Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0283 | 2016-10-18 | 10.0 HIGH | N/A | ||
| The Java Web Server would allow remote users to obtain the source code for CGI programs. | |||||
| CVE-1999-0347 | 2016-10-18 | 10.0 HIGH | N/A | ||
| Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javascript URL, which causes Internet Explorer to use the domain specified after the character. | |||||
| CVE-1999-0360 | 1 Microsoft | 1 Site Server | 2016-10-18 | 7.2 HIGH | N/A |
| MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely. | |||||
| CVE-1999-0364 | 2 Fms Inc., Microsoft | 2 Total Vb Sourcebook, Access | 2016-10-18 | 10.0 HIGH | N/A |
| Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data. | |||||
| CVE-1999-0393 | 1 Eric Allman | 1 Sendmail | 2016-10-18 | 5.0 MEDIUM | N/A |
| Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers. | |||||
| CVE-1999-0403 | 1 Cyrix | 1 Linux | 2016-10-18 | 5.0 MEDIUM | N/A |
| A bug in Cyrix CPUs on Linux allows local users to perform a denial of service. | |||||
| CVE-1999-0407 | 1 Microsoft | 1 Internet Information Server | 2016-10-18 | 10.0 HIGH | N/A |
| By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. | |||||
| CVE-1999-0418 | 2016-10-18 | 6.4 MEDIUM | N/A | ||
| Denial of service in SMTP applications such as Sendmail, when a remote attacker (e.g. spammer) uses many "RCPT TO" commands in the same connection. | |||||
| CVE-1999-0429 | 1 Ibm | 1 Lotus Notes | 2016-10-18 | 7.5 HIGH | N/A |
| The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved Mail" preference. | |||||
| CVE-1999-0440 | 2 Netscape, Sun | 3 Communicator, Navigator, Java | 2016-10-18 | 7.5 HIGH | N/A |
| The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages. | |||||
| CVE-1999-0464 | 1 Tripwire | 1 Tripwire | 2016-10-18 | 2.1 LOW | N/A |
| Local users can perform a denial of service in Tripwire 1.2 and earlier using long filenames. | |||||
| CVE-1999-0604 | 1 Selena Sol | 1 Selena Sol Webstore | 2016-10-18 | 5.0 MEDIUM | N/A |
| An incorrect configuration of the WebStore 1.0 shopping cart CGI program "web_store.cgi" could disclose private information. | |||||
| CVE-1999-0605 | 1 Austin Contract Computing | 1 Merchant Order Form | 2016-10-18 | 5.0 MEDIUM | N/A |
| An incorrect configuration of the Order Form 1.0 shopping cart CGI program could disclose private information. | |||||
| CVE-1999-0606 | 1 Seaside Enterprises | 1 Ezmall | 2016-10-18 | 5.0 MEDIUM | N/A |
| An incorrect configuration of the EZMall 2000 shopping cart CGI program "mall2000.cgi" could disclose private information. | |||||
| CVE-1999-0607 | 1 I-soft | 1 Quikstore | 2016-10-18 | 5.0 MEDIUM | N/A |
| quikstore.cgi in QuikStore shopping cart stores quikstore.cfg under the web document root with insufficient access control, which allows remote attackers to obtain the cleartext administrator password and gain privileges. | |||||
| CVE-1999-0609 | 1 Mercantec | 1 Softcart | 2016-10-18 | 5.0 MEDIUM | N/A |
| An incorrect configuration of the SoftCart CGI program "SoftCart.exe" could disclose private information. | |||||
| CVE-1999-0610 | 1 Mountain Network Systems | 1 Webcart | 2016-10-18 | 5.0 MEDIUM | N/A |
| An incorrect configuration of the Webcart CGI program could disclose private information. | |||||
| CVE-1999-0661 | 2016-10-18 | 10.0 HIGH | N/A | ||
| A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6. | |||||
| CVE-1999-0711 | 1 Oracle | 1 Oracle8i | 2016-10-18 | 4.6 MEDIUM | N/A |
| The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root. | |||||
| CVE-1999-0780 | 3 Freebsd, Kde, Linux | 3 Freebsd, Kde, Linux Kernel | 2016-10-18 | 4.6 MEDIUM | N/A |
| KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file. | |||||
| CVE-1999-0781 | 3 Freebsd, Kde, Linux | 3 Freebsd, Kde, Linux Kernel | 2016-10-18 | 7.2 HIGH | N/A |
| KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables. | |||||
| CVE-1999-0782 | 3 Freebsd, Kde, Linux | 3 Freebsd, Kde, Linux Kernel | 2016-10-18 | 2.1 LOW | N/A |
| KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable. | |||||
| CVE-1999-0787 | 1 Ssh | 1 Ssh | 2016-10-18 | 2.1 LOW | N/A |
| The SSH authentication agent follows symlinks via a UNIX domain socket. | |||||
| CVE-1999-0788 | 1 Knox Software | 1 Arkeia | 2016-10-18 | 5.0 MEDIUM | N/A |
| Arkiea nlservd allows remote attackers to conduct a denial of service. | |||||
| CVE-1999-0798 | 5 Bsdi, Freebsd, Openbsd and 2 more | 7 Bsd Os, Freebsd, Openbsd and 4 more | 2016-10-18 | 10.0 HIGH | N/A |
| Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type. | |||||
| CVE-1999-0803 | 1 Ibm | 1 Aix Enetwork Firewall | 2016-10-18 | 2.1 LOW | N/A |
| The fwluser script in AIX eNetwork Firewall allows local users to write to arbitrary files via a symlink attack. | |||||
| CVE-1999-0808 | 1 Isc | 1 Dhcp Client | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple buffer overflows in ISC DHCP Distribution server (dhcpd) 1.0 and 2.0 allow a remote attacker to cause a denial of service (crash) and possibly execute arbitrary commands via long options. | |||||
