Max CVSS 10.0 Min CVSS 1.2 Total Count357
IDCVSSSummaryLast (major) updatePublished
CVE-2018-1160 10.0
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code executio
20-12-2018 - 16:29 20-12-2018 - 16:29
CVE-2015-5696 5.0
Dell Netvault Backup before 10.0.5 allows remote attackers to cause a denial of service (crash) via a crafted request.
23-02-2017 - 21:59 14-08-2015 - 14:59
CVE-2006-3856 2.1
IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows local users to cause a denial of service (crash) via unspecified vectors.
19-02-2017 - 00:13 08-08-2006 - 18:04
CVE-2016-4395 7.8
HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.
16-02-2017 - 21:59 28-10-2016 - 17:59
CVE-2014-7169 10.0
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted enviro
06-01-2017 - 22:00 24-09-2014 - 21:55
CVE-2014-6271 10.0
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceComman
06-01-2017 - 22:00 24-09-2014 - 14:48
CVE-2014-6278 10.0
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the Force
02-01-2017 - 21:59 30-09-2014 - 06:55
CVE-2014-6277 10.0
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-poin
02-01-2017 - 21:59 27-09-2014 - 18:55
CVE-2006-1255 10.0
Stack-based buffer overflow in the IMAP service in Mercur Messaging 5.0 SP3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string to the (1) LOGIN or (2) SELECT comm
19-12-2016 - 21:59 18-03-2006 - 20:02
CVE-2013-0230 10.0
Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method.
07-12-2016 - 22:02 31-01-2013 - 16:55
CVE-2004-1067 10.0
Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username.
07-12-2016 - 21:59 10-01-2005 - 00:00
CVE-2004-1013 10.0
The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment
07-12-2016 - 21:59 10-01-2005 - 00:00
CVE-2004-1012 10.0
The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index in
07-12-2016 - 21:59 10-01-2005 - 00:00
CVE-2001-0414 10.0
Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.
07-12-2016 - 21:59 18-06-2001 - 00:00
CVE-2015-6857 7.2
Unspecified vulnerability in Virtual Table Server (VTS) in HP LoadRunner 11.52, 12.00, 12.01, 12.02, and 12.50 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-3138.
07-12-2016 - 13:22 25-11-2015 - 22:59
CVE-2015-4067 10.0
Integer overflow in the libnv6 module in Dell NetVault Backup before 10.0.5 allows remote attackers to execute arbitrary code via crafted template string specifiers in a serialized object, which triggers a heap-based buffer overflow.
05-12-2016 - 22:02 29-05-2015 - 11:59
CVE-2016-4359 7.5
Stack-based buffer overflow in mchan.dll in the agent in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through
28-11-2016 - 15:17 08-06-2016 - 10:59
CVE-2007-0887 7.8
axigen 1.2.6 through 2.0.0b1 does not properly parse login credentials, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a base64-encoded "*\x00" sequence on the imap port (143/tcp).
21-11-2016 - 09:07 12-02-2007 - 18:28
CVE-2007-0886 10.0
Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via certain base64-encoded data on the pop3 port (110/tcp), which triggers an int
21-11-2016 - 09:04 12-02-2007 - 18:28
CVE-2006-4431 7.5
Multiple buffer overflows in the (a) Session Clustering Daemon and the (b) mod_cluster module in the Zend Platform 2.2.1 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a (1) empty or (2) crafted
17-10-2016 - 23:40 28-08-2006 - 20:04
CVE-2006-2407 7.5
Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange
17-10-2016 - 23:39 16-05-2006 - 06:02
CVE-2005-2878 7.5
Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command.
17-10-2016 - 23:31 13-09-2005 - 19:03
CVE-2005-1547 7.5
Heap-based buffer overflow in the demo version of Bakbone Netvault, and possibly other versions, allows remote attackers to execute arbitrary commands via a large packet to port 20031.
17-10-2016 - 23:20 14-05-2005 - 00:00
CVE-2005-1543 7.5
Multiple stack-based and heap-based buffer overflows in Remote Management authentication (zenrem32.exe) on Novell ZENworks 6.5 Desktop and Server Management, ZENworks for Desktops 4.x, ZENworks for Servers 3.x, and Remote Management allows remote att
17-10-2016 - 23:20 25-05-2005 - 00:00
CVE-2005-1478 7.5
Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows remote attackers to execute arbitrary code via format string specifiers in the xtellmail command.
17-10-2016 - 23:19 11-05-2005 - 00:00
CVE-2005-0957 7.5
Bay Technical Associates RPC-3 Telnet Host 3.05 allows remote attackers to bypass authentication by pressing the escape and enter keys at the username prompt.
17-10-2016 - 23:16 31-03-2005 - 00:00
CVE-2005-0546 7.5
Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow i
17-10-2016 - 23:12 02-05-2005 - 00:00
CVE-2005-0491 10.0
Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x allows remote attackers to execute arbitrary code via a long type 77 request.
17-10-2016 - 23:12 02-05-2005 - 00:00
CVE-2005-0353 10.0
Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel License Manager 7.2.0.2 allows remote attackers to execute arbitrary code by sending a large amount of data to UDP port 5093.
17-10-2016 - 23:11 02-05-2005 - 00:00
CVE-2005-0226 7.5
Format string vulnerability in the Log_Resolver function in log.c for ngIRCd 0.8.2 and earlier, when compiled with IDENT, logging to SYSLOG, and with DEBUG enabled, allows remote attackers to execute arbitrary code.
17-10-2016 - 23:08 03-02-2005 - 00:00
CVE-2004-1705 5.0
Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers to cause a denial of service via a long username.
17-10-2016 - 22:59 30-07-2004 - 00:00
CVE-2004-1702 5.0
The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 does not properly check the return value of the ReceiveTransaction function, which leads to a failed malloc call and triggers to a null dereference, which allows remote atta
17-10-2016 - 22:59 09-08-2004 - 00:00
CVE-2004-1701 10.0
Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication.
17-10-2016 - 22:59 09-08-2004 - 00:00
CVE-2004-1533 5.0
Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier allows remote attackers to cause a denial of service (service crash) via a long (1) username or (2) password.
17-10-2016 - 22:55 31-12-2004 - 00:00
CVE-2004-1388 7.5
Format string vulnerability in the gpsd_report function for BerliOS GPD daemon (gpsd, formerly pygps) 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests containing format string specifiers that are not proper
17-10-2016 - 22:53 31-12-2004 - 00:00
CVE-2004-1211 10.0
Multiple buffer overflows in the IMAP service in Mercury/32 4.01a allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via long arguments to the (1) EXAMINE, (2) SUBSCRIBE, (3) STATUS,
17-10-2016 - 22:52 10-01-2005 - 00:00
CVE-2004-1192 10.0
Format string vulnerability in the lprintf function in Citadel/UX 6.27 and earlier allows remote attackers to execute arbitrary code via format string specifiers sent to the server.
17-10-2016 - 22:52 10-01-2005 - 00:00
CVE-2004-1011 10.0
Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015.
17-10-2016 - 22:50 10-01-2005 - 00:00
CVE-2004-0826 7.5
Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.
17-10-2016 - 22:49 31-12-2004 - 00:00
CVE-2004-0792 6.4
Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files.
17-10-2016 - 22:49 20-10-2004 - 00:00
CVE-2004-0735 7.5
Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and earlier, (2) Breakthrough 2.40b and earlier, and (3) Spearhead 2.15 and earlier, when playing on a Local Area Network (LAN), allows remote attackers to execute arbitrary code via vectors
17-10-2016 - 22:48 27-07-2004 - 00:00
CVE-2004-0686 5.0
Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors.
17-10-2016 - 22:47 27-07-2004 - 00:00
CVE-2004-0649 10.0
Buffer overflow in write_packet in control.c for l2tpd may allow remote attackers to execute arbitrary code.
17-10-2016 - 22:47 06-08-2004 - 00:00
CVE-2004-0608 10.0
The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlier, Tactical Ops 3.4.0 and earlier, Unreal 1 226f a
17-10-2016 - 22:46 06-12-2004 - 00:00
CVE-2003-0962 7.5
Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail.
