Max CVSS 10.0 Min CVSS 1.9 Total Count214
IDCVSSSummaryLast (major) updatePublished
CVE-2017-15706 5.0
As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script
31-01-2018 - 09:29 31-01-2018 - 09:29
CVE-2017-17841 4.3
Palo Alto Networks PAN-OS 6.1, 7.1, and 8.0.x before 8.0.7, when an interface implements SSL decryption with RSA enabled or hosts a GlobalProtect portal or gateway, might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenb
10-01-2018 - 13:29 10-01-2018 - 13:29
CVE-2017-16878 4.3
Cross-site scripting (XSS) vulnerability in the Captive Portal function in Palo Alto Networks PAN-OS before 8.0.7 allows remote attackers to inject arbitrary web script or HTML by leveraging an unspecified configuration.
10-01-2018 - 13:29 10-01-2018 - 13:29
CVE-2017-15941 4.3
Cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.7, when the GlobalProtect gateway or portal is configured, allows remote attackers to inject arbitrary
10-01-2018 - 13:29 10-01-2018 - 13:29
CVE-2017-15944 7.5
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.
11-12-2017 - 12:29 11-12-2017 - 12:29
CVE-2017-15943 5.0
The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-si
11-12-2017 - 12:29 11-12-2017 - 12:29
CVE-2017-15942 5.0
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.13, and 8.0.x before 8.0.6 allows remote attackers to cause a denial of service via vectors related to the management interface.
11-12-2017 - 12:29 11-12-2017 - 12:29
CVE-2017-15940 9.0
The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to execute arbitrary code via unspecified vectors.
11-12-2017 - 12:29 11-12-2017 - 12:29
CVE-2017-12617 6.8
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload
03-10-2017 - 21:29 03-10-2017 - 21:29
CVE-2017-12616 5.0
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.
19-09-2017 - 09:29 19-09-2017 - 09:29
CVE-2017-12615 6.8
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP
19-09-2017 - 09:29 19-09-2017 - 09:29
CVE-2017-11357 7.5
Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
23-08-2017 - 13:29 23-08-2017 - 13:29
CVE-2017-11317 7.5
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
23-08-2017 - 13:29 23-08-2017 - 13:29
CVE-2017-7675 5.0
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted U
10-08-2017 - 22:29 10-08-2017 - 22:29
CVE-2017-7674 4.3
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poi
10-08-2017 - 22:29 10-08-2017 - 22:29
CVE-2017-1319 5.0
IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. IBM X-Force ID: 125731.
08-06-2017 - 17:29 08-06-2017 - 17:29
CVE-2017-1320 3.5
IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure w
22-05-2017 - 16:29 22-05-2017 - 16:29
CVE-2017-5647 5.0
A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file pr
21-04-2017 - 09:59 17-04-2017 - 12:59
CVE-2017-6460 6.5
Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.
29-03-2017 - 14:24 27-03-2017 - 13:59
CVE-2014-3566 4.3
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
23-03-2017 - 21:59 14-10-2014 - 20:55
CVE-2016-8747 5.0
An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different
16-03-2017 - 21:59 14-03-2017 - 05:59
CVE-2008-1232 4.3
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to
15-03-2017 - 21:59 03-08-2008 - 21:41
CVE-2014-5139 4.3
The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite
06-01-2017 - 22:00 13-08-2014 - 19:55
CVE-2014-3512 7.5
Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2)
06-01-2017 - 22:00 13-08-2014 - 19:55
CVE-2014-3511 4.3
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both sup
06-01-2017 - 22:00 13-08-2014 - 19:55
CVE-2014-3510 4.3
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via
06-01-2017 - 22:00 13-08-2014 - 19:55
CVE-2014-3509 6.8
Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwr
06-01-2017 - 22:00 13-08-2014 - 19:55
CVE-2014-3508 4.3
The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attacker
06-01-2017 - 22:00 13-08-2014 - 19:55
CVE-2014-3507 5.0
Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger im
06-01-2017 - 22:00 13-08-2014 - 19:55
CVE-2014-3506 5.0
d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory alloc
06-01-2017 - 22:00 13-08-2014 - 19:55
CVE-2014-3505 5.0
Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that tri
06-01-2017 - 22:00 13-08-2014 - 19:55
CVE-2014-3436 5.0
Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted encrypted e-mail message that decompresses to a larg
06-01-2017 - 21:59 21-08-2014 - 21:55
CVE-2014-0963 7.1
The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in IBM Security Access Manager (ISAM) for Web 7.0 before 7.0.0-ISS-SAM-IF0006 and 8.0 before 8.0.0.3-ISS-WGA-IF0002 allows remote attackers to cause a denial of service (infinite loop)
06-01-2017 - 21:59 08-05-2014 - 06:55
CVE-2014-0119 4.3
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web a
06-01-2017 - 21:59 31-05-2014 - 07:17
CVE-2014-0099 4.3
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a craf
06-01-2017 - 21:59 31-05-2014 - 07:17
CVE-2014-0096 4.3
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager
06-01-2017 - 21:59 31-05-2014 - 07:17
CVE-2014-0095 5.0
java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP request to trigger a hang in request processing.
