Max CVSS 10.0 Min CVSS 1.2 Total Count155
IDCVSSSummaryLast (major) updatePublished
CVE-2005-2495 5.1
Multiple integer overflows in XFree86 before 4.3.0 allow user-assisted attackers to execute arbitrary code via a crafted pixmap image.
07-12-2016 - 22:00 15-09-2005 - 16:03
CVE-2006-4339 4.3
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key
17-10-2016 - 23:40 05-09-2006 - 13:04
CVE-2005-4134 5.0
Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not
17-10-2016 - 23:38 09-12-2005 - 10:03
CVE-2005-3269 7.5
Stack-based buffer overflow in help.cgi in the HTTP administrative interface for (1) Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1, (2) Red Hat Directory Server and (3) Certificate Server before 7.1 SP1, (4) Sun ONE Directory Server
17-10-2016 - 23:34 20-10-2005 - 19:02
CVE-2005-2294 2.1
Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of records are retrieved by an Oracle form, stores a copy of the database tables in a world-readable temporary file, which allows local users to gain sensitive information such as credit
17-10-2016 - 23:26 18-07-2005 - 00:00
CVE-2005-2293 2.1
Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a temporary file, which is not deleted after it is used, which allows local users to obtain sensitive information.
17-10-2016 - 23:26 18-07-2005 - 00:00
CVE-2005-2292 2.1
Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords in (1) IDEConnections.xml, (2) XSQLConfig.xml and (3) settings.xml, which allows local users to obtain sensitive information.
17-10-2016 - 23:26 18-07-2005 - 00:00
CVE-2005-2291 4.6
Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information.
17-10-2016 - 23:26 18-07-2005 - 00:00
CVE-2004-1371 9.0
Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure.
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1370 7.5
Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.S
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1369 5.0
The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory.
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1368 7.8
ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script.
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1367 4.4
Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow loca
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1365 4.6
Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user.
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1364 8.5
Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory.
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1363 7.2
Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1362 7.5
The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedu
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-0523 10.0
Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.
17-10-2016 - 22:45 18-08-2004 - 00:00
CVE-2006-3467 7.5
Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PCF file, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861.
30-08-2016 - 21:59 21-07-2006 - 10:03
CVE-2007-2445 5.0
The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.
10-11-2015 - 11:33 16-05-2007 - 18:30
CVE-2009-2625 5.0
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop a
05-05-2014 - 00:32 06-08-2009 - 11:30
CVE-2006-5467 5.0
The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier
13-09-2013 - 01:21 27-10-2006 - 14:07
CVE-2006-1725 2.6
Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes certain windows to become translucent due to an interaction between XUL content windows and the history mechanism, which might allow user-assisted remote attackers to trick users in
11-09-2013 - 00:53 14-04-2006 - 06:02
CVE-2006-1723 7.5
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due
08-09-2013 - 00:50 14-04-2006 - 06:02
CVE-2007-6428 5.0
The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used a
30-08-2013 - 01:37 18-01-2008 - 18:00
CVE-2006-1732 4.3
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS)
15-07-2013 - 00:54 14-04-2006 - 06:02
CVE-2006-1728 9.3
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypt
11-07-2013 - 00:53 14-04-2006 - 06:02
CVE-2009-2347 9.3
Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a hea
14-05-2013 - 22:57 14-07-2009 - 16:30
CVE-2012-5581 6.8
Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image.
07-02-2013 - 23:55 04-01-2013 - 17:55
CVE-2006-4811 6.8
Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary
07-02-2013 - 00:00 18-10-2006 - 13:07
CVE-2007-2798 7.4
Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.
30-10-2012 - 22:36 26-06-2007 - 18:30
CVE-2007-2754 6.8
Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overf
30-10-2012 - 22:36 17-05-2007 - 18:30
CVE-2007-0245 9.3
Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF file with a crafted prtdata tag with a length parameter inconsistency, which causes vtable entries to be overwritten.
