Max CVSS 10.0 Min CVSS 1.2 Total Count687
IDCVSSSummaryLast (major) updatePublished
CVE-2017-9805 6.8
The REST Plugin in Apache Struts 2.1.2 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing X
15-09-2017 - 15:29 15-09-2017 - 15:29
CVE-2015-2857 7.5
Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter.
22-08-2017 - 11:29 22-08-2017 - 11:29
CVE-2017-7494 10.0
Samba since version 3.5.0 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
30-05-2017 - 14:29 30-05-2017 - 14:29
CVE-2017-1092 10.0
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.
22-05-2017 - 16:29 22-05-2017 - 16:29
CVE-2017-5638 10.0
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a
09-05-2017 - 21:29 10-03-2017 - 21:59
CVE-2007-2120 7.8
The Oracle Discoverer servlet in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to shut down an Oracle TNS Listener via a TNS STOP command in a request that uses the database/TNS alias, aka AS01.
28-04-2017 - 21:59 18-04-2007 - 14:19
CVE-2015-4852 7.5
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_comm
24-04-2017 - 21:59 18-11-2015 - 10:59
CVE-2017-0144 9.3
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2017-0143 9.3
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2016-8025 6.0
SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter.
16-03-2017 - 11:19 14-03-2017 - 18:59
CVE-2016-8024 6.8
Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofi
15-03-2017 - 21:59 14-03-2017 - 18:59
CVE-2016-8023 6.8
Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie.
15-03-2017 - 21:59 14-03-2017 - 18:59
CVE-2016-8022 5.1
Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a denial of service via a crafted authentication cookie.
15-03-2017 - 21:59 14-03-2017 - 18:59
CVE-2016-8021 3.5
Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and execute arbitrary code via a crafted input file.
15-03-2017 - 21:59 14-03-2017 - 18:59
CVE-2016-8020 6.0
Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter.
15-03-2017 - 21:59 14-03-2017 - 18:59
CVE-2016-8019 4.3
Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input.
15-03-2017 - 21:59 14-03-2017 - 18:59
CVE-2016-8018 6.0
Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a crafted user input.
15-03-2017 - 21:59 14-03-2017 - 18:59
CVE-2016-8017 4.0
Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user input.
15-03-2017 - 21:59 14-03-2017 - 18:59
CVE-2016-8016 3.5
Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a URL parameter.
15-03-2017 - 21:59 14-03-2017 - 18:59
CVE-2017-6187 7.5
Buffer overflow in the built-in web server in DiskSavvy Enterprise 9.4.18 allows remote attackers to execute arbitrary code via a long URI in a GET request.
01-03-2017 - 21:59 22-02-2017 - 18:59
CVE-2014-1903 7.5
admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execut
23-02-2017 - 21:59 18-02-2014 - 06:55
CVE-2008-2286 7.5
SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet.
19-02-2017 - 00:22 18-05-2008 - 10:20
CVE-2005-3526 6.5
Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command.
19-02-2017 - 00:09 31-12-2005 - 00:00
CVE-2016-10033 7.5
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
25-01-2017 - 21:59 30-12-2016 - 14:59
CVE-2014-6271 10.0
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceComman
06-01-2017 - 22:00 24-09-2014 - 14:48
CVE-2014-2623 10.0
Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.
06-01-2017 - 21:59 17-07-2014 - 20:55
CVE-2016-10074 7.5
The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mai
03-01-2017 - 13:56 30-12-2016 - 14:59
CVE-2015-3306 10.0
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
02-01-2017 - 22:00 18-05-2015 - 11:59
CVE-2014-6278 10.0
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the Force
02-01-2017 - 21:59 30-09-2014 - 06:55
CVE-2013-4730 10.0
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command.
30-12-2016 - 21:59 15-05-2014 - 10:55
CVE-2006-1255 10.0
Stack-based buffer overflow in the IMAP service in Mercur Messaging 5.0 SP3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string to the (1) LOGIN or (2) SELECT comm
19-12-2016 - 21:59 18-03-2006 - 20:02
CVE-2013-2251 9.3
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
07-12-2016 - 22:03 19-07-2013 - 23:37
CVE-2013-0156 7.5
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection
07-12-2016 - 22:02 13-01-2013 - 17:55
CVE-2015-8562 7.5
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
07-12-2016 - 13:28 16-12-2015 - 16:59
CVE-2011-3478 10.0
The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to exec
06-12-2016 - 22:00 25-01-2012 - 10:55
CVE-2016-0752 5.0
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unre
05-12-2016 - 22:05 15-02-2016 - 21:59
CVE-2016-2004 9.3
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE
02-12-2016 - 22:24 21-04-2016 - 07:00
CVE-2011-4722 7.8
Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename field of an RRQ operation.
02-12-2016 - 21:59 27-12-2014 - 21:59
CVE-2016-3081 9.3
Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
30-11-2016 - 22:09 26-04-2016 - 10:59
CVE-2016-5680 9.0
Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.
28-11-2016 - 15:28 31-08-2016 - 11:59
CVE-2016-5679 9.0
cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.
28-11-2016 - 15:28 31-08-2016 - 11:59
CVE-2016-5678 10.0
NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors.
28-11-2016 - 15:28 31-08-2016 - 11:59
CVE-2016-5677 5.0
NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information v
28-11-2016 - 15:28 31-08-2016 - 11:59
CVE-2016-5676 5.0
cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action.
28-11-2016 - 15:28 31-08-2016 - 11:59
CVE-2016-5675 10.0
handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the N
28-11-2016 - 15:28 31-08-2016 - 11:59
CVE-2016-5674 10.0
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.
28-11-2016 - 15:28 31-08-2016 - 11:59
CVE-2015-7450 10.0
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerT
28-11-2016 - 14:43 02-01-2016 - 16:59
CVE-2010-5324 10.0
Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a zenworks-fileupload request with a crafted
28-11-2016 - 14:07 07-06-2015 - 19:59
CVE-2009-1978 9.0
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the
28-11-2016 - 14:07 14-07-2009 - 19:30
CVE-2006-4902 10.0
The NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 does not properly check for chained commands, which allows remote attackers to execute arbitrary commands by appending m
28-11-2016 - 14:06 14-12-2006 - 15:28
CVE-2008-5441 5.0
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2008-5442 and CVE-2008-5443.
22-11-2016 - 11:16 13-01-2009 - 20:30
CVE-2008-5442 5.0
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2008-5441 and CVE-2008-5443.
22-11-2016 - 11:15 13-01-2009 - 20:30
CVE-2008-5443 5.0
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2008-5441 and CVE-2008-5442.
22-11-2016 - 11:15 13-01-2009 - 21:30
CVE-2008-5444 10.0
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2008-5448 and CVE-
22-11-2016 - 11:14 13-01-2009 - 20:30
CVE-2008-5448 10.0
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2008-5444 and CVE-
22-11-2016 - 11:13 13-01-2009 - 20:30
CVE-2008-5449 10.0
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2008-5444 and CVE-
22-11-2016 - 11:13 13-01-2009 - 20:30
CVE-2006-2407 7.5
Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange
17-10-2016 - 23:39 16-05-2006 - 06:02
CVE-2005-3684 7.5
Multiple buffer overflows in freeFTPd 1.0.8, without logging enabled, allow remote authenticated attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via long (1) MKD and (2) DELE commands.
17-10-2016 - 23:36 18-11-2005 - 20:03
CVE-2005-3683 7.5
Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging enabled, allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a long USER command.
17-10-2016 - 23:36 18-11-2005 - 20:03
CVE-2005-2877 7.5
The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers.
17-10-2016 - 23:31 16-09-2005 - 16:03
CVE-2005-2773 7.5
HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.
17-10-2016 - 23:30 02-09-2005 - 19:03
CVE-2005-2297 4.6
Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 through 5.2 allows remote authenticated users to execute arbitrary code via a large javascript parameter.
17-10-2016 - 23:26 19-07-2005 - 00:00
CVE-2005-2278 7.2
Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name.
17-10-2016 - 23:25 18-07-2005 - 00:00
CVE-2005-2086 7.5
PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code.
17-10-2016 - 23:24 05-07-2005 - 00:00
CVE-2005-2041 5.0
Buffer overflow in addschup in HAURI ViRobot 2.0, and possibly other products, allows remote attackers to execute arbitrary code via a long ViRobot_ID cookie (HTTP_COOKIE).
17-10-2016 - 23:24 15-06-2005 - 00:00
CVE-2005-1543 7.5
Multiple stack-based and heap-based buffer overflows in Remote Management authentication (zenrem32.exe) on Novell ZENworks 6.5 Desktop and Server Management, ZENworks for Desktops 4.x, ZENworks for Servers 3.x, and Remote Management allows remote att
17-10-2016 - 23:20 25-05-2005 - 00:00
CVE-2005-1471 7.5
Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 allows remote attackers to execute arbitrary code via crafted chunked-encoding data.
17-10-2016 - 23:19 06-05-2005 - 00:00
CVE-2005-1348 7.5
Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to execute arbitrary code via a long HTTP Authorization header.
17-10-2016 - 23:18 02-05-2005 - 00:00
CVE-2005-1018 7.5
Buffer overflow in the UniversalAgent for Computer Associates (CA) BrightStor ARCserve Backup allows remote authenticated users to cause a denial of service or execute arbitrary code via an agent request to TCP port 6050 with a large argument before
17-10-2016 - 23:16 02-05-2005 - 00:00
CVE-2005-0873 4.3
Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in Oracle Reports Server 10g (9.0.4.3.3) allow remote attackers to inject arbitrary web script or HTML via the (1) desname or (2) repprod parameter.
17-10-2016 - 23:15 02-05-2005 - 00:00
CVE-2005-0582 10.0
Buffer overflow in Computer Associates (CA) License Client 0.1.0.15 allows remote attackers to execute arbitrary code via a long filename in a PUTOLF request.
17-10-2016 - 23:12 02-05-2005 - 00:00
CVE-2005-0581 4.6
Multiple buffer overflows in Computer Associates (CA) License Client and Server 0.1.0.15 allow remote attackers to execute arbitrary code via (1) certain long fields in the Checksum item in a GCR request, (2) a long IP address, hostname, or netmask v
17-10-2016 - 23:12 02-05-2005 - 00:00
CVE-2005-0560 7.5
Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port
17-10-2016 - 23:12 02-05-2005 - 00:00
CVE-2005-0491 10.0
Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x allows remote attackers to execute arbitrary code via a long type 77 request.
17-10-2016 - 23:12 02-05-2005 - 00:00
CVE-2004-2111 8.5
Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename.
17-10-2016 - 23:06 31-12-2004 - 00:00
CVE-2004-1868 7.5
Stack-based buffer overflow in WinSig.exe in eSignal 7.5 and 7.6 allows remote attackers to execute arbitrary code via a long STREAMQUOTE tag.
17-10-2016 - 23:02 25-03-2004 - 00:00
CVE-2004-1520 4.6
Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote authenticated users to execute arbitrary code via a long IMAP DELETE command.
17-10-2016 - 22:55 31-12-2004 - 00:00
CVE-2004-1478 7.5
JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session.
17-10-2016 - 22:54 31-12-2004 - 00:00
CVE-2004-1477 4.3
Cross-site scripting (XSS) vulnerability in the Management Console in JRun 4.0 allows remote attackers to execute arbitrary web script or HTML and possibly hijack a user's session.
17-10-2016 - 22:54 31-12-2004 - 00:00
CVE-2004-1373 7.5
Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via format string specifiers in a content URL, as demonstrated in the filename portion of a .mp3 file.
17-10-2016 - 22:53 23-12-2004 - 00:00
CVE-2004-1371 9.0
Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure.
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1370 7.5
Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.S
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1369 5.0
The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory.
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1368 7.8
ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script.
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1365 4.6
Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user.
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1364 8.5
Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory.
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1363 7.2
Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1362 7.5
The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedu
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1211 10.0
Multiple buffer overflows in the IMAP service in Mercury/32 4.01a allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via long arguments to the (1) EXAMINE, (2) SUBSCRIBE, (3) STATUS,
17-10-2016 - 22:52 10-01-2005 - 00:00
CVE-2004-1135 5.0
Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR commands.
17-10-2016 - 22:51 10-01-2005 - 00:00
CVE-2004-1080 10.0
The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS re
17-10-2016 - 22:51 10-01-2005 - 00:00
CVE-2004-1037 10.0
The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string.
17-10-2016 - 22:50 01-03-2005 - 00:00
CVE-2004-0928 5.0
The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".
17-10-2016 - 22:49 05-10-2004 - 00:00
CVE-2004-0330 10.0
Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command.
17-10-2016 - 22:44 23-11-2004 - 00:00
CVE-2004-0206 7.5
Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or appl
17-10-2016 - 22:41 03-11-2004 - 00:00
CVE-2003-1200 7.5
Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 through 6.8.5 allows remote attackers to execute arbitrary code via a long From parameter to Form2Raw.cgi.
17-10-2016 - 22:39 29-12-2003 - 00:00
CVE-2003-0822 7.5
Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
17-10-2016 - 22:37 15-12-2003 - 00:00
CVE-2003-0722 10.0
The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.
17-10-2016 - 22:36 22-09-2003 - 00:00
CVE-2003-0533 7.5
Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and
17-10-2016 - 22:35 01-06-2004 - 00:00
CVE-2003-0352 7.5
Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
17-10-2016 - 22:32 18-08-2003 - 00:00
CVE-2003-0201 10.0
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.
17-10-2016 - 22:30 05-05-2003 - 00:00
CVE-2003-0109 7.5
Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
17-10-2016 - 22:29 31-03-2003 - 00:00
CVE-2002-1123 7.5
Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
17-10-2016 - 22:23 24-09-2002 - 00:00
CVE-2002-0649 7.5
Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04
17-10-2016 - 22:21 12-08-2002 - 00:00
CVE-2002-0364 7.5
Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise."
17-10-2016 - 22:19 03-07-2002 - 00:00
CVE-2002-0079 7.5
Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.
17-10-2016 - 22:15 22-04-2002 - 00:00
CVE-2001-0797 10.0
Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.
17-10-2016 - 22:11 12-12-2001 - 00:00
CVE-2001-0333 7.5
Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.
17-10-2016 - 22:10 27-06-2001 - 00:00
CVE-2001-0241 10.0
Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0.
17-10-2016 - 22:10 27-06-2001 - 00:00
CVE-2001-0236 10.0
Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows remote attackers to execute arbitrary commands via a long "indication" event.
17-10-2016 - 22:10 03-05-2001 - 00:00
CVE-2013-2347 10.0
The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary commands or cause a denial of service via a crafted EXEC_BAR packet to TCP port 5555, aka ZDI-CAN-1885.
21-09-2016 - 09:46 03-01-2014 - 23:51
CVE-2012-3261 10.0
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1463.
06-09-2016 - 09:37 25-09-2012 - 07:07
CVE-2014-10021 7.5
Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to t
06-09-2016 - 09:10 13-01-2015 - 06:59
CVE-2012-5201 10.0
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1611.
24-08-2016 - 09:34 09-03-2013 - 06:55
CVE-2011-0924 10.0
The client in HP Data Protector does not verify the contents of files associated with the EXEC_CMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omni_chk_ds.