06-01-2017 - 21:59 31-05-2014 - 07:17
CVE-2014-0075 5.0
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource
06-01-2017 - 21:59 31-05-2014 - 07:17
CVE-2013-4590 4.3
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML d
06-01-2017 - 21:59 26-02-2014 - 09:55
CVE-2013-4322 4.3
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field
06-01-2017 - 21:59 26-02-2014 - 09:55
CVE-2015-3326 5.0
Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values, which makes it easier for remote att
02-01-2017 - 22:00 13-05-2015 - 20:59
CVE-2015-0235 10.0
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 fu
02-01-2017 - 21:59 28-01-2015 - 14:59
CVE-2014-3568 4.3
OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr
02-01-2017 - 21:59 18-10-2014 - 21:55
CVE-2014-3567 7.1
Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an
02-01-2017 - 21:59 18-10-2014 - 21:55
CVE-2014-3513 7.1
Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.
02-01-2017 - 21:59 18-10-2014 - 21:55
CVE-2015-1966 4.3
Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before FP17, 6.2.1 before FP9, and 6.2.2 before FP15, as used in Security Access Manager for Mobile and other products, allow remote attackers t
27-12-2016 - 21:59 04-07-2015 - 10:59
CVE-2012-6329 7.5
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers t
07-12-2016 - 22:02 04-01-2013 - 16:55
CVE-2005-1705 7.2
gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.
07-12-2016 - 22:00 24-05-2005 - 00:00
CVE-2005-1704 4.6
Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of sect
07-12-2016 - 22:00 24-05-2005 - 00:00
CVE-2003-0899 7.5
Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "&lt;" and "&gt;" sequ
07-12-2016 - 21:59 03-11-2003 - 00:00
CVE-2002-1562 5.0
Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header.
07-12-2016 - 21:59 12-05-2003 - 00:00
CVE-2015-4959 4.3
Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP16 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
07-12-2016 - 13:15 18-01-2016 - 00:59
CVE-2016-0763 6.5
The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, wh
05-12-2016 - 22:05 24-02-2016 - 20:59
CVE-2016-0714 6.5
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restric
05-12-2016 - 22:05 24-02-2016 - 20:59
CVE-2016-0706 4.0
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote aut
05-12-2016 - 22:05 24-02-2016 - 20:59
CVE-2015-5351 6.8
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protec
05-12-2016 - 22:02 24-02-2016 - 20:59
CVE-2015-5346 6.8
Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to
05-12-2016 - 22:02 24-02-2016 - 20:59
CVE-2015-5345 5.0
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence o
05-12-2016 - 22:02 24-02-2016 - 20:59
CVE-2013-0169 2.6
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding,
02-12-2016 - 22:00 08-02-2013 - 14:55
CVE-2016-2894 2.1
IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary accounts in opportunistic circumstances by leveraging
28-11-2016 - 15:05 03-07-2016 - 17:59
CVE-2015-7429 4.0
The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka S
28-11-2016 - 14:43 02-01-2016 - 00:59
CVE-2015-7425 10.0
The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.4 an
28-11-2016 - 14:43 21-02-2016 - 13:59
CVE-2013-2067 6.8
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions,
28-11-2016 - 14:09 01-06-2013 - 10:21
CVE-2012-6330 5.0
The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro.
28-11-2016 - 14:08 04-01-2013 - 16:55
CVE-2005-2877 7.5
The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers.
17-10-2016 - 23:31 16-09-2005 - 16:03
CVE-2005-2568 7.5
Eval injection vulnerability in the template engine for SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via a string containing the code within "{" and "}" (curly bracket) characters, which are processed by the PHP eval
17-10-2016 - 23:28 16-08-2005 - 00:00
CVE-2005-2567 7.5
PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via the language parameter.
