Max CVSS 10.0 Min CVSS 1.2 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2002-0367 7.2
smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, a
16-07-2024 - 17:42 25-06-2002 - 04:00
CVE-2004-0210 7.2
The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
16-07-2024 - 17:42 06-08-2004 - 04:00
CVE-2013-0640 9.3
Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February
16-07-2024 - 17:36 14-02-2013 - 01:55
CVE-2013-0641 9.3
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013.
16-07-2024 - 17:36 14-02-2013 - 01:55
CVE-2003-0693 10.0
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CV
01-07-2024 - 11:15 22-09-2003 - 04:00
CVE-2004-0119 7.5
The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenI
15-02-2024 - 21:44 01-06-2004 - 04:00
CVE-2006-2374 2.1
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file hand
15-02-2024 - 20:22 13-06-2006 - 19:06
CVE-2003-0190 5.0
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.
15-02-2024 - 18:46 12-05-2003 - 04:00
CVE-2004-0213 7.2
Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to la
14-02-2024 - 17:25 06-08-2004 - 04:00
CVE-2004-0121 7.5
Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and e
13-02-2024 - 18:00 15-04-2004 - 04:00
CVE-2005-2088 4.3
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfe
09-02-2024 - 02:40 05-07-2005 - 04:00
CVE-2002-0391 10.0
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array
08-02-2024 - 18:38 12-08-2002 - 04:00
CVE-2003-0466 10.0
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to tr
08-02-2024 - 15:50 27-08-2003 - 04:00
CVE-2003-0252 10.0
Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain ne
02-02-2024 - 02:56 18-08-2003 - 04:00
CVE-2005-0587 2.6
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.
02-02-2024 - 02:03 25-03-2005 - 05:00
CVE-2010-2936 9.3
Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint doc
13-02-2023 - 03:19 25-08-2010 - 20:00
CVE-2013-0879 7.5
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified othe
30-01-2023 - 15:01 23-02-2013 - 21:55
CVE-2013-0899 5.0
Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products
24-01-2023 - 02:48 23-02-2013 - 21:55
CVE-2013-0880 7.5
Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to databas
24-01-2023 - 01:50 23-02-2013 - 21:55
CVE-2013-0898 7.5
Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a URL.
24-01-2023 - 01:46 23-02-2013 - 21:55
CVE-2013-0900 6.8
Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspe
18-11-2022 - 20:17 23-02-2013 - 21:55
CVE-2013-0897 4.3
Off-by-one error in the PDF functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service via a crafted document.
18-11-2022 - 20:17 23-02-2013 - 21:55
CVE-2013-0896 7.5
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly manage memory during message handling for plug-ins, which allows remote attackers to cause a denial of service or possibly have unspecified
18-11-2022 - 20:03 23-02-2013 - 21:55
CVE-2013-0893 6.8
Race condition in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media.
18-11-2022 - 20:03 23-02-2013 - 21:55
CVE-2013-0892 7.5
Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service or possibly have other impact via unknown vector
18-11-2022 - 20:02 23-02-2013 - 21:55
CVE-2013-0891 7.5
Integer overflow in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a blob.
18-11-2022 - 20:02 23-02-2013 - 21:55
CVE-2013-0885 7.5
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors.
18-11-2022 - 19:59 23-02-2013 - 21:55
CVE-2013-0884 6.8
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly load Native Client (aka NaCl) code, which has unspecified impact and attack vectors.
18-11-2022 - 19:59 23-02-2013 - 21:55
CVE-2013-0887 7.5
The developer-tools process in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict privileges during interaction with a connected server, which has unspecified impact and attack vect
18-11-2022 - 19:41 23-02-2013 - 21:55
CVE-2013-0882 7.5
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via a large number of SVG parameters
18-11-2022 - 17:55 23-02-2013 - 21:55
CVE-2013-0883 5.0
Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors.
18-11-2022 - 17:55 23-02-2013 - 21:55
CVE-2013-0881 5.0
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via crafted data in the Matroska container format.
18-11-2022 - 17:52 23-02-2013 - 21:55
CVE-2013-0889 6.8
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for remote attackers to execute arbit
18-11-2022 - 17:49 23-02-2013 - 21:55
CVE-2013-0890 7.5
Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service (memory corruption) or possibly have other impac
18-11-2022 - 17:49 23-02-2013 - 21:55
CVE-2013-0888 5.0
Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a "user gesture check for dangerous file do
18-11-2022 - 17:47 23-02-2013 - 21:55
CVE-2005-0233 7.5
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homog
28-02-2022 - 17:41 08-02-2005 - 05:00
CVE-2006-1188 7.5
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.
23-07-2021 - 15:04 11-04-2006 - 23:02
CVE-2005-2087 5.0
Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedd
23-07-2021 - 15:04 05-07-2005 - 04:00
CVE-2005-1790 2.6
Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "M
23-07-2021 - 15:04 01-06-2005 - 04:00
CVE-2004-0214 10.0
Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long s
23-07-2021 - 15:03 03-11-2004 - 05:00
CVE-2004-0420 10.0
The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demo
23-07-2021 - 15:02 07-07-2004 - 04:00
CVE-2005-4089 7.1
Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) file
23-07-2021 - 12:55 08-12-2005 - 11:03
CVE-2006-2218 9.3
Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object
23-07-2021 - 12:55 05-05-2006 - 12:46
CVE-2005-2830 5.0
Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."
23-07-2021 - 12:55 14-12-2005 - 11:03
CVE-2006-1190 10.0
Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and al
23-07-2021 - 12:55 11-04-2006 - 23:02
CVE-2004-1043 5.0
Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local z
23-07-2021 - 12:55 31-12-2004 - 05:00
CVE-2006-1189 10.0
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-byte character sets (DBCS), aka the "Double Byte Char
23-07-2021 - 12:55 11-04-2006 - 23:02
CVE-2005-2831 7.5
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for
23-07-2021 - 12:55 14-12-2005 - 11:03
CVE-2006-1303 9.3
Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransfo
23-07-2021 - 12:55 13-06-2006 - 19:06
CVE-2003-1041 7.5
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it
23-07-2021 - 12:55 14-06-2004 - 04:00
CVE-2006-1359 9.3
Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.
23-07-2021 - 12:55 23-03-2006 - 00:06
CVE-2006-1626 4.3
Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a
23-07-2021 - 12:55 05-04-2006 - 10:04
CVE-2006-1388 7.5
Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.
23-07-2021 - 12:55 24-03-2006 - 20:02
CVE-2005-2829 5.1
Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the dis
23-07-2021 - 12:55 14-12-2005 - 11:03
CVE-2006-2382 10.0
Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka "HTML Decod
23-07-2021 - 12:19 13-06-2006 - 19:06
CVE-2006-2385 7.6
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht)
23-07-2021 - 12:19 13-06-2006 - 19:06
CVE-2006-2383 9.3
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control,
23-07-2021 - 12:19 13-06-2006 - 19:06
CVE-2006-2384 4.3
Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after
23-07-2021 - 12:19 13-06-2006 - 19:06
CVE-2006-1186 10.0
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.
