Total
28982 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-1816 | 2 Macromedia, Sun | 3 Coldfusion, Jrun, One Application Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Unknown vulnerability in Sun Java System Application Server 7.0 Update 2 and earlier, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption). | |||||
CVE-1999-1349 | 1 Xlink Technology | 1 Omni-nfs X Enterprise | 2024-02-28 | 5.0 MEDIUM | N/A |
NFS daemon (nfsd.exe) for Omni-NFS/X 6.1 allows remote attackers to cause a denial of service (resource exhaustion) via certain packets, possibly with the Urgent (URG) flag set, to port 111. | |||||
CVE-2004-0004 | 1 Openca | 1 Openca | 2024-02-28 | 7.5 HIGH | N/A |
The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 and earlier only compares the serial of the signer's certificate and the one in the database, which can cause OpenCA to incorrectly accept a signature if the certificate's chain is trusted by OpenCA's chain directory, allowing remote attackers to spoof requests from other users. | |||||
CVE-1999-1107 | 1 Kde | 1 Kde | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in kppp in KDE allows local users to gain root access via a long PATH environmental variable. | |||||
CVE-2003-0856 | 1 Stephen Hemminger | 1 Iproute | 2024-02-28 | 4.9 MEDIUM | N/A |
iproute 2.4.7 and earlier allows local users to cause a denial of service via spoofed messages as other users to the kernel netlink interface. | |||||
CVE-2004-1693 | 1 Mambo | 1 Mambo | 2024-02-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code. | |||||
CVE-1999-0427 | 1 Qualcomm | 3 Eudora, Eudora Light, Eudora Pro | 2024-02-28 | 7.5 HIGH | N/A |
Eudora 4.1 allows remote attackers to perform a denial of service by sending attachments with long file names. | |||||
CVE-2001-1514 | 1 Macromedia | 1 Coldfusion | 2024-02-28 | 10.0 HIGH | N/A |
ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account. | |||||
CVE-2002-0043 | 1 Todd Miller | 1 Sudo | 2024-02-28 | 7.2 HIGH | N/A |
sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked. | |||||
CVE-2003-0314 | 1 Snowblind.net | 1 Snowblind Web Server | 2024-02-28 | 6.4 MEDIUM | N/A |
Snowblind Web Server 1.0 allows remote attackers to cause a denial of service (crash) via a URL that ends in a "</" sequence. | |||||
CVE-2000-1085 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-02-28 | 4.6 MEDIUM | N/A |
The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | |||||
CVE-2000-0812 | 1 Sun | 1 Java System Web Server | 2024-02-28 | 10.0 HIGH | N/A |
The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL that begins with a /servlet/ tag. | |||||
CVE-2001-1250 | 1 Vwebserver | 1 Vwebserver | 2024-02-28 | 5.0 MEDIUM | N/A |
vWebServer 1.2.0 allows remote attackers to cause a denial of service (hang) via a small number of long URL requests, possibly due to a buffer overflow. | |||||
CVE-2000-0523 | 1 Etype | 1 Eserv | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in the logging feature of EServ 2.9.2 and earlier allows an attacker to execute arbitrary commands via a long MKD command. | |||||
CVE-2003-1312 | 1 Netegrity | 1 Siteminder | 2024-02-28 | 4.3 MEDIUM | N/A |
siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing, reading Referer logs, or other methods. | |||||
CVE-2004-1388 | 1 Berlios | 1 Gps Daemon | 2024-02-28 | 7.5 HIGH | N/A |
Format string vulnerability in the gpsd_report function for BerliOS GPD daemon (gpsd, formerly pygps) 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests containing format string specifiers that are not properly handled in syslog calls. | |||||
CVE-2002-1115 | 1 Mantis | 1 Mantis | 2024-02-28 | 5.0 MEDIUM | N/A |
Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php. | |||||
CVE-2000-0730 | 1 Hp | 1 Hp-ux | 2024-02-28 | 4.6 MEDIUM | N/A |
Vulnerability in newgrp command in HP-UX 11.0 allows local users to gain privileges. | |||||
CVE-2002-1851 | 1 Ipswitch | 1 Ws Ftp Pro | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute code on a client system via unknown attack vectors. | |||||
CVE-1999-1309 | 1 Sendmail | 1 Sendmail | 2024-02-28 | 7.2 HIGH | N/A |
Sendmail before 8.6.7 allows local users to gain root access via a large value in the debug (-d) command line option. |