Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0622 | 1 Apple | 1 Mac Os X | 2018-10-19 | 2.1 LOW | N/A |
| Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions does not properly clear memory for login (aka Loginwindow.app), Keychain, or FileVault passwords, which could allow the root user or an attacker with physical access to obtain sensitive information by reading memory. | |||||
| CVE-2004-2134 | 1 Oracle | 1 Application Server | 2018-10-19 | 4.6 MEDIUM | N/A |
| Oracle toplink mapping workBench uses a weak encryption algorithm for passwords, which allows local users to decrypt the passwords. | |||||
| CVE-2004-0230 | 6 Juniper, Mcafee, Netbsd and 3 more | 7 Junos, Network Data Loss Prevention, Netbsd and 4 more | 2018-10-19 | 5.0 MEDIUM | N/A |
| TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP. | |||||
| CVE-2004-2326 | 1 Ip3 Networks | 3 Ip3 Netaccess, Ip3 Netaccess - Hospitality, Ip3 Netaccess - Wireless Hotspots | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in IP3 Networks NetAccess Appliance before firmware 3.1.18b13 allows remote attackers to bypass authentication via the (1) login or (2) password. NOTE: this issue was later reported to also affect firmware 4.0.34. | |||||
| CVE-2004-1329 | 1 Ibm | 1 Aix | 2018-10-19 | 7.2 HIGH | N/A |
| Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program. | |||||
| CVE-2004-1104 | 1 Microsoft | 1 Ie | 2018-10-19 | 7.5 HIGH | N/A |
| Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty "href" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL. | |||||
| CVE-2004-2023 | 1 Zen Cart | 1 Zen Cart | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 before patch 1, and possibly other versions allows remote attackers to execute arbitrary SQL via the (1) admin_name or (2) admin_pass parameters. | |||||
| CVE-2004-2680 | 1 Apache | 1 Mod Python | 2018-10-19 | 5.0 MEDIUM | N/A |
| mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory. | |||||
| CVE-2004-0687 | 4 Openbsd, Suse, X.org and 1 more | 4 Openbsd, Suse Linux, X11r6 and 1 more | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file. | |||||
| CVE-2004-0688 | 4 Openbsd, Suse, X.org and 1 more | 4 Openbsd, Suse Linux, X11r6 and 1 more | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file. | |||||
| CVE-2004-0750 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2018-10-19 | 7.5 HIGH | N/A |
| Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares are exported to multiple hosts, can produce incorrect permissions and prevent the all_squash option from being applied. | |||||
| CVE-2004-2464 | 1 Ada | 1 Imgsvr | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ADA Image Server (ImgSvr) 0.4 allows remote attackers to read arbitrary files or list directories via hex-encoded "..//" sequences ("%2e%2e%2f%2f"). NOTE: it was later reported that 0.6.21 and earlier is also affected. | |||||
| CVE-2004-1873 | 1 Alan Ward | 1 A-cart | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category.asp in A-CART Pro and A-CART 2.0 allows remote attackers to gain privileges via the catcode parameter. | |||||
| CVE-2004-1888 | 1 Aborior | 1 Encore Web Forum | 2018-10-19 | 7.5 HIGH | N/A |
| display.cgi in Aborior Encore WebForum allows remote to execute arbitrary commands via shell metacharacters in the file variable. | |||||
| CVE-2004-1186 | 1 Gnu | 1 Enscript | 2018-10-19 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service (application crash). | |||||
| CVE-2004-1094 | 3 Checkmark, Innermedia, Realnetworks | 5 Checkmark Payroll, Multiledger, Dynazip Library and 2 more | 2018-10-19 | 10.0 HIGH | N/A |
| Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark Software Payroll 2004/2005 3.9.6 and earlier, (3) CheckMark MultiLedger before 7.0.2, (4) dtSearch 6.x and 7.x, (5) mcupdmgr.exe and mghtml.exe in McAfee VirusScan 10 Build 10.0.21 and earlier, (6) IBM Lotus Notes before 6.5.5, and other products. NOTE: it is unclear whether this is the same vulnerability as CVE-2004-0575, although the data manipulations are the same. | |||||
| CVE-2004-1184 | 4 Gnu, Redhat, Sgi and 1 more | 4 Enscript, Fedora Core, Propack and 1 more | 2018-10-19 | 4.6 MEDIUM | N/A |
| The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters. | |||||
| CVE-2004-1185 | 1 Gnu | 1 Enscript | 2018-10-19 | 7.5 HIGH | N/A |
| Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames. | |||||
| CVE-2004-0775 | 1 Widcomm | 2 Bluetooth Communication Software, Btstackserver | 2018-10-19 | 7.5 HIGH | N/A |
| Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in products such as BTStackServer 1.3.2.7 and 1.4.2.10, Windows XP and Windows 98 with MSI Bluetooth Dongles, and HP IPAQ 5450 running WinCE 3.0, allows remote attackers to execute arbitrary code via certain service requests. | |||||
| CVE-2004-1060 | 2 Icmp, Tcp | 2 Icmp, Tcp | 2018-10-19 | 5.0 MEDIUM | N/A |
| Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities. | |||||
| CVE-2004-1079 | 1 Ncpfs | 1 Ncpfs | 2018-10-19 | 7.2 HIGH | N/A |
| Buffer overflow in (1) ncplogin and (2) ncpmap in nwclient.c for ncpfs 2.2.4, and possibly other versions, may allow local users to gain privileges via a long -T option. | |||||
| CVE-2004-1038 | 1 Ieee | 1 Firewire Ieee | 2018-10-19 | 7.2 HIGH | N/A |
| A design error in the IEEE1394 specification allows attackers with physical access to a device to read and write to sensitive memory using a modified FireWire/IEEE 1394 client, thus bypassing intended restrictions that would normally require greater degrees of physical access to exploit. NOTE: this was reported in 2008 to affect Windows Vista, but some Linux-based operating systems have protection mechanisms against this attack. | |||||
| CVE-2003-1029 | 1 Lbl | 1 Tcpdump | 2018-10-19 | 5.0 MEDIUM | N/A |
| The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets. | |||||
| CVE-2004-0057 | 1 Lbl | 1 Tcpdump | 2018-10-19 | 5.0 MEDIUM | N/A |
| The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CVE-2003-0989. | |||||
| CVE-2000-0295 | 1 Lcdproc | 1 Lcdproc | 2018-10-19 | 10.0 HIGH | N/A |
| Buffer overflow in LCDproc allows remote attackers to gain root privileges via the screen_add command. | |||||
| CVE-2003-1035 | 1 Sap | 2 Sap R 3, Sapgui | 2018-10-19 | 7.5 HIGH | N/A |
| The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does. | |||||
| CVE-2002-0399 | 1 Gnu | 1 Tar | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267. | |||||
| CVE-2000-0122 | 1 Microsoft | 1 Frontpage | 2018-10-19 | 5.0 MEDIUM | N/A |
| Frontpage Server Extensions allows remote attackers to determine the physical path of a virtual directory via a GET request to the htimage.exe CGI program. | |||||
| CVE-2000-0256 | 1 Microsoft | 3 Frontpage, Personal Web Server, Windows Nt | 2018-10-19 | 7.5 HIGH | N/A |
| Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and 98 Server Extensions allow a user to conduct activities that are not otherwise available through the web site, aka the "Server-Side Image Map Components" vulnerability. | |||||
| CVE-2001-1311 | 1 Ibm | 1 Lotus Domino R5 | 2018-10-19 | 7.5 HIGH | N/A |
| Buffer overflows in Lotus Domino R5 before R5.0.7a allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. | |||||
| CVE-2000-1243 | 1 Dansie | 1 Shopping Cart | 2018-10-19 | 5.0 MEDIUM | N/A |
| Privacy leak in Dansie Shopping Cart 3.04, and probably earlier versions, sends sensitive information such as user credentials to an e-mail address controlled by the product developers. | |||||