23-07-2021 - 12:19 11-04-2006 - 23:02
CVE-2006-1192 2.6
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to anot
23-07-2021 - 12:17 11-04-2006 - 23:02
CVE-2003-0083 5.0
Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities relate
15-07-2021 - 20:37 02-04-2003 - 05:00
CVE-2003-0132 5.0
A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
15-07-2021 - 20:14 11-04-2003 - 04:00
CVE-2003-0192 6.4
Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which c
06-06-2021 - 11:15 18-08-2003 - 04:00
CVE-2003-0254 5.0
Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
06-06-2021 - 11:15 18-08-2003 - 04:00
CVE-2003-0253 5.0
The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
06-06-2021 - 11:15 18-08-2003 - 04:00
CVE-2004-0113 5.0
Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
06-06-2021 - 11:15 29-03-2004 - 05:00
CVE-2003-0020 5.0
Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
06-06-2021 - 11:15 18-03-2003 - 05:00
CVE-2004-0492 10.0
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes
06-06-2021 - 11:15 06-08-2004 - 04:00
CVE-2003-0542 7.2
Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9
06-06-2021 - 11:15 03-11-2003 - 05:00
CVE-2003-0718 5.0
The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML element
23-11-2020 - 19:49 03-11-2004 - 05:00
CVE-2004-0203 4.3
Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query.
09-04-2020 - 13:51 23-11-2004 - 05:00
CVE-2004-0574 10.0
The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, poss
09-04-2020 - 13:50 03-11-2004 - 05:00
CVE-2005-1987 7.5
Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstra
09-04-2020 - 13:28 13-10-2005 - 10:02
CVE-2001-0509 5.0
Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
02-04-2020 - 12:56 20-09-2001 - 04:00
CVE-2002-0049 6.4
Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.
02-04-2020 - 12:38 08-03-2002 - 05:00
CVE-2003-0150 9.0
MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by mod
07-10-2019 - 16:41 24-03-2003 - 05:00
CVE-2003-0073 5.0
Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.
07-10-2019 - 16:41 19-02-2003 - 05:00
CVE-2002-1230 4.6
NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demon
30-04-2019 - 14:27 04-11-2002 - 05:00
CVE-2006-2371 7.5
Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via cer
30-04-2019 - 14:27 13-06-2006 - 19:06
CVE-2006-2379 9.3
Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.
30-04-2019 - 14:27 13-06-2006 - 19:06
CVE-2006-2370 7.5
Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC
30-04-2019 - 14:27 13-06-2006 - 19:06
CVE-2002-0151 7.2
Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request.
30-04-2019 - 14:27 04-04-2002 - 05:00
CVE-2002-0366 7.2
Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry.
30-04-2019 - 14:27 03-07-2002 - 04:00
CVE-2003-0003 7.5
Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter inf
30-04-2019 - 14:27 07-02-2003 - 05:00
CVE-2003-0345 7.5
Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
30-04-2019 - 14:27 18-08-2003 - 04:00
CVE-2003-0822 7.5
Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
30-04-2019 - 14:27 15-12-2003 - 05:00
CVE-2005-1218 5.0
The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
30-04-2019 - 14:27 10-08-2005 - 04:00
CVE-2005-2307 5.0
netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."
30-04-2019 - 14:27 19-07-2005 - 04:00
CVE-2006-0034 7.5
Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code v
30-04-2019 - 14:27 10-05-2006 - 02:14
CVE-2005-2827 7.2
The thread termination routine in the kernel for Windows NT 4.0 and 2000 (NTOSKRNL.EXE) allows local users to modify kernel memory and execution flow via steps in which a terminating thread causes Asynchronous Procedure Call (APC) entries to free the
30-04-2019 - 14:27 14-12-2005 - 01:03
CVE-2004-0201 10.0
Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vuln
30-04-2019 - 14:27 06-08-2004 - 04:00
CVE-2003-0112 4.6
Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger.
30-04-2019 - 14:27 12-05-2003 - 04:00
CVE-2005-1981 2.1
Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
30-04-2019 - 14:27 10-08-2005 - 04:00
CVE-2003-0824 5.0
Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain
30-04-2019 - 14:27 15-12-2003 - 05:00
CVE-2004-1319 5.0
The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the par
30-04-2019 - 14:27 15-12-2004 - 05:00
CVE-2004-0568 10.0
HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious
30-04-2019 - 14:27 10-01-2005 - 05:00
CVE-2005-1982 3.6
Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain control
30-04-2019 - 14:27 10-08-2005 - 04:00
CVE-2004-1080 10.0
The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS re
30-04-2019 - 14:27 10-01-2005 - 05:00
CVE-2003-0825 9.3
The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute
30-04-2019 - 14:27 03-03-2004 - 05:00
CVE-2003-0352 7.5
Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
30-04-2019 - 14:27 18-08-2003 - 04:00
CVE-2005-0803 5.0
The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be
30-04-2019 - 14:27 02-05-2005 - 04:00
CVE-2004-0212 10.0
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Interne
30-04-2019 - 14:27 06-08-2004 - 04:00
CVE-2004-1305 5.0
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory ad
30-04-2019 - 14:27 23-12-2004 - 05:00
CVE-2006-0012 5.1
Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "
30-04-2019 - 14:27 12-04-2006 - 00:02
CVE-2003-0818 7.5
Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encod
30-04-2019 - 14:27 03-03-2004 - 05:00
CVE-2004-0571 10.0
Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability
30-04-2019 - 14:27 10-01-2005 - 05:00
CVE-2006-1184 5.0
Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of
30-04-2019 - 14:27 10-05-2006 - 02:14
CVE-2004-0893 7.2
The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges,
30-04-2019 - 14:27 10-01-2005 - 05:00
CVE-2005-2122 10.0
Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Serve
30-04-2019 - 14:27 21-10-2005 - 18:02
CVE-2004-0901 10.0
Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site,
30-04-2019 - 14:27 10-01-2005 - 05:00
CVE-2005-0050 10.0
The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) a
30-04-2019 - 14:27 02-05-2005 - 04:00
CVE-2006-0010 9.3
Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded
30-04-2019 - 14:27 10-01-2006 - 22:03
CVE-2006-2373 10.0
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEIT
26-03-2019 - 19:17 13-06-2006 - 19:06
CVE-2012-5146 5.0
Google Chrome before 24.0.1312.52 allows remote attackers to bypass the Same Origin Policy via a malformed URL.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2013-2475 3.3
The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet.
30-10-2018 - 16:27 07-03-2013 - 15:55
CVE-2013-2483 3.3
The acn_add_dmp_data function in epan/dissectors/packet-acn.c in the ACN dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via an invali
30-10-2018 - 16:27 07-03-2013 - 15:55
CVE-2012-5150 7.5
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving seek operations on video data.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2013-2480 3.3
The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
30-10-2018 - 16:27 07-03-2013 - 15:55
CVE-2013-2487 7.8
epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via crafted in
30-10-2018 - 16:27 07-03-2013 - 15:55
CVE-2012-5147 7.5
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2013-2476 6.1
The dissect_hartip function in epan/dissectors/packet-hartip.c in the HART/IP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a packet with a header that is too short.
30-10-2018 - 16:27 07-03-2013 - 15:55
CVE-2013-2477 3.3
The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly manage function pointers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
30-10-2018 - 16:27 07-03-2013 - 15:55
CVE-2012-5152 5.0
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving seek operations on video data.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2012-5149 7.5
Integer overflow in the audio IPC layer in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2013-2481 2.9
Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to c
30-10-2018 - 16:27 07-03-2013 - 15:55
CVE-2012-5148 7.5
The hyphenation functionality in Google Chrome before 24.0.1312.52 does not properly validate file names, which has unspecified impact and attack vectors.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2012-5154 7.5
Integer overflow in Google Chrome before 24.0.1312.52 on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to allocation of shared memory.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2013-2479 3.3
The dissect_mpls_echo_tlv_dd_map function in epan/dissectors/packet-mpls-echo.c in the MPLS Echo dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via invalid Sub-tlv data.