30-10-2012 - 22:27 12-06-2007 - 17:30
CVE-2005-2096 7.5
zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted
30-10-2012 - 21:48 06-07-2005 - 00:00
CVE-2009-0688 7.5
Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/sasl
22-10-2012 - 23:03 15-05-2009 - 11:30
CVE-2011-2292 2.4
Unspecified vulnerability in Oracle Solaris 9 and 11 Express allows local users to affect confidentiality and integrity via unknown vectors related to xscreensaver.
11-01-2012 - 23:03 18-10-2011 - 18:55
CVE-2011-3559 7.8
Unspecified vulnerability in Oracle Communications Server 2.0; GlassFish Enterprise Server 2.1.1, 3.0.1, and 3.1.1; and Sun Java System App Server 8.1 and 8.2 allows remote attackers to affect availability via unknown vectors related to Web Container
29-10-2011 - 23:38 18-10-2011 - 18:55
CVE-2006-3117 7.6
Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw,
17-10-2011 - 00:00 30-06-2006 - 14:05
CVE-2007-2834 9.3
Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which
11-10-2011 - 00:00 18-09-2007 - 17:17
CVE-2007-1466 6.8
Integer overflow in the WP6GeneralTextPacket::_readContents function in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary
11-10-2011 - 00:00 16-03-2007 - 17:19
CVE-2006-1729 4.3
Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file
21-09-2011 - 00:00 14-04-2006 - 06:02
CVE-2007-0045 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Exp
13-09-2011 - 00:00 03-01-2007 - 16:28
CVE-2007-1667 9.3
Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive inf
09-09-2011 - 00:00 24-03-2007 - 17:19
CVE-2007-0002 9.3
Multiple heap-based buffer overflows in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allow user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect f
09-09-2011 - 00:00 16-03-2007 - 17:19
CVE-2006-5870 9.3
Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that trig
09-09-2011 - 00:00 31-12-2006 - 00:00
CVE-2006-6498 6.8
Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to
01-09-2011 - 00:00 19-12-2006 - 20:28
CVE-2006-2198 7.6
OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user.
26-08-2011 - 00:00 30-06-2006 - 14:05
CVE-2007-0238 9.3
Stack-based buffer overflow in filter\starcalc\scflt.cxx in the StarCalc parser in OpenOffice.org (OOo) Office Suite before 2.2, and 1.x before 1.1.5 Patch, allows user-assisted remote attackers to execute arbitrary code via a document with a long No
28-07-2011 - 00:00 21-03-2007 - 15:19
CVE-2006-0884 9.3
The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript U
25-05-2011 - 00:00 24-02-2006 - 17:02
CVE-2006-0298 5.8
The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read.
25-05-2011 - 00:00 02-02-2006 - 17:02
CVE-2005-4045 7.5
Unspecified vulnerability in System Communications Services 6 Delegated Administrator 2005Q1 in Sun Java System Messaging Server 2005Q1 allows remote attackers to obtain the Top-Level Administrator (TLA) default password via unknown vectors, possibly
19-05-2011 - 00:00 07-12-2005 - 06:03
CVE-2007-4575 9.3
HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."
12-05-2011 - 00:00 05-12-2007 - 21:46
CVE-2007-1488 7.5
Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 before 20070315 allows remote attackers to "gain unauthorized access to data", possibly involving a sample application.
07-04-2011 - 00:00 16-03-2007 - 17:19
CVE-2009-0348 5.0
The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames
07-03-2011 - 22:18 29-01-2009 - 14:30
CVE-2009-0278 5.0
Sun Java System Application Server (AS) 8.1 and 8.2 allows remote attackers to read the Web Application configuration files in the (1) WEB-INF or (2) META-INF directory via a malformed request.
