Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1343 | 1 Cgicentral | 2 Webstore 400, Webstore 400cs | 2017-12-19 | 7.5 HIGH | N/A |
| ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated WebStore administrators to execute arbitrary code via shell metacharacters in the kill parameter. | |||||
| CVE-2001-1344 | 1 Cgicentral | 2 Webstore 400, Webstore 400cs | 2017-12-19 | 7.5 HIGH | N/A |
| WSSecurity.pl in WebStore allows remote attackers to bypass authentication by providing the program with a filename that exists, which is made easier by (1) inserting a null character or (2) .. (dot dot). | |||||
| CVE-2001-1354 | 1 Netwin | 2 Dmail, Surgeftp | 2017-12-19 | 4.6 MEDIUM | N/A |
| NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password. | |||||
| CVE-2001-1355 | 1 Netwin | 2 Dmail, Surgeftp | 2017-12-19 | 10.0 HIGH | N/A |
| Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command. | |||||
| CVE-2001-1368 | 1 Iplanet | 1 Iplanet Web Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Vulnerability in iPlanet Web Server 4 included in Virtualvault Operating System (VVOS) 4.0 running HP-UX 11.04 could allow attackers to corrupt data. | |||||
| CVE-2001-1408 | 1 Cobalt | 2 Qube, Webmail | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in Cobalt Qube 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the mailbox parameter. | |||||
| CVE-2001-1482 | 1 Phpbb Group | 1 Phpbb | 2017-12-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allows remote attackers to execute arbitrary SQL queries via the $sortby variable. | |||||
| CVE-2001-1498 | 1 Markus Kliegl | 1 Mod Bf | 2017-12-19 | 7.2 HIGH | N/A |
| Buffer overflow in mod_bf 0.2 allows local users to execute arbitrary commands via a long script. | |||||
| CVE-2001-1500 | 1 Proftpd Project | 1 Proftpd | 2017-12-19 | 7.5 HIGH | N/A |
| ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged. | |||||
| CVE-2001-1508 | 1 Sco | 1 Openserver | 2017-12-19 | 4.6 MEDIUM | N/A |
| Buffer overflow in lpstat in SCO OpenServer 5.0 through 5.0.6a allows local users to execute arbitrary code as group bin via a long command line argument. | |||||
| CVE-2001-1580 | 2 Nombas, Novell | 2 Scriptease Webserver, Netware | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ScriptEase viewcode.jse for Netware 5.1 before 5.1 SP3 allows remote attackers to read arbitrary files via ".." sequences in the query string. | |||||
| CVE-2002-0102 | 1 Oracle | 1 Application Server Web Cache | 2017-12-19 | 5.0 MEDIUM | N/A |
| Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial of service via (1) a request to TCP ports 1100, 4000, 4001, and 4002 with a large number of null characters, and (2) a request to TCP port 4000 with a large number of "." characters. | |||||
| CVE-2002-0405 | 1 Transsoft | 1 Broker Ftp Server | 2017-12-19 | 10.0 HIGH | N/A |
| Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows remote attackers to cause a denial of service and possibly execute arbitrary code via a CWD command with a large number of . (dot) characters. | |||||
| CVE-2002-0465 | 1 Hosting Controller | 1 Hosting Controller | 2017-12-19 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in filemanager.asp for Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files, and execute commands, via a .. (dot dot) in the OpenPath parameter. | |||||
| CVE-2002-0466 | 1 Hosting Controller | 1 Hosting Controller | 2017-12-19 | 5.0 MEDIUM | N/A |
| Hosting Controller 1.4.1 and earlier allows remote attackers to browse arbitrary directories via a full C: style pathname in the filepath arguments to (1) Statsbrowse.asp, (2) servubrowse.asp, (3) browsedisk.asp, (4) browsewebalizerexe.asp, or (5) sqlbrowse.asp. | |||||
| CVE-2002-0502 | 1 Citrix | 1 Nfuse | 2017-12-19 | 5.0 MEDIUM | N/A |
| Citrix NFuse 1.6 may allow remote attackers to list applications without authentication by accessing the applist.asp page. | |||||
| CVE-2002-0559 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name. | |||||
| CVE-2002-0565 | 1 Oracle | 3 Application Server, Application Server Web Cache, Oracle9i | 2017-12-19 | 5.0 MEDIUM | N/A |
| Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages. | |||||
| CVE-2002-0570 | 1 Linux | 1 Linux Kernel | 2017-12-19 | 2.1 LOW | N/A |
| The encrypted loop device in Linux kernel 2.4.10 and earlier does not authenticate the entity that is encrypting data, which allows local users to modify encrypted data without knowing the key. | |||||
| CVE-2002-2092 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2017-12-19 | 3.7 LOW | N/A |
| Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid. | |||||
| CVE-2002-2093 | 1 Sgi | 1 Irix | 2017-12-19 | 2.1 LOW | N/A |
| The Video Control Panel on SGI O2/IRIX 6.5, when the Default Input is set to "Output Video", allows attackers to access a console session by running videoout then videoin. | |||||
| CVE-2002-2097 | 1 Maradns | 1 Maradns | 2017-12-19 | 5.0 MEDIUM | N/A |
| The compression code in MaraDNS before 0.9.01 allows remote attackers to cause a denial of service via crafted DNS packets. | |||||
| CVE-2002-2098 | 1 Axspawn | 1 Axspawn | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflow in axspawn.c in Axspawn-pam before 0.2.1a allows remote attackers to execute arbitrary code via large packets. | |||||
| CVE-2002-2099 | 1 Gnu | 1 Data Display Debugger | 2017-12-19 | 7.2 HIGH | N/A |
| Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows local users to execute arbitrary code and possibly gain privileges via a long HOME environment variable. NOTE: since DDD is not installed setuid or setgid, perhaps this issue should not be included in CVE. | |||||
| CVE-2002-2104 | 1 Ganglia | 1 Php Rrd Web Client | 2017-12-19 | 7.5 HIGH | N/A |
| graph.php in Ganglia PHP RRD Web Client 1.0.2 allows remote attackers to execute arbitrary commands via the command parameter, which is provided to the passthru function. | |||||
| CVE-2002-2105 | 1 Microsoft | 1 Windows Xp | 2017-12-19 | 2.1 LOW | N/A |
| Microsoft Windows XP allows local users to prevent the system from booting via a corrupt explorer.exe.manifest file. | |||||
| CVE-2002-2106 | 1 Wikkitikkitavi | 1 Wikkitikkitavi | 2017-12-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in WikkiTikkiTavi before 0.21 allows remote attackers to execute arbitrary PHP code via the TemplateDir variable, as demonstrated using conflict.php. | |||||
| CVE-2006-6440 | 1 Xerox | 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more | 2017-12-19 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allow remote attackers to have an unspecified impact via unspecified vectors relating to "HTTP Security issues." | |||||
| CVE-2012-0475 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-12-19 | 2.6 LOW | N/A |
| Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLHttpRequest or (2) WebSocket operation involving a nonstandard port number and an IPv6 address that contains certain zero fields. | |||||
| CVE-2012-0708 | 1 Ibm | 1 Rational Clearquest | 2017-12-19 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch. | |||||
| CVE-2012-0726 | 1 Ibm | 1 Tivoli Directory Server | 2017-12-19 | 6.4 MEDIUM | N/A |
| The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol. | |||||
| CVE-2012-0740 | 1 Ibm | 1 Tivoli Directory Server | 2017-12-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.22 and 6.3 before 6.3.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-0743 | 1 Ibm | 1 Tivoli Directory Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via a malformed LDAP paged search request. | |||||
| CVE-2012-0863 | 1 Mumble | 1 Mumble | 2017-12-19 | 2.1 LOW | N/A |
| Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file. | |||||
| CVE-2012-1993 | 1 Hp | 1 System Management Homepage | 2017-12-19 | 3.2 LOW | N/A |
| Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows local users to modify data or obtain sensitive information via unknown vectors. | |||||
| CVE-2012-2399 | 1 Wordpress | 1 Wordpress | 2017-12-19 | 10.0 HIGH | N/A |
| Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414. | |||||
| CVE-2012-2400 | 1 Wordpress | 1 Wordpress | 2017-12-19 | 10.0 HIGH | N/A |
| Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impact and attack vectors. | |||||
| CVE-2012-2401 | 2 Moxiecode, Wordpress | 2 Plupload, Wordpress | 2017-12-19 | 5.0 MEDIUM | N/A |
| Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content. | |||||
| CVE-2012-2402 | 1 Wordpress | 1 Wordpress | 2017-12-19 | 5.5 MEDIUM | N/A |
| wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors. | |||||
| CVE-2012-2403 | 1 Wordpress | 1 Wordpress | 2017-12-19 | 4.3 MEDIUM | N/A |
| wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | |||||
| CVE-2012-2404 | 1 Wordpress | 1 Wordpress | 2017-12-19 | 4.3 MEDIUM | N/A |
| wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | |||||
| CVE-2012-2422 | 1 Intuit | 1 Quickbooks | 2017-12-19 | 2.9 LOW | N/A |
| Intuit QuickBooks 2009 through 2012 might allow remote attackers to obtain pathname information via the qbwc://docontrol/GetCompanyFile functionality. | |||||
| CVE-2016-10372 | 1 Eir | 2 D1000 Modem, D1000 Modem Firmware | 2017-12-19 | 10.0 HIGH | 9.8 CRITICAL |
| The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80, retrieving the login password (which defaults to the Wi-Fi password), and using the NewNTPServer feature. | |||||
| CVE-2017-7921 | 1 Hikvision | 116 Ds-2cd2032-i, Ds-2cd2032-i Firmware, Ds-2cd2112-i and 113 more | 2017-12-19 | 7.5 HIGH | 10.0 CRITICAL |
| An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information. | |||||
| CVE-2017-7923 | 1 Hikvision | 116 Ds-2cd2032-i, Ds-2cd2032-i Firmware, Ds-2cd2112-i and 113 more | 2017-12-19 | 4.0 MEDIUM | 8.8 HIGH |
| A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The password in configuration file vulnerability could allow a malicious user to escalate privileges or assume the identity of another user and access sensitive information. | |||||
| CVE-2017-13664 | 1 Ismartalarm | 2 Cubeone, Cubeone Firmware | 2017-12-18 | 5.0 MEDIUM | 9.8 CRITICAL |
| Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this file. | |||||
| CVE-2017-13159 | 1 Google | 1 Android | 2017-12-18 | 7.8 HIGH | 7.5 HIGH |
| An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879772. | |||||
| CVE-2017-13157 | 1 Google | 1 Android | 2017-12-18 | 7.8 HIGH | 7.5 HIGH |
| An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32990341. | |||||
| CVE-2017-13158 | 1 Google | 1 Android | 2017-12-18 | 7.8 HIGH | 7.5 HIGH |
| An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879915. | |||||
| CVE-2017-13152 | 1 Google | 1 Android | 2017-12-18 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability in the Android media framework (libmedia drm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-62872384. | |||||