.0 MEDIUM | N/A |
| Predictable TCP sequence numbers allow spoofing. | |||||
| CVE-1999-0084 | 1 Sun | 1 Nfs | 2017-10-10 | 7.2 HIGH | N/A |
| Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0. | |||||
| CVE-1999-0178 | 1 Oreilly | 1 Oreilly Website | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in the win-c-sample program (win-c-sample.exe) in the WebSite web server 1.1e allows remote attackers to execute arbitrary code via a long query string. | |||||
| CVE-1999-0313 | 1 Sgi | 1 Irix | 2017-10-10 | 7.2 HIGH | N/A |
| disk_bandwidth on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames. | |||||
| CVE-1999-0314 | 1 Sgi | 1 Irix | 2017-10-10 | 7.2 HIGH | N/A |
| ioconfig on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames. | |||||
| CVE-1999-0380 | 1 Seattle Lab Software | 1 Slmail | 2017-10-10 | 4.6 MEDIUM | N/A |
| SLMail 3.1 and 3.2 allows local users to access any file in the NTFS file system when the Remote Administration Service (RAS) is enabled by setting a user's Finger File to point to the target file, then running finger on the user. | |||||
| CVE-1999-0608 | 1 Pdgsoft | 1 Pdg Shopping Cart | 2017-10-10 | 5.0 MEDIUM | N/A |
| An incorrect configuration of the PDG Shopping Cart CGI program "shopper.cgi" could disclose private information. | |||||
| CVE-1999-0681 | 1 Microsoft | 2 Frontpage, Personal Web Server | 2017-10-10 | 5.0 MEDIUM | N/A |
| Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL. | |||||
| CVE-1999-0718 | 1 Ibm | 1 Gina | 2017-10-10 | 6.2 MEDIUM | N/A |
| IBM GINA, when used for OS/2 domain authentication of Windows NT users, allows local users to gain administrator privileges by changing the GroupMapping registry key. | |||||
| CVE-1999-0756 | 1 Allaire | 1 Coldfusion Server | 2017-10-10 | 5.0 MEDIUM | N/A |
| ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility. | |||||
| CVE-1999-0760 | 1 Allaire | 1 Coldfusion Server | 2017-10-10 | 10.0 HIGH | N/A |
| Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges. | |||||
| CVE-1999-0800 | 1 Allaire | 1 Forums | 2017-10-10 | 5.0 MEDIUM | N/A |
| The GetFile.cfm file in Allaire Forums allows remote attackers to read files through a parameter to GetFile.cfm. | |||||
| CVE-1999-0815 | 1 Microsoft | 1 Windows Nt | 2017-10-10 | 5.0 MEDIUM | N/A |
| Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries. | |||||
| CVE-1999-0924 | 1 Allaire | 1 Coldfusion Server | 2017-10-10 | 5.0 MEDIUM | N/A |
| The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service. | |||||
| CVE-1999-0968 | 1 James Seter | 1 Bnc Irc | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in BNC IRC proxy allows remote attackers to gain privileges. | |||||
| CVE-1999-1021 | 1 Sun | 1 Sunos | 2017-10-10 | 7.2 HIGH | N/A |
| NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32 bit UID, which allows a local user to gain root access if the lower 16 bits are set to 0, as fixed by the NFS jumbo patch upgrade. | |||||
| CVE-1999-1032 | 1 Digital | 1 Ultrix | 2017-10-10 | 10.0 HIGH | N/A |
| Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2 allows attackers to gain root privileges. | |||||
| CVE-1999-1034 | 1 Att | 1 Svr4 | 2017-10-10 | 7.2 HIGH | N/A |
| Vulnerability in login in AT&T System V Release 4 allows local users to gain privileges. | |||||