30-10-2018 - 16:27 07-03-2013 - 15:55
CVE-2013-2478 3.3
The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service (a
30-10-2018 - 16:27 07-03-2013 - 15:55
CVE-2012-5153 7.5
Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds access to stack memory.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2013-2484 3.3
The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet.
30-10-2018 - 16:27 07-03-2013 - 15:55
CVE-2012-5145 7.5
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG layout.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2013-2482 6.1
The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
30-10-2018 - 16:27 07-03-2013 - 15:55
CVE-2013-2486 6.1
The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a deni
30-10-2018 - 16:27 07-03-2013 - 15:55
CVE-2013-2485 6.1
The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
30-10-2018 - 16:27 07-03-2013 - 15:55
CVE-2013-2488 5.0
The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a denial of service (application crash) via a large
30-10-2018 - 16:27 07-03-2013 - 15:55
CVE-2013-0836 6.8
Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, does not properly implement garbage collection, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via craf
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2013-0835 5.0
Unspecified vulnerability in the Geolocation implementation in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (application crash) via unknown vectors.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2013-0831 7.5
Directory traversal vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to have an unspecified impact by leveraging access to an extension process.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2013-0833 5.0
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to printing.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2013-0837 7.5
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2013-0830 7.5
The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a NUL character required for termination of an unspecified data structure, which has unknown impact and attack vectors.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2013-0832 7.5
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2013-0834 5.0
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving glyphs.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2002-0678 7.2
CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.
30-10-2018 - 16:26 23-07-2002 - 04:00
CVE-2002-0573 7.5
Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command canno
30-10-2018 - 16:26 03-07-2002 - 04:00
CVE-2002-0085 5.0
cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a denial of service (crash) via an invalid procedure call in an RPC request.
30-10-2018 - 16:26 15-03-2002 - 05:00
CVE-2002-1317 7.5
Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.
30-10-2018 - 16:26 11-12-2002 - 05:00
CVE-2002-0677 7.5
CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the
30-10-2018 - 16:26 23-07-2002 - 04:00
CVE-2002-0084 7.2
Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long mount argument.
30-10-2018 - 16:26 15-03-2002 - 05:00
CVE-2002-0679 10.0
Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.
30-10-2018 - 16:26 05-09-2002 - 04:00
CVE-2003-0196 10.0
Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.
30-10-2018 - 16:26 05-05-2003 - 04:00
CVE-2003-0027 5.0
Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.
30-10-2018 - 16:26 07-02-2003 - 05:00
CVE-2007-1270 5.0
Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors.
30-10-2018 - 16:26 06-04-2007 - 00:19
CVE-2003-0694 10.0
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
30-10-2018 - 16:26 06-10-2003 - 04:00
CVE-2008-0967 6.9
Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build
30-10-2018 - 16:26 05-06-2008 - 20:32
CVE-2003-0201 10.0
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.
30-10-2018 - 16:26 05-05-2003 - 04:00
CVE-2007-1271 6.6
Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow attackers to gain privileges or cause a denial of service (application crash) via unspecified vectors.
30-10-2018 - 16:26 06-04-2007 - 00:19
CVE-2002-0033 10.0
Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name.
30-10-2018 - 16:25 29-05-2002 - 04:00
CVE-2007-0042 7.8
Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechani
30-10-2018 - 16:25 10-07-2007 - 22:30
CVE-2006-0008 7.2
The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and cl
30-10-2018 - 16:25 14-02-2006 - 19:06
CVE-2004-0573 7.5
Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
30-10-2018 - 16:25 28-09-2004 - 04:00
CVE-2004-0082 7.5
The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable pas
30-10-2018 - 16:25 03-03-2004 - 05:00
CVE-2004-0200 9.3
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to
30-10-2018 - 16:25 28-09-2004 - 04:00
CVE-2004-1154 10.0
Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of securit
30-10-2018 - 16:25 10-01-2005 - 05:00
CVE-2006-0748 9.3
Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via "an invalid and non-sensical ordering of table-related tags" that
19-10-2018 - 15:46 14-04-2006 - 10:02
CVE-2006-0749 9.3
nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via
19-10-2018 - 15:46 14-04-2006 - 10:02
CVE-2006-0298 5.8
The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read.
19-10-2018 - 15:44 02-02-2006 - 22:02
CVE-2006-0297 5.1
Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSu
19-10-2018 - 15:44 02-02-2006 - 22:02
CVE-2006-0299 6.4
The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange info
19-10-2018 - 15:44 02-02-2006 - 23:06
CVE-2006-0294 7.5
Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to o
19-10-2018 - 15:43 02-02-2006 - 20:06
CVE-2006-0292 7.5
The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garb
19-10-2018 - 15:43 02-02-2006 - 20:06
CVE-2006-0293 7.5
The function allocation code (js_NewFunction in jsfun.c) in Firefox 1.5 allows attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that opera
19-10-2018 - 15:43 02-02-2006 - 20:06
CVE-2006-0296 5.0
The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf fil
19-10-2018 - 15:43 02-02-2006 - 20:06
CVE-2006-0295 5.1
Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory
19-10-2018 - 15:43 02-02-2006 - 20:06
CVE-2006-0021 7.8
Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."
19-10-2018 - 15:42 14-02-2006 - 19:06
CVE-2006-0023 4.3
Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1)
19-10-2018 - 15:42 08-02-2006 - 02:18
CVE-2005-4560 7.5
The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows P
19-10-2018 - 15:41 28-12-2005 - 19:03
CVE-2006-0009 5.1
Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware suc
19-10-2018 - 15:41 14-03-2006 - 23:02
CVE-2006-0006 9.3
Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary c
19-10-2018 - 15:41 14-02-2006 - 22:06
CVE-2006-0003 5.1
Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown att
19-10-2018 - 15:41 12-04-2006 - 00:02
CVE-2006-0014 5.1
Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.
19-10-2018 - 15:41 12-04-2006 - 00:02
CVE-2005-4134 5.0
Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not
19-10-2018 - 15:40 09-12-2005 - 15:03
CVE-2005-3983 7.8
Unknown vulnerability in the login page for HP Systems Insight Manager (SIM) 4.0 and 4.1, when accessed by Microsoft Internet Explorer with the MS04-025 patch, leads to a denial of service (browser hang). NOTE: although the advisory is vague, this is
19-10-2018 - 15:39 04-12-2005 - 11:03
CVE-2005-2127 7.5
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for
19-10-2018 - 15:32 19-08-2005 - 04:00
CVE-2002-0649 7.5
Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04
19-10-2018 - 15:29 12-08-2002 - 04:00
CVE-2003-0085 10.0
Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.
19-10-2018 - 15:29 31-03-2003 - 05:00
CVE-2003-0251 5.0
ypserv NIS server before 2.7 allows remote attackers to cause a denial of service via a TCP client request that does not respond to the server, which causes ypserv to block.