17-10-2016 - 22:38 15-12-2003 - 00:00
CVE-2003-0849 7.5
Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWith
17-10-2016 - 22:38 17-11-2003 - 00:00
CVE-2003-0722 10.0
The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.
17-10-2016 - 22:36 22-09-2003 - 00:00
CVE-2003-0695 7.5
Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a differe
17-10-2016 - 22:36 06-10-2003 - 00:00
CVE-2003-0693 10.0
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CV
17-10-2016 - 22:36 22-09-2003 - 00:00
CVE-2003-0682 7.5
"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.
17-10-2016 - 22:36 06-10-2003 - 00:00
CVE-2003-0581 7.5
X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a (1) FS_QueryXExtents8 or (2) FS_QueryXBitmaps8 packet, and possibly other types of packets, with a large num_ra
17-10-2016 - 22:35 18-08-2003 - 00:00
CVE-2003-0478 10.0
Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, and other IRC daemons based on Bahamut including (2) digatech 1.2.1, (3) methane 0.1.1, (4) AndromedeIRCd 1.2.3-Release, and (5) ircd-RU, when running in debug mode, allows remote at
17-10-2016 - 22:34 07-08-2003 - 00:00
CVE-2003-0407 10.0
Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows remote attackers to execute arbitrary code via a long connection string.
17-10-2016 - 22:33 30-06-2003 - 00:00
CVE-2003-0319 7.5
Buffer overflow in the IMAP server (IMAPMax) for SmartMax MailMax 5.0.10.8 and earlier allows remote authenticated users to execute arbitrary code via a long SELECT command.
17-10-2016 - 22:32 09-06-2003 - 00:00
CVE-2003-0213 7.5
ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attackers to cause a denial of service via a length field of 0 or 1, which causes a negative value to be fed into a read operation, leading to a buffer overflow.
17-10-2016 - 22:30 12-05-2003 - 00:00
CVE-2003-0201 10.0
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.
17-10-2016 - 22:30 05-05-2003 - 00:00
CVE-2003-0196 10.0
Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.
17-10-2016 - 22:30 05-05-2003 - 00:00
CVE-2003-0123 5.0
Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line.
17-10-2016 - 22:29 18-03-2003 - 00:00
CVE-2003-0086 1.2
The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown.
17-10-2016 - 22:29 31-03-2003 - 00:00
CVE-2003-0085 10.0
Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.
17-10-2016 - 22:29 31-03-2003 - 00:00
CVE-2002-1318 10.0
Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to
17-10-2016 - 22:25 11-12-2002 - 00:00
CVE-2002-1317 7.5
Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.
17-10-2016 - 22:25 11-12-2002 - 00:00
CVE-2002-0813 7.1
Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename.
17-10-2016 - 22:22 12-08-2002 - 00:00
CVE-2002-0640 10.0
Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authenticat
17-10-2016 - 22:20 03-07-2002 - 00:00
CVE-2002-0639 10.0
Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.
17-10-2016 - 22:20 03-07-2002 - 00:00
CVE-2002-0575 7.5
Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges.
17-10-2016 - 22:20 18-06-2002 - 00:00
CVE-2002-0379 7.5
Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code vi
17-10-2016 - 22:19 25-06-2002 - 00:00
CVE-2002-0134 7.5
Telnet proxy in Avirt Gateway Suite 4.2 does not require authentication for connecting to the proxy system itself, which allows remote attackers to list file contents of the proxy and execute arbitrary commands via a "dos" command.
17-10-2016 - 22:16 25-03-2002 - 00:00
CVE-2002-0083 10.0
Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.
17-10-2016 - 22:16 15-03-2002 - 00:00
CVE-2002-0048 10.0
Multiple signedness errors (mixed signed and unsigned numbers) in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server.
17-10-2016 - 22:15 27-02-2002 - 00:00
CVE-2001-1046 10.0
Buffer overflow in qpopper (aka qpop or popper) 4.0 through 4.0.2 allows remote attackers to gain privileges via a long username.
17-10-2016 - 22:14 02-06-2001 - 00:00
CVE-2001-1002 7.5
The default configuration of the DVI print filter (dvips) in Red Hat Linux 7.0 and earlier does not run dvips in secure mode when dvips is executed by lpd, which could allow remote attackers to gain privileges by printing a DVI file that contains mal
17-10-2016 - 22:14 31-08-2001 - 00:00
CVE-2001-0927 7.5
Format string vulnerability in the permitted function of GNOME libgtop_daemon in libgtop 1.0.12 and earlier allows remote attackers to execute arbitrary code via an argument that contains format specifiers that are passed into the (1) syslog_message
17-10-2016 - 22:13 27-11-2001 - 00:00
CVE-2001-0913 7.5
Format string vulnerability in Network Solutions Rwhoisd 1.5.7.2 and earlier, when using syslog, allows remote attackers to corrupt memory and possibly execute arbitrary code via a rwhois request that contains format specifiers.
17-10-2016 - 22:13 22-11-2001 - 00:00
CVE-2001-0838 7.5
Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows remote attackers to execute arbitrary code via format string specifiers in the -soa command.
17-10-2016 - 22:12 06-12-2001 - 00:00
CVE-2001-0797 10.0
Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.
17-10-2016 - 22:11 12-12-2001 - 00:00
CVE-2001-0236 10.0
Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows remote attackers to execute arbitrary commands via a long "indication" event.
17-10-2016 - 22:10 03-05-2001 - 00:00
CVE-2000-0060 5.0
Buffer overflow in aVirt Rover POP3 server 1.1 allows remote attackers to cause a denial of service via a long user name.
17-10-2016 - 22:06 27-12-1999 - 00:00
CVE-2000-0026 10.0
Buffer overflow in UnixWare i2odialogd daemon allows remote attackers to gain root access via a long username/password authorization string.
17-10-2016 - 22:06 21-12-1999 - 00:00
CVE-1999-1557 5.0
Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password.
17-10-2016 - 22:05 02-05-2005 - 00:00
CVE-1999-1511 7.5
Buffer overflows in Xtramail 1.11 allow attackers to cause a denial of service (crash) and possibly execute arbitrary commands via (1) a long PASS command in the POP3 service, (2) a long HELO command in the SMTP service, or (3) a long user name in th
17-10-2016 - 22:05 10-11-1999 - 00:00
CVE-1999-1113 5.0
Buffer overflow in Eudora Internet Mail Server (EIMS) 2.01 and earlier on MacOS systems allows remote attackers to cause a denial of service via a long USER command to port 106.
17-10-2016 - 22:01 14-04-1998 - 00:00
CVE-1999-1046 10.0
Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 8181.
17-10-2016 - 22:00 01-03-1999 - 00:00
CVE-2006-3855 6.5
The ifx_load_internal function in IBM Informix Dynamic Server (IDS) allows remote authenticated users to execute arbitrary C code via the DllMain or _init function in a library, aka "C code UDR."
31-08-2016 - 09:14 08-08-2006 - 18:04
CVE-2006-3862 7.5
Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through 9.40.xC7 and 10.00.TC1 through 10.00.xC3 allows attackers to execute arbitrary code via the SQLIDEBUG environment variable (envariable).
30-08-2016 - 21:59 08-08-2006 - 18:04
CVE-2012-5213 7.8
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1662.
24-08-2016 - 11:29 09-03-2013 - 06:55
CVE-2012-5212 6.8
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of serv
24-08-2016 - 11:16 09-03-2013 - 06:55
CVE-2012-5211 7.5
Unspecified vulnerability in HP Intelligent Management Center (iMC) User Access Manager (UAM) before 5.2 E0402 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1643.
24-08-2016 - 11:00 09-03-2013 - 06:55
CVE-2012-5209 10.0
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1659.