17-10-2016 - 23:28 16-08-2005 - 00:00
CVE-2004-1666 7.5
Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN servers to execute arbitrary code via a long string that ends in a newline character.
17-10-2016 - 22:58 31-12-2004 - 00:00
CVE-2004-1641 5.0
Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote attackers to cause a denial of service (crash) via a long FTP command such as (1) CWD, (2) STAT, or (3) LIST.
17-10-2016 - 22:58 29-08-2004 - 00:00
CVE-2004-1622 7.5
SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x allows remote attackers to execute arbitrary SQL statements via the Name parameter.
17-10-2016 - 22:57 21-10-2004 - 00:00
CVE-2003-1488 6.4
The (1) verif_admin.php and (2) check_admin.php scripts in Truegalerie 1.0 allow remote attackers to gain administrator access via a request to admin.php without the connect parameter and with the loggedin parameter set to any value, such as 1.
17-10-2016 - 22:39 31-12-2003 - 00:00
CVE-2003-0481 4.3
Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow remote attackers to insert arbitrary web script, as demonstrated using the msg parameter to file_select.php.
17-10-2016 - 22:34 07-08-2003 - 00:00
CVE-2003-0042 5.0
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.
17-10-2016 - 22:28 07-02-2003 - 00:00
CVE-2002-0813 7.1
Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename.
17-10-2016 - 22:22 12-08-2002 - 00:00
CVE-2001-0797 10.0
Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.
17-10-2016 - 22:11 12-12-2001 - 00:00
CVE-2001-0129 10.0
Buffer overflow in Tinyproxy HTTP proxy 1.3.3 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long connect request.
17-10-2016 - 22:09 12-03-2001 - 00:00
CVE-1999-1201 5.0
Windows 95 and Windows 98 systems, when configured with multiple TCP/IP stacks bound to the same MAC address, allow remote attackers to cause a denial of service (traffic amplification) via a certain ICMP echo (ping) packet, which causes all stacks t
17-10-2016 - 22:02 06-02-1999 - 00:00
CVE-2012-5885 5.0
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce)
22-08-2016 - 22:06 17-11-2012 - 14:55
CVE-2011-3190 7.5
Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive in
22-08-2016 - 22:04 31-08-2011 - 19:55
CVE-2011-2729 5.0
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows re
22-08-2016 - 22:03 15-08-2011 - 17:55
CVE-2011-2526 4.4
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restri
22-08-2016 - 22:03 14-07-2011 - 19:55
CVE-2011-2204 1.9
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive inf
22-08-2016 - 22:03 29-06-2011 - 13:55
CVE-2011-1184 5.0
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypas
22-08-2016 - 22:03 14-01-2012 - 16:55
CVE-2011-0013 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the displ
22-08-2016 - 22:03 18-02-2011 - 20:00
CVE-2010-1157 2.6
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the re
22-08-2016 - 22:01 23-04-2010 - 10:30
CVE-2015-1988 3.5
Cross-site scripting (XSS) vulnerability in IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 and Tivoli Storage FlashCopy Manager for VMware 3.1 before 3.1.1.3
05-10-2015 - 16:10 03-10-2015 - 22:59
CVE-2013-6329 7.8
IBM Global Security Kit (aka GSKit), as used in Content Manager OnDemand 8.5 and 9.0 and other products, allows remote attackers to cause a denial of service via a crafted handshake during resumption of an SSLv2 session.
13-08-2015 - 13:44 17-12-2013 - 10:21
CVE-2014-6185 7.2
dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.2.3, 6.4 before 6.4.2.2, and 7.1 before 7.1.1.3 does not properly restrict shared-library loading, which allows local users to gain privileges via a crafted DSO file.
13-02-2015 - 18:19 12-02-2015 - 21:59
CVE-2013-1571 4.3
Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vec
04-10-2014 - 01:04 18-06-2013 - 18:55
CVE-2013-6335 2.6
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, doe
04-09-2014 - 01:25 26-08-2014 - 06:55
CVE-2014-0876 2.1
Buffer overflow in the Java GUI Configuration Wizard and Preferences Editor in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.2.5.2, 6.3.x before 6.3.2, and 6.4.x before 6.4.2 on Windows and OS X allows local users
03-09-2014 - 13:02 17-08-2014 - 19:55
CVE-2014-4857 4.3
Cross-site scripting (XSS) vulnerability in Gurock TestRail before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Created By field in a project activity.