19-10-2018 - 15:29 24-07-2003 - 04:00
CVE-2006-3436 4.3
Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
18-10-2018 - 16:47 10-10-2006 - 21:07
CVE-2006-1993 5.1
Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which ca
18-10-2018 - 16:37 25-04-2006 - 12:50
CVE-2006-1742 5.0
The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remot
18-10-2018 - 16:36 14-04-2006 - 10:02
CVE-2006-1790 10.0
A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.
18-10-2018 - 16:36 14-04-2006 - 19:02
CVE-2006-1737 9.3
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via
18-10-2018 - 16:35 14-04-2006 - 18:02
CVE-2006-1735 9.3
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javas
18-10-2018 - 16:35 14-04-2006 - 10:02
CVE-2006-1739 9.3
The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary
18-10-2018 - 16:35 14-04-2006 - 10:02
CVE-2006-1733 6.8
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute
18-10-2018 - 16:35 14-04-2006 - 10:02
CVE-2006-1740 2.6
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing
18-10-2018 - 16:35 14-04-2006 - 10:02
CVE-2006-1738 5.0
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (
18-10-2018 - 16:35 14-04-2006 - 18:02
CVE-2006-1734 6.8
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal func
18-10-2018 - 16:35 14-04-2006 - 10:02
CVE-2006-1741 4.3
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new p
18-10-2018 - 16:35 14-04-2006 - 10:02
CVE-2006-1736 2.6
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image li
18-10-2018 - 16:35 14-04-2006 - 10:02
CVE-2006-1727 7.6
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to t
18-10-2018 - 16:34 14-04-2006 - 10:02
CVE-2006-1723 7.5
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due
18-10-2018 - 16:34 14-04-2006 - 10:02
CVE-2006-1732 4.3
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS)
18-10-2018 - 16:34 14-04-2006 - 10:02
CVE-2006-1725 2.6
Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes certain windows to become translucent due to an interaction between XUL content windows and the history mechanism, which might allow user-assisted remote attackers to trick users in
18-10-2018 - 16:34 14-04-2006 - 10:02
CVE-2006-1729 4.3
Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file
18-10-2018 - 16:34 14-04-2006 - 10:02
CVE-2006-1726 9.3
Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox'
18-10-2018 - 16:34 14-04-2006 - 10:02
CVE-2006-1724 7.5
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via atta
18-10-2018 - 16:34 14-04-2006 - 10:02
CVE-2006-1728 9.3
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypt
18-10-2018 - 16:34 14-04-2006 - 10:02
CVE-2006-1730 9.3
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing prop
18-10-2018 - 16:34 14-04-2006 - 10:02
CVE-2006-1731 4.3
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are calle
18-10-2018 - 16:34 14-04-2006 - 10:02
CVE-2006-1531 7.5
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due
18-10-2018 - 16:33 14-04-2006 - 10:02
CVE-2006-1530 7.5
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due
18-10-2018 - 16:33 14-04-2006 - 10:02
CVE-2006-1529 7.5
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due
18-10-2018 - 16:33 14-04-2006 - 10:02
CVE-2006-1245 7.5
Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, a
18-10-2018 - 16:31 17-03-2006 - 01:02
CVE-2006-1045 2.6
The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive info
18-10-2018 - 16:30 07-03-2006 - 11:02
CVE-2006-0884 9.3
The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript U
18-10-2018 - 16:29 24-02-2006 - 22:02
CVE-2006-5870 9.3
Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that trig
17-10-2018 - 21:45 31-12-2006 - 05:00
CVE-2006-4702 6.8
Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. A
17-10-2018 - 21:39 13-12-2006 - 01:28
CVE-2007-0940 9.3
Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, a
16-10-2018 - 16:35 08-05-2007 - 23:19
CVE-2009-0099 5.0
The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage
12-10-2018 - 21:49 10-02-2009 - 22:30
CVE-2009-0098 9.3
Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message
12-10-2018 - 21:49 10-02-2009 - 22:30
CVE-2007-0948 9.3
Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and i
12-10-2018 - 21:43 14-08-2007 - 22:17
CVE-2006-0025 9.3
Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size.
12-10-2018 - 21:38 13-06-2006 - 19:06
CVE-2006-0013 6.5
Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CV
12-10-2018 - 21:38 14-02-2006 - 19:06
CVE-2006-0022 7.6
Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a ma
12-10-2018 - 21:38 13-06-2006 - 19:06
CVE-2005-2123 7.5
Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format im
12-10-2018 - 21:37 29-11-2005 - 21:03
CVE-2005-2119 5.0
The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an i
12-10-2018 - 21:37 12-10-2005 - 13:04
CVE-2005-0564 7.5
Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.
12-10-2018 - 21:36 12-07-2005 - 04:00
CVE-2005-1215 7.5
Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers.
12-10-2018 - 21:36 14-06-2005 - 04:00
CVE-2005-1985 7.5
The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.
12-10-2018 - 21:36 13-10-2005 - 10:02
CVE-2005-1979 5.0
Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the T
12-10-2018 - 21:36 12-10-2005 - 13:04
CVE-2005-1983 10.0
Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious applica
12-10-2018 - 21:36 10-08-2005 - 04:00
CVE-2005-1205 5.0
The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
12-10-2018 - 21:36 14-06-2005 - 04:00
CVE-2005-1216 7.5
Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter.
12-10-2018 - 21:36 14-06-2005 - 04:00
CVE-2005-1980 5.0
Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port nu
12-10-2018 - 21:36 12-10-2005 - 13:04
CVE-2005-0562 7.5
GIF file validation error in MSN Messenger 6.2 allows remote attackers in a user's contact list to execute arbitrary code via a GIF image with an improper height and width.
12-10-2018 - 21:36 12-04-2005 - 04:00
CVE-2005-1978 7.5
COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code.
12-10-2018 - 21:36 12-10-2005 - 13:04
CVE-2005-1206 7.5
Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."
12-10-2018 - 21:36 14-06-2005 - 04:00
CVE-2005-0051 7.5
The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows remote attackers to obtain sensitive information (users who are accessing resources) via an anonymous logon using a named pipe, which is not properly authenticated, aka the "Named Pipe
12-10-2018 - 21:35 02-05-2005 - 04:00
CVE-2004-0900 10.0
The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Req
12-10-2018 - 21:35 10-01-2005 - 05:00
CVE-2004-0847 7.5
The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Valid
12-10-2018 - 21:35 03-11-2004 - 05:00
CVE-2004-1049 5.1
Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and I
12-10-2018 - 21:35 31-12-2004 - 05:00
CVE-2004-0899 5.0
The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP logging enabled, does not properly validate the length of certain messages, which allows remote attackers to cause a denial of service (application cra
12-10-2018 - 21:35 10-01-2005 - 05:00
CVE-2004-0204 7.5
Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.
12-10-2018 - 21:34 06-08-2004 - 04:00
CVE-2004-0575 10.0
Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unche
12-10-2018 - 21:34 03-11-2004 - 05:00
CVE-2004-0572 10.0
Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grp
12-10-2018 - 21:34 03-11-2004 - 05:00
CVE-2004-0597 10.0
Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transpar
12-10-2018 - 21:34 23-11-2004 - 05:00
CVE-2004-0206 7.5
Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or appl
12-10-2018 - 21:34 03-11-2004 - 05:00
CVE-2004-0205 7.2
Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function.