24-08-2016 - 10:59 09-03-2013 - 06:55
CVE-2012-5208 7.5
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of serv
24-08-2016 - 10:58 09-03-2013 - 06:55
CVE-2012-5207 9.0
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of serv
24-08-2016 - 10:58 09-03-2013 - 06:55
CVE-2012-5206 7.5
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of serv
24-08-2016 - 10:53 09-03-2013 - 06:55
CVE-2012-5205 7.5
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of serv
24-08-2016 - 09:37 09-03-2013 - 06:55
CVE-2012-5204 7.5
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of serv
24-08-2016 - 09:36 09-03-2013 - 06:55
CVE-2012-5203 7.5
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of serv
24-08-2016 - 09:35 09-03-2013 - 06:55
CVE-2012-5202 7.5
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of serv
24-08-2016 - 09:34 09-03-2013 - 06:55
CVE-2012-5201 10.0
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1611.
24-08-2016 - 09:34 09-03-2013 - 06:55
CVE-2011-1944 9.3
Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file tha
16-06-2016 - 21:59 02-09-2011 - 12:55
CVE-2013-0229 7.8
The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.
08-10-2015 - 10:34 31-01-2013 - 16:55
CVE-2012-5958 10.0
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbi
02-09-2015 - 21:09 31-01-2013 - 16:55
CVE-2012-5961 10.0
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary co
02-09-2015 - 12:29 31-01-2013 - 16:55
CVE-2012-5965 10.0
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary co
01-09-2015 - 13:08 31-01-2013 - 16:55
CVE-2012-5964 10.0
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary co
01-09-2015 - 13:07 31-01-2013 - 16:55
CVE-2012-5963 10.0
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary co
01-09-2015 - 13:06 31-01-2013 - 16:55
CVE-2012-5962 10.0
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary co
01-09-2015 - 13:05 31-01-2013 - 16:55
CVE-2012-5960 10.0
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbi
01-09-2015 - 13:02 31-01-2013 - 16:55
CVE-2012-5959 10.0
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbi
01-09-2015 - 13:02 31-01-2013 - 16:55
CVE-2011-1167 6.8
Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSamp
20-02-2014 - 23:40 28-03-2011 - 12:55
CVE-2011-3919 7.5
Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
23-01-2014 - 23:21 07-01-2012 - 06:55
CVE-2006-6184 10.0
Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long filename in a (1) GET or (2) PUT command.
12-12-2013 - 22:37 30-11-2006 - 19:28
CVE-2011-3026 7.5
Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.
15-11-2013 - 00:32 16-02-2012 - 15:55
CVE-2012-2450 9.0
VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, which allows guest OS users to cause a denial of s
02-11-2013 - 23:24 04-05-2012 - 12:55
CVE-2012-2449 9.0
VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x through 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly configure the virtual floppy device, which allows guest OS users to caus
02-11-2013 - 23:24 04-05-2012 - 12:55
CVE-2011-1848 10.0
Stack-based buffer overflow in img.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a crafted length field in a packet.
28-08-2013 - 02:36 13-05-2011 - 13:05
CVE-2011-1852 10.0
Multiple stack-based buffer overflows in tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allow remote attackers to execute arbitrary code via crafted packet content accompanying a (1) DATA or (2) ERROR opcode.
17-07-2013 - 02:27 13-05-2011 - 13:05
CVE-2013-2343 10.0
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1510.
03-07-2013 - 00:00 02-07-2013 - 17:55
CVE-2012-1173 6.8
Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading t
14-05-2013 - 23:24 04-06-2012 - 16:55
CVE-2012-3726 6.8
Double free vulnerability in ImageIO in Apple iOS before 6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.
22-03-2013 - 23:12 20-09-2012 - 17:55
CVE-2012-3725 3.3
The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information about previous devic
22-03-2013 - 23:12 20-09-2012 - 17:55
CVE-2012-3722 6.8
The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a
22-03-2013 - 23:12 20-09-2012 - 17:55
CVE-2012-5200 3.5
Cross-site scripting (XSS) vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote authenticated users to inject arbitrary web script or HTML via uns
16-03-2013 - 00:00 09-03-2013 - 06:55
CVE-2012-5417 10.0
Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer functionality, which allows remote attackers to execute arbitrary commands via JBoss Application Server Remote Method Invocat
25-02-2013 - 23:51 02-11-2012 - 00:46
CVE-2012-3285 10.0
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1513.
07-02-2013 - 00:00 06-02-2013 - 07:05
CVE-2012-3284 10.0
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1512.
07-02-2013 - 00:00 06-02-2013 - 07:05
CVE-2012-3282 10.0
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1468.
07-02-2013 - 00:00 06-02-2013 - 07:05
CVE-2011-2834 6.8
Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
06-02-2013 - 23:45 19-09-2011 - 08:02
CVE-2011-2821 7.5
Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.
06-02-2013 - 23:45 29-08-2011 - 11:55
CVE-2012-3283 10.0
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1511.
06-02-2013 - 00:00 06-02-2013 - 07:05
CVE-2012-6392 10.0
Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arbitrary commands via a crafted session, aka Bug ID C
29-01-2013 - 00:00 17-01-2013 - 10:55
CVE-2012-3274 10.0
Stack-based buffer overflow in uam.exe in the User Access Manager (UAM) component in HP Intelligent Management Center (IMC) before 5.1 E0101P01 allows remote attackers to execute arbitrary code via vectors related to log data.
26-12-2012 - 00:00 06-12-2012 - 06:45
CVE-2012-6067 10.0
freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to bypass authentication via a crafted SFTP session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
05-12-2012 - 00:00 04-12-2012 - 18:55
CVE-2012-6066 9.3
freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
05-12-2012 - 00:00 04-12-2012 - 18:55
CVE-2012-5975 9.3
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to byp
05-12-2012 - 00:00 04-12-2012 - 18:55
CVE-2012-0697 10.0
HP StorageWorks P2000 G3 MSA array systems have a default account, which makes it easier for remote attackers to perform administrative tasks via unspecified vectors, a different vulnerability than CVE-2011-4788.
27-11-2012 - 23:34 12-01-2012 - 23:14
CVE-2011-4789 10.0
Stack-based buffer overflow in magentservice.exe in the server in HP LoadRunner 11.00 before patch 4 allows remote attackers to execute arbitrary code via a crafted size value in a packet. NOTE: it was originally reported that the affected product i
27-11-2012 - 23:31 12-01-2012 - 23:14
CVE-2007-1675 10.0
Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server (nimap.exe) in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service via a long username.
05-11-2012 - 22:35 28-03-2007 - 17:19
CVE-2006-4175 7.8
The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 Patch4 and earlier and ONE Directory Server 5.1 and 5.2 allows remote attackers to cause a denial of service (crash) via malformed queries, probably malformed BER queries, which trigg
05-11-2012 - 22:18 26-03-2007 - 19:19
CVE-2008-5050 9.3
Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, whic
30-10-2012 - 23:06 12-11-2008 - 21:30
CVE-2007-2279 9.3
The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScri
30-10-2012 - 22:34 04-06-2007 - 12:30
CVE-2012-0409 7.5
Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before 5.4.3 allow remote attackers to cause a denial of service (agent crash) or possibly execute arbitrary code via crafted packets.
30-10-2012 - 00:00 01-06-2012 - 16:55
CVE-2012-3679 9.3
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in AP
21-09-2012 - 23:35 25-07-2012 - 16:55
CVE-2012-3678 9.3
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in AP
21-09-2012 - 23:35 25-07-2012 - 16:55
CVE-2012-3592 9.3
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in AP
21-09-2012 - 23:34 25-07-2012 - 16:55
CVE-2012-3591 9.3
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in AP
21-09-2012 - 23:34 25-07-2012 - 16:55
CVE-2012-3590 8.8
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in AP
21-09-2012 - 23:34 25-07-2012 - 16:55
CVE-2012-3589 9.3
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in AP
21-09-2012 - 23:34 25-07-2012 - 16:55
CVE-2012-0683 9.3
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in AP
21-09-2012 - 23:29 25-07-2012 - 16:55
CVE-2012-0682 9.3
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in AP
21-09-2012 - 23:29 25-07-2012 - 16:55
CVE-2011-4599 7.5
Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant
21-09-2012 - 23:27 21-06-2012 - 11:55
CVE-2011-3328 2.6
The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk
21-09-2012 - 23:25 17-01-2012 - 14:55
CVE-2011-3048 6.8
The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk i
21-09-2012 - 23:24 29-05-2012 - 16:55
CVE-2009-5116 6.5
McAfee LinuxShield 1.5.1 and earlier does not properly implement client authentication, which allows remote authenticated users to obtain Admin access to the statistics server by leveraging a client account.
