Max CVSS 10.0 Min CVSS 1.2 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2009-3720 5.0
The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafte
22-02-2024 - 03:40 03-11-2009 - 16:30
CVE-2004-0119 7.5
The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenI
15-02-2024 - 21:44 01-06-2004 - 04:00
CVE-2003-0813 5.1
A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one th
15-02-2024 - 21:19 17-11-2003 - 05:00
CVE-2009-4017 5.0
PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier f
15-02-2024 - 21:16 24-11-2009 - 00:30
CVE-2009-3547 6.9
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathna
15-02-2024 - 21:12 04-11-2009 - 15:30
CVE-2004-0112 5.0
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a
15-02-2024 - 20:54 23-11-2004 - 05:00
CVE-2009-4272 7.8
A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and
15-02-2024 - 20:47 27-01-2010 - 17:30
CVE-2004-0174 5.0
Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listeni
15-02-2024 - 20:37 04-05-2004 - 04:00
CVE-2006-2374 2.1
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file hand
15-02-2024 - 20:22 13-06-2006 - 19:06
CVE-2009-1388 4.9
The ptrace_start function in kernel/ptrace.c in the Linux kernel 2.6.18 does not properly handle simultaneous execution of the do_coredump function, which allows local users to cause a denial of service (deadlock) via vectors involving the ptrace sys
15-02-2024 - 19:19 05-07-2009 - 16:30
CVE-2009-1195 4.9
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Opti
15-02-2024 - 18:54 28-05-2009 - 20:30
CVE-2003-0190 5.0
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.
15-02-2024 - 18:46 12-05-2003 - 04:00
CVE-2004-0213 7.2
Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to la
14-02-2024 - 17:25 06-08-2004 - 04:00
CVE-2009-2408 6.8
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certif
14-02-2024 - 17:21 30-07-2009 - 19:30
CVE-2009-0553 9.3
Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that trig
14-02-2024 - 01:17 15-04-2009 - 08:00
CVE-2003-1013 5.0
The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference.
14-02-2024 - 01:17 05-01-2004 - 05:00
CVE-2010-0425 10.0
modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an
14-02-2024 - 01:17 05-03-2010 - 19:30
CVE-2003-1012 5.0
The SMB dissector in Ethereal before 0.10.0 allows remote attackers to cause a denial of service via a malformed SMB packet that triggers a segmentation fault during processing of Selected packets.
14-02-2024 - 01:17 05-01-2004 - 05:00
CVE-2003-0907 5.1
Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr
13-02-2024 - 18:00 01-06-2004 - 04:00
CVE-2004-0121 7.5
Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and e
13-02-2024 - 18:00 15-04-2004 - 04:00
CVE-2002-0862 6.8
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express f
09-02-2024 - 03:26 04-10-2002 - 04:00
CVE-2009-0269 4.9
fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, l
09-02-2024 - 03:26 26-01-2009 - 15:30
CVE-2007-2442 10.0
The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cl
09-02-2024 - 03:23 26-06-2007 - 22:30
CVE-2009-1532 9.3
Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server 2003 SP2; 8 for Vista Gold, SP1, and SP2; and 8 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via "malfor
09-02-2024 - 03:22 10-06-2009 - 18:30
CVE-2009-0846 10.0
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code
09-02-2024 - 03:21 09-04-2009 - 00:30
CVE-2002-1337 10.0
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
09-02-2024 - 03:19 07-03-2003 - 05:00
CVE-2005-2088 4.3
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfe
09-02-2024 - 02:40 05-07-2005 - 04:00
CVE-2009-3620 4.9
The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash
09-02-2024 - 00:20 22-10-2009 - 16:00
CVE-2009-2692 7.2
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using
08-02-2024 - 23:50 14-08-2009 - 15:16
CVE-2002-0051 4.6
Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access.