12-10-2018 - 21:34 06-08-2004 - 04:00
CVE-2004-0208 7.2
The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a wa
12-10-2018 - 21:34 03-11-2004 - 05:00
CVE-2004-0569 7.5
The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote attackers to read active memory or cause a denial of service (system crash) via a malicious message, possibly related to improper length values.
12-10-2018 - 21:34 03-11-2004 - 05:00
CVE-2004-0215 5.0
Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.
12-10-2018 - 21:34 06-08-2004 - 04:00
CVE-2004-0123 7.5
Double free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
12-10-2018 - 21:34 01-06-2004 - 04:00
CVE-2004-0124 2.6
The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."
12-10-2018 - 21:34 01-06-2004 - 04:00
CVE-2003-0807 5.0
Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted r
12-10-2018 - 21:33 01-06-2004 - 04:00
CVE-2003-0906 7.6
Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or E
12-10-2018 - 21:33 01-06-2004 - 04:00
CVE-2003-0910 7.2
The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descri
12-10-2018 - 21:33 01-06-2004 - 04:00
CVE-2004-0117 7.5
Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code.
12-10-2018 - 21:33 01-06-2004 - 04:00
CVE-2003-0719 7.5
Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows re
12-10-2018 - 21:33 01-06-2004 - 04:00
CVE-2003-0806 7.5
Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.
12-10-2018 - 21:33 01-06-2004 - 04:00
CVE-2004-0118 7.2
The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code.
12-10-2018 - 21:33 01-06-2004 - 04:00
CVE-2002-1183 7.5
Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862).
12-10-2018 - 21:32 11-12-2002 - 05:00
CVE-2003-0525 5.0
The getCanonicalPath function in Windows NT 4.0 may free memory that it does not own and cause heap corruption, which allows attackers to cause a denial of service (crash) via requests that cause a long file name to be passed to getCanonicalPath, as
12-10-2018 - 21:32 27-08-2003 - 04:00
CVE-2003-0346 7.5
Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which l
12-10-2018 - 21:32 27-08-2003 - 04:00
CVE-2003-0231 5.0
Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
12-10-2018 - 21:32 27-08-2003 - 04:00
CVE-2003-0232 7.2
Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.
12-10-2018 - 21:32 27-08-2003 - 04:00
CVE-2003-0230 7.2
Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.
12-10-2018 - 21:32 27-08-2003 - 04:00
CVE-2002-1056 7.5
Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary s
12-10-2018 - 21:31 16-05-2002 - 04:00
CVE-2002-0642 7.2
The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Perm
12-10-2018 - 21:31 23-07-2002 - 04:00
CVE-2002-0070 7.6
Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled.
12-10-2018 - 21:31 15-03-2002 - 05:00
CVE-2002-0018 10.0
In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Admin
12-10-2018 - 21:30 08-03-2002 - 05:00
CVE-2002-0013 10.0
Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by th
12-10-2018 - 21:30 13-02-2002 - 05:00
CVE-2002-0012 10.0
Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candi
12-10-2018 - 21:30 13-02-2002 - 05:00
CVE-2002-0053 7.5
Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be
12-10-2018 - 21:30 08-03-2002 - 05:00
CVE-2001-0045 10.0
The default permissions for the RAS Administration key in Windows NT 4.0 allows local users to execute arbitrary commands by changing the value to point to a malicious DLL, aka one of the "Registry Permissions" vulnerabilities.
12-10-2018 - 21:30 16-02-2001 - 05:00
CVE-2001-0047 7.5
The default permissions for the MTS Package Administration registry key in Windows NT 4.0 allows local users to install or modify arbitrary Microsoft Transaction Server (MTS) packages and gain privileges, aka one of the "Registry Permissions" vulnera
12-10-2018 - 21:30 16-02-2001 - 05:00
CVE-2001-0344 7.2
An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.
12-10-2018 - 21:30 21-07-2001 - 04:00
CVE-2001-0046 4.6
The default permissions for the SNMP Parameters registry key in Windows NT 4.0 allows remote attackers to read and possibly modify the SNMP community strings to obtain sensitive information or modify network configuration, aka one of the "Registry Pe
12-10-2018 - 21:30 16-02-2001 - 05:00
CVE-2000-0377 5.0
The Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of service via a malformed request, which causes the winlogon process to fail, aka the "Remote Registry Access Authentication" vulnerability.
12-10-2018 - 21:29 08-06-2000 - 04:00
CVE-2008-4556 10.0
Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request.
11-10-2018 - 20:52 14-10-2008 - 22:36
CVE-2008-3870 10.0
Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request that triggers a heap-based buffer overflow, related to improper memory allocation.
11-10-2018 - 20:50 26-05-2009 - 21:30
CVE-2008-3869 10.0
Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request, related to improper decoding of request parameters.
11-10-2018 - 20:50 26-05-2009 - 21:30
CVE-2005-0448 1.2
Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.
03-10-2018 - 21:29 02-05-2005 - 04:00
CVE-2003-0695 7.5
Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a differe
03-05-2018 - 01:29 06-10-2003 - 04:00
CVE-2004-0541 10.0
Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable).
03-05-2018 - 01:29 06-08-2004 - 04:00
CVE-2005-2871 7.5
Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with al
03-05-2018 - 01:29 09-09-2005 - 18:03
CVE-2005-0989 5.0
The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.
03-05-2018 - 01:29 02-05-2005 - 04:00
CVE-2005-0401 5.1
FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollba
03-05-2018 - 01:29 02-05-2005 - 04:00
CVE-2004-0148 7.2
wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.
03-05-2018 - 01:29 15-04-2004 - 04:00
CVE-2005-0399 5.1
Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a
03-05-2018 - 01:29 02-05-2005 - 04:00
CVE-2003-0682 7.5
"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.
03-05-2018 - 01:29 06-10-2003 - 04:00
CVE-2003-0688 5.0
The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that caus
03-05-2018 - 01:29 20-10-2003 - 04:00
CVE-2003-0681 7.5
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
03-05-2018 - 01:29 06-10-2003 - 04:00
CVE-2004-1316 5.0
Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which
03-05-2018 - 01:29 29-12-2004 - 05:00
CVE-2000-1079 7.5
Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast d
19-12-2017 - 02:29 29-08-2000 - 04:00
CVE-1999-0562 7.5
The registry in Windows NT can be accessed remotely by users who are not administrators.
19-10-2017 - 01:29 01-01-1997 - 05:00
CVE-2007-2990 4.9
Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 allows local users to cause a denial of service (daemon termination) via unspecified manipulations of the /var/run/.inetd.uds Unix domain socket file.
11-10-2017 - 01:32 01-06-2007 - 10:30
CVE-2005-2264 7.5
Firefox before 1.0.5 allows remote attackers to steal sensitive information by opening a malicious link in the Firefox sidebar using the _search target, then injecting script into other pages via a data: URL.
11-10-2017 - 01:30 13-07-2005 - 04:00
CVE-2005-2269 7.5
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to
11-10-2017 - 01:30 13-07-2005 - 04:00
CVE-2005-0752 7.5
The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag.
11-10-2017 - 01:30 18-04-2005 - 04:00
CVE-2005-2702 7.5
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters.