28-07-2014 - 15:05 26-07-2014 - 11:55
CVE-2011-5064 4.3
DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for
16-03-2014 - 00:19 14-01-2012 - 16:55
CVE-2011-5063 4.3
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging t
16-03-2014 - 00:19 14-01-2012 - 16:55
CVE-2011-5062 5.0
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via
16-03-2014 - 00:19 14-01-2012 - 16:55
CVE-2010-2227 6.4
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via
16-03-2014 - 00:03 13-07-2010 - 13:30
CVE-2008-2370 5.0
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traver
15-03-2014 - 23:29 03-08-2008 - 21:41
CVE-2008-1947 4.3
Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
15-03-2014 - 23:29 04-06-2008 - 15:32
CVE-2012-0022 5.0
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters
05-03-2014 - 23:34 18-01-2012 - 23:01
CVE-2011-4858 5.0
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU con
05-03-2014 - 23:33 05-01-2012 - 14:55
CVE-2013-5371 2.1
The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Windows does not preserve permissions of Resilient File System (ReFS) files across backup and restore operations, which allows local users to bypass intended access restrictions via st
27-01-2014 - 23:55 23-01-2014 - 14:55
CVE-2013-6987 7.5
Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter t
02-01-2014 - 11:10 31-12-2013 - 11:04
CVE-2013-6862 7.8
Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote attackers to cause a denial of service via unspecified vectors.
27-11-2013 - 11:44 23-11-2013 - 13:55
CVE-2013-6245 10.0
Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3. 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors.
24-11-2013 - 23:36 23-10-2013 - 20:55
CVE-2013-6025 4.0
The XMLParse procedure in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 ESD 2 allows remote authenticated users to read arbitrary files via a SQL statement containing an XML document with an external entity declaration in conjunction with an entit
30-10-2013 - 23:36 19-10-2013 - 06:36
CVE-2013-2964 7.2
Buffer overflow in dsmtca in IBM Tivoli Storage Manager (TSM) through 5.5.4.0, 6.1.0 through 6.1.5.4, 6.2.0 through 6.2.4.7, and 6.3.0 through 6.3.0.17 on UNIX and Linux allows local users to gain privileges via unspecified vectors.
04-10-2013 - 11:59 04-10-2013 - 06:44
CVE-2007-1355 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attacker
24-08-2013 - 01:25 21-05-2007 - 16:30
CVE-2012-5887 5.0
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it e
19-08-2013 - 23:18 17-11-2012 - 14:55
CVE-2012-5886 5.0
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers t
19-08-2013 - 23:18 17-11-2012 - 14:55
CVE-2000-0778 5.0
IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability.
03-08-2013 - 00:14 20-10-2000 - 00:00
CVE-2007-1358 2.6
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform
22-07-2013 - 01:18 09-05-2007 - 20:19
CVE-2013-0472 5.1
The Web GUI in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.1.0 and 6.4 before 6.4.0.1 allows man-in-the-middle attackers to obtain unspecified client access, and consequently obtain unspecified server access, via unknown vectors.
21-02-2013 - 00:00 20-02-2013 - 23:35
CVE-2013-0471 4.3
The traditional scheduler in the client in IBM Tivoli Storage Manager (TSM) before 6.2.5.0, 6.3 before 6.3.1.0, and 6.4 before 6.4.0.1, when Prompted mode is enabled, allows remote attackers to cause a denial of service (scheduling outage) via unspec
21-02-2013 - 00:00 20-02-2013 - 23:35
CVE-2012-2998 7.5
SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
13-02-2013 - 23:53 28-09-2012 - 06:40
CVE-2012-3314 5.8
IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, 6.2.1, and 6.2.2 allow remote attackers to establish sessions via a crafted message that leverages (1) a signature-validation b
31-01-2013 - 23:49 02-10-2012 - 17:55
CVE-2012-0726 6.4
The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol.
18-12-2012 - 23:49 22-04-2012 - 14:55
CVE-2007-2418 10.0
Heap-based buffer overflow in the Rendezvous / Extensible Messaging and Presence Protocol (XMPP) component (plugins\rendezvous.dll) for Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to execute arbitrary code via a message that
05-11-2012 - 22:38 02-05-2007 - 18:19
CVE-2005-1925 7.5
Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via (1) the suck_url parameter to tiki-editpage.php or (2) language parameter to tiki-user_preferences.php.
24-10-2012 - 00:00 18-11-2005 - 01:03
CVE-2005-0200 7.5
TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386.