08-02-2024 - 19:24 04-04-2002 - 05:00
CVE-2002-0391 10.0
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array
08-02-2024 - 18:38 12-08-2002 - 04:00
CVE-2003-0466 10.0
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to tr
08-02-2024 - 15:50 27-08-2003 - 04:00
CVE-2009-1386 5.0
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
07-02-2024 - 18:03 04-06-2009 - 16:30
CVE-2009-1378 5.0
Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or
07-02-2024 - 18:02 19-05-2009 - 19:30
CVE-2009-1377 5.0
The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, ak
07-02-2024 - 18:01 19-05-2009 - 19:30
CVE-2009-1387 5.0
The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a
07-02-2024 - 18:01 04-06-2009 - 16:30
CVE-2009-0023 4.3
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2)
02-02-2024 - 16:32 08-06-2009 - 01:00
CVE-2009-2416 4.3
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute
02-02-2024 - 16:04 11-08-2009 - 18:30
CVE-2004-0772 7.5
Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.
02-02-2024 - 15:27 20-10-2004 - 04:00
CVE-2004-0642 7.5
Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.
02-02-2024 - 15:27 28-09-2004 - 04:00
CVE-2003-1048 10.0
Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.
02-02-2024 - 15:23 27-07-2004 - 04:00
CVE-2003-0545 10.0
Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.
02-02-2024 - 15:23 17-11-2003 - 05:00
CVE-2009-1955 5.0
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via
02-02-2024 - 14:11 08-06-2009 - 01:00
CVE-2008-0599 10.0
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
02-02-2024 - 13:52 05-05-2008 - 17:20
CVE-2003-0252 10.0
Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain ne
02-02-2024 - 02:56 18-08-2003 - 04:00
CVE-2011-0611 9.3
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on W
02-02-2024 - 02:39 13-04-2011 - 14:55
CVE-2005-0587 2.6
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.
02-02-2024 - 02:03 25-03-2005 - 05:00
CVE-2009-3939 6.6
The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.
25-01-2024 - 21:37 16-11-2009 - 19:30
CVE-2007-4465 4.3
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using t
19-01-2024 - 15:13 14-09-2007 - 00:17
CVE-2008-2939 4.3
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary we
19-01-2024 - 15:13 06-08-2008 - 18:41
CVE-2009-0034 6.9
parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file
12-01-2024 - 20:40 30-01-2009 - 19:30
CVE-2004-0079 5.0
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
28-12-2023 - 15:33 23-11-2004 - 05:00
CVE-2009-2698 7.2
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vecto
28-12-2023 - 15:22 27-08-2009 - 17:30
CVE-2009-3560 5.0
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that
01-11-2023 - 17:16 04-12-2009 - 21:30
CVE-2010-1452 5.0
The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
01-11-2023 - 15:32 28-07-2010 - 20:00
CVE-2010-0408 5.0
The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial o
01-11-2023 - 15:32 05-03-2010 - 16:30
CVE-2010-1623 5.0
Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote
03-10-2023 - 15:39 04-10-2010 - 21:00
CVE-2005-0372 5.0
Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.
03-08-2023 - 17:17 02-05-2005 - 04:00
CVE-2007-4965 5.8
Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) t
02-08-2023 - 18:52 18-09-2007 - 22:17
CVE-2008-3144 5.0
Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to stri
02-08-2023 - 18:52 01-08-2008 - 14:41
CVE-2008-3143 7.5
Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c
02-08-2023 - 18:50 01-08-2008 - 14:41
CVE-2007-2052 5.0
Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown m
02-08-2023 - 18:04 16-04-2007 - 22:19
CVE-2008-2315 7.5
Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7)
02-08-2023 - 17:14 01-08-2008 - 14:41
CVE-2013-0169 2.6
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding,
12-05-2023 - 12:58 08-02-2013 - 19:55
CVE-2004-1349 2.1
gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.
