Max CVSS 10.0 Min CVSS 2.6 Total Count88
IDCVSSSummaryLast (major) updatePublished
CVE-2008-1232 4.3
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to
15-03-2017 - 21:59 03-08-2008 - 21:41
CVE-2007-5461 3.5
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write reque
24-10-2016 - 14:30 15-10-2007 - 14:17
CVE-2006-4339 4.3
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key
17-10-2016 - 23:40 05-09-2006 - 13:04
CVE-2006-2940 7.8
OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates tha
17-10-2016 - 23:40 28-09-2006 - 14:07
CVE-2006-2937 7.8
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.
17-10-2016 - 23:40 28-09-2006 - 14:07
CVE-2005-3964 7.5
Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, and possibly other versions, allows attackers to execute arbitrary code via the (1) diag_issue_diagnostic function in UilDiags.c and (2) open_source_file function in UilSrcSrc.c.
17-10-2016 - 23:38 02-12-2005 - 06:03
CVE-2004-0885 7.5
The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host config
17-10-2016 - 22:49 03-11-2004 - 00:00
CVE-2004-0688 7.5
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a
17-10-2016 - 22:47 20-10-2004 - 00:00
CVE-2004-0687 7.5
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
17-10-2016 - 22:47 20-10-2004 - 00:00
CVE-2009-0783 4.6
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3)
22-08-2016 - 21:59 05-06-2009 - 12:00
CVE-2009-0580 4.3
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, rel
22-08-2016 - 21:59 05-06-2009 - 12:00
CVE-2009-0033 5.0
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with i
22-08-2016 - 21:59 05-06-2009 - 12:00
CVE-2008-5515 5.0
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to b
22-08-2016 - 21:59 16-06-2009 - 17:00
CVE-2008-5360 6.4
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allow
22-08-2016 - 21:59 05-12-2008 - 06:30
CVE-2008-5359 9.3
Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbit
22-08-2016 - 21:59 05-12-2008 - 06:30
CVE-2008-5357 9.3
Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbi
22-08-2016 - 21:59 05-12-2008 - 06:30
CVE-2008-5356 9.3
Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted
22-08-2016 - 21:59 05-12-2008 - 06:30
CVE-2008-5354 9.3
Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applicat
22-08-2016 - 21:59 05-12-2008 - 06:30
CVE-2008-5353 10.0
The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows rem
22-08-2016 - 21:59 05-12-2008 - 06:30
CVE-2008-5351 7.5
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to b
22-08-2016 - 21:59 05-12-2008 - 06:30
CVE-2008-5350 5.0
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applications and applets to list the contents of the
22-08-2016 - 21:59 05-12-2008 - 06:30
CVE-2008-5348 7.1
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause
22-08-2016 - 21:59 05-12-2008 - 06:30
CVE-2008-5345 7.5
Unspecified vulnerability in Java Runtime Environment (JRE) with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier allows code that is loaded from a
22-08-2016 - 21:59 05-12-2008 - 06:30
CVE-2007-1858 2.6
The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information o
22-08-2016 - 21:59 09-05-2007 - 20:19
CVE-2008-2370 5.0
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traver
15-03-2014 - 23:29 03-08-2008 - 21:41
CVE-2008-1947 4.3
Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
15-03-2014 - 23:29 04-06-2008 - 15:32
CVE-2007-5333 5.0
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as se
15-03-2014 - 23:16 11-02-2008 - 20:00
CVE-2007-5000 4.3
Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inje
28-08-2013 - 01:38 13-12-2007 - 13:46
CVE-2007-1355 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attacker
24-08-2013 - 01:25 21-05-2007 - 16:30
CVE-2006-3738 10.0
Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.
23-08-2013 - 01:21 28-09-2006 - 14:07
CVE-2006-4343 4.3
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer derefer
29-07-2013 - 11:07 28-09-2006 - 14:07
CVE-2007-1358 2.6
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform
22-07-2013 - 01:18 09-05-2007 - 20:19
CVE-2008-5346 7.1
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 or earlier allows untrusted applets and applications to read arbitrary memory via a
21-07-2013 - 02:42 05-12-2008 - 06:30
CVE-2007-6388 4.3
Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or H
17-07-2013 - 11:33 08-01-2008 - 13:46
CVE-2006-5752 4.3
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML vi
17-07-2013 - 11:01 27-06-2007 - 13:30
CVE-2007-2435 10.0
Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Us
05-11-2012 - 22:38 02-05-2007 - 06:19
CVE-2007-2052 5.0
Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown m
05-11-2012 - 22:36 16-04-2007 - 18:19
CVE-2007-1349 4.3
PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted U
05-11-2012 - 22:34 29-03-2007 - 20:19
CVE-2007-3304 4.7
Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the m
30-10-2012 - 22:38 20-06-2007 - 18:30
CVE-2007-2449 4.3
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote att
30-10-2012 - 22:34 14-06-2007 - 19:30
CVE-2005-2096 7.5
zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted
30-10-2012 - 21:48 06-07-2005 - 00:00
CVE-2008-3114 5.0
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an u
29-10-2012 - 23:13 09-07-2008 - 19:41
CVE-2008-3113 10.0
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077.