24-10-2012 - 00:00 02-05-2005 - 00:00
CVE-2012-4876 10.0
Stack-based buffer overflow in the UltraMJCam ActiveX Control in TRENDnet SecurView TV-IP121WN Wireless Internet Camera allows remote attackers to execute arbitrary code via a long string to the OpenFileDlg method.
07-09-2012 - 00:00 06-09-2012 - 17:55
CVE-2012-0743 5.0
IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via a malformed LDAP paged search request.
13-08-2012 - 23:34 22-04-2012 - 14:55
CVE-2012-2002 8.3
Open redirect vulnerability in HP SNMP Agents for Linux before 9.0.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
11-05-2012 - 00:00 02-05-2012 - 18:55
CVE-2012-2001 4.3
Cross-site scripting (XSS) vulnerability in HP SNMP Agents for Linux before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
11-05-2012 - 00:00 02-05-2012 - 18:55
CVE-2012-0740 4.3
Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.22 and 6.3 before 6.3.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
23-04-2012 - 00:00 22-04-2012 - 14:55
CVE-2011-4614 6.8
PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP
29-02-2012 - 00:00 17-02-2012 - 19:55
CVE-2011-3375 5.0
Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header infor
15-02-2012 - 23:16 18-01-2012 - 23:01
CVE-2011-3376 4.4
org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to acce
15-11-2011 - 00:00 11-11-2011 - 16:55
CVE-2007-4219 10.0
Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as used by the ServerProtect service (SpntSvc.exe), in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a certai
11-10-2011 - 00:00 22-08-2007 - 19:17
CVE-2007-4218 10.0
Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allow remote attackers to execute arbitrary code via certain RPC requests to certain TCP ports that are process
13-09-2011 - 00:00 22-08-2007 - 19:17
CVE-2011-0494 5.0
Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 5.1 before 5.1.0.39-TIV-AWS-IF0040, 6.0 before 6.0.0.25-TIV-AWS-IF0026, 6.1.0 before 6.1.0.5-TIV-AWS-IF0006, and 6.1.1 before 6.1.1-TIV-AWS-FP0001 has unspecifie
19-07-2011 - 00:00 19-01-2011 - 07:00
CVE-2010-3128 9.3
Untrusted search path vulnerability in TeamViewer 5.0.8703 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as
18-07-2011 - 22:39 26-08-2010 - 14:36
CVE-2005-1794 6.4
Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle atta
18-07-2011 - 21:27 01-06-2005 - 00:00
CVE-2008-0457 10.0
Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP
19-05-2011 - 00:00 07-02-2008 - 16:00
CVE-2009-0613 6.0
Trend Micro InterScan Web Security Suite (IWSS) 3.1 before build 1237 allows remote authenticated Auditor and Report Only users to bypass intended permission settings, and modify the system configuration, via requests to unspecified JSP pages.
07-03-2011 - 22:18 17-02-2009 - 12:30
CVE-2009-0271 5.0
Directory traversal vulnerability in the TFTP service in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors.
07-03-2011 - 22:18 26-01-2009 - 14:30
CVE-2008-4589 7.2
Heap-based buffer overflow in the tvtumin.sys kernel driver in Lenovo Rescue and Recovery 4.20, including 4.20.0511 and 4.20.0512, allows local users to execute arbitrary code via a long file name.
07-03-2011 - 22:12 15-10-2008 - 18:45
CVE-2008-1648 5.0
Sympa before 5.4 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message with a malformed value of the Content-Type header and unspecified other headers. NOTE: some of these details are obtained from third party inf
07-03-2011 - 22:07 02-04-2008 - 13:44
CVE-2008-1101 9.3
Buffer overflow in kvdocve.dll in the KeyView document viewing engine in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allows remote attackers to execute arbitrary code via a long pathname, as demonstrated by a long
07-03-2011 - 22:05 10-04-2008 - 14:05
CVE-2008-0128 5.0
The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it e
07-03-2011 - 22:03 22-01-2008 - 21:00
CVE-2008-0066 9.3
Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allow remote attackers to execute arbitrary code via an HTML document with (1) "large chunks of data,"
07-03-2011 - 22:03 10-04-2008 - 14:05
CVE-2007-6020 9.3
Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat File speed reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute
07-03-2011 - 22:01 10-04-2008 - 14:05
CVE-2007-5602 10.0
Multiple stack-based buffer overflows in SwiftView Viewer before 8.3.5, as used by SwiftView and SwiftSend, allow remote attackers to execute arbitrary code via unspecified vectors to the (1) svocx.ocx ActiveX control or the (2) npsview.dll plugin fo
07-03-2011 - 22:01 04-02-2008 - 20:00
CVE-2007-5406 9.3
kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, does not properly parse long tokens, which allows remote attackers t
07-03-2011 - 22:00 10-04-2008 - 14:05
CVE-2007-5405 9.3
Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbit
07-03-2011 - 22:00 10-04-2008 - 14:05
CVE-2007-5399 9.3
Multiple heap-based buffer overflows in emlsr.dll in the EML reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, allow remote attackers to execute arbitrary code via a long (1) To, (2) Cc, (3) Bcc, (4) From, (5) Date, (
07-03-2011 - 22:00 10-04-2008 - 14:05
CVE-2007-3509 7.5
Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers 10.0, 10d, and 11d allows remote attackers to cause a denial of service (process exit) and possibly execute arbitrary code via crafted ncacn_ip_tcp requests.