22-08-2016 - 22:03 08-02-2011 - 20:00
CVE-2011-0923 10.0
The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."
22-08-2016 - 22:03 08-02-2011 - 20:00
CVE-2011-0922 10.0
The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname.
22-08-2016 - 22:03 08-02-2011 - 20:00
CVE-2011-0921 10.0
crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by sending unspecified data over
22-08-2016 - 22:03 08-02-2011 - 20:00
CVE-2009-3548 7.5
The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
22-08-2016 - 21:59 12-11-2009 - 18:30
CVE-2013-0929 7.6
Format string vulnerability in the _vsnsprintf function in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary code via format string specifiers in a command.
18-08-2016 - 10:52 21-01-2013 - 16:55
CVE-2016-1909 10.0
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase f
15-07-2016 - 11:42 15-01-2016 - 15:59
CVE-2016-0792 9.0
Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.
14-07-2016 - 16:42 07-04-2016 - 19:59
CVE-2014-9583 10.0
common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass au
30-06-2016 - 13:54 08-01-2015 - 15:59
CVE-2013-4810 10.0
HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServ
29-06-2016 - 10:12 16-09-2013 - 09:01
CVE-2007-2110 4.4
Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB03 occ
15-06-2016 - 12:33 18-04-2007 - 14:19
CVE-2006-5337 9.0
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 has unknown impact and remote authenticated attack vectors, aka Vuln# DB09.
31-05-2016 - 10:35 17-10-2006 - 21:07
CVE-2009-0228 10.0
Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a crafted ShareName in a response to an RPC req
18-05-2016 - 14:32 10-06-2009 - 14:00
CVE-2006-5333 7.1
Unspecified vulnerability in Oracle Spatial component in Oracle Database 10.2.0.2 has unknown impact and remote authenticated attack vectors related to "create session" privileges, aka Vuln# DB02. NOTE: as of 20061023, Oracle has not disputed report
18-05-2016 - 14:15 17-10-2006 - 21:07
CVE-2005-3463 10.0
Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.44 up to 8.46.03 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE03.
11-05-2016 - 14:14 02-11-2005 - 06:03
CVE-2007-2117 6.8
Unspecified vulnerability in the Oracle Text component in Oracle Database 9.0.1.5+ and 9.2.0.5 has unknown impact and attack vectors, aka DB12. NOTE: as of 20070424, Oracle has not disputed reliable claims that this involves a buffer overflow in the
29-04-2016 - 21:59 18-04-2007 - 14:19
CVE-2007-2116 9.0
Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors, aka DB10. NOTE: as of 20070424, Oracle has not disputed claims that these are buffer overflows
29-04-2016 - 21:59 18-04-2007 - 14:19
CVE-2006-5341 9.0
Multiple unspecified vulnerabilities in XMLDB component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.2 have unknown impact and remote authenticated attack vectors, aka (1) Vuln# DB14 and (2) DB15 related to xdb.dbms_xdbz. NOTE: as of 20061023, O
29-04-2016 - 21:59 17-10-2006 - 21:07
CVE-2006-5340 7.1
Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to (1) mdsys.sdo_lrs, aka Vuln# DB13, and (2) Vu
29-04-2016 - 21:59 17-10-2006 - 21:07
CVE-2006-5338 9.0
Unspecified vulnerability in the Core RDBMS component in Oracle Database 10.1.0.5 has unknown impact and remote authenticated attack vectors related to sys.dbms_sqltune, aka Vuln# DB10. NOTE: as of 20061023, Oracle has not disputed reports from reli
29-04-2016 - 21:59 17-10-2006 - 21:07
CVE-2005-3461 10.0
Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.42 up to 8.45.17 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE01.
29-04-2016 - 21:59 02-11-2005 - 06:03
CVE-2013-6194 10.0
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905.
06-04-2016 - 08:37 03-01-2014 - 23:51
CVE-2016-2278 9.0
Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh (aka Minimal Shell) protection mechanism
04-03-2016 - 12:25 02-03-2016 - 06:59
CVE-2015-7808 7.5
The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/h
25-11-2015 - 15:23 24-11-2015 - 15:59
CVE-2015-1497 10.0
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465.
19-11-2015 - 12:04 16-02-2015 - 10:59
CVE-2013-0928 9.3
The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation.
13-10-2015 - 12:33 21-01-2013 - 16:55
CVE-2014-4158 7.5
Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a GET request.
02-09-2015 - 13:03 13-06-2014 - 10:55
CVE-2015-1486 7.5
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session.
03-08-2015 - 14:22 31-07-2015 - 21:59
CVE-2013-5015 6.5
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows r
30-07-2015 - 10:50 14-02-2014 - 08:10
CVE-2008-3466 10.0
Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or
14-07-2015 - 13:48 14-10-2008 - 20:12
CVE-2014-2927 9.3
The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, doe
26-01-2015 - 13:32 15-10-2014 - 10:55
CVE-2010-0738 5.0
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attack
22-01-2015 - 08:59 28-04-2010 - 18:30
CVE-2014-10031 7.5
Buffer overflow in the IMAPd service in Qualcomm Eudora WorldMail 9.0.333.0 allows remote attackers to execute arbitrary code via a long string in a UID command.
14-01-2015 - 16:20 13-01-2015 - 10:59
CVE-2014-4511 7.5
Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stat
24-07-2014 - 01:01 22-07-2014 - 10:55
CVE-2010-1870 5.0
The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side contex
24-07-2014 - 00:22 17-08-2010 - 16:00
CVE-2014-3791 10.0
Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 allows remote attackers to execute arbitrary code via a long string in a cookie UserID parameter to vfolder.ghp.
21-05-2014 - 18:35 20-05-2014 - 10:55
CVE-2013-5014 7.5
The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitra
26-03-2014 - 00:51 14-02-2014 - 08:10
CVE-2012-5613 6.0
** DISPUTED ** MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain
20-02-2014 - 23:55 03-12-2012 - 07:49
CVE-2013-3576 9.0
ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en.
07-01-2014 - 23:39 14-06-2013 - 14:55
CVE-2013-1362 7.5
Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.
13-12-2013 - 00:13 09-07-2013 - 13:55
CVE-2013-1080 10.0
The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently u
13-12-2013 - 00:12 29-03-2013 - 12:09
CVE-2013-6830 7.5
admin/confnetworking.html in PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms allows remote attackers to execute arbitrary commands via shell metacharacters in the nsserver parameter during an nslookup operation.
24-11-2013 - 23:36 20-11-2013 - 09:12
CVE-2013-3238 6.0
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" featu
18-11-2013 - 23:48 25-04-2013 - 23:34
CVE-2013-4837 10.0
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832.
08-11-2013 - 11:01 04-11-2013 - 11:55
CVE-2012-3579 7.9
Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session.
11-10-2013 - 09:31 29-08-2012 - 06:56
CVE-2013-4812 10.0
UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .j
25-09-2013 - 23:52 16-09-2013 - 09:01
CVE-2011-1735 10.0
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed bm message.
13-09-2013 - 02:44 07-05-2011 - 15:55
CVE-2013-3763 5.5
Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2013-3764.
10-09-2013 - 23:23 17-07-2013 - 09:41
CVE-2010-3407 9.3
Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long
24-08-2013 - 02:17 16-09-2010 - 17:00
CVE-2008-3544 9.0
Multiple stack-based buffer overflows in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, and possibly 7.01, 7.50, and 7.53, allow remote attackers to execute arbitrary code via a long (1) REQUEST_SEV_CHANGE (aka number 47), (2) REQUEST_
19-08-2013 - 01:47 13-10-2008 - 16:00
CVE-2013-2367 10.0
Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21, when SOAP is used, allow remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1678.
31-07-2013 - 00:00 31-07-2013 - 09:20
CVE-2013-2362 2.1
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows local users to cause a denial of service via unknown vectors, aka ZDI-CAN-1676.
22-07-2013 - 00:00 22-07-2013 - 07:19
CVE-2012-1823 7.5
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by
19-07-2013 - 23:27 11-05-2012 - 06:15
CVE-2011-4862 10.0
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to exec
17-07-2013 - 12:31 24-12-2011 - 20:55
CVE-2013-2115 9.3
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix
11-07-2013 - 00:00 10-07-2013 - 15:55
CVE-2013-2343 10.0
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1510.
03-07-2013 - 00:00 02-07-2013 - 17:55
CVE-2012-2971 7.5
The server in CA ARCserve Backup r12.5, r15, and r16 on Windows does not properly process RPC requests, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted request.
20-06-2013 - 23:12 20-10-2012 - 06:41
CVE-2013-2329 10.0
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1637.
06-06-2013 - 00:00 06-06-2013 - 09:02
CVE-2013-2333 10.0
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1680.
06-06-2013 - 00:00 06-06-2013 - 09:02
CVE-2012-6096 7.5
Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long
04-06-2013 - 23:40 22-01-2013 - 18:55
CVE-2012-2982 6.5
file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.
29-05-2013 - 23:16 11-09-2012 - 14:55
CVE-2012-4708 10.0
Stack-based buffer overflow in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via a crafted packet.
20-05-2013 - 23:20 24-02-2013 - 06:48
CVE-2012-4705 10.0
Directory traversal vulnerability in 3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors involving a crafted pathname.
20-05-2013 - 23:20 24-02-2013 - 06:48
CVE-2011-5007 10.0
Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080.
20-05-2013 - 23:12 24-12-2011 - 20:55
CVE-2012-2763 7.5
Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server.
14-05-2013 - 23:26 12-07-2012 - 15:55
CVE-2010-0219 10.0
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by u
09-05-2013 - 23:14 18-10-2010 - 13:00
CVE-2013-1082 7.5
Directory traversal vulnerability in DUSAP.php in Novell ZENworks Mobile Management before 2.7.1 allows remote attackers to include and execute arbitrary local files via the language parameter.
29-03-2013 - 13:29 29-03-2013 - 12:09
CVE-2013-1081 7.5
Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile Management (ZMM) 2.6.1 and 2.7.0 allows remote attackers to include and execute arbitrary local files via the language parameter.
18-03-2013 - 00:00 11-03-2013 - 17:55
CVE-2012-2288 9.3
Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specifiers in a message.
05-03-2013 - 23:59 04-09-2012 - 07:04
CVE-2012-6274 5.0
BigAntSoft BigAnt IM Message Server does not require authentication for file uploading, which allows remote attackers to create arbitrary files under AntServer\DocData\Public via unspecified vectors.
26-02-2013 - 00:00 24-02-2013 - 06:48
CVE-2012-6275 10.0
Multiple stack-based buffer overflows in AntDS.exe in BigAntSoft BigAnt IM Message Server allow remote attackers to have an unspecified impact via (1) the filename header in an SCH request or (2) the userid component in a DUPF request.
25-02-2013 - 00:00 24-02-2013 - 06:48
CVE-2012-3285 10.0
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1513.
07-02-2013 - 00:00 06-02-2013 - 07:05
CVE-2011-0688 9.3
Intel Alert Management System (aka AMS or AMS2), as used in Symantec Antivirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrar
06-02-2013 - 23:41 31-01-2011 - 16:00
CVE-2011-0553 7.5
SQL injection vulnerability in the management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
06-02-2013 - 23:41 01-10-2011 - 22:53
CVE-2010-3268 5.0
The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (AMS), as used in Symantec Antivirus Corporate Edition 10.1.4.4010 on Windows 20
06-02-2013 - 23:34 22-12-2010 - 16:00
CVE-2010-0110 7.9
Multiple stack-based buffer overflows in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, al
06-02-2013 - 23:26 31-01-2011 - 16:00
CVE-2009-1431 9.3
XFR.EXE in the Intel File Transfer service in the console in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corpora
06-02-2013 - 23:17 29-04-2009 - 11:30
CVE-2009-1430 9.3
Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert Originator Service in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Sym
06-02-2013 - 23:17 29-04-2009 - 11:30
CVE-2012-2953 10.0
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary commands via crafted input to application scripts.
02-02-2013 - 00:04 23-07-2012 - 13:55
CVE-2013-0657 10.0
Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does not comply with a protocol.
23-01-2013 - 00:00 21-01-2013 - 11:55
CVE-2012-0432 10.0
Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors.
08-01-2013 - 00:00 25-12-2012 - 07:13
CVE-2008-3981 5.0
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.1.0.1 allows remote attackers to affect confidentiality via unknown vectors.
03-01-2013 - 00:00 13-01-2009 - 20:30
CVE-2011-4789 10.0
Stack-based buffer overflow in magentservice.exe in the server in HP LoadRunner 11.00 before patch 4 allows remote attackers to execute arbitrary code via a crafted size value in a packet. NOTE: it was originally reported that the affected product i
27-11-2012 - 23:31 12-01-2012 - 23:14
CVE-2012-4959 10.0
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.
19-11-2012 - 14:24 18-11-2012 - 14:55
CVE-2011-4642 4.6
mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary code by leveraging the sys module in a request to
06-11-2012 - 00:04 03-01-2012 - 06:55
CVE-2010-1429 5.0
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demon
05-11-2012 - 23:39 28-04-2010 - 18:30
CVE-2010-1428 5.0
The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote atta
05-11-2012 - 23:39 28-04-2010 - 18:30
CVE-2007-2881 10.0
Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation.
05-11-2012 - 22:40 29-05-2007 - 16:30
CVE-2007-1675 10.0
Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server (nimap.exe) in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service via a long username.
05-11-2012 - 22:35 28-03-2007 - 17:19
CVE-2007-1579 10.0
Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command.
05-11-2012 - 22:34 21-03-2007 - 19:19
CVE-2008-4250 10.0
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during p
30-10-2012 - 23:04 23-10-2008 - 18:00
CVE-2007-3455 10.0
cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related t
30-10-2012 - 22:38 26-06-2007 - 20:30
CVE-2007-3454 10.0
Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to execute arbitrary code via long crafted requests, as demonstrated using a long session cookie to unspecified CG
30-10-2012 - 22:38 26-06-2007 - 20:30
CVE-2007-2446 10.0
Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notif
30-10-2012 - 22:34 14-05-2007 - 17:19
CVE-2012-0245 10.0
Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used in ABB Interlink Module, IRC5 OPC Server, PC SDK, PickMaster 3 and 5, RobView 5, RobotStudio, WebWare SDK, and WebWare Server, all
29-10-2012 - 23:59 09-03-2012 - 06:55
CVE-2006-4602 7.5
Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/
24-10-2012 - 00:00 06-09-2006 - 20:04
CVE-2010-0906 9.0
Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
22-10-2012 - 23:20 13-07-2010 - 18:30
CVE-2010-0899 9.0
Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0898, CVE-2010-0907, and CVE-2010-0906.
22-10-2012 - 23:20 13-07-2010 - 18:30
CVE-2008-7239 5.0
Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 allow remote attackers to affect confidentiality via unknown vectors related to the (1) Oracle Application Object Library (APP02) and (2) Oracle Applications Manager (APP04).
22-10-2012 - 23:01 14-09-2009 - 10:30
CVE-2008-7238 6.0
Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.3 allow (1) local users to affect confidentiality and integrity via unknown vectors related to the Mobile Application Server component (APP01); (2) remote attackers to affect confid
22-10-2012 - 23:01 14-09-2009 - 10:30
CVE-2008-7237 4.0
Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3 and 10.1.2.2 allows remote authenticated users to affect confidentiality via unknown vectors, aka AS06.