11-10-2017 - 01:30 23-09-2005 - 19:03
CVE-2005-1159 7.5
The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the w
11-10-2017 - 01:30 02-05-2005 - 04:00
CVE-2005-1154 7.5
Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site sc
11-10-2017 - 01:30 02-05-2005 - 04:00
CVE-2005-1160 5.1
The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval func
11-10-2017 - 01:30 02-05-2005 - 04:00
CVE-2005-2706 6.4
Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla.
11-10-2017 - 01:30 23-09-2005 - 19:03
CVE-2005-1937 2.6
A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that wa
11-10-2017 - 01:30 14-06-2005 - 04:00
CVE-2005-1153 7.5
Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option.
11-10-2017 - 01:30 02-05-2005 - 04:00
CVE-2005-2266 5.0
Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensit
11-10-2017 - 01:30 13-07-2005 - 04:00
CVE-2005-2267 7.5
Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may le
11-10-2017 - 01:30 13-07-2005 - 04:00
CVE-2005-2262 5.1
Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" (in Firefox) or "Set as Background" (in Netscape) context menu on an image URL that is really a java
11-10-2017 - 01:30 13-07-2005 - 04:00
CVE-2005-2701 7.5
Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag.
11-10-2017 - 01:30 23-09-2005 - 19:03
CVE-2005-2261 7.5
Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.
11-10-2017 - 01:30 13-07-2005 - 04:00
CVE-2005-1532 7.5
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a va
11-10-2017 - 01:30 12-05-2005 - 04:00
CVE-2005-2270 7.5
Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.
11-10-2017 - 01:30 13-07-2005 - 04:00
CVE-2005-1477 5.1
The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when
11-10-2017 - 01:30 09-05-2005 - 04:00
CVE-2005-1531 7.5
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL
11-10-2017 - 01:30 12-05-2005 - 04:00
CVE-2005-1476 5.1
Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477.
11-10-2017 - 01:30 09-05-2005 - 04:00
CVE-2005-3564 7.2
envd daemon in HP-UX B.11.00 through B.11.11 allows local users to obtain privileges via unknown attack vectors.
11-10-2017 - 01:30 16-11-2005 - 07:42
CVE-2005-1156 7.5
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."
11-10-2017 - 01:30 02-05-2005 - 04:00
CVE-2005-2705 7.5
Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code.
11-10-2017 - 01:30 23-09-2005 - 19:03
CVE-2005-2265 5.0
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead
11-10-2017 - 01:30 13-07-2005 - 04:00
CVE-2005-1155 7.5
The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking."
11-10-2017 - 01:30 02-05-2005 - 04:00
CVE-2005-2260 7.5
The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dan
11-10-2017 - 01:30 13-07-2005 - 04:00
CVE-2005-2707 5.0
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks.
11-10-2017 - 01:30 23-09-2005 - 19:03
CVE-2005-1158 5.0
Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the _search target of the Firefox sidebar.
11-10-2017 - 01:30 02-05-2005 - 04:00
CVE-2006-0516 2.1
Unspecified vulnerability in the kernel processing in Solaris 10 64 bit platform, when running in 64-bit mode, allows local users to cause a denial of service (system panic) via unknown attack vectors.
11-10-2017 - 01:30 02-02-2006 - 11:02
CVE-2005-2268 2.6
Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "D
11-10-2017 - 01:30 13-07-2005 - 04:00
CVE-2005-3565 7.5
Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and B.11.23 while running in "Trusted Mode" allows remote attackers to gain unauthorized system access via unknown attack vectors.
11-10-2017 - 01:30 16-11-2005 - 07:42
CVE-2005-2704 5.0
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface.
11-10-2017 - 01:30 23-09-2005 - 19:03
CVE-2005-2703 5.0
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smugglin
11-10-2017 - 01:30 23-09-2005 - 19:03
CVE-2005-2263 5.0
The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which ca
11-10-2017 - 01:30 13-07-2005 - 04:00
CVE-2005-3296 10.0
The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
11-10-2017 - 01:30 23-10-2005 - 21:02
CVE-2005-0593 2.6
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which caus
11-10-2017 - 01:29 04-03-2005 - 05:00
CVE-2003-0135 7.5
vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP wrappers (tcp_wrappers) but is installed as a standalone service, which inadvertently prevents vsftpd from restricting access as intended.
11-10-2017 - 01:29 11-04-2003 - 04:00
CVE-2005-0585 2.6
Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.
11-10-2017 - 01:29 25-03-2005 - 05:00
CVE-2005-0142 2.1
Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. conten
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2004-1156 4.3
Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up windo
11-10-2017 - 01:29 31-12-2004 - 05:00
CVE-2005-0231 2.6
Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing."
11-10-2017 - 01:29 07-02-2005 - 05:00
CVE-2005-0584 2.6
Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks.
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2005-0527 5.1
Firefox 1.0 allows remote attackers to execute arbitrary code via plugins that load "privileged content" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka "Firescrolling."
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2005-0149 5.0
Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail me
11-10-2017 - 01:29 15-02-2005 - 05:00
CVE-2004-1345 7.2
Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) 2.1 for Solaris 8 and Solaris 9 allows local users with the "ESMUser" role to gain root access.
11-10-2017 - 01:29 21-06-2004 - 04:00
CVE-2003-0935 6.4
Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed.
11-10-2017 - 01:29 01-12-2003 - 05:00
CVE-2005-0588 5.0
Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2003-0722 10.0
The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.
11-10-2017 - 01:29 22-09-2003 - 04:00
CVE-2004-0164 5.0
KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message th
11-10-2017 - 01:29 03-03-2004 - 05:00
CVE-2003-0195 5.0
CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out.
11-10-2017 - 01:29 16-06-2003 - 04:00
CVE-2004-1153 10.0
Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an .ETD document containing format string specifiers in (1) title
11-10-2017 - 01:29 10-01-2005 - 05:00
CVE-2005-0591 2.6
Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka "Firespoofing."
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2004-0154 5.0
rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers to cause a denial of service (crash) via an NFS mount of a directory from a client whose reverse DNS lookup name is different from the forward lookup name.
11-10-2017 - 01:29 14-06-2004 - 04:00
CVE-2004-0521 10.0
SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php.
11-10-2017 - 01:29 18-08-2004 - 04:00
CVE-2005-0145 2.6
Firefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature.
11-10-2017 - 01:29 24-01-2005 - 05:00
CVE-2004-0403 5.0
Racoon before 20040408a allows remote attackers to cause a denial of service (memory consumption) via an ISAKMP packet with a large length field.
11-10-2017 - 01:29 01-06-2004 - 04:00
CVE-2005-0590 5.0
The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequen
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2003-0468 5.0
Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes
11-10-2017 - 01:29 27-08-2003 - 04:00
CVE-2005-0402 2.6
Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page.
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2003-0136 2.1
psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file.
11-10-2017 - 01:29 05-05-2003 - 04:00
CVE-2005-0150 5.0
Firefox before 1.0 allows the user to store a (1) javascript: or (2) data: URLs as a Livefeed bookmark, then executes it in the security context of the currently loaded page when the user later accesses the bookmark, which could allow remote attacker
11-10-2017 - 01:29 26-05-2005 - 04:00
CVE-2003-0973 5.0
Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string.
11-10-2017 - 01:29 15-12-2003 - 05:00
CVE-2005-0589 5.0
The Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete capability.
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2005-0230 5.1
Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execu
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2005-0143 2.6
Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.