07-03-2011 - 21:56 11-07-2007 - 21:30
CVE-2007-2621 7.5
SQL injection vulnerability in event_view.php in Thyme Calendar 1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter.
07-03-2011 - 21:54 11-05-2007 - 12:19
CVE-2007-1070 10.0
Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflo
07-03-2011 - 21:51 21-02-2007 - 06:28
CVE-2007-0856 7.2
TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module (RCM), with the VsapiNI.sys 3.320.0.1003 scan engine, as used in Trend Micro PC-cillin Internet Security 2007, Antivirus 2007, Anti-Spyware for SMB 3.2 SP1, Anti-Spyware for Consumer
07-03-2011 - 21:50 08-02-2007 - 13:28
CVE-2007-0564 4.0
The license registering interface in Symantec Web Security (SWS) before 3.0.1.85 allows attackers to cause a denial of service (CPU consumption) by submitting a large file.
07-03-2011 - 21:50 30-01-2007 - 11:28
CVE-2007-0563 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web Security (SWS) before 3.0.1.85 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) error messages and (2) blocked page messages produ
07-03-2011 - 21:50 30-01-2007 - 11:28
CVE-2007-0450 5.0
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence
07-03-2011 - 21:49 16-03-2007 - 18:19
CVE-2006-6221 7.5
2X ThinClientServer Enterprise Edition before 4.0.2248 allows remote attackers to create multiple privileged accounts via a replay attack using the initial account creation request.
07-03-2011 - 21:45 09-12-2006 - 21:28
CVE-2006-6179 7.5
Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\CgiRemoteInstall.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1089 allows remote attackers to execute arbitrary code via unknown attack vectors.
07-03-2011 - 21:45 30-11-2006 - 18:28
CVE-2006-6178 7.5
Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1087 allows remote attackers to execute arbitrary code via unknown attack vectors.
07-03-2011 - 21:45 30-11-2006 - 18:28
CVE-2006-5212 5.0
Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files vi
07-03-2011 - 21:42 10-10-2006 - 00:06
CVE-2006-5211 6.4
Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to remove OfficeSc
07-03-2011 - 21:42 10-10-2006 - 00:06
CVE-2006-5157 5.1
Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the "Management Console's Remo
07-03-2011 - 21:42 05-10-2006 - 00:04
CVE-2006-4294 5.0
Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
07-03-2011 - 21:40 08-09-2006 - 20:04
CVE-2006-3819 7.5
Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with "TYPEOF".
07-03-2011 - 21:39 26-07-2006 - 21:04
CVE-2006-2568 5.1
PHP remote file inclusion vulnerability in addpost_newpoll.php in UBB.threads 6.4 through 6.5.2 and 6.5.1.1 (trial) allows remote attackers to execute arbitrary PHP code via a URL in the thispath parameter.
07-03-2011 - 21:36 24-05-2006 - 19:02
CVE-2006-0232 5.0
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct request
07-03-2011 - 21:29 24-04-2006 - 21:02
CVE-2006-0231 6.4
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications.
07-03-2011 - 21:29 24-04-2006 - 21:02
CVE-2006-0230 10.0
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests.
07-03-2011 - 21:29 24-04-2006 - 21:02
CVE-2005-4310 7.5
SSH Tectia Server 5.0.0 (A, F, and T), when allowing host-based authentication only, allows users to log in with the wrong credentials.
07-03-2011 - 21:27 16-12-2005 - 19:03
CVE-2005-2758 10.0
Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow.