22-10-2012 - 23:01 14-09-2009 - 10:30
CVE-2008-7236 4.3
Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.2 and 10.1.3.1 allows remote attackers to affect integrity via unknown vectors, aka AS05.
22-10-2012 - 23:01 14-09-2009 - 10:30
CVE-2008-7235 4.3
Unspecified vulnerability in the Oracle Forms component in Oracle Application Server 10.1.2.2 and E-Business Suite 12.0.3 allows remote attackers to affect integrity via unknown vectors, aka AS04.
22-10-2012 - 23:01 14-09-2009 - 10:30
CVE-2008-7234 6.8
Unspecified vulnerability in the Oracle BPEL Worklist Application component in Oracle Application Server 10.1.2.2 and 10.1.3.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, aka AS03.
22-10-2012 - 23:01 14-09-2009 - 10:30
CVE-2008-7233 9.3
Unspecified vulnerability in the E-Business Application client, as used in Oracle Application Server 1.1.8.26 and E-Business Suite 11.5.10.2, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related t
22-10-2012 - 23:01 14-09-2009 - 10:30
CVE-2008-5463 4.9
Unspecified vulnerability in the PeopleSoft Enterprise Campus Solutions component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 and 9.0.8 allows remote authenticated users to affect confidentiality and integrity via unknown vect
22-10-2012 - 22:56 13-01-2009 - 21:30
CVE-2008-5462 6.8
Unspecified vulnerability in the WebLogic Portal component in BEA Product Suite 10.3, 10.2, 10.0 MP1, 9.2 MP3, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
22-10-2012 - 22:56 13-01-2009 - 21:30
CVE-2008-5461 6.8
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0, and SP7 allows remote attackers to affect confidentiality, integrity, and availability, related to WLS. NOTE: the previo
22-10-2012 - 22:56 13-01-2009 - 21:30
CVE-2008-5460 2.6
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, and 9.0 allows remote attackers to affect confidentiality via unknown vectors.
22-10-2012 - 22:56 13-01-2009 - 21:30
CVE-2008-5459 5.0
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3 allows remote attackers to affect confidentiality via unknown vectors.
22-10-2012 - 22:56 13-01-2009 - 21:30
CVE-2008-5458 5.5
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10 and CU2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
22-10-2012 - 22:56 13-01-2009 - 21:30
CVE-2008-5457 10.0
Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrit
22-10-2012 - 22:56 13-01-2009 - 21:30
CVE-2008-5456 4.9
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 and 9.0.8 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
22-10-2012 - 22:56 13-01-2009 - 21:30
CVE-2008-5455 4.9
Unspecified vulnerability in the PeopleSoft Enterprise HRMS - ePerformance component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
22-10-2012 - 22:56 13-01-2009 - 21:30
CVE-2008-5454 4.9
Unspecified vulnerability in the iProcurement component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
22-10-2012 - 22:56 13-01-2009 - 21:30
CVE-2008-5452 5.5
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
22-10-2012 - 22:56 13-01-2009 - 21:30
CVE-2008-5451 4.0
Unspecified vulnerability in the JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.97.2.5 allows remote authenticated users to affect confidentiality via unknown vectors.
22-10-2012 - 22:56 13-01-2009 - 21:30
CVE-2008-5450 1.2
Unspecified vulnerability in the Oracle Applications Platform Engineering component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows local users to affect confidentiality via unknown vectors.
22-10-2012 - 22:56 13-01-2009 - 21:30
CVE-2008-5447 5.5
Unspecified vulnerability in the Oracle Enterprise Manager component in Oracle Enterprise Manager 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
22-10-2012 - 22:56 13-01-2009 - 21:30
CVE-2008-5446 3.5
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows remote authenticated users to affect confidentiality via unknown vectors. NOTE: the previous information was obtained f
22-10-2012 - 22:56 13-01-2009 - 21:30
CVE-2008-5445 5.0
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect availability via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has n
22-10-2012 - 22:56 13-01-2009 - 21:30
CVE-2008-5440 7.5
Unspecified vulnerability in the TimesTen Data Server component in Oracle Database 7.0.5.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the Janu
22-10-2012 - 22:56 13-01-2009 - 20:30
CVE-2008-5439 4.0
Unspecified vulnerability in the SQL*Plus Windows GUI component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality via unknown vectors.
22-10-2012 - 22:56 13-01-2009 - 20:30
CVE-2008-5438 4.3
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors.
22-10-2012 - 22:56 13-01-2009 - 21:30
CVE-2008-5437 5.5
Unspecified vulnerability in the Job Queue component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_IJOB.
22-10-2012 - 22:56 13-01-2009 - 20:30
CVE-2008-5436 5.5
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote authenticated users to affect integrity and availability via unknown vectors.
22-10-2012 - 22:56 13-01-2009 - 20:30
CVE-2008-4017 5.0
Unspecified vulnerability in the OC4J component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality via unknown vectors.
22-10-2012 - 22:53 13-01-2009 - 21:30
CVE-2008-4016 4.0
Unspecified vulnerability in the Collaborative Workspaces component in Oracle Collaboration Suite 10.1.2 allows remote authenticated users to affect confidentiality via unknown vectors.
22-10-2012 - 22:53 13-01-2009 - 21:30
CVE-2008-4015 5.5
Unspecified vulnerability in the Oracle Streams component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_STREAMS_AUTH.
22-10-2012 - 22:53 13-01-2009 - 20:30
CVE-2008-4014 5.5
Unspecified vulnerability in the Oracle BPEL Process Manager component in Oracle Application Server allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
22-10-2012 - 22:53 13-01-2009 - 21:30
CVE-2008-4008 10.0
Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unk
22-10-2012 - 22:53 14-10-2008 - 17:11
CVE-2008-4007 6.5
Unspecified vulnerability in the PeopleSoft Enterprise Components component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vecto
22-10-2012 - 22:53 13-01-2009 - 21:30
CVE-2008-4006 10.0
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.1.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
22-10-2012 - 22:53 13-01-2009 - 20:30
CVE-2008-3999 4.0
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 allows remote authenticated users to affect availability, related to SYS.OLAPIMPL_T.
22-10-2012 - 22:53 13-01-2009 - 20:30
CVE-2008-3997 4.0
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect availability, related to SYS.DBMS_XSOQ_ODBO.
22-10-2012 - 22:53 13-01-2009 - 20:30
CVE-2008-3979 5.5
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Ja
22-10-2012 - 22:53 13-01-2009 - 20:30
CVE-2008-3978 5.5
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
22-10-2012 - 22:53 13-01-2009 - 20:30
CVE-2008-3974 4.0
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.0.2.8 and 9.2.0.8DV allows remote authenticated users to affect availability, related to SYS.OLAPIMPL_T.
22-10-2012 - 22:53 13-01-2009 - 20:30
CVE-2008-3973 1.7
Unspecified vulnerability in the SQL*Plus Windows GUI component in Oracle Database allows local users to affect confidentiality via unknown vectors.
22-10-2012 - 22:53 13-01-2009 - 20:30
CVE-2008-2623 2.1
Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.3 allows local users to affect confidentiality via unknown vectors.
22-10-2012 - 22:48 13-01-2009 - 21:30
CVE-2008-0349 10.0
Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.15 and 8.49.07 has unknown impact and remote attack vectors, aka PSE02.
22-10-2012 - 22:42 17-01-2008 - 18:00
CVE-2008-0348 10.0
Multiple unspecified vulnerabilities in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.18, 8.48.15, and 8.49.07 have unknown impact and remote attack vectors, aka (1) PSE01, (2) PSE03, and (3) PSE04.
22-10-2012 - 22:42 17-01-2008 - 18:00
CVE-2008-0347 10.0
Unspecified vulnerability in the Oracle Ultra Search component in Oracle Collaboration Suite 10.1.2; Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; and Application Server 9.0.4.3 and 10.1.2.0.2; has unknown impact and local attack vectors, aka OCS01. NOT
22-10-2012 - 22:42 17-01-2008 - 18:00
CVE-2008-0346 10.0
Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.27 and E-Business Suite 11.5.10.2 has unknown impact and remote attack vectors, aka AS01.
22-10-2012 - 22:42 17-01-2008 - 18:00
CVE-2008-0345 10.0
Unspecified vulnerability in the Core RDBMS component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, aka DB08.
22-10-2012 - 22:42 17-01-2008 - 18:00
CVE-2008-0344 10.0
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote attack vectors, aka DB07.
22-10-2012 - 22:42 17-01-2008 - 18:00
CVE-2008-0343 10.0
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 has unknown impact and remote attack vectors, aka DB06.
22-10-2012 - 22:42 17-01-2008 - 18:00
CVE-2008-0342 10.0
Unspecified vulnerability in the Upgrade/Downgrade component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB05.
22-10-2012 - 22:42 17-01-2008 - 18:00
CVE-2008-0341 10.0
Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+ and 10.1.0.5 has unknown impact and remote attack vectors, aka DB03.
22-10-2012 - 22:42 17-01-2008 - 18:00
CVE-2008-0340 10.0
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote attack vectors, related to the (1) Advanced Queuing component (DB02) and (2) Oracle Spatial component (DB
22-10-2012 - 22:42 17-01-2008 - 18:00
CVE-2008-0339 10.0
Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB01.
22-10-2012 - 22:42 17-01-2008 - 18:00
CVE-2007-2134 7.2
Unspecified vulnerability in the HTML Server in Oracle JD Edwards EnterpriseOne SP23_Q1 and 8.96.I1 has unknown impact and local attack vectors, aka JDE01.
22-10-2012 - 22:26 18-04-2007 - 14:19
CVE-2007-2133 10.0
Unspecified vulnerability in the PeopleSoft Enterprise Human Capital Management component in Oracle PeopleSoft Enterprise 8.9 has unknown impact and attack vectors, aka PSEHCM01.
22-10-2012 - 22:26 18-04-2007 - 14:19
CVE-2007-2132 10.0
Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise 8.47.12 and 8.48.08 has unknown impact and attack vectors, aka PSE02.
22-10-2012 - 22:26 18-04-2007 - 14:19
CVE-2007-2131 10.0
Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.22.14, 8.47.12, and 8.48.08 has unknown impact and attack vectors, aka PSE01.
22-10-2012 - 22:26 18-04-2007 - 14:19
CVE-2007-2130 9.0
Unspecified vulnerability in Workflow Cartridge, as used in Oracle Database Server 9.2.0.1, 10.1.0.2, and 10.2.0.1; Application Server 9.0.4.3 and 10.1.2.0.2; Collaboration Suite 10.1.2; and E-Business Suite; has unknown impact and remote authenticat
22-10-2012 - 22:26 18-04-2007 - 14:19
CVE-2007-2129 10.0
Unspecified vulnerability in the Agent component in Oracle Enterprise Manager 9.2.0.8 has unknown impact and remote attack vectors, aka EM01.
22-10-2012 - 22:26 18-04-2007 - 14:19
CVE-2007-2128 9.0
Unspecified vulnerability in the Sales Online component for Oracle E-Business Suite 11.5.10 has unknown impact and remote authenticated attack vectors, aka APPS08.
22-10-2012 - 22:26 18-04-2007 - 14:19
CVE-2007-2127 10.0
Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.0 have unknown impact and remote attack vectors via (1) Application Object Library (APPS04), iStore (2) APPS05 and (3) APPS06, (4) iSupport (APPS07), (5) Trade Management (APPS09),
22-10-2012 - 22:26 18-04-2007 - 14:19
CVE-2007-2126 10.0
Unspecified vulnerability in Oracle E-Business Suite 11.5.10CU2 has unknown impact and remote attack vectors in the (1) Common Applications (APPS01) and (2) iProcurement (APPS02).
22-10-2012 - 22:26 18-04-2007 - 14:19
CVE-2007-2125 10.0
Unspecified vulnerability in Collaborative Workspace in Oracle Collaboration Suite 10.1.2 has unknown impact and attack vectors, aka OCS01.
22-10-2012 - 22:26 18-04-2007 - 14:19
CVE-2007-2124 10.0
Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.4.1.0 has unknown impact and remote attack vectors, aka AS05.
22-10-2012 - 22:26 18-04-2007 - 14:19
CVE-2007-2123 10.0
Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.3 up to 10.1.3.2.0, 10.1.2 up to 10.1.2.2.0, and 9.0.4.3 has unknown impact and attack vectors, aka AS04.
22-10-2012 - 22:26 18-04-2007 - 14:19
CVE-2007-2122 10.0
Unspecified vulnerability in the Wireless component in Oracle Application Server 9.0.4.3 has unknown impact and attack vectors, aka AS03.
22-10-2012 - 22:26 18-04-2007 - 14:19
CVE-2007-2121 10.0
Unspecified vulnerability in the COREid Access component in Oracle Application Server 7.0.4.4 has unknown impact and attack vectors, aka AS02.
22-10-2012 - 22:26 18-04-2007 - 14:19
CVE-2007-2119 6.8
Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2
22-10-2012 - 22:26 18-04-2007 - 14:19
CVE-2007-2118 7.5
Unspecified vulnerability in the Upgrade/Downgrade component of Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors, aka DB13. NOTE: as of 20070424, Oracle has not disputed reliable claims that this is a buffer overflow involvi
22-10-2012 - 22:26 18-04-2007 - 14:19
CVE-2007-2115 6.8
Unspecified vulnerability in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors, aka DB09. NOTE: as of 20070424, oracle has not disputed reliable claims that this issue in
22-10-2012 - 22:26 18-04-2007 - 14:19
CVE-2007-2114 9.0
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors, related to (1) Change Data Capture (CDC), aka DB08, and (2) Oracle Instant Client, aka DB11. NOTE: as of 20070
22-10-2012 - 22:26 18-04-2007 - 14:19
CVE-2007-2113 7.5
SQL injection vulnerability in the Upgrade/Downgrade component (DBMS_UPGRADE_INTERNAL) for Oracle Database 10.1.0.5 allows remote authenticated users to execute arbitrary SQL commands via unknown vectors, aka DB07. NOTE: as of 20070424, Oracle has n
22-10-2012 - 22:26 18-04-2007 - 14:19
CVE-2007-2112 6.0
Unspecified vulnerability in the Authentication component for Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and attack vectors, aka DB05. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue allows remote authenti
22-10-2012 - 22:26 18-04-2007 - 14:19
CVE-2007-2111 6.5
SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitrary SQL commands via unknown vectors, aka DB04. NOTE: as of 20070424, Oracle has not di
22-10-2012 - 22:26 18-04-2007 - 14:19
CVE-2007-2109 6.0
Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) Rules Manager and Expression Filter components (DB02) and (2) Oracle Streams (DB06). Note: as of 20070424, Or
22-10-2012 - 22:26 18-04-2007 - 14:19
CVE-2007-2108 6.8
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. NOTE: as of 20070424, Oracle has not disputed reliable claims t
22-10-2012 - 22:26 18-04-2007 - 14:19
CVE-2006-5378 9.0
Unspecified vulnerability in JD Edwards HTML Server in JD Edwards EnterpriseOne SP23_O2, 8.95.P1, and 8.96.D1 has unknown impact and remote authenticated attack vectors, aka Vuln# JDE01.