11-10-2017 - 01:29 23-03-2005 - 05:00
CVE-2005-0255 5.0
String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2005-0592 7.5
Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string t
11-10-2017 - 01:29 25-03-2005 - 05:00
CVE-2004-0155 7.5
The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-
11-10-2017 - 01:29 01-06-2004 - 04:00
CVE-2003-0992 4.3
Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users.
11-10-2017 - 01:29 17-02-2004 - 05:00
CVE-2004-0520 6.8
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.
11-10-2017 - 01:29 18-08-2004 - 04:00
CVE-2004-0938 5.0
FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet.
11-10-2017 - 01:29 03-11-2004 - 05:00
CVE-2003-0211 5.0
Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections.
11-10-2017 - 01:29 05-05-2003 - 04:00
CVE-2004-0519 6.8
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in
11-10-2017 - 01:29 18-08-2004 - 04:00
CVE-2005-0141 2.6
Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab.
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2003-0965 6.8
Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities.
11-10-2017 - 01:29 17-02-2004 - 05:00
CVE-2005-0148 5.0
Thunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is in
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2004-1380 5.0
Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoo
11-10-2017 - 01:29 20-10-2004 - 04:00
CVE-2004-1346 2.1
The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users to cause a denial of service (kernel panic) via a malformed probe request to the SVM.
11-10-2017 - 01:29 19-06-2004 - 04:00
CVE-2005-0586 2.6
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2004-0097 10.0
Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
11-10-2017 - 01:29 03-03-2004 - 05:00
CVE-2005-0144 2.6
Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2004-1381 5.0
Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other
11-10-2017 - 01:29 20-10-2004 - 04:00
CVE-2005-0147 7.5
Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials.
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2004-0368 10.0
Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and other operating systems allows remote attackers to execute arbitrary code via a crafted XDMCP packet.
11-10-2017 - 01:29 04-05-2004 - 04:00
CVE-2003-0540 5.0
The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Error
11-10-2017 - 01:29 27-08-2003 - 04:00
CVE-2004-0189 7.5
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the acce
10-10-2017 - 01:30 15-03-2004 - 05:00
CVE-1999-0815 5.0
Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries.
10-10-2017 - 01:29 31-12-1999 - 05:00
CVE-2001-0803 10.0
Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands.
10-10-2017 - 01:29 06-12-2001 - 05:00
CVE-2008-0718 4.7
Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in Sun Solaris 9 and 10, when 64-bit mode is enabled, allows local users to cause a denial of service (panic) via unspecified vectors.
29-09-2017 - 01:30 12-02-2008 - 02:00
CVE-2013-1590 2.9
Buffer overflow in the NTLMSSP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet.
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1586 2.9
The fragment_set_tot_len function in epan/reassemble.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly determine the length of a reassembled packet for the DTLS dissector, which allows remote attackers to cause a denial of s
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1582 2.9
The dissect_clnp function in epan/dissectors/packet-clnp.c in the CLNP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly manage an offset variable, which allows remote attackers to cause a denial of service (infinite
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1576 2.9
The dissect_sdp_media_attribute function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly process crypto-suite parameters, which allows remote attackers to cause a denial o
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1572 2.9
The dissect_oampdu_event_notification function in epan/dissectors/packet-slowprotocols.c in the IEEE 802.3 Slow Protocols dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle certain short lengths, which allows r
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1579 2.9
The rtps_util_add_bitmap function in epan/dissectors/packet-rtps.c in the RTPS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly implement certain nested loops for processing bitmap data, which allows remote attacker
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1587 2.9
The dissect_rohc_ir_packet function in epan/dissectors/packet-rohc.c in the ROHC dissector in Wireshark 1.8.x before 1.8.5 does not properly handle unknown profiles, which allows remote attackers to cause a denial of service (application crash) via a
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1589 2.9
Double free vulnerability in epan/proto.c in the dissection engine in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet.
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1578 2.9
The dissect_pw_eth_heuristic function in epan/dissectors/packet-pw-eth.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle apparent Ethernet address values at the beginning of MPLS data, which allows remote attackers to
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1588 2.9
Multiple buffer overflows in the dissect_pft_fec_detailed function in the DCP-ETSI dissector in epan/dissectors/packet-dcp-etsi.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allow remote attackers to cause a denial of service (application
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1581 2.9
The dissect_pft_fec_detailed function in epan/dissectors/packet-dcp-etsi.c in the DCP-ETSI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle fragment gaps, which allows remote attackers to cause a denial of se
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1585 2.9
epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly validate certain length values for the MS-MMC dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1580 2.9
The dissect_cmstatus_tlv function in plugins/docsis/packet-cmstatus.c in the DOCSIS CM-STATUS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a position variable, which allows remote attackers to caus
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-2268 7.5
Unspecified vulnerability in the MathML implementation in WebKit in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, has unknown impact and remote attack vectors, related to a "high severity security issue.
19-09-2017 - 01:36 23-02-2013 - 21:55
CVE-2013-1584 2.9
The dissect_version_5_and_6_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of ser
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1574 2.9
The dissect_bthci_eir_ad_data function in epan/dissectors/packet-bthci_cmd.c in the Bluetooth HCI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a counter variable, which allows remote attackers to c
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1573 2.9
The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a large number of padding bits, which allows remote attackers to cause a denial o
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1575 2.9
The dissect_r3_cmd_alarmconfigure function in epan/dissectors/packet-assa_r3.c in the R3 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a certain alarm length, which allows remote attackers to cause a denia
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1583 2.9
The dissect_version_4_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1577 2.9
The dissect_sip_p_charging_func_addresses function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle offset data associated with a quoted string, which allows remote
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2012-5157 4.3
Google Chrome before 24.0.1312.52 does not properly handle image data in PDF documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.
19-09-2017 - 01:35 15-01-2013 - 21:55
CVE-2012-5151 6.8
Integer overflow in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code in a PDF document.
19-09-2017 - 01:35 15-01-2013 - 21:55
CVE-2012-4159 10.0
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
19-09-2017 - 01:35 15-08-2012 - 10:31
CVE-2012-5156 6.8
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving PDF fields.
19-09-2017 - 01:35 15-01-2013 - 21:55
CVE-2012-4157 10.0
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
19-09-2017 - 01:35 15-08-2012 - 10:31
CVE-2012-4155 10.0
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
19-09-2017 - 01:35 15-08-2012 - 10:31
CVE-2012-4152 10.0
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
19-09-2017 - 01:35 15-08-2012 - 10:31
CVE-2012-4154 10.0
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
19-09-2017 - 01:35 15-08-2012 - 10:31
CVE-2012-4156 10.0
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
19-09-2017 - 01:35 15-08-2012 - 10:31
CVE-2012-4150 10.0
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
19-09-2017 - 01:35 15-08-2012 - 10:31
CVE-2012-4148 10.0
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
19-09-2017 - 01:35 15-08-2012 - 10:31
CVE-2012-4158 10.0
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
19-09-2017 - 01:35 15-08-2012 - 10:31
CVE-2012-4153 10.0
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
19-09-2017 - 01:35 15-08-2012 - 10:31
CVE-2012-4151 10.0
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
19-09-2017 - 01:35 15-08-2012 - 10:31
CVE-2012-4149 10.0
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
19-09-2017 - 01:35 15-08-2012 - 10:31
CVE-2012-4160 10.0
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
19-09-2017 - 01:35 15-08-2012 - 10:31
CVE-2012-4147 10.0
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
19-09-2017 - 01:35 15-08-2012 - 10:31
CVE-2013-0921 6.8
The Isolated Sites feature in Google Chrome before 26.0.1410.43 does not properly enforce the use of separate processes, which makes it easier for remote attackers to bypass intended access restrictions via a crafted web site.