07-03-2011 - 22:18 26-01-2009 - 21:30
CVE-2009-0170 6.0
Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other "access to resources," by visiting the Configuration Items component in the con
07-03-2011 - 22:18 16-01-2009 - 16:30
CVE-2008-5684 5.0
Unspecified vulnerability in the X Inter Client Exchange library (aka libICE) in Sun Solaris 8 through 10 and OpenSolaris before snv_85 allows context-dependent attackers to cause a denial of service (application crash), as demonstrated by a port sca
07-03-2011 - 22:14 19-12-2008 - 12:30
CVE-2008-5423 4.3
Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Stor
07-03-2011 - 22:14 11-12-2008 - 10:30
CVE-2008-5422 7.5
Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors.
07-03-2011 - 22:14 11-12-2008 - 10:30
CVE-2008-5009 4.0
Race condition in the s_xout kernel module in Sun Solstice X.25 9.2, when running on a multiple CPU machine, allows local users to cause a denial of service (panic) via vectors involving reading the /dev/xty file.
07-03-2011 - 22:13 10-11-2008 - 10:23
CVE-2008-4226 10.0
Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.
07-03-2011 - 22:12 25-11-2008 - 18:30
CVE-2008-4225 7.8
Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document.
07-03-2011 - 22:12 25-11-2008 - 18:30
CVE-2008-3529 10.0
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
07-03-2011 - 22:10 12-09-2008 - 12:56
CVE-2008-2945 7.5
Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a cra
07-03-2011 - 22:09 30-06-2008 - 18:41
CVE-2008-2518 4.3
Cross-site scripting (XSS) vulnerability in the advanced search mechanism (webapps/search/advanced.jsp) in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecifie
07-03-2011 - 22:09 03-06-2008 - 10:32
CVE-2008-2166 4.3
Cross-site scripting (XSS) vulnerability in the search module in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unknown parameters in index.jsp.
07-03-2011 - 22:08 13-05-2008 - 16:20
CVE-2008-0006 7.5
Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the las
07-03-2011 - 22:03 18-01-2008 - 18:00
CVE-2007-6480 9.4
The Oracle database component in Sun Management Center (Sun MC) 3.6.1, 3.6, and 3.5 Update 1 has a default account, which allows remote attackers to obtain database access and execute arbitrary code.
07-03-2011 - 22:02 20-12-2007 - 15:46
CVE-2007-6429 9.3
Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by
07-03-2011 - 22:02 18-01-2008 - 18:00
CVE-2007-6427 9.3
The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.
07-03-2011 - 22:02 18-01-2008 - 18:00
CVE-2007-5958 5.0
X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists.
07-03-2011 - 22:01 18-01-2008 - 18:00
CVE-2007-5760 9.3
Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via a PassMessage request containing a large array index.
07-03-2011 - 22:01 18-01-2008 - 18:00
CVE-2007-4164 7.5
CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the u
07-03-2011 - 21:57 07-08-2007 - 06:17
CVE-2007-4070 4.9
Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun Solaris 8 through 10 before 20070725 allows local users to read arbitrary files with root group ownership via unknown vectors.
07-03-2011 - 21:57 30-07-2007 - 13:30
CVE-2007-3700 1.7
Sun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows lo
07-03-2011 - 21:56 11-07-2007 - 19:30
CVE-2007-2267 6.8
Unspecified vulnerability in Sun Cluster 3.1 and Solaris Cluster 3.2 before 20070424 allows remote authenticated users, operating from a different cluster node, to cause a denial of service (data corruption or send_mondo panic) via unspecified vector
07-03-2011 - 21:53 25-04-2007 - 16:19
CVE-2007-1794 10.0
The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: t
07-03-2011 - 21:52 02-04-2007 - 18:19
CVE-2007-1526 6.0
Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List (CRL) authorization control and access secure web server instances running under an account di
07-03-2011 - 21:52 20-03-2007 - 16:19
CVE-2007-0957 9.0
Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitr
07-03-2011 - 21:51 05-04-2007 - 21:19
CVE-2007-0956 7.6
The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.