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5377 9.0
Unspecified vulnerability in PeopleSoft component in Oracle PeopleSoft Enterprise 8.80 GA, 8.90 GA, 8.8 Bundle 11, and 8.9 Bundle 4 has unknown impact and remote authenticated attack vectors, aka Vuln# PSE05.
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5376 9.0
Multiple unspecified vulnerabilities in PeopleTools component in Oracle PeopleSoft Enterprise 8.22 GA, 8.46 GA, 8.47 GA, 8.48 GA, 8.22.11, 8.46.15, 8.47.09, and 8.48.03 have unknown impact and remote authenticated attack vectors, aka Vuln# (1) PSE04,
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5375 10.0
Multiple unspecified vulnerabilities in PeopleTools component in Oracle PeopleSoft Enterprise 8.46 GA, 8.47 GA, 8.48 GA, 8.46.15, 8.47.09, and 8.48.03 have unknown impact and remote attack vectors, aka Vuln# (1) PSE01, (2) PSE02, and (3) PSE03.
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5374 10.0
Unspecified vulnerability in Oracle Pharmaceutical Applications 4.5.1 has unknown impact and remote authenticated attack vectors, aka Vuln# PHAR01.
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5373 9.0
Unspecified vulnerability in Oracle Install Base component in Oracle E-Business Suite 11.5.10CU1 has unknown impact and remote authenticated attack vectors, aka Vuln# APPS13.
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5372 9.0
Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10 up to 11.5.10CU2 have unknown impact and remote authenticated attack vectors, aka Vuln# (1) APPS11 for Oracle Universal Work Queue and (2) APPS12 for Oracle Application Object Li
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5371 9.0
Unspecified vulnerability in Oracle Email Center component in Oracle E-Business Suite 11.5.9 has unknown impact and remote authenticated attack vectors, aka Vuln# APPS07.
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5370 10.0
Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 have unknown impact and remote authenticated attack vectors, aka Vuln# (1) APPS06 for Oracle CRM Gateway for Mobile Devices and (2) APPS08 for Oracle iStore.
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5369 10.0
Unspecified vulnerability in Oracle Application Object Library in Oracle E-Business Suite 11.5.10CU2 has unknown impact and remote authenticated attack vectors, aka Vuln# APPS02.
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5368 10.0
Unspecified vulnerability in Oracle Exchange component in Oracle E-Business Suite 6.2.4 has unknown impact and remote attack vectors, aka Vuln# APPS01.
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5367 9.0
Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.7 up to 11.5.10CU2 have unknown impact and remote authenticated attack vectors, aka Vuln# (1) APPS03 in Oracle Applications Framework, (2) APPS04 in Oracle Applications Technology S
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5366 10.0
Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0.4.2 have unknown impact and remote attack vectors related to (1) Oracle Containers for J2EE, aka Vuln# OC4J01, and (2) Oracle Process Mgmt & Notification, aka OPMN01.
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5365 10.0
Unspecified vulnerability in Oracle Forms in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and E-Business Suite and Applications 11.5.10CU2, has unknown impact and remote attack vectors, aka Vuln# FORM02.
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5364 2.1
Unspecified vulnerability in Oracle Containers for J2EE component in Oracle Application Server 9.0.4.1 and 10.1.2.0.2, and Collaboration Suite 10.1.2, has unknown impact and remote authenticated attack vectors, aka Vuln# OC4J05.
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5363 2.6
Unspecified vulnerability in Oracle Single Sign-On component in Oracle Application Server 10.1.2.0.1 and Collaboration Suite 10.1.2 has unknown impact and remote attack vectors, aka Vuln# SSO02.
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5362 10.0
Unspecified vulnerability in Oracle Containers for J2EE component in Oracle Application Server 10.1.3.0.0 has unknown impact and remote attack vectors, aka Vuln# OC4J04.
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5361 10.0
Unspecified vulnerability in Oracle Containers for J2EE in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.1, and Oracle Collaboration Suite 9.0.4.2 and 10.1.2, has unknown impact and remote attack vectors, aka Vuln# OC4J03.
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5360 10.0
Unspecified vulnerability in Oracle Forms component in Oracle Application Server 9.0.4.2 has unknown impact and remote attack vectors, aka Vuln# FORM03.
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5359 10.0
Multiple unspecified vulnerabilities in Oracle Reports Developer component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and Oracle E-Business Suite and Applications 11.5.10CU2, have unknown impact and remote attack vectors, aka Vuln# (1) REP0
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5358 10.0
Unspecified vulnerability in Oracle Forms component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2 has unknown impact and remote attack vectors, aka Vuln# FORM01.
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5357 10.0
Unspecified vulnerability in Oracle HTTP Server component in Oracle Application Server 10.1.2.0.1, 10.1.2.0.2, and 10.1.2.1.0 has unknown impact and remote attack vectors related to the PHP Module, aka Vuln# OHS03.
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5356 10.0
Unspecified vulnerability in Oracle Containers for J2EE component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.1.0, and Collaboration Suite 9.0.4.2 and 10.1.2, has unknown impact and remote attack vectors, aka Vuln# OC4J02.
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5355 10.0
Unspecified vulnerability in Oracle Single Sign-On component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.1.0, Collaboration Suite 9.0.4.2 and 10.1.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remo
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5354 10.0
Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and 10.1.0.5, Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0, racle Collaboration Suite 9.0.4.2 and 10.1.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5353 10.0
Unspecified vulnerability in Oracle HTTP Server component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, and Oracle Collaboration Suite 9.0.4.2 and 10.1.2, has unknown impact and remote attack vectors related to the Mod
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5352 10.0
Multiple unspecified vulnerabilities in Oracle Application Express 1.5 up to 1.6.1 have unknown impact and remote attack vectors, aka Vuln# (1) APEX04, (2) APEX20, and (3) APEX21.
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5351 9.0
Multiple unspecified vulnerabilities in Oracle Application Express (formerly Oracle HTML DB) 1.5 up to 2.0 have unknown impact and remote attack vectors, aka Vuln# (1) APEX01, (2) APEX02, (3) APEX03, (4) APEX05, (5) APEX06, (6) APEX07, (7) APEX08, (8
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5350 7.2
Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and local attack vectors, aka Vuln# OHS08.
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5349 10.0
Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, when running on HP Tru64 UNIX, has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln# OHS07.
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5348 10.0
Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, Oracle Collaboration Suite 9.0.4.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln# OHS05.
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5347 10.0
Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle Collaboration Suite 9.0.4.2 has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln# OHS04.
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5346 7.6
Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, as used in Oracle Collaboration Suite 9.0.4.2 and Oracle E-Business Suite and Applications 11.5.10CU2, has unknown impact and remote attack vectors related to htdigest, aka Vuln# OHS02.
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5345 9.0
Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and remote authenticated attack vectors related to mdsys.sdo_geom, aka Vuln# DB22. NOTE: as of 20061023, Oracle has not disput
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5344 9.0
Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 have unknown impact and remote authenticated attack vectors related to (1) mdsys.sdo_3gl, aka Vuln# DB20, and (2) mdsys.sdo_cs
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5343 9.0
Unspecified vulnerability in Database Scheduler component in Oracle Database 10.1.0.3 has unknown impact and remote authenticated attack vectors related to sys.dbms_scheduler, aka Vuln# DB19.
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5342 7.1
Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.6, and 10.1.0.3 has unknown impact and remote authenticated attack vectors related to mdsys.sdo_tune, aka Vuln# DB18. NOTE: as of 20061023, Oracle has not disput
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5339 9.0
Unspecified vulnerability in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and remote authenticated attack vectors related to mdsys.sdo_geom, aka Vuln# DB11. NOTE: as of 20061023, Oracle has n
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5336 9.0
Multiple unspecified vulnerabilities in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and have unknown impact and remote authenticated attack vectors related to (1) sys.dbms_cdc_ipublish (Vuln# DB05) and (2) sys.dbms_c
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5335 9.0
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to (1) Vuln# DB04 and sys.dbms_cdc_impdp in the (a) Change Data Capture (CDC) component; (2) Vuln# DB07,
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5334 7.1
Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unknown impact and remote authenticated attack vectors related to mdsys.md2, aka Vuln# DB03. NOTE: as of 20061023, Oracle has not disputed rep
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-5332 9.0
Unspecified vulnerability in xdb.dbms_xdbz in the XMLDB component for Oracle Database 9.2.0.6 and 10.1.0.4 has unknown impact and remote authenticated attack vectors, aka Vuln# DB01. NOTE: as of 20061023, Oracle has not disputed reports from reliabl
22-10-2012 - 22:13 17-10-2006 - 21:07
CVE-2006-0552 7.5
Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11.
22-10-2012 - 21:56 04-02-2006 - 06:02
CVE-2006-0291 10.0
Multiple unspecified vulnerabilities in Oracle Database Server 10.2.0.1, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i), and E-Business Suite and Applications 11.5.10 have unspecified impact and att
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0290 10.0
Unspecified vulnerability in Oracle Database Server 9.2.0.7, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i), and E-Business Suite and Applications 11.5.10 has unspecified impact and attack vectors,
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0289 10.0
Multiple unspecified vulnerabilities in Oracle Application Server 6.0.8.26(PS17) and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) REP05 and (2) REP06 in the Oracle Reports Dev
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0288 10.0
Multiple unspecified vulnerabilities in the Oracle Reports Developer component of Oracle Application Server 9.0.4.1 and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) REP01 and
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0287 10.0
Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 10.1.0.5 and Application Server 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# OHS02.
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0286 10.0
Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, and Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, has unspecified impact and attack vectors, as identified by
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0285 10.0
Unspecified vulnerability in the Java Net component of Oracle Database Server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.4, and Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, has unspecified impact and attack vectors, as identified by
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0284 10.0
Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.2 and 10.1.2.0.2, and E-Business Suite and Applications 11.5.10, have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) FORM01 and (2) FORM02 in the Oracle
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0283 10.0
Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, Application Server 10.1.2.0.2, and Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) has unspecified impact and attack vectors, as identified by Oracle Vuln# DBC02 in the Reorgan
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0282 10.0
Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, and Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) has unspecified impact and a
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0281 10.0
Unspecified vulnerability in Oracle JD Edwards HTML Server 8.95.F1 SP23_L1 has unspecified impact and attack vectors, as identified by Oracle Vuln# JDE01.
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0280 10.0
Unspecified vulnerability in Oracle PeopleSoft Enterprise Portal 8.4 Bundle 15, 8.8 Bundle 10, and 8.9 Bundle 2 has unspecified impact and attack vectors, as identified by Oracle Vuln# PSE01.
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0279 10.0
Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 4.3 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) APPS13 and (2) APPS14 in the Oracle iLearning component.
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0278 10.0
Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.9 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) APPS02 in the (a) CRM Technical Foundation component; (2) APPS03 in the (b) iProcure
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0277 10.0
Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) APPS01 in the (a) Application Install component; (2) APPS07 in the (b) Oracle Appli
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0276 10.0
Multiple unspecified vulnerabilities in Oracle Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) OCS01, 2) OCS02, 3) OCS03, 4) OCS04, 5) OCS05, 6) OCS06, 7) OCS07,
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0275 5.0
Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP04. NOTE: Oracle has not disputed reliable researcher claims that th
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0274 10.0
Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 and 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP03.
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0273 10.0
Unspecified vulnerability in the Portal component of Oracle Application Server 9.0.4.2 and 10.1.2.0 has unspecified impact and attack vectors, as identified by Oracle Vuln# AS01.
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0272 9.0
Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29. NOTE: based on mutual credits by the relevant sources, it is highly
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0271 10.0
Unspecified vulnerability in the Upgrade & Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28. NOTE: details are unavailable from Oracle
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0270 10.0
Unspecified vulnerability in the Transparent Data Encryption (TDE) Wallet component of Oracle Database server 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB27. NOTE: Oracle has not disputed a reliable researcher
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0269 5.5
Unspecified vulnerability in the Streams Capture component of Oracle Database server 10.1.0.5 and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB25. NOTE: details are unavailable from Oracle, but they have not pu
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0268 9.0
Unspecified vulnerability in the Security component of Oracle Database server 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB21.
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0267 9.0
Unspecified vulnerability in the Query Optimizer component of Oracle Database server 9.2.0.6 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB20.
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0266 9.0
Unspecified vulnerability in the Query Optimizer component of Oracle Database server 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB19.
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0265 10.0
Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB17 in the Oracle Text component and (2) DB18 in the Progr
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0263 10.0
Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB09 in the (a) Net Listener component; and (
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0262 10.0
Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB08.
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0261 10.0
Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB07 in the Dictionary component and (2) DB14 in the Oracle Label Sec
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0260 10.0
Multiple unspecified vulnerabilities in Oracle Database server 9.2.0.7 and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB05 in the (a) Data Pump component; (2) DB15 in the (b) Oracle Text component; (3) DB22
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0259 10.0
Multiple unspecified vulnerabilities in Oracle Database server 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB04 and (2) DB06 in the (a) Data Pump component; (3) DB10 in the (b) Net Listener component; and (4
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0258 10.0
Unspecified vulnerability in the Connection Manager component of Oracle Database server 8.1.7.4 and 9.0.1.5 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB03.
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0257 10.0
Unspecified vulnerability in the Change Data Capture component of Oracle Database server 9.2.0.7, 10.1.0.5, and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB02. NOTE: details are unavailable from Oracle, but th
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2006-0256 10.0
Unspecified vulnerability in the Advanced Queuing component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.6, 10.1.0.3 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB01.
22-10-2012 - 21:56 18-01-2006 - 06:03
CVE-2005-3466 10.0
Unspecified vulnerability in Enterprise CRM Sales in Oracle 8.81 up to 8.9 has unknown impact and attack vectors, as identified by Oracle Vuln# CRM01.
22-10-2012 - 21:51 02-11-2005 - 06:03
CVE-2005-3465 10.0
Unspecified vulnerability in JDEdwards HTML Server in Oracle EnterpriseOne 8.94 OneWorld XE up to 8.95_B1, 8.94_Q1, and SP23_K1 has unknown impact and attack vectors, as identified by Oracle Vuln# JDE01.
22-10-2012 - 21:51 02-11-2005 - 06:03
CVE-2005-3464 10.0
Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.44 up to 8.46 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE04.
22-10-2012 - 21:51 02-11-2005 - 06:03
CVE-2005-3462 10.0
Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.44 up to 8.46.02 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE02.
22-10-2012 - 21:51 02-11-2005 - 06:03
CVE-2005-3460 10.0
Unspecified vulnerability in Oracle Agent in Oracle Enterprise Manager 9.0.4.1 up to 10.1.0.4 has unknown impact and attack vectors, as identified by Oracle Vuln# EM01.
22-10-2012 - 21:51 02-11-2005 - 06:03
CVE-2005-3459 10.0
Unspecified vulnerability in Oracle E-Business Suite and Applications 4.5 up to 4.5.1 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS22 in Oracle Clinical.