22-08-2012 - 00:00 22-08-2012 - 06:42
CVE-2012-4361 7.7
lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter.
21-08-2012 - 00:00 20-08-2012 - 18:55
CVE-2012-2986 7.7
lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) first, (2) third, or (3) fourth parameter. NOTE: this vulnerability exists b
21-08-2012 - 00:00 20-08-2012 - 18:55
CVE-2012-1493 7.8
F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across di
10-07-2012 - 00:00 09-07-2012 - 18:55
CVE-2012-2448 7.5
VMware ESXi 3.5 through 5.0 and ESX 3.5 through 4.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via NFS traffic.
07-05-2012 - 00:00 04-05-2012 - 12:55
CVE-2011-3167 10.0
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1210.
14-02-2012 - 23:09 02-11-2011 - 13:55
CVE-2011-3166 10.0
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1209.
14-02-2012 - 23:09 02-11-2011 - 13:55
CVE-2011-3165 10.0
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1208.
14-02-2012 - 23:09 02-11-2011 - 13:55
CVE-2007-6682 7.5
Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter.
27-01-2012 - 00:32 16-01-2008 - 20:00
CVE-2006-6026 10.0
Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11.1.3, and Helix DNA Server 11.0 and 11.1, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a DESCRIBE requ
18-10-2011 - 00:00 21-11-2006 - 18:07
CVE-2005-2341 7.5
Heap-based buffer overflow in Research in Motion (RIM) BlackBerry Attachment Service allows remote attackers to cause a denial of service (hang) via an e-mail attachment with a crafted TIFF file.
17-10-2011 - 00:00 31-12-2005 - 00:00
CVE-2005-3640 10.0
Multiple buffer overflows in the IMAP Groupware Mail server of Floosietek FTGate (FTGate4) 4.1 allow remote attackers to execute arbitrary code via long arguments to various IMAP commands, as demonstrated with the EXAMINE command.
13-09-2011 - 00:00 16-11-2005 - 16:22
CVE-2005-2618 9.3
Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allow remote attackers to execute arbitrary code via (1) a UUE file containing an encoded file with a long filename ha
06-09-2011 - 00:00 31-12-2005 - 00:00
CVE-2011-1147 6.8
Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2
23-08-2011 - 23:16 15-03-2011 - 13:55
CVE-2005-3314 7.5
Stack-based buffer overflow in the IMAP daemon in Novell Netmail 3.5.2 allows remote attackers to execute arbitrary code via "long verb arguments."
01-08-2011 - 00:00 18-11-2005 - 17:03
CVE-2005-2344 5.0
The BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.0 to version 4.0 Service Pack 2 allows attackers to cause a denial of service via a malformed Portable Network Graphics (PNG) file that triggers a heap
14-07-2011 - 00:00 31-12-2005 - 00:00
CVE-2011-1854 10.0
Use-after-free vulnerability in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a long syslog packet, related to an exception handler.
13-07-2011 - 00:00 13-05-2011 - 13:05
CVE-2007-0882 10.0
Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to
13-06-2011 - 00:00 12-02-2007 - 15:28
CVE-2011-1853 10.0
tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a (1) large or (2) invalid opcode field, related to a function pointer table.
26-05-2011 - 00:00 13-05-2011 - 13:05
CVE-2011-1851 10.0
Stack-based buffer overflow in tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a long mode field.
26-05-2011 - 00:00 13-05-2011 - 13:05
CVE-2011-1850 10.0
Stack-based buffer overflow in the logging functionality in dbman.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via vectors related to a received action.
26-05-2011 - 00:00 13-05-2011 - 13:05
CVE-2011-1849 10.0
tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to create or overwrite files, and subsequently execute arbitrary code, via a crafted WRQ request.
26-05-2011 - 00:00 13-05-2011 - 13:05
CVE-2006-2447 5.1
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
07-04-2011 - 00:00 06-06-2006 - 17:06
CVE-2006-2923 6.4
The iax_net_read function in the iaxclient open source library, as used in multiple products including (a) LoudHush 1.3.6, (b) IDE FISK 1.35 and earlier, (c) Kiax 0.8.5 and earlier, (d) DIAX, (e) Ziaxphone, (f) IAX Phone, (g) X-lite, (h) MediaX, (i)
28-03-2011 - 00:00 09-06-2006 - 06:02
CVE-2011-0495 6.0
Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows
10-03-2011 - 00:00 20-01-2011 - 14:00
CVE-2009-0043 10.0
The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors.
07-03-2011 - 22:17 08-01-2009 - 14:30
CVE-2008-5911 10.0
Multiple buffer overflows in RealNetworks Helix Server and Helix Mobile Server 11.x before 11.1.8 and 12.x before 12.0.1 allow remote attackers to (1) cause a denial of service via three crafted RTSP SETUP commands, or execute arbitrary code via (2)
07-03-2011 - 22:15 20-01-2009 - 11:00
CVE-2008-5314 4.3
Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_ph
07-03-2011 - 22:14 03-12-2008 - 12:30
CVE-2008-3914 10.0
Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the "error path" in (1) libclamav/others.c and (2) libclamav/sis.c.
07-03-2011 - 22:11 10-09-2008 - 21:13
CVE-2008-3913 5.0
Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 might allow attackers to cause a denial of service (memory consumption) via unspecified vectors related to "error handling logic".
07-03-2011 - 22:11 10-09-2008 - 21:13
CVE-2008-3912 5.0
libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition.
07-03-2011 - 22:11 10-09-2008 - 21:13
CVE-2008-3159 10.0
Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory 8.7.3.10 before 8.7.3 SP10b and 8.8 before 8.8.2 ftf2 allows remote attackers to execute arbitrary code via unspecified vectors that trigger a stack-based buffer overflow, related
07-03-2011 - 22:10 14-07-2008 - 14:41
CVE-2008-2157 10.0
robotd in the Library Manager in EMC AlphaStor 3.1 SP1 for Windows allows remote attackers to execute arbitrary commands via an unspecified string field in a packet to TCP port 3500.
07-03-2011 - 22:08 29-05-2008 - 12:32
CVE-2008-1809 10.0
Heap-based buffer overflow in Novell eDirectory 8.7.3 before 8.7.3.10b, and 8.8 before 8.8.2 FTF2, allows remote attackers to execute arbitrary code via an LDAP search request containing "NULL search parameters."
07-03-2011 - 22:07 14-07-2008 - 14:41
CVE-2008-1771 7.5
Integer overflow in the ws_getpostvars function in Firefly Media Server (formerly mt-daapd) 0.2.4.1 (0.9~r1696-1.2 on Debian) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request wi
07-03-2011 - 22:07 16-04-2008 - 11:05
CVE-2008-1389 5.0
libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access."
07-03-2011 - 22:07 04-09-2008 - 12:41
CVE-2008-1369 10.0
A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and T5220 servers has /etc/default/login and /etc/ssh/sshd_config files that configure root logins in a manner unintended by the vendor, which allows remote attackers to gain privileg
07-03-2011 - 22:06 18-03-2008 - 13:44
CVE-2008-1319 9.3
Untrusted search path and argument injection vulnerability in the VersantD service in Versant Object Database 7.0.1.3 and earlier, as used in Borland CaliberRM and probably other products, allows remote attackers to execute arbitrary commands via a r
07-03-2011 - 22:06 13-03-2008 - 10:44
CVE-2008-0860 10.0
Unspecified vulnerability in the AVG plugin in Kerio MailServer before 6.5.0 has unspecified impact via unknown remote attack vectors related to null DACLs.