07-03-2011 - 21:51 05-04-2007 - 21:19
CVE-2007-0482 4.6
cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 allows local users to obtain the utadmin password by reading a web server's log file, or by conducting a different, unspecified local attack.
07-03-2011 - 21:49 24-01-2007 - 19:28
CVE-2007-0239 9.3
OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document.
07-03-2011 - 21:49 21-03-2007 - 15:19
CVE-2007-0046 7.5
Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML,
07-03-2011 - 21:48 03-01-2007 - 16:28
CVE-2006-7140 5.8
The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed
07-03-2011 - 21:47 07-03-2007 - 15:19
CVE-2006-6499 4.3
The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers
07-03-2011 - 21:46 19-12-2006 - 20:28
CVE-2006-5786 7.5
Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie cookie to gsitemap.php.
07-03-2011 - 21:43 07-11-2006 - 18:07
CVE-2006-5463 7.5
Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object whi
07-03-2011 - 21:43 08-11-2006 - 17:07
CVE-2006-5449 6.5
procmail in Ingo H3 before 1.1.2 Horde module allows remote authenticated users to execute arbitrary commands via shell metacharacters in the mailbox destination of a filter rule.
07-03-2011 - 21:43 23-10-2006 - 13:07
CVE-2006-5214 1.2
Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is perf
07-03-2011 - 21:42 10-10-2006 - 00:06
CVE-2006-5201 4.0
Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (
07-03-2011 - 21:42 10-10-2006 - 00:06
CVE-2006-5170 7.5
pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the
07-03-2011 - 21:42 10-10-2006 - 00:06
CVE-2006-4573 2.6
Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences.
07-03-2011 - 21:41 24-10-2006 - 14:07
CVE-2006-4049 2.1
Unspecified vulnerability in the utxconfig utility in Sun Ray Server Software 3.x allows local users to create or overwrite arbitrary files via unknown attack vectors.
07-03-2011 - 21:40 09-08-2006 - 19:04
CVE-2006-3921 4.0
Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct request using a UTF-8 encoded URI.
07-03-2011 - 21:39 28-07-2006 - 19:04
CVE-2006-3805 7.5
The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object
07-03-2011 - 21:39 27-07-2006 - 16:04
CVE-2006-3739 7.2
Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character metrics (StartCharMetrics), which leads to a heap-
07-03-2011 - 21:39 12-09-2006 - 21:07
CVE-2006-3404 5.1
Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VE
07-03-2011 - 21:38 06-07-2006 - 16:05
CVE-2006-2930 4.6
Unspecified vulnerability in Sun Grid Engine 5.3 and Sun N1 Grid Engine 6.0, when configured in Certificate Security Protocol (CSP) Mode, allows local users to shut down the grid service or gain access, even if access is denied.
07-03-2011 - 21:37 09-06-2006 - 06:02
CVE-2006-2780 9.3
Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption.
07-03-2011 - 21:37 02-06-2006 - 15:02
CVE-2006-2614 4.6
Sun N1 System Manager 1.1 for Solaris 10 before patch 121161-01 records system passwords in the world-readable scripts (1) /cr/hd_jobs_db.sh, (2) /cr/hd_plan_checkin.sh, and (3) /cr/oracle_plan_checkin.sh, which allows local users to obtain System Ma
07-03-2011 - 21:36 25-05-2006 - 21:06
CVE-2006-1790 10.0
A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.