22-10-2012 - 21:51 02-11-2005 - 06:03
CVE-2005-3458 10.0
Unspecified vulnerability in Oracle E-Business Suite and Applications 11.0 up to 11.5.9 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS19 in Workflow Cartridge.
22-10-2012 - 21:51 02-11-2005 - 06:03
CVE-2005-3457 10.0
Unspecified vulnerability in Oracle E-Business Suite and Applications 11.0 up to 11.5.10 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS08 in HRMS.
22-10-2012 - 21:51 02-11-2005 - 06:03
CVE-2005-3456 10.0
Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5 up to 11.5.9 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) APPS04 in Application Object Library, and (2) APPS17, (3) APPS18, and (4) APP
22-10-2012 - 21:51 02-11-2005 - 06:03
CVE-2005-3455 10.0
Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5 up to 11.5.10 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) APPS01 in Application Install; (2) APPS02 and (3) APPS03 in Application Obje
22-10-2012 - 21:51 02-11-2005 - 06:03
CVE-2005-3454 10.0
Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10g Release 1 version 10.1.1 and 9i Release 2 9.0.4.2 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) OCS01, (2) OCS02, (3) OCS03, and (4) OCS04 for Calendar
22-10-2012 - 21:51 02-11-2005 - 06:03
CVE-2005-3453 10.0
Multiple unspecified vulnerabilities in Web Cache in Oracle Application Server 1.0 up to 10.1.2.0 has unknown impact and attack vectors, as identified by Oracle Vuln# (1) AS12 and (2) AS14.
22-10-2012 - 21:51 02-11-2005 - 06:03
CVE-2005-3452 10.0
Unspecified vulnerability in Web Cache in Oracle Application Server 1.0 up to 9.0.4.2 has unknown impact and attack vectors, as identified by Oracle Vuln# AS13.
22-10-2012 - 21:51 02-11-2005 - 06:03
CVE-2005-3451 10.0
Unspecified vulnerability in SQL*ReportWriter in Oracle Application Server 9.0 up to 9.0.2.1 has unknown impact and attack vectors, as identified by Oracle Vuln# AS10.
22-10-2012 - 21:51 02-11-2005 - 06:03
CVE-2005-3450 10.0
Unspecified vulnerability in the HTTP Server in Oracle Application Server 1.0 up to 9.0.2.3 has unknown impact and attack vectors, as identified by Oracle Vuln# AS04.
22-10-2012 - 21:51 02-11-2005 - 06:03
CVE-2005-3449 10.0
Multiple unspecified vulnerabilities in Oracle Application Server 9.0 up to 10.1.2.0 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) AS02 in Containers for J2EE, (2) AS07 in Internet Directory, (3) AS09 in Report Server, and
22-10-2012 - 21:51 02-11-2005 - 06:03
CVE-2005-3448 10.0
Unspecified vulnerability in the OC4J Module in Oracle Application Server 9.0 up to 10.1.2.0.2 has unknown impact and attack vectors, as identified by Oracle Vuln# AS01.
22-10-2012 - 21:51 02-11-2005 - 06:03
CVE-2005-3447 10.0
Unspecified vulnerability in Single Sign-On in Oracle Database Server 10g up to 10.1.0.4.2 and Application Server 9.0.2.3 up to 9.0.4.2 has unknown impact and attack vectors, aka Oracle Vuln# DB33 and AS08.
22-10-2012 - 21:51 02-11-2005 - 06:03
CVE-2005-3446 10.0
Unspecified vulnerability in Internet Directory in Oracle Database Server 9i up to 9.2.0.6 and Application Server 9.0.2.3 up to 10.1.2.0 has unknown impact and attack vectors, aka Oracle Vuln# DB32 and AS06.
22-10-2012 - 21:51 02-11-2005 - 06:03
CVE-2005-3445 10.0
Multiple unspecified vulnerabilities in HTTP Server in Oracle Database Server 8i up to 10.1.0.4.2 and Application Server 1.0.2.2 up to 10.1.2.0 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB30 and AS03 or (2) DB31 and AS05.
22-10-2012 - 21:51 02-11-2005 - 06:03
CVE-2005-3444 10.0
Multiple unspecified vulnerabilities in the Programmatic Interface in Oracle Database Server from 8i up to 9.2.0.5 have unknown impact and attack vectors, aka Oracle Vuln# DB26.
22-10-2012 - 21:51 02-11-2005 - 06:02
CVE-2005-3443 10.0
Unspecified vulnerability in the Spatial component in Oracle Database Server from 9i up to 10.1.0.3 has unknown impact and attack vectors, aka Oracle Vuln# DB17.
22-10-2012 - 21:51 02-11-2005 - 06:02
CVE-2005-3442 10.0
Multiple unspecified vulnerabilities in Oracle Database Server 8i up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB09 in Export, (2) DB11 in Materialized Views, and (3) DB16 in Security Service.
22-10-2012 - 21:51 02-11-2005 - 06:02
CVE-2005-3441 10.0
Unspecified vulnerability in Intelligent Agent in Oracle Database Server 9i up to 9.0.1.5 has unknown impact and attack vectors, aka Oracle Vuln# DB14.
22-10-2012 - 21:51 02-11-2005 - 06:02
CVE-2005-3440 10.0
Unspecified vulnerability in Database Scheduler in Oracle Database Server 10g up to 10.1.0.3 has unknown impact and attack vectors, aka Oracle Vuln# DB08.
22-10-2012 - 21:51 02-11-2005 - 06:02
CVE-2005-3439 10.0
Multiple unspecified vulnerabilities in Oracle Database Server 10g up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB02, (2) DB03, and (3) DB05 in Change Data Capture; (4) DB07 in Data Pump Export; and (5) DB18, (6) DB19
22-10-2012 - 21:51 02-11-2005 - 06:02
CVE-2005-3438 10.0
Multiple unspecified vulnerabilities in Oracle Database Server 9i up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 in Change Data Capture; (2) DB06 in Data Guard Logical Standby; (3) DB10 in Locale; (4) DB12 in Mater
22-10-2012 - 21:51 02-11-2005 - 06:02
CVE-2005-3437 10.0
Unspecified vulnerability in the PL/SQL component in Oracle Database Server 9i up to 10.1.0.4 has unknown impact and attack vectors, aka Oracle Vuln# DB01.
22-10-2012 - 21:51 02-11-2005 - 06:02
CVE-2012-5002 6.8
Stack-based buffer overflow in SR10 FTP server (SR10.exe) 1.1.0.6 in Ricoh DC Software DL-10 4.5.0.1, when the Log file name option is enabled, allows remote attackers to execute arbitrary code via a long USER FTP command.
20-09-2012 - 12:54 19-09-2012 - 15:55
CVE-2012-4870 4.3
Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname p
17-09-2012 - 00:00 06-09-2012 - 13:55
CVE-2011-3176 10.0
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request.
07-09-2012 - 00:21 09-04-2012 - 16:55
CVE-2012-4869 7.5
The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action.
07-09-2012 - 00:00 06-09-2012 - 13:55
CVE-2012-2611 9.3
The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to exec
18-08-2012 - 23:44 15-05-2012 - 00:21
CVE-2011-1591 9.3
Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file.
13-08-2012 - 23:26 29-04-2011 - 18:55
CVE-2012-2019 10.0
Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1325.
17-07-2012 - 00:00 11-07-2012 - 00:54
CVE-2012-2020 10.0
Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1326.
17-07-2012 - 00:00 11-07-2012 - 00:54
CVE-2012-3811 10.0
Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attacke
17-07-2012 - 00:00 03-07-2012 - 15:55
CVE-2012-1493 7.8
F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across di
10-07-2012 - 00:00 09-07-2012 - 18:55
CVE-2012-0297 10.0
The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.
22-05-2012 - 12:43 21-05-2012 - 16:55
CVE-2011-1566 10.0
Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to execute arbitrary programs via ..\ (dot dot backslash) sequences in opcodes (1) 0xa and (2) 0
11-05-2012 - 23:37 05-04-2011 - 11:19
CVE-2012-0202 10.0
Multiple stack-based buffer overflows in tm1admsd.exe in the Admin Server in IBM Cognos TM1 9.4.x and 9.5.x before 9.5.2 FP2 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted data.
07-05-2012 - 00:00 04-05-2012 - 12:55
CVE-2012-0121 10.0
Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1392.
14-03-2012 - 00:00 13-03-2012 - 23:28
CVE-2011-2653 10.0
Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management (ZAM) 7.5 allows remote attackers to execute arbitrary code by uploading an executable file.
05-03-2012 - 00:00 08-12-2011 - 06:55
CVE-2012-1195 7.5
Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup web service in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to execute arbitrary code by uploading a file with an
29-02-2012 - 00:00 17-02-2012 - 19:55
CVE-2012-1196 5.0
Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to delete arbitrary files via a .. (dot dot) in the filename parameter in a SetTaskLogByFi
29-02-2012 - 00:00 17-02-2012 - 19:55
CVE-2011-2397 10.0
The Agent service in Iron Mountain Connected Backup 8.4 allows remote attackers to execute arbitrary code via a crafted opcode 13 request that triggers use of the LaunchCompoundFileAnalyzer class to send request data to the System.getRunTime.exec met
16-02-2012 - 23:07 05-12-2011 - 06:55
CVE-2011-3167 10.0
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1210.
14-02-2012 - 23:09 02-11-2011 - 13:55
CVE-2011-3490 10.0
Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the
13-02-2012 - 23:08 16-09-2011 - 10:28
CVE-2011-1653 10.0
Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2) UnassignAdm
13-02-2012 - 23:06 18-04-2011 - 11:00
CVE-2009-3999 10.0
Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter.
13-02-2012 - 22:49 20-01-2010 - 17:30
CVE-2007-4517 6.0
Buffer overflow in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure in Oracle 10g R2 allows remote authenticated users to execute arbitrary code via a long (1) OWNER or (2) NAME argument.
13-02-2012 - 22:18 08-11-2007 - 15:46
CVE-2012-0391 9.3
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code v
10-01-2012 - 00:00 08-01-2012 - 10:55
CVE-2008-4563 10.0
Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote
05-01-2012 - 00:00 11-03-2009 - 10:19
CVE-2011-5001 10.0
Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control Manager 5.5 before Build 1613 allows remote attackers to execute arbitrary code via a crafted IPC pa
28-12-2011 - 00:00 24-12-2011 - 20:55
CVE-2009-3843 10.0
HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.cata
12-12-2011 - 00:00 23-11-2009 - 19:30
CVE-2011-4542 7.5
Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI.
01-12-2011 - 00:00 29-11-2011 - 23:05
CVE-2011-3587 9.3
Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python mod
20-10-2011 - 22:56 10-10-2011 - 06:55
CVE-2011-2735 7.9
Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before 5.4.1 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted message over TCP.
21-09-2011 - 23:32 23-08-2011 - 17:55
CVE-2011-1867 10.0
Stack-based buffer overflow in iNodeMngChecker.exe in the User Access Manager (UAM) 5.0 before SP1 E0101P03 and Endpoint Admission Defense (EAD) 5.0 before SP1 E0101P03 components in HP Intelligent Management Center (aka iNode Management Center) allo
21-09-2011 - 23:31 11-07-2011 - 16:55
CVE-2011-1866 10.0
Buffer overflow in omniinet.exe in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to execute arbitrary code via a crafted request, related to the EXEC_CMD functionality.
21-09-2011 - 23:31 01-07-2011 - 06:55
CVE-2011-1865 10.0
Multiple stack-based buffer overflows in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allow remote attackers to execute arbitrary code via a request containing crafted parameters.
21-09-2011 - 23:31 01-07-2011 - 06:55
CVE-2011-1568 10.0
Format string vulnerability in the logText function in shmemmgr9.dll in IGSSdataServer.exe 9.00.00.11074, and 9.00.00.11063 and earlier, in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to cause a denial of service
21-09-2011 - 23:30 05-04-2011 - 11:19
CVE-2011-1567 10.0
Multiple stack-based buffer overflows in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via craf
21-09-2011 - 23:30 05-04-2011 - 11:19
CVE-2011-1565 10.0
Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to (1) read (opcode 0x3) or (2) create or write (opcode 0x2) arbitrary files via ..\
21-09-2011 - 23:30 05-04-2011 - 11:19
CVE-2011-1564 10.0
Multiple integer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via crafted (1) On_FC_MISC_FCS_MSGBROADCAST and (2) On_FC_MISC_FCS_MSGSEND packets, which t
21-09-2011 - 23:30 05-04-2011 - 11:19
CVE-2011-1563 10.0
Multiple stack-based buffer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via (1) a long username in an On_FC_CONNECT_FCS_LOGIN packet, and crafted (2) On
21-09-2011 - 23:30 05-04-2011 - 11:19
CVE-2011-0994 10.0
Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter (NFR) before 1.0.2 allows remote attackers to execute arbitrary code via unspecified XML data.
21-09-2011 - 23:29 09-04-2011 - 22:55
CVE-2011-0364 10.0
The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2, and 6.0 before 6.0.2.145 allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted st_upload request.
21-09-2011 - 23:28 18-02-2011 - 20:00
CVE-2011-0276 10.0
HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a "hidden account" in the com.trinagy.security.XMLUserManager Java class, which allows remote attackers to execute arbitrary code via the doPost method in the com.trinagy.s
21-09-2011 - 23:27 01-02-2011 - 20:00
CVE-2011-0267 10.0
Multiple buffer overflows in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) schdParams or (2) nameParams parameter, a different vulnerability than CVE-2011-0
21-09-2011 - 23:27 13-01-2011 - 14:00
CVE-2011-0266 10.0
Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long nameParams parameter, a different vulnerability than CVE-2011-0267.2.
21-09-2011 - 23:27 13-01-2011 - 14:00
CVE-2010-4229 10.0
Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novell ZENworks Configuration Management 10.3 before 10.3.2, and 11, allows remote attackers to overwrite files, and subseque
21-09-2011 - 23:26 18-04-2011 - 14:55
CVE-2010-1554 10.0
Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter.
21-09-2011 - 23:20 13-05-2010 - 13:30
CVE-2010-1553 10.0
Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid MaxAge parameter.
21-09-2011 - 23:20 13-05-2010 - 13:30
CVE-2010-1552 10.0
Stack-based buffer overflow in the doLoad function in snmpviewer.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via the act and app parameters.
21-09-2011 - 23:20 13-05-2010 - 13:30
CVE-2009-0920 7.5
Stack-based buffer overflow in OvCgi/Toolbar.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long OvOSLocale cookie, a variant of CVE-2008-0067.
21-09-2011 - 23:07 24-03-2009 - 21:30
CVE-2008-0067 10.0
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to t
21-09-2011 - 22:48 08-01-2009 - 14:30
CVE-2007-0449 10.0
Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.1 SP1, Mobile Backup r4.0, Desktop and Business Protection Suite r2, and Desktop Management Suite (DMS) r11.0 and r11.1 allow remote
20-09-2011 - 00:00 23-01-2007 - 16:28
CVE-2010-4221 10.0
Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.