07-03-2011 - 22:05 20-02-2008 - 19:44
CVE-2008-0859 5.0
Unspecified vulnerability in Kerio MailServer before 6.5.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to decoding of uuencoded input, which triggers memory corruption.
07-03-2011 - 22:05 20-02-2008 - 19:44
CVE-2008-0858 7.5
Buffer overflow in the Visnetic anti-virus plugin in Kerio MailServer before 6.5.0 might allow remote attackers to execute arbitrary code via unspecified vectors.
07-03-2011 - 22:05 20-02-2008 - 19:44
CVE-2008-0434 9.3
Format string vulnerability in the AXIMilter module in AXIGEN Mail Server 5.0.2 allows remote attackers to execute arbitrary code via format string specifiers in the CNHO command.
07-03-2011 - 22:04 23-01-2008 - 17:00
CVE-2007-6431 10.0
Unspecified vulnerability in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allows remote attackers to "take control of the affected system" via unspecified vectors, a different issue than CVE-2007-6148 and CVE-2
07-03-2011 - 22:02 13-02-2008 - 16:00
CVE-2007-6426 7.8
Multiple heap-based buffer overflows in EMC RepliStor 6.2 SP2, and possibly earlier versions, allow remote attackers to execute arbitrary code via crafted compressed data.
07-03-2011 - 22:02 20-02-2008 - 19:44
CVE-2007-6149 10.0
Multiple integer overflows in the Edge server in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allow remote attackers to execute arbitrary code via a Real Time Message Protocol (RTMP) message with a crafted inte
07-03-2011 - 22:02 13-02-2008 - 16:00
CVE-2007-6148 10.0
Use-after-free vulnerability in the Edge server in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allows remote attackers to execute arbitrary code via an unspecified sequence of Real Time Message Protocol (RTMP)
07-03-2011 - 22:02 13-02-2008 - 16:00
CVE-2007-5924 4.3
Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.2 FP2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
07-03-2011 - 22:01 09-11-2007 - 21:46
CVE-2007-5740 7.5
The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the
07-03-2011 - 22:01 31-10-2007 - 12:46
CVE-2007-5208 7.6
hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) 1.x and 2.x before 2.7.10 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a from address, which is not properly handled when invoking sen
07-03-2011 - 22:00 12-10-2007 - 20:17
CVE-2007-5018 6.0
Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command. NOTE: this issue might overlap with CVE-2004-1211.
07-03-2011 - 21:59 20-09-2007 - 17:17
CVE-2007-4566 10.0
Multiple buffer overflows in the login mechanism in sidvault in Alpha Centauri Software SIDVault LDAP Server before 2.0f allow remote attackers to execute arbitrary code via crafted LDAP packets, as demonstrated by a long dc entry in an LDAP bind.
07-03-2011 - 21:58 27-08-2007 - 21:17
CVE-2007-4561 10.0
Heap-based buffer overflow in the RTSP service in Helix DNA Server before 11.1.4 allows remote attackers to execute arbitrary code via an RSTP command containing multiple Require headers.
07-03-2011 - 21:58 27-08-2007 - 21:17
CVE-2007-3618 9.3
Stack-based buffer overflow in the NetWorker Remote Exec Service (nsrexecd.exe) in EMC Software NetWorker 7.x.x allows remote attackers to execute arbitrary code via a (1) poll or (2) kill request with a "long invalid subcmd."
07-03-2011 - 21:56 21-08-2007 - 17:17
CVE-2007-3510 9.0
Buffer overflow in the IMAP service in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.3, allows remote authenticated users to execute arbitrary code via a long mailbox name.
07-03-2011 - 21:56 29-10-2007 - 17:46
CVE-2007-3225 6.4
Unspecified vulnerability in Sun Java System Directory Server (slapd) 6.0, and 5.2 with Patch 3 or 4, allows remote attackers to modify certain data via unknown vectors.
07-03-2011 - 21:55 14-06-2007 - 19:30
CVE-2007-3224 5.0
Unspecified vulnerability in Sun ONE/Java System Directory Server (slapd) 6.0, and 5.x before 5.2 Patch 5, allows remote attackers to determine the existence of attributes of an entry via unspecified vectors.
07-03-2011 - 21:55 14-06-2007 - 19:30
CVE-2007-2466 7.8
Unspecified vulnerability in the LDAP Software Development Kit (SDK) for C, as used in Sun Java System Directory Server 5.2 up to Patch 4 and Sun ONE Directory Server 5.1, allows remote attackers to cause a denial of service (crash) via certain BER e
07-03-2011 - 21:54 02-05-2007 - 18:19
CVE-2007-2293 7.6
Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP pa
07-03-2011 - 21:53 26-04-2007 - 16:19
CVE-2007-2171 10.0
Stack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request.
07-03-2011 - 21:53 24-04-2007 - 16:19
CVE-2007-1578 10.0
Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow.
07-03-2011 - 21:52 21-03-2007 - 19:19
CVE-2007-1070 10.0
Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflo
07-03-2011 - 21:51 21-02-2007 - 06:28
CVE-2007-0956 7.6
The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.
07-03-2011 - 21:51 05-04-2007 - 21:19
CVE-2007-0749 10.0
Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in a
07-03-2011 - 21:50 13-05-2007 - 18:19
CVE-2007-0748 10.0
Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allows remote attackers to execute arbitrary code via multiple trackID values in a SETUP RTSP request.
07-03-2011 - 21:50 13-05-2007 - 18:19
CVE-2007-0446 10.0
Stack-based buffer overflow in magentproc.exe for Hewlett-Packard Mercury LoadRunner Agent 8.0 and 8.1, Performance Center Agent 8.0 and 8.1, and Monitor over Firewall 8.1 allows remote attackers to execute arbitrary code via a packet with a long ser
07-03-2011 - 21:49 08-02-2007 - 18:28
CVE-2007-0060 9.3
Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certai
07-03-2011 - 21:48 25-07-2007 - 20:30
CVE-2006-6299 10.0
Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management (ZAM) before SP1 IR11 and the Collection client allows remote attackers to execute arbitrary code via crafted packets, which trigger a heap-based buffer overflow.
07-03-2011 - 21:45 05-12-2006 - 06:28
CVE-2006-5855 10.0
Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in (1) the language field at logon tha
07-03-2011 - 21:43 06-12-2006 - 14:28
CVE-2006-5444 7.5
Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value
07-03-2011 - 21:43 23-10-2006 - 13:07
CVE-2006-4201 7.5
Unspecified vulnerability in the backup agent and Cell Manager in HP OpenView Storage Data Protector 5.1 and 5.5 before 20060810 allows remote attackers to execute arbitrary code on an agent via unspecified vectors related to authentication and input
07-03-2011 - 21:40 17-08-2006 - 17:04
CVE-2006-4014 5.0
Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allows remote attackers to cause a denial of service (application freeze) "by sending invalid posts".
07-03-2011 - 21:40 07-08-2006 - 15:04
CVE-2006-4013 7.6
Multiple directory traversal vulnerabilities in Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allow remote attackers to read and overwrite certain files via directory traversal sequ
07-03-2011 - 21:40 07-08-2006 - 15:04
CVE-2006-3861 4.0
IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases.
07-03-2011 - 21:39 08-08-2006 - 18:04
CVE-2006-3860 7.5
IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows allows remote authenticated users to execute arbitrary commands via the (1) "SET DEBUG FILE" SQL command, and the (2) start_onpload and (3) dbexp functions.
07-03-2011 - 21:39 16-08-2006 - 21:04
CVE-2006-3858 2.1
IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772).
07-03-2011 - 21:39 08-08-2006 - 18:04
CVE-2006-3857 6.5
Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before 9.40.TC6 and 10.00 before 10.00.TC3 allow remote authenticated users to execute arbitrary code via (1) the getname function, as used by (a) _sq_remview, (b) _sq_remproc, (c) _sq_re
07-03-2011 - 21:39 08-08-2006 - 18:04
CVE-2006-3853 5.1
Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 and 10.00 before 10.00.TC3, when running on Windows, allows remote attackers to execute arbitrary code via a long username.