24-03-2023 - 18:12 04-10-2004 - 04:00
CVE-2009-1956 6.4
Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
03-03-2023 - 18:45 08-06-2009 - 01:00
CVE-2011-2729 5.0
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows re
13-02-2023 - 04:31 15-08-2011 - 21:55
CVE-2010-3718 1.2
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as
13-02-2023 - 04:25 10-02-2011 - 18:00
CVE-2010-2063 7.5
Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arb
13-02-2023 - 04:19 17-06-2010 - 16:30
CVE-2010-1157 2.6
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the re
13-02-2023 - 04:17 23-04-2010 - 14:30
CVE-2010-0740 5.0
The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor versi
13-02-2023 - 04:16 26-03-2010 - 18:30
CVE-2010-0433 4.3
The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of servic
13-02-2023 - 04:16 05-03-2010 - 19:30
CVE-2010-0434 4.3
The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, wh
13-02-2023 - 04:16 05-03-2010 - 19:30
CVE-2010-2936 9.3
Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint doc
13-02-2023 - 03:19 25-08-2010 - 20:00
CVE-2010-0290 4.0
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisonin
13-02-2023 - 02:21 22-01-2010 - 22:00
CVE-2009-4141 7.2
Use-after-free vulnerability in the fasync_helper function in fs/fcntl.c in the Linux kernel before 2.6.33-rc4-git1 allows local users to gain privileges via vectors that include enabling O_ASYNC (aka FASYNC or FIOASYNC) on a locked file, and then cl
13-02-2023 - 02:20 19-01-2010 - 16:30
CVE-2009-4021 4.9
The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel before 2.6.32-rc7 might allow attackers to cause a denial of service (invalid pointer dereference and OOPS) via vectors possibly related to a memory-consumption a
13-02-2023 - 02:20 25-11-2009 - 16:30
CVE-2009-2409 5.1
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificat
13-02-2023 - 02:20 30-07-2009 - 19:30
CVE-2009-1890 7.1
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which al
13-02-2023 - 02:20 05-07-2009 - 16:30
CVE-2009-2906 4.0
smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.
13-02-2023 - 02:20 07-10-2009 - 18:30
CVE-2009-3621 4.9
net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing
13-02-2023 - 02:20 22-10-2009 - 16:00
CVE-2009-2406 6.9
Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vec
13-02-2023 - 02:20 31-07-2009 - 19:00
CVE-2009-3889 6.6
The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file.
13-02-2023 - 02:20 16-11-2009 - 19:30
CVE-2009-3555 5.8
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Secu
13-02-2023 - 02:20 09-11-2009 - 17:30
CVE-2009-2908 4.9
The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a "negative dentry" and trigger a
13-02-2023 - 02:20 13-10-2009 - 10:30
CVE-2009-4138 4.7
drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified
13-02-2023 - 02:20 16-12-2009 - 19:30
CVE-2009-3726 7.8
The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect
13-02-2023 - 02:20 09-11-2009 - 19:30
CVE-2009-3556 1.9
A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport
13-02-2023 - 02:20 27-01-2010 - 17:30
CVE-2009-2407 6.9
Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vecto
13-02-2023 - 02:20 31-07-2009 - 19:00
CVE-2009-1895 7.2
The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to l
13-02-2023 - 02:20 16-07-2009 - 15:30
CVE-2009-4020 7.8
Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c.
13-02-2023 - 02:20 04-12-2009 - 21:30
CVE-2009-2910 2.1
arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 p
13-02-2023 - 02:20 20-10-2009 - 17:30
CVE-2009-1379 5.0
Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS
13-02-2023 - 02:20 19-05-2009 - 19:30
CVE-2009-3080 7.2
Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.
13-02-2023 - 02:20 20-11-2009 - 17:30
CVE-2009-1891 7.1
The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
13-02-2023 - 02:20 10-07-2009 - 15:30
CVE-2009-1308 4.3
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in
13-02-2023 - 02:20 22-04-2009 - 18:30
CVE-2009-1385 7.8
Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5 allows remote a
13-02-2023 - 02:20 04-06-2009 - 16:30
CVE-2010-0001 6.8
Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a cra
13-02-2023 - 02:20 29-01-2010 - 18:30
CVE-2009-1389 7.8
Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the Linux kernel before 2.6.30 allows remote attackers to cause a denial of service (kernel memory corruption and crash) via a long packet.