07-03-2011 - 21:34 14-04-2006 - 15:02
CVE-2006-1742 5.0
The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remot
07-03-2011 - 21:33 14-04-2006 - 06:02
CVE-2006-1741 4.3
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new p
07-03-2011 - 21:33 14-04-2006 - 06:02
CVE-2006-1740 2.6
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing
07-03-2011 - 21:33 14-04-2006 - 06:02
CVE-2006-1738 5.0
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (
07-03-2011 - 21:33 14-04-2006 - 14:02
CVE-2006-1737 9.3
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via
07-03-2011 - 21:33 14-04-2006 - 14:02
CVE-2006-1736 2.6
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image li
07-03-2011 - 21:33 14-04-2006 - 06:02
CVE-2006-1735 9.3
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javas
07-03-2011 - 21:33 14-04-2006 - 06:02
CVE-2006-1734 6.8
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal func
07-03-2011 - 21:33 14-04-2006 - 06:02
CVE-2006-1733 6.8
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute
07-03-2011 - 21:33 14-04-2006 - 06:02
CVE-2006-1731 4.3
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are calle
07-03-2011 - 21:33 14-04-2006 - 06:02
CVE-2006-1727 7.6
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to t
07-03-2011 - 21:33 14-04-2006 - 06:02
CVE-2006-1726 9.3
Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox'
07-03-2011 - 21:33 14-04-2006 - 06:02
CVE-2006-1724 7.5
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via atta
07-03-2011 - 21:33 14-04-2006 - 06:02
CVE-2006-1531 7.5
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due
07-03-2011 - 21:33 14-04-2006 - 06:02
CVE-2006-1530 7.5
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due
07-03-2011 - 21:33 14-04-2006 - 06:02
CVE-2006-1529 7.5
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due
07-03-2011 - 21:33 14-04-2006 - 06:02
CVE-2006-1506 7.2
Unspecified vulnerability in rsh in Sun Microsystems Sun Grid Engine 5.3 before 20060327 and N1 Grid Engine 6.0 before 20060327 allows local users to gain root privileges.
07-03-2011 - 21:33 29-03-2006 - 20:06
CVE-2006-0748 9.3
Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via "an invalid and non-sensical ordering of table-related tags" that
07-03-2011 - 21:30 14-04-2006 - 06:02
CVE-2006-0408 7.2
rsh utility in Sun Grid Engine (SGE) before 6.0u7_1 allows local users to gain privileges and execute arbitrary code via unspecified vectors, possibly involving command line arguments.
07-03-2011 - 21:30 24-01-2006 - 21:03
CVE-2006-0299 6.4
The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange info
07-03-2011 - 21:29 02-02-2006 - 18:06
CVE-2006-0297 5.1
Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSu
07-03-2011 - 21:29 02-02-2006 - 17:02
CVE-2006-0296 5.0
The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf fil
07-03-2011 - 21:29 02-02-2006 - 15:06
CVE-2006-0295 5.1
Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory
07-03-2011 - 21:29 02-02-2006 - 15:06
CVE-2006-0294 7.5
Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to o
07-03-2011 - 21:29 02-02-2006 - 15:06
CVE-2006-0293 7.5
The function allocation code (js_NewFunction in jsfun.c) in Firefox 1.5 allows attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that opera
07-03-2011 - 21:29 02-02-2006 - 15:06
CVE-2006-0292 7.5
The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garb
07-03-2011 - 21:29 02-02-2006 - 15:06
CVE-2005-3472 5.0
Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files.
07-03-2011 - 21:26 02-11-2005 - 21:02
CVE-2005-2022 4.3
Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch 1 and Sun ONE Messaging Server 6.2 allows remote attackers to execute arbitrary Javascript, possibly due to a cross-site scripting (XSS) vulnerability.
07-03-2011 - 21:23 17-06-2005 - 00:00
CVE-2005-0664 2.6
Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly validate the structure of the EXIF tags, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a JPEG image with a
07-03-2011 - 21:20 02-05-2005 - 00:00
CVE-2007-6352 6.8
Integer overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags, possibly involving the exif_data_load_data_thumbnail function in exif-data.c.
07-03-2011 - 00:00 19-12-2007 - 21:46
CVE-2006-5857 9.3
Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering.