07-03-2011 - 21:39 08-08-2006 - 18:04
CVE-2006-2830 7.5
Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent (TRA) before 5.4, and Hawk before 4.6.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the HTTP administrative interface.
07-03-2011 - 21:37 05-06-2006 - 16:06
CVE-2006-2496 10.0
Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors.
07-03-2011 - 21:36 19-05-2006 - 23:02
CVE-2006-2391 7.5
Buffer overflow in EMC Retrospect Client 5.1 through 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet to port 497.
07-03-2011 - 21:36 15-05-2006 - 21:02
CVE-2006-2023 5.0
Integer overflow in the RTSP_msg_len function in rtsp/RTSP_msg_len.c in Fenice 1.10 and earlier allows remote attackers to cause a denial of service (application crash) via a large HTTP Content-Length value, which leads to an invalid memory access.
07-03-2011 - 21:34 25-04-2006 - 16:06
CVE-2006-2022 7.5
Buffer overflow in the parse_url function in the RTSP module (rtsp/parse_url.c) in Fenice 1.10 and earlier allows remote attackers to execute arbitrary code via a long URL.
07-03-2011 - 21:34 25-04-2006 - 16:06
CVE-2006-0992 10.0
Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon. NOTE: due to a typo, the original ZDI advisory accide
07-03-2011 - 21:31 14-04-2006 - 06:02
CVE-2006-0761 5.1
Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell Gro
07-03-2011 - 21:30 17-02-2006 - 21:02
CVE-2006-0328 5.0
Format string vulnerability in Tftpd32 2.81 allows remote attackers to cause a denial of service via format string specifiers in a filename in a (1) GET or (2) SEND request.
07-03-2011 - 21:29 20-01-2006 - 19:03
CVE-2005-3523 7.5
Format string vulnerability in friendsd2 in GpsDrive allows remote attackers to execute arbitrary code via the dir (direction) field.
07-03-2011 - 21:26 06-11-2005 - 21:02
CVE-2005-2933 7.5
Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washington's IMAP Server (UW-IMAP) before imap-2004g allows remote attackers to execute arbitrary code via a mailbox name containing a single double-quote (") character without a
07-03-2011 - 21:25 13-10-2005 - 18:02
CVE-2005-2669 10.0
Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows remote attackers to execute arbitrary commands via spoofed CAFT packets.
07-03-2011 - 21:24 23-08-2005 - 00:00
CVE-2005-2668 10.0
Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allow remote attackers to execute arbitrary code via unknown vectors.
07-03-2011 - 21:24 23-08-2005 - 00:00
CVE-2005-2667 5.0
Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows attackers to cause a denial of service via unknown vectors, aka the "CAM TCP port vulnerability."
07-03-2011 - 21:24 23-08-2005 - 00:00
CVE-2005-2619 9.3
Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a
07-03-2011 - 21:24 31-12-2005 - 00:00
CVE-2005-1758 7.5
Buffer overflow in the IMAP command continuation function in Novell NetMail 3.52 before 3.52C may allow remote attackers to execute arbitrary code.
07-03-2011 - 21:22 08-06-2005 - 00:00
CVE-2005-0771 10.0
VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows allows remote unauthenticated attackers to modify the registry by calling methods to the RPC interface on TCP port 6106.
07-03-2011 - 21:20 23-06-2005 - 00:00
CVE-2005-0349 7.5
The production release of the UniversalAgent for UNIX in BrightStor ARCserve Backup 11.1 contains hard-coded credentials, which allows remote attackers to access the file system and possibly execute arbitrary commands.
07-03-2011 - 21:19 02-05-2005 - 00:00
CVE-2004-2486 7.5
The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which might allow remote attackers to gain access.
07-03-2011 - 21:18 31-12-2004 - 00:00
CVE-2000-0584 10.0
Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name.
07-03-2011 - 21:03 02-07-2000 - 00:00
CVE-2005-4267 7.5
Stack-based buffer overflow in Qualcomm WorldMail 3.0 allows remote attackers to execute arbitrary code via a long IMAP command that ends with a "}" character, as demonstrated using long (1) LIST, (2) LSUB, (3) SEARCH TEXT, (4) STATUS INBOX, (5) AUTH
07-03-2011 - 00:00 21-12-2005 - 06:03
CVE-2010-4115 9.0
HP StorageWorks Modular Smart Array P2000 G3 firmware TS100R011, TS100R025, TS100P002, TS200R005, TS201R014, and TS201R015 installs an undocumented admin account with a default "!admin" password, which allows remote attackers to gain privileges.
20-12-2010 - 00:00 17-12-2010 - 14:00
CVE-2004-1154 10.0
Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of securit
21-08-2010 - 00:21 10-01-2005 - 00:00
CVE-2001-1583 10.0
lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability
24-06-2010 - 00:00 31-12-2001 - 00:00
CVE-2009-4510 8.5
The SSH service on the TANDBERG Video Communication Server (VCS) before X5.1 uses a fixed DSA key, which makes it easier for remote attackers to conduct man-in-the-middle attacks and spoof arbitrary servers via crafted SSH packets.
15-04-2010 - 01:39 13-04-2010 - 13:30
CVE-2007-2280 10.0
Stack-based buffer overflow in OmniInet.exe (aka the backup client service daemon) in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via an MSG_PROTOCOL
23-12-2009 - 01:26 18-12-2009 - 14:30
CVE-2009-3855 9.3
Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux backup-archive clients, and the (3) OS/400 API client, in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.6, 5.4 before 5.4.2, and 5.5 before 5.5.1, when the MAILPROG option is enab
18-11-2009 - 02:00 04-11-2009 - 10:30
CVE-2009-3854 10.0
Buffer overflow in the traditional client scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7 and 5.4 before 5.4.2 allows remote attackers to execute arbitrary code via unspecified vectors.
18-11-2009 - 02:00 04-11-2009 - 10:30
CVE-2009-3853 9.3
Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, all
18-11-2009 - 02:00 04-11-2009 - 10:30
CVE-2009-3232 9.3
pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote
17-09-2009 - 00:00 17-09-2009 - 06:30
CVE-2008-6845 5.0
The unpack feature in ClamAV 0.93.3 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a corrupted LZH file.
02-07-2009 - 00:00 02-07-2009 - 06:30
CVE-2009-1119 10.0
Multiple heap-based buffer overflows in EMC RepliStor 6.2 before SP5 and 6.3 before SP2 allow remote attackers to execute arbitrary code via a crafted message to (1) ctrlservice.exe or (2) rep_srv.exe, possibly related to an integer overflow.
18-04-2009 - 00:00 15-04-2009 - 15:30
CVE-2007-1036 7.5
The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.
16-03-2009 - 00:00 21-02-2007 - 06:28
CVE-2009-0641 9.3
sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a cr
21-02-2009 - 00:00 20-02-2009 - 01:47
CVE-2008-0166 7.8
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptograp
21-02-2009 - 00:00 13-05-2008 - 13:20
CVE-2004-2760 6.8
sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for
29-01-2009 - 00:37 31-12-2004 - 00:00
CVE-1999-0002 10.0
Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems.
26-01-2009 - 00:00 12-10-1998 - 00:00
CVE-2007-5825 7.5
Format string vulnerability in the ws_addarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the (1
10-09-2008 - 21:02 05-11-2007 - 14:46
CVE-2005-4411 7.5
Buffer overflow in Mercury Mail Transport System 4.01b allows remote attackers to execute arbitrary code via a long request to TCP port 105.
10-09-2008 - 15:52 20-12-2005 - 06:03
CVE-2004-1015 10.0
Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011.
10-09-2008 - 15:28 10-01-2005 - 00:00
CVE-2003-0787 7.5
The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.
10-09-2008 - 15:20 17-11-2003 - 00:00
CVE-2003-0786 10.0
The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.