| CVE-1999-0819 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2016-10-18 | 5.0 MEDIUM | N/A |
| NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it. | |||||
| CVE-1999-0864 | 1 Sco | 1 Unixware | 2016-10-18 | 7.2 HIGH | N/A |
| UnixWare programs that dump core allow a local user to modify files via a symlink attack on the ./core.pid file. | |||||
| CVE-1999-0865 | 1 Stalker | 1 Communigate Pro | 2016-10-18 | 5.0 MEDIUM | N/A |
| Buffer overflow in CommuniGatePro via a long string to the HTTP configuration port. | |||||
| CVE-1999-0866 | 1 Sco | 1 Unixware | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in UnixWare xauto program allows local users to gain root privilege. | |||||
| CVE-1999-0897 | 1 Apple | 1 Ichat Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| iChat ROOMS Webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
| CVE-1999-0913 | 1 Network Security Wizards | 1 Dragon-fire Ids | 2016-10-18 | 10.0 HIGH | N/A |
| dfire.cgi script in Dragon-Fire IDS allows remote users to execute commands via shell metacharacters. | |||||
| CVE-1999-0925 | 1 Messagemedia | 1 Unitymail | 2016-10-18 | 5.0 MEDIUM | N/A |
| UnityMail allows remote attackers to conduct a denial of service via a large number of MIME headers. | |||||
| CVE-1999-0941 | 1 Mutt | 1 Mutt | 2016-10-18 | 7.5 HIGH | N/A |
| Mutt mail client allows a remote attacker to execute commands via shell metacharacters. | |||||
| CVE-1999-0946 | 1 Yamaha | 1 Midiplug | 2016-10-18 | 5.1 MEDIUM | N/A |
| Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED tag. | |||||
| CVE-1999-0947 | 1 An | 1 An-httpd | 2016-10-18 | 7.5 HIGH | N/A |
| AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters. | |||||
| CVE-2015-3276 | 2 Openldap, Redhat | 5 Openldap, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more | 2016-10-15 | 5.0 MEDIUM | N/A |
| The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2005-4261 | 1 Positive Software | 1 Cp\+ | 2016-10-15 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Positive Software Corporation CP+ (cpplus) before 2.5.5 allows attackers to have unknown impact and attack vectors, related to "a possible security flaw caused by a bug in Perl." NOTE: unless CP+ includes its own copy of Perl with CVE-2005-3962, this is a different vulnerability than CVE-2005-3962; however, there is insufficient information to be sure. | |||||
| CVE-2016-3638 | 1 Sap | 1 Sld Registration | 2016-10-14 | 2.1 LOW | 5.5 MEDIUM |
| SAP SLD Registration Program (aka SLDREG) allows local users to cause a denial of service (memory corruption and process termination) via a crafted HOST parameter, aka SAP Security Note 2125623. | |||||
| CVE-2016-7437 | 1 Sap | 1 Netweaver | 2016-10-13 | 2.1 LOW | 3.3 LOW |
| SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 2252312. | |||||
| CVE-2016-0741 | 2 Fedoraproject, Redhat | 6 389 Directory Server, Enterprise Linux, Enterprise Linux Desktop and 3 more | 2016-10-12 | 7.8 HIGH | 7.5 HIGH |
| slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection. | |||||
| CVE-2012-3520 | 1 Linux | 1 Linux Kernel | 2016-10-12 | 1.9 LOW | N/A |
| The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or (2) NetworkManager. | |||||
| CVE-2016-7424 | 2 Debian, Libav | 2 Debian Linux, Libav | 2016-10-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file. | |||||
| CVE-2016-7901 | 2016-10-07 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2010-2685 | 1 Customerparadigm | 1 Pagedirector Cms | 2016-10-07 | 7.5 HIGH | N/A |
| siteadmin/adduser.php in Customer Paradigm PageDirector CMS does not properly restrict access, which allows remote attackers to bypass intended restrictions and add administrative users via a direct request. | |||||
| CVE-2013-6015 | 1 Juniper | 13 Junos, Srx100, Srx110 and 10 more | 2016-10-07 | 4.3 MEDIUM | N/A |
| Juniper Junos before 10.4S14, 11.4 before 11.4R5-S2, 12.1R before 12.1R3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D15 on SRX Series services gateways, when a plugin using TCP proxy is configured, allows remote attackers to cause a denial of service (flow daemon crash) via an unspecified sequence of TCP packets. | |||||
| CVE-2016-8277 | 1 Huawei | 3 Usg9520, Usg9560, Usg9580 | 2016-10-06 | 6.8 MEDIUM | 6.5 MEDIUM |
| Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote authenticated users to cause a denial of service (device restart) via an unspecified command parameter. | |||||
| CVE-2016-8278 | 1 Huawei | 3 Usg9520, Usg9560, Usg9580 | 2016-10-06 | 7.8 HIGH | 7.5 HIGH |
| Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote attackers to cause a denial of service (device restart) via an unspecified URL. | |||||
| CVE-2016-1000014 | 2016-10-06 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-3956. Reason: This candidate is a duplicate of CVE-2016-3956. Notes: All CVE users should reference CVE-2016-3956 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||