07-03-2011 - 21:24 05-10-2005 - 15:02
CVE-2005-2090 4.3
Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header
07-03-2011 - 21:23 05-07-2005 - 00:00
CVE-2005-1929 7.5
Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute
07-03-2011 - 00:00 14-12-2005 - 16:03
CVE-2010-4623 4.0
WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 allows remote authenticated users to cause a denial of service (worker thread consumption) via shift-reload actions.
11-01-2011 - 01:46 30-12-2010 - 14:00
CVE-2010-4622 5.0
Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (encoded dot dot) in a URI.
03-01-2011 - 00:00 30-12-2010 - 14:00
CVE-2010-0702 7.5
SQL injection vulnerability in cisco/services/PhonecDirectory.php in Fonality Trixbox 2.2.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
24-02-2010 - 14:22 23-02-2010 - 15:30
CVE-2002-2353 6.4
tftpd32 2.50 and 2.50.2 allows remote attackers to read or write arbitrary files via a full pathname in GET and PUT requests.
24-11-2009 - 00:15 31-12-2002 - 00:00
CVE-2008-6082 5.0
Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command.
20-08-2009 - 01:24 06-02-2009 - 06:30
CVE-2009-1161 10.0
Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations
09-06-2009 - 01:33 21-05-2009 - 10:30
CVE-2009-0505 9.0
The CICS listener in IBM TXSeries for Multiplatforms 6.2 GA waits for a forcepurge acknowledgement from the CICS Application Server (CICSAS) after an eci response timeout, which might allow remote authenticated users to cause a denial of service (for
08-04-2009 - 01:36 25-02-2009 - 11:30
CVE-1999-0015 5.0
Teardrop IP denial of service.
04-03-2009 - 00:00 16-12-1997 - 00:00
CVE-2008-3591 7.5
SQL injection vulnerability in lib/class.admin.php in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary SQL commands via the sym_auth cookie in a /publish/filemanager/ request to index.php.
29-01-2009 - 01:53 11-08-2008 - 19:41
CVE-2009-0288 5.0
Directory traversal vulnerability in k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to read arbitrary files outside the TFTP root directory via directory traversal sequences in a GET request.
27-01-2009 - 00:00 27-01-2009 - 14:30
CVE-2007-4731 10.0
Stack-based buffer overflow in the TMregChange function in TMReg.dll in Trend Micro ServerProtect before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 5005.
15-11-2008 - 01:58 11-09-2007 - 21:17
CVE-2003-0043 5.0
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.
10-09-2008 - 20:05 07-02-2003 - 00:00
CVE-2000-0359 10.0
Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a long If-Modified-Since header.
10-09-2008 - 15:04 20-10-2000 - 00:00
CVE-2000-0203 5.0
The Trend Micro OfficeScan client tmlisten.exe allows remote attackers to cause a denial of service via malformed data to port 12345.
10-09-2008 - 15:03 28-02-2000 - 00:00
CVE-1999-0746 5.0
A default configuration of in.identd in SuSE Linux waits 120 seconds between requests, allowing a remote attacker to conduct a denial of service.
09-09-2008 - 08:35 16-08-1999 - 00:00
CVE-1999-0498 10.0
TFTP is not running in a restricted directory, allowing a remote attacker to access sensitive information such as password files.
09-09-2008 - 08:34 27-09-1991 - 00:00
CVE-1999-0183 6.4
Linux implementations of TFTP would allow access to files outside the restricted directory.
09-09-2008 - 08:33 01-09-1997 - 00:00
CVE-1999-0077 5.0
Predictable TCP sequence numbers allow spoofing.
09-09-2008 - 08:33 01-01-1995 - 00:00
CVE-2006-5137 5.1
Multiple direct static code injection vulnerabilities in Groupee UBB.threads 6.5.1.1 allow remote attackers to (1) inject PHP code via a theme[] array parameter to admin/doedittheme.php, which is injected into includes/theme.inc.php; (2) inject PHP c
05-09-2008 - 17:11 03-10-2006 - 00:03
CVE-2005-0808 5.0
Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
05-09-2008 - 16:47 02-05-2005 - 00:00
CVE-2005-0533 7.5
Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within
05-09-2008 - 16:46 02-05-2005 - 00:00
CVE-2005-0073 4.6
Buffer overflow in queue.c in a support script for sympa 3.3.3, when running setuid, allows local users to execute arbitrary code.
05-09-2008 - 16:45 02-05-2005 - 00:00
CVE-2004-2162 4.3
Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the search field of the Address Module or (2) the t parameter to app_new.php.