10-09-2008 - 15:20 17-11-2003 - 00:00
CVE-2003-0099 7.2
Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before 3.10.5, may allow attackers to cause a denial of service or execute arbitrary code, related to usage of the vsprintf function.
10-09-2008 - 15:17 03-03-2003 - 00:00
CVE-2003-0098 10.0
Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server.
10-09-2008 - 15:17 03-03-2003 - 00:00
CVE-2002-0873 5.0
Vulnerability in l2tpd 0.67 allows remote attackers to overwrite the vendor field via a long value in an attribute/value pair, possibly via a buffer overflow.
10-09-2008 - 15:13 05-09-2002 - 00:00
CVE-2002-0872 7.5
l2tpd 0.67 does not initialize the random number generator, which allows remote attackers to hijack sessions.
10-09-2008 - 15:13 05-09-2002 - 00:00
CVE-2002-0765 7.5
sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password.
10-09-2008 - 15:12 12-08-2002 - 00:00
CVE-2002-0659 5.0
The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.
10-09-2008 - 15:12 12-08-2002 - 00:00
CVE-2002-0657 7.5
Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key.
10-09-2008 - 15:12 12-08-2002 - 00:00
CVE-2002-0656 7.5
Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.
10-09-2008 - 15:12 12-08-2002 - 00:00
CVE-2002-0655 7.5
OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.
10-09-2008 - 15:12 12-08-2002 - 00:00
CVE-2002-0084 7.2
Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long mount argument.
10-09-2008 - 15:11 15-03-2002 - 00:00
CVE-2001-1311 7.5
Buffer overflows in Lotus Domino R5 before R5.0.7a allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
10-09-2008 - 15:10 16-07-2001 - 00:00
CVE-2000-0841 10.0
Buffer overflow in XMail POP3 server before version 0.59 allows remote attackers to execute arbitrary commands via a long APOP command.
10-09-2008 - 15:05 14-11-2000 - 00:00
CVE-2000-0583 5.0
vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting dire
10-09-2008 - 15:05 30-06-2000 - 00:00
CVE-2000-0535 5.0
OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken.
10-09-2008 - 15:05 12-06-2000 - 00:00
CVE-2000-0472 3.6
Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID.
10-09-2008 - 15:04 06-02-2000 - 00:00
CVE-2000-0447 7.5
Buffer overflow in WebShield SMTP 4.5.44 allows remote attackers to execute arbitrary commands via a long configuration parameter to the WebShield remote management service.
10-09-2008 - 15:04 01-05-2000 - 00:00
CVE-2000-0446 7.5
Buffer overflow in MDBMS database server allows remote attackers to execute arbitrary commands via a long string.
10-09-2008 - 15:04 24-05-2000 - 00:00
CVE-2000-0437 10.0
Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in gauntlet and WebShield allows remote attackers to cause a denial of service or execute arbitrary commands.
10-09-2008 - 15:04 18-05-2000 - 00:00
CVE-2000-0398 10.0
Buffer overflow in wconsole.dll in Rockliffe MailSite Management Agent allows remote attackers to execute arbitrary commands via a long query_string parameter in the HTTP GET request.
10-09-2008 - 15:04 24-05-2000 - 00:00
CVE-2000-0389 10.0
Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.
10-09-2008 - 15:04 16-05-2000 - 00:00
CVE-2000-0295 10.0
Buffer overflow in LCDproc allows remote attackers to gain root privileges via the screen_add command.
10-09-2008 - 15:04 21-04-2000 - 00:00
CVE-2000-0284 7.5
Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
10-09-2008 - 15:04 16-04-2000 - 00:00
CVE-2000-0091 10.0
Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password.
10-09-2008 - 15:02 21-01-2000 - 00:00
CVE-2000-0056 5.0
IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi.
10-09-2008 - 15:02 05-01-2000 - 00:00
CVE-1999-0943 10.0
Buffer overflow in OpenLink 3.2 allows remote attackers to gain privileges via a long GET request to the web configurator.
09-09-2008 - 08:36 15-10-1999 - 00:00
CVE-1999-0920 10.0
Buffer overflow in the pop-2d POP daemon in the IMAP package allows remote attackers to gain privileges via the FOLD command.
09-09-2008 - 08:36 26-05-1999 - 00:00
CVE-1999-0822 10.0
Buffer overflow in Qpopper (qpop) 3.0 allows remote root access via AUTH command.
09-09-2008 - 08:36 30-11-1999 - 00:00
CVE-1999-0705 7.5
Buffer overflow in INN inews program.
09-09-2008 - 08:35 01-09-1999 - 00:00
CVE-1999-0404 7.5
Buffer overflow in the Mail-Max SMTP server for Windows systems allows remote command execution.
09-09-2008 - 08:34 14-02-1999 - 00:00
CVE-1999-0247 7.5
Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands.
09-09-2008 - 08:34 21-07-1997 - 00:00
CVE-1999-0246 10.0
HP Remote Watch allows a remote user to gain root access.
09-09-2008 - 08:34 01-10-1996 - 00:00
CVE-1999-0180 7.5
in.rshd allows users to login with a NULL username and execute commands.
09-09-2008 - 08:33 01-01-1997 - 00:00
CVE-1999-0113 10.0
Some implementations of rlogin allow root access if given a -froot parameter.
09-09-2008 - 08:33 23-05-1994 - 00:00
CVE-1999-0061 5.1
File creation and deletion, and remote execution, in the BSD line printer daemon (lpd).
09-09-2008 - 08:33 02-10-1997 - 00:00
CVE-1999-0043 10.0
Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.
09-09-2008 - 08:33 04-12-1996 - 00:00
CVE-1999-0042 10.0
Buffer overflow in University of Washington's implementation of IMAP and POP servers.
09-09-2008 - 08:33 07-04-1997 - 00:00
CVE-1999-0005 10.0
Arbitrary command execution via IMAP buffer overflow in authenticate command.
09-09-2008 - 08:33 20-07-1998 - 00:00
CVE-2006-5961 7.5
Buffer overflow in Mercury Mail Transport System 4.01b for Windows has unknown impact and attack vectors, as originally reported in a GLEG VulnDisco pack. NOTE: the provenance of this information is unknown; the details are obtained from third party
05-09-2008 - 17:13 16-11-2006 - 20:07
CVE-2005-4714 7.5
Format string vulnerability in the vmps_log function in OpenVMPS (VLAN Management Policy Server) 1.3 allows remote attackers to execute arbitrary code via unknown vectors.
05-09-2008 - 16:57 31-12-2005 - 00:00
CVE-2005-2551 7.5
Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 on Windows allows attackers to cause a denial of service (crash) and obtain access to files via unknown vectors.
05-09-2008 - 16:52 12-08-2005 - 00:00
CVE-2005-1824 7.5
The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks.
05-09-2008 - 16:50 02-06-2005 - 00:00
CVE-2005-1815 5.0
Multiple buffer overflows in Hummingbird Connectivity inetD 10.0.0.1 and 9.0.0.4 allows attackers to cause a denial of service and possibly execute arbitrary code via (1) an FTP command with a long argument to FTPD (ftpdw.exe) or (2) a large amount o
05-09-2008 - 16:50 01-06-2005 - 00:00
CVE-2005-1523 7.5
Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands.
05-09-2008 - 16:49 26-05-2005 - 00:00
CVE-2005-1522 5.0
The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command.
05-09-2008 - 16:49 26-05-2005 - 00:00
CVE-2005-1521 7.5
Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, wh
05-09-2008 - 16:49 26-05-2005 - 00:00
CVE-2005-1520 7.5
Buffer overflow in the header_get_field_name function in header.c for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a crafted e-mail.
05-09-2008 - 16:49 26-05-2005 - 00:00
CVE-2005-1516 7.5
DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass authentication, read log files, and shutdown the system via a sendlog command with an incorrect password hash, which is not properly handled by the _cmd_sendlog function.