07-03-2011 - 00:00 31-12-2006 - 00:00
CVE-2006-3941 7.5
Unspecified vulnerability in the daemons for Sun N1 Grid Engine 5.3 and N1 Grid Engine 6.0 allows local users to cause a denial of service (grid service shutdown) and possibly execute arbitrary code using buffer overflows via unknown vectors that cau
07-03-2011 - 00:00 31-07-2006 - 19:04
CVE-2006-2779 9.3
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented
07-03-2011 - 00:00 02-06-2006 - 15:02
CVE-2006-1739 9.3
The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary
07-03-2011 - 00:00 14-04-2006 - 06:02
CVE-2006-1730 9.3
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing prop
07-03-2011 - 00:00 14-04-2006 - 06:02
CVE-2006-0749 9.3
nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via
07-03-2011 - 00:00 14-04-2006 - 06:02
CVE-2009-2285 4.3
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.
24-08-2010 - 01:37 01-07-2009 - 09:00
CVE-2009-2711 4.9
XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and X11 6.4.1 for Solaris 8, when the Xorg or Xnewt server is used, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed
21-08-2010 - 01:34 07-08-2009 - 15:00
CVE-2004-2758 7.5
Multiple unspecified vulnerabilities in the H.323 protocol implementation for Sun SunForum 3.2 and 3D 1.0 allow remote attackers to cause a denial of service (segmentation fault and process crash), as demonstrated by the NISCC/OUSPG PROTOS test suite
29-05-2010 - 00:27 31-12-2004 - 00:00
CVE-2009-2268 2.6
Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
25-05-2010 - 01:45 01-07-2009 - 09:00
CVE-2003-1576 10.0
Buffer overflow in pamverifier in Change Manager (CM) 1.0 for Sun Management Center (SunMC) 3.0 on Solaris 8 and 9 on the sparc platform allows remote attackers to execute arbitrary code via unspecified vectors.
31-01-2010 - 00:00 28-01-2010 - 15:30
CVE-2005-4884 6.8
Unspecified vulnerability in the Oracle OLAP component in Oracle Database Server 10.1.0.4 (10g) allows remote authenticated attackers to affect availability via unknown vectors, aka DB02.
26-01-2010 - 00:00 25-01-2010 - 16:30
CVE-2009-2712 2.1
Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files.
15-08-2009 - 01:23 07-08-2009 - 15:00
CVE-2009-1276 2.1
XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is lo
11-08-2009 - 00:00 09-04-2009 - 11:08
CVE-2009-1934 4.3
Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error.
15-07-2009 - 01:41 05-06-2009 - 12:00
CVE-2005-0358 7.5
EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token.
10-09-2008 - 15:35 23-08-2005 - 00:00
CVE-2006-5215 2.6
The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a sy
05-09-2008 - 17:11 10-10-2006 - 00:06
CVE-2006-4248 7.2
thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file.
05-09-2008 - 17:09 31-10-2006 - 14:07
CVE-2005-3099 4.6
Unspecified vulnerability in the (1) Xsun and (2) Xprt commands in Solaris 7, 8, 9, and 10 allows local users to execute arbitrary code.
05-09-2008 - 16:53 28-09-2005 - 19:03
CVE-2005-2715 10.0
Format string vulnerability in the Java user interface service (bpjava-msvc) daemon for VERITAS NetBackup Data and Business Center 4.5FP and 4.5MP, and NetBackup Enterprise/Server/Client 5.0, 5.1, and 6.0, allows remote attackers to execute arbitrary
05-09-2008 - 16:52 12-10-2005 - 18:02
CVE-2005-0359 6.4
The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of se
05-09-2008 - 16:46 23-08-2005 - 00:00
CVE-2005-0357 7.5
EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privilege
05-09-2008 - 16:46 23-08-2005 - 00:00
CVE-2002-2374 10.0
Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown impact and attack vectors related to "unsafe use of temporary files."
05-09-2008 - 16:33 31-12-2002 - 00:00
CVE-2004-1366 4.6
Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges.
05-09-2008 - 00:00 04-08-2004 - 00:00
Back to Top Mark selected
Back to Top