05-09-2008 - 16:43 31-12-2004 - 00:00
CVE-2004-2161 7.5
SQL injection vulnerability in file_overview.php in TUTOS 1.1 allows remote attackers to execute arbitrary SQL commands via the link_id parameter.
05-09-2008 - 16:43 31-12-2004 - 00:00
CVE-2004-0641 7.5
Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270, and possibly earlier versions, generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
05-09-2008 - 16:38 05-08-2004 - 00:00
CVE-2003-1510 7.8
TinyWeb 1.9 allows remote attackers to cause a denial of service (CPU consumption) via a ".%00." in an HTTP GET request to the cgi-bin directory.
05-09-2008 - 16:37 31-12-2003 - 00:00
CVE-2003-1459 6.8
Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ttForum allow remote attackers to execute arbitrary PHP code via the (1) template parameter in News.php or (2) installdir parameter in install.php.
05-09-2008 - 16:36 31-12-2003 - 00:00
CVE-2003-1458 7.5
SQL injection vulnerability in Profile.php in ttCMS 2.2 and ttForum allows remote attackers to execute arbitrary SQL commands via the member name.
05-09-2008 - 16:36 31-12-2003 - 00:00
CVE-2003-1186 7.5
Buffer overflow in TelCondex SimpleWebServer 2.12.30210 Build3285 allows remote attackers to execute arbitrary code via a long HTTP Referer header.
05-09-2008 - 16:36 29-10-2003 - 00:00
CVE-2003-1104 10.0
Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows remote attackers to execute arbitrary code via unknown vectors.
05-09-2008 - 16:36 31-12-2003 - 00:00
CVE-2003-0380 7.5
Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and possibly later versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename.
05-09-2008 - 16:34 02-07-2003 - 00:00
CVE-2002-2389 5.0
TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files.
05-09-2008 - 16:33 31-12-2002 - 00:00
CVE-2002-2007 5.0
The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) s
05-09-2008 - 16:32 31-12-2002 - 00:00
CVE-2002-0558 5.0
Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and earlier allows a remote authenticated user (possibly anonymous) to list arbitrary directories via a .. in a LIST (ls) command ending in wildcard *.* characters.
05-09-2008 - 16:28 03-07-2002 - 00:00
CVE-2001-1156 5.0
TYPSoft FTP 0.95 allows remote attackers to cause a denial of service (CPU consumption) via a "../../*" argument to (1) STOR or (2) RETR.
05-09-2008 - 16:25 08-10-2001 - 00:00
CVE-2001-1104 7.5
SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions.
05-09-2008 - 16:25 25-07-2001 - 00:00
CVE-2001-0805 5.0
Directory traversal vulnerability in ttawebtop.cgi in Tarantella Enterprise 3.00 and 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the pg parameter.
05-09-2008 - 16:24 06-12-2001 - 00:00
CVE-2001-0751 7.5
Cisco switches and routers running CBOS 2.3.8 and earlier use predictable TCP Initial Sequence Numbers (ISN), which allows remote attackers to spoof or hijack TCP connections.
05-09-2008 - 16:24 18-10-2001 - 00:00
CVE-2001-0554 10.0
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
05-09-2008 - 16:24 14-08-2001 - 00:00
CVE-2001-0288 7.5
Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
05-09-2008 - 16:23 03-05-2001 - 00:00
CVE-2001-0163 4.6
Cisco AP340 base station produces predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
05-09-2008 - 16:23 01-01-2001 - 00:00
CVE-2001-0162 7.5
WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
05-09-2008 - 16:23 01-01-2001 - 00:00
CVE-2001-0075 5.0
Directory traversal vulnerability in main.cgi in Technote allows remote attackers to read arbitrary files via a .. (dot dot) attack in the filename parameter.
05-09-2008 - 16:23 12-02-2001 - 00:00
CVE-2000-0916 7.5
FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an insufficient random number generator to generate initial TCP sequence numbers (ISN), which allows remote attackers to spoof TCP connections.
05-09-2008 - 16:22 19-12-2000 - 00:00
CVE-2000-0759 6.4
Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
05-09-2008 - 16:21 20-10-2000 - 00:00
CVE-1999-1479 10.0
The textcounter.pl by Matt Wright allows remote attackers to execute arbitrary commands via shell metacharacters.
05-09-2008 - 16:19 24-06-1998 - 00:00
Back to Top Mark selected
Back to Top