29-10-2012 - 23:13 09-07-2008 - 19:41
CVE-2008-3112 10.0
Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the Ca
29-10-2012 - 23:13 09-07-2008 - 19:41
CVE-2008-3111 10.0
Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrat
29-10-2012 - 23:13 09-07-2008 - 19:41
CVE-2008-3104 6.8
Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate
29-10-2012 - 23:13 09-07-2008 - 19:41
CVE-2009-4538 10.0
drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a r
19-03-2012 - 00:00 12-01-2010 - 12:30
CVE-2009-4537 7.8
drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via
19-03-2012 - 00:00 12-01-2010 - 12:30
CVE-2009-4536 7.8
drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypas
19-03-2012 - 00:00 12-01-2010 - 12:30
CVE-2007-4567 7.8
The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic)
19-03-2012 - 00:00 20-12-2007 - 19:46
CVE-2007-1860 5.0
mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly in
21-09-2011 - 00:00 25-05-2007 - 14:30
CVE-2006-1329 5.0
The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service ("c2s segfault") by sending a "response stanza before an auth stanza".
16-06-2011 - 00:00 20-03-2006 - 20:06
CVE-2007-3385 4.3
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remot
20-04-2011 - 21:55 14-08-2007 - 18:17
CVE-2008-5352 9.3
Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and a
07-03-2011 - 22:14 05-12-2008 - 06:30
CVE-2008-5349 7.1
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key.
07-03-2011 - 22:14 05-12-2008 - 06:30
CVE-2008-3271 4.3
Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an insta
07-03-2011 - 22:10 13-10-2008 - 16:00
CVE-2008-3107 10.0
Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via
07-03-2011 - 22:10 09-07-2008 - 19:41
CVE-2008-3103 9.3
Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote
07-03-2011 - 22:10 09-07-2008 - 19:41
CVE-2008-2938 4.3
Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequence
07-03-2011 - 22:09 12-08-2008 - 20:41
CVE-2008-0128 5.0
The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it e
07-03-2011 - 22:03 22-01-2008 - 21:00
CVE-2007-4965 5.8
Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) t
07-03-2011 - 21:59 18-09-2007 - 18:17
CVE-2007-4465 4.3
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using t
07-03-2011 - 21:58 13-09-2007 - 20:17
CVE-2007-3382 4.3
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attacker
07-03-2011 - 21:56 14-08-2007 - 18:17
CVE-2007-2450 3.5
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote
07-03-2011 - 21:54 14-06-2007 - 19:30
CVE-2007-0450 5.0
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence
07-03-2011 - 21:49 16-03-2007 - 18:19
CVE-2007-0243 6.8
Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which
07-03-2011 - 21:49 17-01-2007 - 17:28
CVE-2006-7196 4.3
Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via
07-03-2011 - 21:48 09-05-2007 - 20:19
CVE-2006-7195 4.3
Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
07-03-2011 - 21:48 09-05-2007 - 20:19
CVE-2006-4980 7.5
Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts.
07-03-2011 - 21:42 10-10-2006 - 00:06
CVE-2006-3835 5.0
Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.
07-03-2011 - 21:39 25-07-2006 - 09:22
CVE-2006-0254 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is vi
07-03-2011 - 21:29 17-01-2006 - 20:51
CVE-2005-3510 5.0
Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
07-03-2011 - 21:26 06-11-2005 - 06:02
CVE-2005-2969 5.0
The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allow
07-03-2011 - 21:25 18-10-2005 - 17:02
CVE-2005-2090 4.3
Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header
07-03-2011 - 21:23 05-07-2005 - 00:00
CVE-2005-1849 5.0
inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.
07-03-2011 - 21:22 26-07-2005 - 00:00
CVE-2007-2789 4.3
The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.
07-03-2011 - 00:00 21-05-2007 - 20:30
CVE-2007-2788 6.8
Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2
07-03-2011 - 00:00 21-05-2007 - 20:30
CVE-2005-0605 7.5
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
21-08-2010 - 00:26 02-03-2005 - 00:00
CVE-2004-0914 10.0
Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) m
21-08-2010 - 00:00 10-01-2005 - 00:00
CVE-2008-5519 2.6
The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client t
04-05-2010 - 01:36 09-04-2009 - 11:08
CVE-2006-1542 3.7
Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory tha
23-01-2009 - 00:53 30-03-2006 - 06:02
CVE-2007-6306 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coord
15-11-2008 - 02:04 11-12-2007 - 16:46
CVE-2007-5961 4.3
Cross-site scripting (XSS) vulnerability in the Red Hat Network channel search feature, as used in RHN and Red Hat Network Satellite before 5.0.2, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
15-11-2008 - 02:02 23-05-2008 - 11:32
CVE-2007-4132 6.5
Unspecified vulnerability in Red Hat Network Satellite Server 5.0.0 allows remote authenticated users to execute arbitrary code via unknown vectors in a "back-end XMLRPC handler."
15-11-2008 - 01:55 30-08-2007 - 18:17
CVE-2008-2369 6.4
manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.
10-09-2008 - 21:10 14-08-2008 - 16:41
CVE-2006-0898 2.6
Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.
10-09-2008 - 16:03 25-02-2006 - 06:02
CVE-2006-7197 7.8
The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
05-09-2008 - 17:16 25-04-2007 - 16:19
CVE-2005-4838 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx
05-09-2008 - 16:57 31-12-2005 - 00:00
Back to Top Mark selected
Back to Top