| CVE-2002-1344 | 2 Gnu, Sun | 2 Wget, Cobalt Raq Xtr | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences. | |||||
| CVE-2002-0690 | 1 Mcafee | 1 Epolicy Orchestrator | 2018-10-19 | 10.0 HIGH | N/A |
| Format string vulnerability in McAfee Security ePolicy Orchestrator (ePO) 2.5.1 allows remote attackers to execute arbitrary code via an HTTP GET request with a URI containing format strings. | |||||
| CVE-2003-0086 | 1 Samba | 1 Samba | 2018-10-19 | 1.2 LOW | N/A |
| The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown. | |||||
| CVE-2003-0989 | 1 Redhat | 2 Linux, Tcpdump | 2018-10-19 | 7.5 HIGH | N/A |
| tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057. | |||||
| CVE-2003-0168 | 1 Apple | 1 Quicktime | 2018-10-19 | 7.5 HIGH | N/A |
| Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allows remote attackers to execute arbitrary code via a long QuickTime URL. | |||||
| CVE-2003-0138 | 1 Mit | 1 Kerberos | 2018-10-19 | 7.5 HIGH | N/A |
| Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack. | |||||
| CVE-2003-0139 | 1 Mit | 1 Kerberos | 2018-10-19 | 7.5 HIGH | N/A |
| Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing." | |||||
| CVE-2003-0147 | 3 Openpkg, Openssl, Stunnel | 3 Openpkg, Openssl, Stunnel | 2018-10-19 | 5.0 MEDIUM | N/A |
| OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). | |||||
| CVE-2003-0251 | 1 Nis | 1 Ypserv Nis Server | 2018-10-19 | 5.0 MEDIUM | N/A |
| ypserv NIS server before 2.7 allows remote attackers to cause a denial of service via a TCP client request that does not respond to the server, which causes ypserv to block. | |||||
| CVE-2003-1307 | 1 Apache | 1 Http Server | 2018-10-19 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP." | |||||
| CVE-2003-1304 | 1 Early Impact | 1 Productcart | 2018-10-19 | 5.0 MEDIUM | N/A |
| EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information via a direct request. | |||||
| CVE-2003-0297 | 1 University Of Washington | 3 C-client, Imap-2002b, Pine | 2018-10-19 | 7.5 HIGH | N/A |
| c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors. | |||||
| CVE-2002-2211 | 1 Isc | 1 Bind | 2018-10-19 | 5.0 MEDIUM | N/A |
| BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods. | |||||
| CVE-2002-2208 | 2 Cisco, Extended Interior Gateway Routing Protocol | 2 Ios, Extended Interior Gateway Routing Protocol | 2018-10-19 | 7.8 HIGH | N/A |
| Extended Interior Gateway Routing Protocol (EIGRP), as implemented in Cisco IOS 11.3 through 12.2 and other products, allows remote attackers to cause a denial of service (flood) by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network. | |||||
| CVE-2003-1234 | 1 Freebsd | 1 Freebsd | 2018-10-19 | 3.6 LOW | N/A |
| Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to fdrop. | |||||
| CVE-2002-2185 | 6 Debian, Mandrakesoft, Microsoft and 3 more | 11 Debian Linux, Mandrake Linux, Windows 98 and 8 more | 2018-10-19 | 4.9 MEDIUM | N/A |
| The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network. | |||||
| CVE-2003-0036 | 1 Rildo Pragana | 1 Ml85p | 2018-10-19 | 6.2 MEDIUM | N/A |
| ml85p, as included in the printer-drivers package for Mandrake Linux, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable filenames of the form "mlg85p%d". | |||||
| CVE-2003-0035 | 1 Robert Krawitz | 1 Escputil | 2018-10-19 | 7.2 HIGH | N/A |
| Buffer overflow in escputil, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long printer-name command line argument. | |||||
| CVE-2003-1179 | 1 Advanced Poll | 1 Advanced Poll | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Advanced Poll 2.0.2 allow remote attackers to execute arbitrary PHP code via the include_path parameter in (1) booth.php, (2) png.php, (3) poll_ssi.php, or (4) popup.php, the (5) base_path parameter to common.inc.php. | |||||