13-02-2023 - 02:20 16-06-2009 - 23:30
CVE-2008-5515 5.0
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to b
13-02-2023 - 02:19 16-06-2009 - 21:00
CVE-2008-4316 4.6
Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation.
13-02-2023 - 02:19 14-03-2009 - 18:30
CVE-2008-4307 4.0
Race condition in the do_setlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service (crash) via vectors resulting in an interrupted RPC call that leads to a stray FL_POSIX lock, related to improp
13-02-2023 - 02:19 13-01-2009 - 17:00
CVE-2008-3528 2.1
The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically prox
13-02-2023 - 02:19 27-09-2008 - 10:30
CVE-2008-2364 5.0
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service
13-02-2023 - 02:19 13-06-2008 - 18:41
CVE-2009-0781 4.3
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary
13-02-2023 - 02:19 09-03-2009 - 21:30
CVE-2009-1185 7.2
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.
13-02-2023 - 02:19 17-04-2009 - 14:30
CVE-2009-0580 4.3
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, rel
13-02-2023 - 02:19 05-06-2009 - 16:00
CVE-2009-0771 10.0
The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption a
13-02-2023 - 02:19 05-03-2009 - 02:30
CVE-2009-0778 7.1
The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of a
13-02-2023 - 02:19 12-03-2009 - 15:20
CVE-2009-1191 5.0
mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
13-02-2023 - 02:19 23-04-2009 - 17:30
CVE-2009-0787 4.9
The ecryptfs_write_metadata_to_contents function in the eCryptfs functionality in the Linux kernel 2.6.28 before 2.6.28.9 uses an incorrect size when writing kernel memory to an eCryptfs file header, which triggers an out-of-bounds read and allows lo
13-02-2023 - 02:19 25-03-2009 - 01:30
CVE-2007-5966 7.2
Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details
13-02-2023 - 02:18 20-12-2007 - 00:46
CVE-2007-4567 7.8
The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic)
13-02-2023 - 02:18 21-12-2007 - 00:46
CVE-2007-1860 5.0
mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly in
13-02-2023 - 02:17 25-05-2007 - 18:30
CVE-2007-0774 7.5
Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitr
13-02-2023 - 02:17 04-03-2007 - 22:19
CVE-2011-2526 4.4
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restri
13-02-2023 - 01:20 14-07-2011 - 23:55
CVE-2011-0013 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the displ
13-02-2023 - 01:18 19-02-2011 - 01:00
CVE-2009-3612 2.1
The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensit
13-02-2023 - 01:17 19-10-2009 - 20:00
CVE-2009-3613 7.8
The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of netwo
13-02-2023 - 01:17 19-10-2009 - 20:00
CVE-2009-2412 10.0
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code
13-02-2023 - 01:17 06-08-2009 - 15:30
CVE-2009-2414 4.3
Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related
13-02-2023 - 01:17 11-08-2009 - 18:30
CVE-2009-2902 4.3
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
13-02-2023 - 01:17 28-01-2010 - 20:30
CVE-2009-0033 5.0
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with i
13-02-2023 - 01:17 05-06-2009 - 16:00
CVE-2009-1192 4.9
The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows
13-02-2023 - 01:17 24-04-2009 - 15:30
CVE-2009-0783 4.6
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3)
13-02-2023 - 01:17 05-06-2009 - 16:00
CVE-2013-1896 4.3
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for han
13-02-2023 - 00:28 10-07-2013 - 20:55
CVE-2011-1184 5.0
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypas
13-02-2023 - 00:15 14-01-2012 - 21:55
CVE-2013-0879 7.5
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified othe
30-01-2023 - 15:01 23-02-2013 - 21:55
CVE-2013-0899 5.0
Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products
24-01-2023 - 02:48 23-02-2013 - 21:55
CVE-2013-0880 7.5
Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to databas
24-01-2023 - 01:50 23-02-2013 - 21:55
CVE-2013-0898 7.5
Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a URL.
24-01-2023 - 01:46 23-02-2013 - 21:55
CVE-2009-2687 4.3
The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.