14-09-2011 - 23:18 09-11-2010 - 16:00
CVE-2010-3867 7.1
Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequence
14-09-2011 - 23:17 09-11-2010 - 16:00
CVE-2007-4218 10.0
Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allow remote attackers to execute arbitrary code via certain RPC requests to certain TCP ports that are process
13-09-2011 - 00:00 22-08-2007 - 19:17
CVE-2011-1736 8.5
Directory traversal vulnerability in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to read arbitrary files via directory traversal sequences in a filename in a GET_FILE me
06-09-2011 - 23:16 07-05-2011 - 15:55
CVE-2011-1734 10.0
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed omniiaputil message.
06-09-2011 - 23:16 07-05-2011 - 15:55
CVE-2011-1733 10.0
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed HPFGConfig message.
06-09-2011 - 23:16 07-05-2011 - 15:55
CVE-2011-1732 10.0
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed stutil message.
06-09-2011 - 23:16 07-05-2011 - 15:55
CVE-2011-1731 10.0
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_INTEGUTIL message.
06-09-2011 - 23:16 07-05-2011 - 15:55
CVE-2011-1730 10.0
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_SCRIPT message.
06-09-2011 - 23:16 07-05-2011 - 15:55
CVE-2011-1729 10.0
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed GET_FILE message.
06-09-2011 - 23:16 07-05-2011 - 15:55
CVE-2011-1728 10.0
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_BAR message.
06-09-2011 - 23:16 07-05-2011 - 15:55
CVE-2006-3747 7.6
Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (applica
06-09-2011 - 00:00 28-07-2006 - 14:02
CVE-2006-5478 7.5
Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overf
06-09-2011 - 00:00 24-10-2006 - 16:07
CVE-2006-6183 10.0
Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long mode field (aka transporting mode) in a (1) GET or (2) PUT command.
06-09-2011 - 00:00 30-11-2006 - 19:28
CVE-2007-2508 10.0
Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2 Build 1174 allow remote attackers to execute arbitrary code via crafted data to (1) TCP port 5168, which triggers an overflow in the CAgRpcClient::CreateB
06-09-2011 - 00:00 08-05-2007 - 19:19
CVE-2007-6204 10.0
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allow remote attackers to execute arbitrary code via unspecified long arguments to (1) ovlogin.exe, (2) OpenView5.exe, (3) snmpviewer.exe, and (4)
06-09-2011 - 00:00 13-12-2007 - 16:46
CVE-2007-3216 10.0
Multiple buffer overflows in the LGServer component of CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.1 allow remote attackers to execute arbitrary code via crafted arguments to the (1) rxsAddNewUser, (2) rxsSetUserI
01-09-2011 - 00:00 14-06-2007 - 18:30
CVE-2006-2685 4.0
PHP remote file inclusion vulnerability in Basic Analysis and Security Engine (BASE) 1.2.4 and earlier, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BASE_path parameter to (1) base_qry_common.p
23-08-2011 - 00:00 31-05-2006 - 06:06
CVE-2008-1358 6.5
Stack-based buffer overflow in the IMAP server in Alt-N Technologies MDaemon 9.6.4 allows remote authenticated users to execute arbitrary code via a FETCH command with a long BODY.
10-08-2011 - 00:00 17-03-2008 - 13:44
CVE-2006-6291 6.8
Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.83 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.40 and 2.0 through 2.33, allows remote authenticated users to cause a denial of service (crash)
04-08-2011 - 00:00 05-12-2006 - 06:28
CVE-2008-1697 10.0
Stack-based buffer overflow in ovwparser.dll in HP OpenView Network Node Manager (OV NNM) 7.53, 7.51, and earlier allows remote attackers to execute arbitrary code via a long URI in an HTTP request processed by ovas.exe, as demonstrated by a certain
02-08-2011 - 00:00 08-04-2008 - 13:05
CVE-2005-3314 7.5
Stack-based buffer overflow in the IMAP daemon in Novell Netmail 3.5.2 allows remote attackers to execute arbitrary code via "long verb arguments."
01-08-2011 - 00:00 18-11-2005 - 17:03
CVE-2010-3964 7.5
Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via
18-07-2011 - 00:00 16-12-2010 - 14:33
CVE-2009-3023 9.3
Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption,
24-06-2011 - 00:00 31-08-2009 - 16:30
CVE-2009-3103 10.0
Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (syste
24-06-2011 - 00:00 08-09-2009 - 18:30
CVE-2007-0882 10.0
Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to
13-06-2011 - 00:00 12-02-2007 - 15:28
CVE-2010-0361 10.0
Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long URI i
28-04-2011 - 00:00 20-01-2010 - 11:30
CVE-2011-0799 6.5
Unspecified vulnerability in the Oracle Warehouse Builder component in Oracle Database Server 10.2.0.5 (OWB), 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related
20-04-2011 - 00:00 19-04-2011 - 23:14
CVE-2006-2447 5.1
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
07-04-2011 - 00:00 06-06-2006 - 17:06
CVE-2008-3175 10.0
Integer underflow in rxRPC.dll in the LGServer service in the server in CA ARCserve Backup for Laptops and Desktops 11.0 through 11.5 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted message that triggers a
07-04-2011 - 00:00 01-08-2008 - 10:41
CVE-2011-0404 7.5
Stack-based buffer overflow in NetSupport Manager Agent for Linux 11.00, for Solaris 9.50, and for Mac OS X 11.00 allows remote attackers to execute arbitrary code via a long control hostname to TCP port 5405, probably a different vulnerability than
10-03-2011 - 22:50 10-01-2011 - 22:00
CVE-2009-0270 10.0
Stack-based buffer overflow in PXEService.exe in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to execute arbitrary code via a large PXE protocol request in a UDP packet.
07-03-2011 - 22:18 26-01-2009 - 14:30
CVE-2009-0183 10.0
Stack-based buffer overflow in Remote Control Server in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allows remote attackers to execute arbitrary code via a long Authorization header in an HTTP request.
07-03-2011 - 22:18 03-02-2009 - 14:30
CVE-2008-5911 10.0
Multiple buffer overflows in RealNetworks Helix Server and Helix Mobile Server 11.x before 11.1.8 and 12.x before 12.0.1 allow remote attackers to (1) cause a denial of service via three crafted RTSP SETUP commands, or execute arbitrary code via (2)
07-03-2011 - 22:15 20-01-2009 - 11:00
CVE-2008-4726 9.0
Stack-based buffer overflow in the SFTP subsystem in GoodTech SSH 6.4 allows remote authenticated users to execute arbitrary code via a long string to the (1) open (aka SSH_FXP_OPEN), (2) unlink, (3) opendir, and other unspecified parameters.
07-03-2011 - 22:12 23-10-2008 - 20:00
CVE-2008-4322 10.0
Stack-based buffer overflow in RealFlex Technologies Ltd. RealWin Server 2.0, as distributed by DATAC, allows remote attackers to execute arbitrary code via a crafted FC_INFOTAG/SET_CONTROL packet.
07-03-2011 - 22:12 29-09-2008 - 15:25
CVE-2008-3862 10.0
Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1 before build 3110, allows remote attackers to execute arbitrary code via an HTTP POST request
07-03-2011 - 22:11 23-10-2008 - 18:00
CVE-2008-3257 10.0
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after
07-03-2011 - 22:10 22-07-2008 - 12:41
CVE-2008-2639 7.6
Stack-based buffer overflow in the ODBC server service in Citect CitectSCADA 6 and 7, and CitectFacilities 7, allows remote attackers to execute arbitrary code via a long string in the second application packet in a TCP session on port 20222.
07-03-2011 - 22:09 16-06-2008 - 14:41
CVE-2008-2499 7.5
Stack-based buffer overflow in the Community Services Multiplexer (aka MUX or StMux.exe) in IBM Lotus Sametime 7.5.1 CF1 and earlier, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code via a crafted URL.
07-03-2011 - 22:09 29-05-2008 - 12:32
CVE-2008-2437 10.0
Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 and 8.0 SP1, and Client Server Messaging Security 3.6 allows remote attackers to execute arbitrary code via an HTTP reque
07-03-2011 - 22:09 16-09-2008 - 18:00
CVE-2008-2242 7.5
Multiple buffer overflows in xdr functions in the server in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allow remote attackers to execute arbitrary code, as demonstrated by a stack-based buffer overflow via a long parameter to the xdr_rwsstrin
07-03-2011 - 22:08 21-05-2008 - 09:24
CVE-2008-2241 10.0
Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in
07-03-2011 - 22:08 21-05-2008 - 09:24
CVE-2008-2234 7.5
Multiple buffer overflows in Openwsman 1.2.0 and 2.0.0 allow remote attackers to execute arbitrary code via a crafted "Authorization: Basic" HTTP header.
07-03-2011 - 22:08 18-08-2008 - 13:41
CVE-2008-2233 7.5
The client in Openwsman 1.2.0 and 2.0.0, in unknown configurations, allows remote Openwsman servers to replay SSL sessions via unspecified vectors.
07-03-2011 - 22:08 18-08-2008 - 13:41
CVE-2008-2214 10.0
Stack-based buffer overflow in the Network Manager in Castle Rock Computing SNMPc 7.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long community string in an SNMP TRAP packet.
07-03-2011 - 22:08 14-05-2008 - 14:20
CVE-2008-2161 10.0
Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a long TFTP error packet. NOTE: some of these details are obtained from third party information.
07-03-2011 - 22:08 12-05-2008 - 18:20
CVE-2008-1661 10.0
Stack-based buffer overflow in DoubleTake.exe in HP StorageWorks Storage Mirroring (SWSM) before 4.5 SP2 allows remote attackers to execute arbitrary code via a crafted encoded authentication request.
07-03-2011 - 22:07 04-06-2008 - 15:32
CVE-2008-1366 5.0
Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to cause a denial of service (process consumption) via (1) an HTTP request without a Content-Length header or
07-03-2011 - 22:06 17-03-2008 - 18:44
CVE-2008-1365 6.4
Stack-based buffer overflow in Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long encr
07-03-2011 - 22:06 17-03-2008 - 18:44
CVE-2008-1329 10.0
Unspecified vulnerability in the NetBackup service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary commands, related to "insufficient verification of file uploa
07-03-2011 - 22:06 07-04-2008 - 14:44
CVE-2008-1328 9.3
Buffer overflow in the LGServer service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary code via unspecified "command arguments."
07-03-2011 - 22:06 07-04-2008 - 14:44
CVE-2008-0949 10.0
Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a malformed connection request packet.
07-03-2011 - 22:05 17-03-2008 - 20:44
CVE-2008-0727 8.5
Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated users to execute arbitrary code via a long DBPATH valu
07-03-2011 - 22:05 17-03-2008 - 20:44
CVE-2008-0639 10.0
Stack-based buffer overflow in the EnumPrinters function in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2, SP3, and SP4 for Windows allows remote attackers to execute arbitrary code via a crafted RPC request, aka Novell bug 353138, a di
07-03-2011 - 22:05 13-02-2008 - 16:00
CVE-2008-0533 4.3
Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary
07-03-2011 - 22:04 14-03-2008 - 16:44
CVE-2008-0532 10.0
Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument
07-03-2011 - 22:04 14-03-2008 - 16:44
CVE-2008-0467 10.0
Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before 2.1.0 RC1, might allow remote attackers to execute arbitrary code via a long username.
07-03-2011 - 22:04 28-01-2008 - 21:00
CVE-2008-0401 10.0
Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) before 5.1.0.3 Interim Fix 3 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitr
07-03-2011 - 22:04 23-01-2008 - 07:00
CVE-2008-0394 7.5
Buffer overflow in Citadel SMTP server 7.10 and earlier allows remote attackers to execute arbitrary code via a long RCPT TO command, which is not properly handled by the makeuserkey function. NOTE: some of these details were obtained from third par
07-03-2011 - 22:04 23-01-2008 - 07:00
CVE-2008-0311 9.3
Stack-based buffer overflow in the PGMWebHandler::parse_request function in the StarTeam Multicast Service component (STMulticastService) 6.4 in Borland CaliberRM 2006 allows remote attackers to execute arbitrary code via a large HTTP request.
07-03-2011 - 22:04 06-04-2008 - 19:44
CVE-2008-0244 10.0
SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe.
07-03-2011 - 22:04 11-01-2008 - 21:46
CVE-2008-0227 7.5
yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update f
07-03-2011 - 22:04 10-01-2008 - 18:46
CVE-2008-0226 7.5
Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yass
07-03-2011 - 22:04 10-01-2008 - 18:46
CVE-2007-5701 2.1
Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a "ca activate" or "
07-03-2011 - 22:01 29-10-2007 - 17:46
CVE-2007-5700 6.3
The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses an incorrect security context for @ formula commands in some circumstances, which might allow remote authenticated users to gain privileges and obtain sensitive information.
07-03-2011 - 22:01 29-10-2007 - 17:46
CVE-2007-5330 10.0
The cadbd RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to (1) execute arbitrary code via stack-based buffer overflows in unspecified RPC procedures, and (2) trigger memory corr
07-03-2011 - 22:00 12-10-2007 - 20:17
CVE-2007-5329 10.0
Unspecified vulnerability in dbasvr in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, has unknown impact and attack vectors related to memory corruption.
07-03-2011 - 22:00 12-10-2007 - 20:17
CVE-2007-5328 10.0
The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code by using certain "insecure method calls" to modify the file system and registry, aka "Privile
07-03-2011 - 22:00 12-10-2007 - 20:17
CVE-2007-5327 10.0
Stack-based buffer overflow in the RPC interface for the Message Engine (mediasvr.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a long argument in the 0x1
07-03-2011 - 22:00 12-10-2007 - 20:17
CVE-2007-5326 10.0
Multiple buffer overflows in (1) RPC and (2) rpcx.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors.
07-03-2011 - 22:00 12-10-2007 - 20:17
CVE-2007-5325 10.0
Multiple buffer overflows in (1) the Message Engine and (2) AScore.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors.
07-03-2011 - 22:00 12-10-2007 - 20:17
CVE-2007-5022 5.0
Unspecified vulnerability in certain IBM Tivoli Storage Manager (TSM) clients 5.1 before 5.1.8.1, 5.2 before 5.2.5.2, 5.3 before 5.3.5.3, and 5.4 before 5.4.1.2, when using "server-initiated prompted scheduling," allows remote attackers to read a cli
07-03-2011 - 21:59 21-09-2007 - 14:17
CVE-2007-4880 10.0
Buffer overflow in the Client Acceptor Daemon (CAD), dsmcad.exe, in certain IBM Tivoli Storage Manager (TSM) clients 5.1 before 5.1.8.1, 5.2 before 5.2.5.2, 5.3 before 5.3.5.3, and 5.4 before 5.4.1.2 allows remote attackers to execute arbitrary code
07-03-2011 - 21:59 27-09-2007 - 20:17
CVE-2007-4620 9.0
Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager
07-03-2011 - 21:58 07-04-2008 - 14:44
CVE-2007-4560 7.6
clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."
07-03-2011 - 21:58 27-08-2007 - 21:17
CVE-2007-4221 10.0
Multiple buffer overflows in Motorola Timbuktu Pro before 8.6.5 for Windows allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via (1) a long user name and (2) certain malformed requests; and (3) all
07-03-2011 - 21:58 28-08-2007 - 21:17
CVE-2007-3927 10.0
Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to "su
07-03-2011 - 21:57 20-07-2007 - 20:30
CVE-2007-3925 6.5
Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.