05-09-2008 - 16:49 11-05-2005 - 00:00
CVE-2005-1009 10.0
Multiple buffer overflows in BakBone NetVault 6.x and 7.x allow (1) remote attackers to execute arbitrary code via a modified computer name and length that leads to a heap-based buffer overflow, or (2) local users to execute arbitrary code via a long
05-09-2008 - 16:47 02-05-2005 - 00:00
CVE-2005-0707 7.2
Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch Collaboration Suite (ICS) before 8.15 Hotfix 1 allows remote authenticated users to execute arbitrary code via a long EXAMINE command.
05-09-2008 - 16:47 02-05-2005 - 00:00
CVE-2005-0199 7.5
Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MODE line that causes an incorrect length cal
05-09-2008 - 16:45 02-05-2005 - 00:00
CVE-2004-1172 10.0
Stack-based buffer overflow in the Agent Browser in Veritas Backup Exec 8.x before 8.60.3878 Hotfix 68, and 9.x before 9.1.4691 Hotfix 40, allows remote attackers to execute arbitrary code via a registration request with a long hostname.
05-09-2008 - 16:40 10-01-2005 - 00:00
CVE-2004-0987 10.0
Buffer overflow in the process_menu function in yardradius 1.0.20 allows remote attackers to execute arbitrary code.
05-09-2008 - 16:40 10-01-2005 - 00:00
CVE-2004-0561 7.5
Format string vulnerability in the log routine for gopher daemon (gopherd) 3.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code.
05-09-2008 - 16:38 31-12-2004 - 00:00
CVE-2004-0045 7.5
Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code.
05-09-2008 - 16:37 03-02-2004 - 00:00
CVE-2003-1433 4.3
Epic Games Unreal Engine 226f through 436 does not validate the challenge key, which allows remote attackers to exhaust the player limit by joining the game multiple times.
05-09-2008 - 16:36 31-12-2003 - 00:00
CVE-2003-1432 10.0
Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number dur
05-09-2008 - 16:36 31-12-2003 - 00:00
CVE-2003-1431 7.1
Buffer overflow in Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (crash) via a long host string in the Unreal URL.
05-09-2008 - 16:36 31-12-2003 - 00:00
CVE-2003-1430 5.0
Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a ".." (dot dot) in an unreal:// URL.
05-09-2008 - 16:36 31-12-2003 - 00:00
CVE-2003-1236 10.0
Multiple format string vulnerabilities in the logger function in netzio.c for Tanne 0.6.17 allows remote attackers to execute arbitrary code via format string specifiers in syslog.
05-09-2008 - 16:36 31-12-2003 - 00:00
CVE-2003-0725 7.5
Buffer overflow in the RTSP protocol parser for the View Source plug-in (vsrcplin.so or vsrcplin3260.dll) for RealNetworks Helix Universal Server 9 and RealSystem Server 8, 7 and RealServer G2 allows remote attackers to execute arbitrary code.
05-09-2008 - 16:35 20-10-2003 - 00:00
CVE-2003-0433 7.5
Multiple buffer overflows in gnocatan 0.6.1 and earlier allow attackers to execute arbitrary code.
05-09-2008 - 16:34 24-07-2003 - 00:00
CVE-2003-0380 7.5
Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and possibly later versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename.
05-09-2008 - 16:34 02-07-2003 - 00:00
CVE-2002-2196 7.5
Samba before 2.2.5 does not properly terminate the enum_csc_policy data structure, which may allow remote attackers to execute arbitrary code via a buffer overflow attack.
05-09-2008 - 16:32 31-12-2002 - 00:00
CVE-2002-1792 10.0
Buffer overflow in Fake Identd 0.9 through 1.4 allows remote attackers to execute arbitrary code as root via a long request that is split into multiple packets.
05-09-2008 - 16:31 31-12-2002 - 00:00
CVE-2002-1781 7.5
Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote attackers to execute arbitrary code, as demonstrated using a long USER command to the POP proxy.
05-09-2008 - 16:31 31-12-2002 - 00:00
CVE-2002-0799 7.5
Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers to execute arbitrary code via a long USER argument.
05-09-2008 - 16:28 12-08-2002 - 00:00
CVE-2002-0454 5.0
Qpopper (aka in.qpopper or popper) 4.0.3 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a very large string, which causes an infinite loop.
05-09-2008 - 16:28 12-08-2002 - 00:00
CVE-2002-0033 10.0
Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name.
05-09-2008 - 16:27 29-05-2002 - 00:00
CVE-2001-1162 10.0
Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file.
05-09-2008 - 16:25 23-06-2001 - 00:00
CVE-2001-1141 5.0
The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numb
05-09-2008 - 16:25 10-07-2001 - 00:00
CVE-2001-0779 10.0
Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username.
05-09-2008 - 16:24 18-10-2001 - 00:00
CVE-2001-0776 5.0
Buffer overflow in DynFX MailServer version 2.10 allows remote attackers to conduct a denial of service via a long username to the POP3 service.
05-09-2008 - 16:24 18-10-2001 - 00:00
CVE-2001-0671 10.0
Buffer overflows in (1) send_status, (2) kill_print, and (3) chk_fhost in lpd in AIX 4.3 and 5.1 allow remote attackers to gain root privileges.
05-09-2008 - 16:24 06-12-2001 - 00:00
CVE-2001-0670 7.5
Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue.
05-09-2008 - 16:24 03-10-2001 - 00:00
CVE-2001-0554 10.0
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
05-09-2008 - 16:24 14-08-2001 - 00:00
CVE-2001-0471 7.5
SSH daemon version 1 (aka SSHD-1 or SSH-1) 1.2.30 and earlier does not log repeated login attempts, which could allow remote attackers to compromise accounts without detection via a brute force attack.
05-09-2008 - 16:24 27-06-2001 - 00:00
CVE-2001-0353 10.0
Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and earlier allows local and remote attackers to gain root privileges via a "transfer job" routine.
05-09-2008 - 16:23 21-07-2001 - 00:00
CVE-2001-0040 2.1
APC UPS daemon, apcupsd, saves its process ID in a world-writable file, which allows local users to kill an arbitrary process by specifying the target process ID in the apcupsd.pid file.
05-09-2008 - 16:23 16-02-2001 - 00:00
CVE-2000-0992 5.0
Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack.
05-09-2008 - 16:22 19-12-2000 - 00:00
CVE-2000-0961 10.0
Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch 2 allows local users to execute arbitrary commands via a long LIST command.
05-09-2008 - 16:22 19-12-2000 - 00:00
CVE-2000-0947 10.0
Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command.
05-09-2008 - 16:22 19-12-2000 - 00:00
CVE-2000-0917 10.0
Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.
05-09-2008 - 16:22 19-12-2000 - 00:00
CVE-2000-0843 10.0
Buffer overflow in pam_smb and pam_ntdom pluggable authentication modules (PAM) allow remote attackers to execute arbitrary commands via a login with a long user name.
05-09-2008 - 16:22 14-11-2000 - 00:00
CVE-2000-0840 10.0
Buffer overflow in XMail POP3 server before version 0.59 allows remote attackers to execute arbitrary commands via a long USER command.
05-09-2008 - 16:21 14-11-2000 - 00:00
CVE-2000-0704 10.0
Buffer overflow in SGI Omron WorldView Wnn allows remote attackers to execute arbitrary commands via long JS_OPEN, JS_MKDIR, or JS_FILE_INFO commands.
05-09-2008 - 16:21 20-10-2000 - 00:00
CVE-1999-0299 9.3
Buffer overflow in FreeBSD lpd through long DNS hostnames.
05-09-2008 - 16:16 05-03-1997 - 00:00
CVE-2005-1056 5.0
Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6.2 through 6.4, and 7.01 through 7.50, allows remote attackers to cause a denial of service.
05-09-2008 - 00:00 02-05-2005 - 00:00
CVE-1999-0271 5.0
Progressive Networks Real Video server (pnserver) can be crashed remotely.
20-10-2005 - 00:00 15-01-1998 - 00:00
Back to Top Mark selected
Back to Top