19-09-2017 - 01:35 28-03-2013 - 12:18
CVE-2013-0905 7.5
Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG animation.
19-09-2017 - 01:35 05-03-2013 - 21:55
CVE-2013-0912 7.5
WebKit in Google Chrome before 25.0.1364.160 allows remote attackers to execute arbitrary code via vectors that leverage "type confusion."
19-09-2017 - 01:35 11-03-2013 - 10:55
CVE-2013-0904 7.5
The Web Audio implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:35 05-03-2013 - 21:55
CVE-2013-0906 7.5
The IndexedDB implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:35 05-03-2013 - 21:55
CVE-2013-0842 10.0
Google Chrome before 24.0.1312.56 does not properly handle %00 characters in pathnames, which has unspecified impact and attack vectors.
19-09-2017 - 01:35 24-01-2013 - 21:55
CVE-2013-0829 6.4
Google Chrome before 24.0.1312.52 does not properly maintain database metadata, which allows remote attackers to bypass intended file-access restrictions via unspecified vectors.
19-09-2017 - 01:35 15-01-2013 - 21:55
CVE-2013-0920 7.5
Use-after-free vulnerability in the extension bookmarks API in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:35 28-03-2013 - 12:18
CVE-2013-0910 7.5
Google Chrome before 25.0.1364.152 does not properly manage the interaction between the browser process and renderer processes during authorization of the loading of a plug-in, which makes it easier for remote attackers to bypass intended access rest
19-09-2017 - 01:35 05-03-2013 - 21:55
CVE-2013-0903 7.5
Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of browser navigation.
19-09-2017 - 01:35 05-03-2013 - 21:55
CVE-2013-0922 7.5
Google Chrome before 26.0.1410.43 does not properly restrict brute-force access attempts against web sites that require HTTP Basic Authentication, which has unspecified impact and attack vectors.
19-09-2017 - 01:35 28-03-2013 - 12:18
CVE-2013-0840 10.0
Google Chrome before 24.0.1312.56 does not validate URLs during the opening of new windows, which has unspecified impact and remote attack vectors.
19-09-2017 - 01:35 24-01-2013 - 21:55
CVE-2013-0908 7.5
Google Chrome before 25.0.1364.152 does not properly manage bindings of extension processes, which has unspecified impact and attack vectors.
19-09-2017 - 01:35 05-03-2013 - 21:55
CVE-2013-0918 6.8
Google Chrome before 26.0.1410.43 does not prevent navigation to developer tools in response to a drag-and-drop operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site.
19-09-2017 - 01:35 28-03-2013 - 12:18
CVE-2013-0907 7.5
Race condition in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media threads.
19-09-2017 - 01:35 05-03-2013 - 21:55
CVE-2013-0926 6.8
Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site.
19-09-2017 - 01:35 28-03-2013 - 12:18
CVE-2013-0828 6.8
The PDF functionality in Google Chrome before 24.0.1312.52 does not properly perform a cast of an unspecified variable during processing of the root of the structure tree, which allows remote attackers to cause a denial of service or possibly have un
19-09-2017 - 01:35 15-01-2013 - 21:55
CVE-2013-0909 5.0
The XSS Auditor in Google Chrome before 25.0.1364.152 allows remote attackers to obtain sensitive HTTP Referer information via unspecified vectors.
19-09-2017 - 01:35 05-03-2013 - 21:55
CVE-2013-0923 5.0
The USB Apps API in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors.
19-09-2017 - 01:35 28-03-2013 - 12:18
CVE-2013-0841 7.5
Array index error in the content-blocking functionality in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:35 24-01-2013 - 21:55
CVE-2013-0925 7.5
Google Chrome before 26.0.1410.43 does not ensure that an extension has the tabs (aka APIPermission::kTab) permission before providing a URL to this extension, which has unspecified impact and remote attack vectors.
19-09-2017 - 01:35 28-03-2013 - 12:18
CVE-2013-0902 7.5
Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:35 05-03-2013 - 21:55
CVE-2013-0911 7.5
Directory traversal vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to have an unspecified impact via vectors related to databases.
19-09-2017 - 01:35 05-03-2013 - 21:55
CVE-2013-0917 5.0
The URL loader in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
19-09-2017 - 01:35 28-03-2013 - 12:18
CVE-2013-0916 7.5
Use-after-free vulnerability in the Web Audio implementation in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:35 28-03-2013 - 12:18
CVE-2013-0924 7.5
The extension functionality in Google Chrome before 26.0.1410.43 does not verify that use of the permissions API is consistent with file permissions, which has unspecified impact and attack vectors.
19-09-2017 - 01:35 28-03-2013 - 12:18
CVE-2013-0839 7.5
Use-after-free vulnerability in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of fonts in CANVAS elements.
19-09-2017 - 01:35 24-01-2013 - 21:55
CVE-2013-0612 10.0
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0606, CVE-2013-0615, CVE-2013-0617, a
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0618 10.0
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0607, CVE-2013-0608, CVE-2013
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0610 10.0
Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0626.
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0601 10.0
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CV
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0622 10.0
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-0624.
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0607 10.0
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0608, CVE-2013-0611, CVE-2013
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0616 10.0
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CV
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0605 10.0
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CV
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0619 10.0
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CV
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0623 10.0
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CV
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0611 10.0
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0607, CVE-2013-0608, CVE-2013
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0621 10.0
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0606, CVE-2013-0612, CVE-2013-0615, a
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0620 10.0
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CV
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0603 10.0
Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0604.
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0617 10.0
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0606, CVE-2013-0612, CVE-2013-0615, a
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0602 10.0
Use-after-free vulnerability in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors.
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0624 10.0
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-0622.
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0613 10.0
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0609.
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0627 7.2
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows local users to gain privileges via unknown vectors.
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0604 10.0
Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0603.
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0606 10.0
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0612, CVE-2013-0615, CVE-2013-0617, a
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0614 10.0
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0607, CVE-2013-0608, CVE-2013
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0609 10.0
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0613.
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0615 10.0
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0606, CVE-2013-0612, CVE-2013-0617, a
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0626 10.0
Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0610.
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0608 10.0
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0607, CVE-2013-0611, CVE-2013
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2012-1525 10.0
Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
19-09-2017 - 01:34 15-08-2012 - 10:31
CVE-2012-2051 10.0
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4147,
19-09-2017 - 01:34 15-08-2012 - 10:31
CVE-2012-2050 10.0
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
19-09-2017 - 01:34 15-08-2012 - 10:31
CVE-2012-1530 10.0
Heap-based buffer overflow in the XSLT engine in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PDF file containi
19-09-2017 - 01:34 10-01-2013 - 11:56
CVE-2012-2049 10.0
Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
19-09-2017 - 01:34 15-08-2012 - 10:31
CVE-2010-2935 9.3
simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or pos
19-09-2017 - 01:31 25-08-2010 - 20:00
CVE-1999-0621 5.0
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration En
01-08-2008 - 04:00 01-01-1999 - 05:00
Back to Top Mark selected
Back to Top