07-03-2011 - 21:57 20-07-2007 - 20:30
CVE-2007-3872 6.8
Multiple stack-based buffer overflows in the Shared Trace Service (OVTrace) service for HP OpenView Operations A.07.50 for Windows, and possibly earlier versions, allow remote attackers to execute arbitrary code via certain crafted requests.
07-03-2011 - 21:57 09-08-2007 - 16:17
CVE-2007-3825 9.3
Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve
07-03-2011 - 21:57 18-07-2007 - 19:30
CVE-2007-3618 9.3
Stack-based buffer overflow in the NetWorker Remote Exec Service (nsrexecd.exe) in EMC Software NetWorker 7.x.x allows remote attackers to execute arbitrary code via a (1) poll or (2) kill request with a "long invalid subcmd."
07-03-2011 - 21:56 21-08-2007 - 17:17
CVE-2007-3566 7.5
Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 before SP2 allows remote attackers to execute arbitrary code via a long size value in a create request to port 3050/tcp.
07-03-2011 - 21:56 26-07-2007 - 14:30
CVE-2007-3510 9.0
Buffer overflow in the IMAP service in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.3, allows remote authenticated users to execute arbitrary code via a long mailbox name.
07-03-2011 - 21:56 29-10-2007 - 17:46
CVE-2007-3039 9.0
Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call
07-03-2011 - 21:55 11-12-2007 - 19:46
CVE-2007-2523 7.2
CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a st
07-03-2011 - 21:54 11-05-2007 - 00:20
CVE-2007-2171 10.0
Stack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request.
07-03-2011 - 21:53 24-04-2007 - 16:19
CVE-2007-2139 10.0
Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suit
07-03-2011 - 21:53 25-04-2007 - 16:19
CVE-2007-1674 10.0
Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in LANDesk Management Suite 8.7 allows remote attackers to execute arbitrary code via a crafted packet to port 65535/UDP.
07-03-2011 - 21:52 17-04-2007 - 23:19
CVE-2007-1578 10.0
Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow.
07-03-2011 - 21:52 21-03-2007 - 19:19
CVE-2007-1350 6.8
Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 allows remote attackers to execute arbitrary code via a long username during HTTP Basic authentication.
07-03-2011 - 21:51 08-03-2007 - 17:19
CVE-2007-1070 10.0
Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflo
07-03-2011 - 21:51 21-02-2007 - 06:28
CVE-2007-0774 7.5
Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitr
07-03-2011 - 21:50 04-03-2007 - 17:19
CVE-2007-0446 10.0
Stack-based buffer overflow in magentproc.exe for Hewlett-Packard Mercury LoadRunner Agent 8.0 and 8.1, Performance Center Agent 8.0 and 8.1, and Monitor over Firewall 8.1 allows remote attackers to execute arbitrary code via a packet with a long ser
07-03-2011 - 21:49 08-02-2007 - 18:28
CVE-2007-0168 7.5
The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allows remote attackers to execute arbitrary code via certain data in opnum 0xBF in a
07-03-2011 - 21:48 11-01-2007 - 17:28
CVE-2006-6605 10.0
Stack-based buffer overflow in the POP service in MailEnable Standard 1.98 and earlier; Professional 1.84, and 2.35 and earlier; and Enterprise 1.41, and 2.35 and earlier before ME-10026 allows remote attackers to execute arbitrary code via a long ar
07-03-2011 - 21:46 19-12-2006 - 14:28
CVE-2006-6425 9.0
Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.
07-03-2011 - 21:45 26-12-2006 - 20:28
CVE-2006-6424 9.0
Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow; and (
07-03-2011 - 21:45 26-12-2006 - 20:28
CVE-2006-6379 7.5
Buffer overflow in the BrightStor Backup Discovery Service in multiple CA products, including ARCserve Backup r11.5 SP1 and earlier, ARCserve Backup 9.01 up to 11.1, Enterprise Backup 10.5, and CA Server Protection Suite r2, allows remote attackers t
07-03-2011 - 21:45 10-12-2006 - 14:28
CVE-2006-6290 6.5
Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.82 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.30 and 2.0 through 2.33 allow remote authenticated users to cause a denia
07-03-2011 - 21:45 05-12-2006 - 06:28
CVE-2006-6222 10.0
Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long request with a malformed len
07-03-2011 - 21:45 14-12-2006 - 15:28
CVE-2006-6076 10.0
Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to execute arbitrary code via certain RPC requests to TCP port 6502.
07-03-2011 - 21:45 24-11-2006 - 12:07
CVE-2006-5854 7.5
Multiple buffer overflows in the Spooler service (nwspool.dll) in Novell Netware Client 4.91 through 4.91 SP2 allow remote attackers to execute arbitrary code via a long argument to the (1) EnumPrinters and (2) OpenPrinter functions.
07-03-2011 - 21:43 03-12-2006 - 14:28
CVE-2006-5822 10.0
Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long CONNECT_OPTIONS request, a d
07-03-2011 - 21:43 14-12-2006 - 15:28
CVE-2006-5276 10.0
Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic.
07-03-2011 - 21:42 19-02-2007 - 20:28
CVE-2006-5156 10.0
Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header.
07-03-2011 - 21:42 05-10-2006 - 00:04
CVE-2006-4847 6.5
Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands.
07-03-2011 - 21:42 18-09-2006 - 21:07
CVE-2006-4691 10.0
Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
07-03-2011 - 21:41 14-11-2006 - 16:07
CVE-2006-4689 5.0
Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors,
07-03-2011 - 21:41 14-11-2006 - 17:07
CVE-2006-4688 7.5
Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerabil
07-03-2011 - 21:41 14-11-2006 - 17:07
CVE-2006-4379 7.5
Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure allows remote attackers to execute arbitrary code via a long string located after an '@' character
07-03-2011 - 21:40 08-09-2006 - 17:04
CVE-2006-4305 10.0
Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client.
07-03-2011 - 21:40 29-08-2006 - 21:04
CVE-2006-3524 7.5
Buffer overflow in SIPfoundry sipXtapi released before 20060324 allows remote attackers to execute arbitrary code via a long CSeq field value in an INVITE message.
07-03-2011 - 21:38 11-07-2006 - 20:05
CVE-2006-3439 10.0
Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-
07-03-2011 - 21:38 08-08-2006 - 21:04
CVE-2006-2630 10.0
Stack-based buffer overflow in Symantec Antivirus 10.1 and Client Security 3.1 allows remote attackers to execute arbitrary code via unknown attack vectors.
07-03-2011 - 21:36 27-05-2006 - 17:02
CVE-2006-2502 5.1
Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
07-03-2011 - 21:36 22-05-2006 - 12:06
CVE-2006-2496 10.0
Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors.
07-03-2011 - 21:36 19-05-2006 - 23:02
CVE-2006-2371 7.5
Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via cer
07-03-2011 - 21:36 13-06-2006 - 15:06
CVE-2006-2370 7.5
Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC
07-03-2011 - 21:36 13-06-2006 - 15:06
CVE-2006-2237 5.1
The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.
07-03-2011 - 21:35 08-05-2006 - 19:02
CVE-2006-1032 7.5
Eval injection vulnerability in the decode function in rpc_decoder.php for phpRPC 0.7 and earlier, as used by runcms, exoops, and possibly other programs, allows remote attackers to execute arbitrary PHP code via the base64 tag.
07-03-2011 - 21:31 07-03-2006 - 06:02
CVE-2006-0992 10.0
Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon. NOTE: due to a typo, the original ZDI advisory accide
07-03-2011 - 21:31 14-04-2006 - 06:02
CVE-2006-0991 7.1
Buffer overflow in the NetBackup Sharepoint Services server daemon (bpspsserver) on NetBackup 6.0 for Windows allows remote attackers to execute arbitrary code via crafted "Request Service" packets to the vnetd service (TCP port 13724).
07-03-2011 - 21:31 27-03-2006 - 19:06
CVE-2006-0990 9.0
Stack-based buffer overflow in the NetBackup Catalog daemon (bpdbm) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors.
07-03-2011 - 21:31 27-03-2006 - 19:06
CVE-2006-0989 9.0
Stack-based buffer overflow in the volume manager daemon (vmd) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors.
07-03-2011 - 21:31 27-03-2006 - 19:06
CVE-2005-3690 7.5
Stack-based buffer overflow in the IMAP service (meimaps.exe) of MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allows remote attackers to execute arbitrary code via a long mailbox name in the (1) select, (2) create, (3) delet
07-03-2011 - 21:26 18-11-2005 - 20:03
CVE-2005-3252 7.5
Stack-based buffer overflow in the Back Orifice (BO) preprocessor for Snort before 2.4.3 allows remote attackers to execute arbitrary code via a crafted UDP packet.
07-03-2011 - 21:26 18-10-2005 - 17:02
CVE-2005-3116 10.0
Stack-based buffer overflow in a shared library as used by the Volume Manager daemon (vmd) in VERITAS NetBackup Enterprise Server 5.0 MP1 to MP5 and 5.1 up to MP3A allows remote attackers to execute arbitrary code via a crafted packet.
07-03-2011 - 21:25 18-11-2005 - 01:03
CVE-2005-2668 10.0
Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allow remote attackers to execute arbitrary code via unknown vectors.
07-03-2011 - 21:24 23-08-2005 - 00:00
CVE-2005-1983 10.0
Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious applica
07-03-2011 - 21:23 10-08-2005 - 00:00
CVE-2005-0773 7.5
Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for Netware allows remote attackers to execute arbitrary code via a CONNECT_CLIENT_AUTH request with authentication method type
07-03-2011 - 21:20 18-06-2005 - 00:00
CVE-2005-0684 10.0
Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent ("%") sign or (2) a long Lock-Token string to the WebD
07-03-2011 - 21:20 25-04-2005 - 00:00
CVE-2002-0392 7.5
Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
07-03-2011 - 21:08 03-07-2002 - 00:00
CVE-2005-1929 7.5
Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute
07-03-2011 - 00:00 14-12-2005 - 16:03
CVE-2005-4267 7.5
Stack-based buffer overflow in Qualcomm WorldMail 3.0 allows remote attackers to execute arbitrary code via a long IMAP command that ends with a "}" character, as demonstrated using long (1) LIST, (2) LSUB, (3) SEARCH TEXT, (4) STATUS INBOX, (5) AUTH
07-03-2011 - 00:00 21-12-2005 - 06:03
CVE-2006-3733 7.5
jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator an
07-03-2011 - 00:00 21-07-2006 - 10:03
CVE-2006-5143 7.5
Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remot
07-03-2011 - 00:00 10-10-2006 - 00:06
CVE-2007-0169 7.5
Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allow remote attackers to execute arbitrary code via RPC requests with crafted data
07-03-2011 - 00:00 11-01-2007 - 17:28
CVE-2007-1748 10.0
Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name conta
07-03-2011 - 00:00 13-04-2007 - 14:19
CVE-2007-2522 10.0
Stack-based buffer overflow in the inoweb Console Server in CA Anti-Virus for the Enterprise r8, Threat Manager r8, Anti-Spyware for the Enterprise r8, and Protection Suites r3 allows remote attackers to execute arbitrary code via a long (1) username
07-03-2011 - 00:00 11-05-2007 - 00:20
CVE-2007-3999 10.0
Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third
07-03-2011 - 00:00 05-09-2007 - 06:17
CVE-2007-4440 7.5
Stack-based buffer overflow in the MercuryS SMTP server in Mercury Mail Transport System, possibly 4.51 and earlier, allows remote attackers to execute arbitrary code via a long AUTH CRAM-MD5 string. NOTE: this might overlap CVE-2006-5961.
07-03-2011 - 00:00 20-08-2007 - 20:17
CVE-2008-5416 9.0
Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 an
07-03-2011 - 00:00 10-12-2008 - 09:00
CVE-2010-4113 9.3
Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 allows remote attackers to execute arbitrary code via a long Login variable to the management web server.
09-02-2011 - 00:00 22-12-2010 - 16:00
CVE-2010-2777 9.0
Stack-based buffer overflow in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to execute arbitrary code via a long mailbox name in a CREATE c
31-01-2011 - 00:00 28-01-2011 - 17:00
CVE-2011-0270 10.0
Format string vulnerability in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in input data that involves an invalid template name.
22-01-2011 - 01:45 13-01-2011 - 14:00
CVE-2011-0271 10.0
The CGI scripts in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 do not properly validate an unspecified parameter, which allows remote attackers to execute arbitrary commands by using a command string for this parameter's value, related to
20-01-2011 - 01:46 13-01-2011 - 14:00
CVE-2011-0269 10.0
Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long schd_select1 parameter.
20-01-2011 - 01:46 13-01-2011 - 14:00
CVE-2011-0268 10.0
Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long text1 parameter.
20-01-2011 - 01:46 13-01-2011 - 14:00
CVE-2011-0265 10.0
Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long data_select1 parameter.
20-01-2011 - 01:46 13-01-2011 - 14:00
CVE-2011-0264 10.0
Stack-based buffer overflow in ovutil.dll in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long COOKIE variable.
20-01-2011 - 01:46 13-01-2011 - 14:00
CVE-2011-0263 10.0
Multiple stack-based buffer overflows in ovas.exe in the OVAS service in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) Source Node or (2) Destination Node variable.
20-01-2011 - 01:46 13-01-2011 - 14:00
CVE-2011-0262 10.0
Buffer overflow in the stringToSeconds function in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via large values of variables to jovgraph.exe.
20-01-2011 - 01:46 13-01-2011 - 14:00
CVE-2011-0261 10.0
Unspecified vulnerability in jovgraph.exe in jovgraph in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a malformed displayWidth option in the arg parameter.
20-01-2011 - 01:46 13-01-2011 - 14:00
CVE-2010-4094 5.0
The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote attackers to execute arbitrary code by leveraging access to the manager role. NOTE: this m
11-01-2011 - 01:45 26-10-2010 - 14:00
CVE-2009-3844 10.0
Stack-based buffer overflow in the OmniInet process in HP OpenView Data Protector Application Recovery Manager 5.50 and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted MSG_PROTOCOL packet.
29-12-2010 - 00:00 08-12-2009 - 18:30
CVE-2009-2753 10.0
Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allo
21-12-2010 - 00:00 05-03-2010 - 11:30
CVE-2010-1318 10.0
Stack-based buffer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via unspecifie
24-11-2010 - 00:00 20-04-2010 - 11:30
CVE-2010-3582 9.0
Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent.
11-11-2010 - 01:50 14-10-2010 - 14:00
CVE-2010-4142 10.0
Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build 6.1.8.10 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) SCPC_INITIALIZE, (2) SCPC_INITIALIZE_RF, or (3) SCPC_
04-11-2010 - 00:00 01-11-2010 - 22:26
CVE-2010-3007 7.2
Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors.
10-09-2010 - 00:00 09-09-2010 - 18:00
CVE-2010-3058 7.5
The Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, establishes an open UDP port, which might allow remote attackers to overwrite memory locations and execute arbitrary code, or cause a denial of service (a
24-08-2010 - 00:00 20-08-2010 - 14:00
CVE-2010-3059 7.5
Buffer overflow in the message-protocol implementation in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to read and modify data, and possibly have other impact, via an unspecified com
23-08-2010 - 00:00 20-08-2010 - 14:00
CVE-2010-3060 5.0
Unspecified vulnerability in the message-protocol implementation in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to cause a denial of service (daemon outage) via unknown vectors.
23-08-2010 - 00:00 20-08-2010 - 14:00
CVE-2010-3061 5.0
Unspecified vulnerability in the message-protocol implementation in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to cause a denial of service (recovery failure), and possibly
23-08-2010 - 00:00 20-08-2010 - 14:00
CVE-2010-0478 9.3
Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Med
21-08-2010 - 01:39 14-04-2010 - 12:00
CVE-2010-0304 7.5
Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the
21-08-2010 - 01:39 03-02-2010 - 13:30
CVE-2010-1929 9.0
Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code
28-06-2010 - 00:00 28-06-2010 - 13:30
CVE-2009-4873 10.0
Stack-based buffer overflow in the HTTP server in Rhino Software Serv-U Web Client 9.0.0.5 allows remote attackers to cause a denial of service (server crash) or execute arbitrary code via a long Session cookie.
26-05-2010 - 00:00 26-05-2010 - 14:30
CVE-2010-1555 10.0
Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid Hostname parameter.
20-05-2010 - 01:49 13-05-2010 - 13:30
CVE-2004-2533 5.0
Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause a denial of service (application crash) via a SITE CHMOD command with a "\\...\" followed by a short string, causing partial memory corruption, a different vulnerability than CVE-2
27-04-2010 - 00:00 31-12-2004 - 00:00
CVE-2010-1223 10.0
Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow remote attackers to execute arbitrary code via (1) a malformed request to the ws_man/xosoapapi.asmx SOAP endpoint or (2) a long string to the entry_point.aspx service.
08-04-2010 - 00:00 07-04-2010 - 11:30
CVE-2009-2288 7.5
statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.
03-04-2010 - 01:30 01-07-2009 - 09:00
CVE-2009-4654 9.0
Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk.
01-03-2010 - 00:00 26-02-2010 - 13:30
CVE-2010-0557 7.5
IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials.
08-02-2010 - 00:00 05-02-2010 - 17:30
CVE-2004-1774 7.2
Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter.
06-02-2010 - 00:43 31-08-2004 - 00:00
CVE-2009-4181 10.0
Stack-based buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via vectors involving the sel and arg parameters to jovgraph.exe.
23-12-2009 - 01:59 10-12-2009 - 17:30
CVE-2009-4180 10.0
Stack-based buffer overflow in snmpviewer.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Host header.
23-12-2009 - 01:59 10-12-2009 - 17:30
CVE-2009-4179 10.0
Stack-based buffer overflow in ovalarm.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Accept-Language header in an OVABverbose action.
23-12-2009 - 01:59 10-12-2009 - 17:30
CVE-2009-4178 10.0
Heap-based buffer overflow in OvWebHelp.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Topic parameter.
23-12-2009 - 01:59 10-12-2009 - 17:30
CVE-2009-4176 10.0
Multiple heap-based buffer overflows in ovsessionmgr.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via a long (1) userid or (2) passwd parameter to ovlogin.exe.
23-12-2009 - 01:59 10-12-2009 - 17:30
CVE-2009-3847 10.0
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via unknown vectors.
23-12-2009 - 01:58 10-12-2009 - 17:30
CVE-2009-4177 10.0
Buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Host header.
19-12-2009 - 01:59 10-12-2009 - 17:30
CVE-2009-3849 10.0
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long Template parameter to nnmRptConfig.exe, related to the strcat function; or (2) a l
19-12-2009 - 01:59 10-12-2009 - 17:30
CVE-2009-3848 10.0
Stack-based buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Template parameter, related to the vsprintf function.
19-12-2009 - 01:59 10-12-2009 - 17:30
CVE-2009-3846 10.0
Multiple heap-based buffer overflows in ovlogin.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via a long (1) userid or (2) passwd parameter.
19-12-2009 - 01:59 10-12-2009 - 17:30
CVE-2009-3845 10.0
The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts.
19-12-2009 - 01:59 10-12-2009 - 17:30
CVE-2009-0898 10.0
Stack-based buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a crafted HTTP request.
19-12-2009 - 01:53 10-12-2009 - 18:30
CVE-2009-3853 9.3
Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, all
18-11-2009 - 02:00 04-11-2009 - 10:30
CVE-2009-2685 10.0
Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable.
09-11-2009 - 00:00 06-11-2009 - 10:30
CVE-2008-4193 10.0
Stack-based buffer overflow in SecurityGateway.dll in Alt-N Technologies SecurityGateway 1.0.1 allows remote attackers to execute arbitrary code via a long username parameter.
15-08-2009 - 01:14 24-09-2008 - 07:42
CVE-2008-6922 9.3
Multiple stack-based buffer overflows in CMailCOM.dll in CMailServer 5.4.6 allow remote attackers to execute arbitrary code via a long argument to the (1) CreateUserPath, (2) Logout, (3) DeleteMailByUID, (4) MoveToInbox, (5) MoveToFolder, (6) DeleteM
11-08-2009 - 00:00 10-08-2009 - 14:30
CVE-2009-1394 9.3
Stack-based buffer overflow in Motorola Timbuktu Pro 8.6.5 on Windows allows remote attackers to execute arbitrary code by sending a long malformed string over the PlughNTCommand named pipe.
30-06-2009 - 00:00 26-06-2009 - 14:30
CVE-2009-1628 10.0
Stack-based buffer overflow in mnet.exe in Unisys Business Information Server (BIS) 10 and 10.1 on Windows allows remote attackers to execute arbitrary code via a crafted TCP packet.
29-06-2009 - 00:00 26-06-2009 - 14:30
CVE-2009-1636 10.0
Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via (1) a crafted e-mail address in an SMTP session or (2) an SMTP co
09-06-2009 - 01:34 26-05-2009 - 11:30
CVE-2008-4828 10.0
Multiple stack-based buffer overflows in dsmagent.exe in the Remote Agent Service in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, and 5.4.0.0 through 5.4.1.96, and the TSM Expr
19-05-2009 - 01:28 05-05-2009 - 13:30
CVE-2009-1350 10.0
Unspecified vulnerability in xtagent.exe in Novell NetIdentity Client before 1.2.4 allows remote attackers to execute arbitrary code by establishing an IPC$ connection to the XTIERRPCPIPE named pipe, and sending RPC messages that trigger a dereferenc
21-04-2009 - 00:00 21-04-2009 - 12:24
CVE-2007-4731 10.0
Stack-based buffer overflow in the TMregChange function in TMReg.dll in Trend Micro ServerProtect before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 5005.
15-11-2008 - 01:58 11-09-2007 - 21:17
CVE-2005-1256 10.0
Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command wi
15-11-2008 - 00:46 25-05-2005 - 00:00
CVE-2005-1255 10.0
Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to execute arbitrary code via a LOGIN command with (1)
15-11-2008 - 00:46 25-05-2005 - 00:00
CVE-2005-1254 5.0
Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 and 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to cause a denial of service (crash) via a SELECT command with a large argument.
15-11-2008 - 00:46 25-05-2005 - 00:00
CVE-2005-1252 5.0
Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in the query string a
15-11-2008 - 00:46 25-05-2005 - 00:00
CVE-2005-1249 5.0
The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop.
15-11-2008 - 00:46 25-05-2005 - 00:00
CVE-2007-1373 10.0
Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command. NOTE: this might be the same issue as CVE-2006-5961.
13-11-2008 - 01:34 09-03-2007 - 19:19
CVE-2005-4411 7.5
Buffer overflow in Mercury Mail Transport System 4.01b allows remote attackers to execute arbitrary code via a long request to TCP port 105.
10-09-2008 - 15:52 20-12-2005 - 06:03
CVE-2005-0059 10.0
Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
10-09-2008 - 15:34 02-05-2005 - 00:00
CVE-2004-0297 10.0
Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large ta
10-09-2008 - 15:25 23-11-2004 - 00:00
CVE-2003-0727 2.1
Multiple buffer overflows in the XML Database (XDB) functionality for Oracle 9i Database Release 2 allow local users to cause a denial of service or hijack user sessions.
10-09-2008 - 15:20 20-10-2003 - 00:00
CVE-2003-0719 7.5
Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows re
10-09-2008 - 15:20 01-06-2004 - 00:00
CVE-2000-0884 7.5
IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.
10-09-2008 - 15:06 19-12-2000 - 00:00
CVE-2000-0525 10.0
OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.
10-09-2008 - 15:04 08-06-2000 - 00:00
CVE-1999-0503 7.2
A Windows NT local user or administrator account has a guessable password.
09-09-2008 - 08:34 01-01-1997 - 00:00
CVE-1999-0502 7.5
A Unix account has a default, null, blank, or missing password.
09-09-2008 - 08:34 01-03-1998 - 00:00
CVE-1999-0208 10.0
rpc.ypupdated (NIS) allows remote users to execute arbitrary commands.
09-09-2008 - 08:34 12-12-1995 - 00:00
CVE-2008-0638 9.3
Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, w
05-09-2008 - 17:35 21-02-2008 - 15:44
CVE-2007-6701 10.0
Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP4 for Windows allow remote attackers to execute arbitrary code via long arguments to multiple unspecified RPC functions, aka Novell bug 287919, a diffe
05-09-2008 - 17:33 13-02-2008 - 16:00
CVE-2007-5006 10.0
Multiple command handlers in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 do not verify if a peer is authenticated, which allows remote attackers to add and delete users, and start client restores.
05-09-2008 - 17:29 01-10-2007 - 16:17
CVE-2007-5005 10.0
Directory traversal vulnerability in rxRPC.dll in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to upload and overwrite arbitrary files via a ..\ (dot dot backslash) sequence
05-09-2008 - 17:29 01-10-2007 - 16:17
CVE-2007-5004 9.3
Integer overflow in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to execute arbitrary code via a long username and a certain "useless" password.
05-09-2008 - 17:29 01-10-2007 - 16:17
CVE-2007-5003 10.0
Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command
05-09-2008 - 17:29 01-10-2007 - 16:17
CVE-2007-4006 6.8
Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has unknown impact and remote attack vectors, aka ZD-00000034. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordin
05-09-2008 - 17:27 25-07-2007 - 20:30
CVE-2007-4005 5.0
Stack-based buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 allows remote attackers to execute arbitrary code via a long string to the shell port (514/tcp). NOTE: this might overlap CVE-2007-4006.
05-09-2008 - 17:27 25-07-2007 - 20:30
CVE-2005-4734 6.4
Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID Web Agent) 5.2 and 5.3 for IIS allows remote attackers to execute arbitrary code via a long url parameter in the Redirect method.
05-09-2008 - 16:57 31-12-2005 - 00:00
CVE-2005-3155 7.5
Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and Professional 1.6 allows remote attackers to execute arbitrary code.
05-09-2008 - 16:53 05-10-2005 - 19:02
CVE-2005-2715 10.0
Format string vulnerability in the Java user interface service (bpjava-msvc) daemon for VERITAS NetBackup Data and Business Center 4.5FP and 4.5MP, and NetBackup Enterprise/Server/Client 5.0, 5.1, and 6.0, allows remote attackers to execute arbitrary
05-09-2008 - 16:52 12-10-2005 - 18:02
CVE-2005-2551 7.5
Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 on Windows allows attackers to cause a denial of service (crash) and obtain access to files via unknown vectors.
05-09-2008 - 16:52 12-08-2005 - 00:00
CVE-2005-2535 7.5
Buffer overflow in the Discovery Service in BrightStor ARCserve Backup 9.0 through 11.1 allows remote attackers to execute arbitrary commands via a large packet to TCP port 41523, a different vulnerability than CVE-2005-0260.
05-09-2008 - 16:52 10-08-2005 - 00:00
CVE-2005-1815 5.0
Multiple buffer overflows in Hummingbird Connectivity inetD 10.0.0.1 and 9.0.0.4 allows attackers to cause a denial of service and possibly execute arbitrary code via (1) an FTP command with a long argument to FTPD (ftpdw.exe) or (2) a large amount o
05-09-2008 - 16:50 01-06-2005 - 00:00
CVE-2005-1781 5.0
Unknown vulnerability in SMTP authentication for MailEnable allows remote attackers to cause a denial of service (crash).
05-09-2008 - 16:50 31-05-2005 - 00:00
CVE-2005-1272 7.5
Stack-based buffer overflow in the Backup Agent for Microsoft SQL Server in BrightStor ARCserve Backup Agent for SQL Server 11.0 allows remote attackers to execute arbitrary code via a long string sent to port (1) 6070 or (2) 6050.
05-09-2008 - 16:48 05-08-2005 - 00:00
CVE-2005-1009 10.0
Multiple buffer overflows in BakBone NetVault 6.x and 7.x allow (1) remote attackers to execute arbitrary code via a modified computer name and length that leads to a heap-based buffer overflow, or (2) local users to execute arbitrary code via a long
05-09-2008 - 16:47 02-05-2005 - 00:00
CVE-2005-0116 7.5
AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.
05-09-2008 - 16:45 18-01-2005 - 00:00
CVE-2004-2501 7.5
Buffer overflow in the IMAP service of MailEnable Professional Edition 1.52 and Enterprise Edition 1.01 allows remote attackers to execute arbitrary code via (1) a long command string or (2) a long string to the MEIMAP service and then terminating th
05-09-2008 - 16:44 31-12-2004 - 00:00
CVE-2004-1172 10.0
Stack-based buffer overflow in the Agent Browser in Veritas Backup Exec 8.x before 8.60.3878 Hotfix 68, and 9.x before 9.1.4691 Hotfix 40, allows remote attackers to execute arbitrary code via a registration request with a long hostname.
05-09-2008 - 16:40 10-01-2005 - 00:00
CVE-2004-0798 7.5
Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp Gold before 8.03 Hotfix 1 allows remote attackers to execute arbitrary code via a long instancename parameter.
05-09-2008 - 16:39 20-10-2004 - 00:00
CVE-2004-0646 10.0
Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Cont
05-09-2008 - 16:38 23-12-2004 - 00:00
CVE-2002-0033 10.0
Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name.
05-09-2008 - 16:27 29-05-2002 - 00:00
CVE-2001-0311 4.6
Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows attackers to gain unauthorized access to an OmniBack client.
05-09-2008 - 16:23 02-06-2001 - 00:00
CVE-2000-0945 10.0
The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory.
05-09-2008 - 16:22 19-12-2000 - 00:00
CVE-2001-0537 9.3
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
05-09-2008 - 00:00 21-07-2001 - 00:00
CVE-2004-1366 4.6
Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges.
05-09-2008 - 00:00 04-08-2004 - 00:00
CVE-2008-1910 10.0
Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 SP2 allows remote attackers to execute arbitrary code via a malformed opcode 0x52 request to TCP port 3050. NOTE: this might overlap CVE-2007-5243 or CVE-200
05-09-2008 - 00:00 22-04-2008 - 00:41
CVE-1999-0515 10.0
An unrestricted remote trust relationship for Unix systems has been set up, e.g. by using a + sign in /etc/hosts.equiv.
20-10-2005 - 00:00 01-01-1999 - 00:00
Back to Top Mark selected
Back to Top