19-01-2023 - 16:38 05-08-2009 - 19:30
CVE-2013-0900 6.8
Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspe
18-11-2022 - 20:17 23-02-2013 - 21:55
CVE-2013-0897 4.3
Off-by-one error in the PDF functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service via a crafted document.
18-11-2022 - 20:17 23-02-2013 - 21:55
CVE-2013-0896 7.5
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly manage memory during message handling for plug-ins, which allows remote attackers to cause a denial of service or possibly have unspecified
18-11-2022 - 20:03 23-02-2013 - 21:55
CVE-2013-0893 6.8
Race condition in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media.
18-11-2022 - 20:03 23-02-2013 - 21:55
CVE-2013-0892 7.5
Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service or possibly have other impact via unknown vector
18-11-2022 - 20:02 23-02-2013 - 21:55
CVE-2013-0891 7.5
Integer overflow in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a blob.
18-11-2022 - 20:02 23-02-2013 - 21:55
CVE-2013-0885 7.5
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict API privileges during interaction with the Chrome Web Store, which has unspecified impact and attack vectors.
18-11-2022 - 19:59 23-02-2013 - 21:55
CVE-2013-0884 6.8
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly load Native Client (aka NaCl) code, which has unspecified impact and attack vectors.
18-11-2022 - 19:59 23-02-2013 - 21:55
CVE-2013-0887 7.5
The developer-tools process in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict privileges during interaction with a connected server, which has unspecified impact and attack vect
18-11-2022 - 19:41 23-02-2013 - 21:55
CVE-2013-0882 7.5
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect memory access) or possibly have unspecified other impact via a large number of SVG parameters
18-11-2022 - 17:55 23-02-2013 - 21:55
CVE-2013-0883 5.0
Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors.
18-11-2022 - 17:55 23-02-2013 - 21:55
CVE-2013-0881 5.0
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via crafted data in the Matroska container format.
18-11-2022 - 17:52 23-02-2013 - 21:55
CVE-2013-0889 6.8
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for remote attackers to execute arbit
18-11-2022 - 17:49 23-02-2013 - 21:55
CVE-2013-0890 7.5
Multiple unspecified vulnerabilities in the IPC layer in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allow remote attackers to cause a denial of service (memory corruption) or possibly have other impac
18-11-2022 - 17:49 23-02-2013 - 21:55
CVE-2013-0888 5.0
Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a "user gesture check for dangerous file do
18-11-2022 - 17:47 23-02-2013 - 21:55
CVE-2009-2948 1.9
mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain t
31-10-2022 - 15:03 07-10-2009 - 18:30
CVE-2007-5536 4.9
Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denial of service via unspecified vectors.
24-10-2022 - 16:41 18-10-2007 - 00:17
CVE-2006-3918 4.3
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected ba
21-09-2022 - 19:35 28-07-2006 - 00:04
CVE-2009-3095 5.0
The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as
19-09-2022 - 19:50 08-09-2009 - 18:30
CVE-2011-3348 4.3
The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP r
19-09-2022 - 19:49 20-09-2011 - 05:55
CVE-2011-3192 7.8
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as e
19-09-2022 - 19:49 29-08-2011 - 15:55
CVE-2009-3094 2.6
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a mal
19-09-2022 - 19:49 08-09-2009 - 18:30
CVE-2011-0419 4.3
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac
19-09-2022 - 19:47 16-05-2011 - 17:55
CVE-2013-1862 5.1
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containi
14-09-2022 - 19:50 10-06-2013 - 17:55
CVE-2008-1105 7.5
Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.
29-08-2022 - 20:12 29-05-2008 - 16:32
CVE-2009-1888 5.8
The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vecto
29-08-2022 - 19:43 25-06-2009 - 01:30
CVE-2007-1887 7.5
Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by ca
21-07-2022 - 15:12 06-04-2007 - 01:19
CVE-2008-4864 7.5
Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function,
05-07-2022 - 18:48 01-11-2008 - 00:00
CVE-2008-1721 7.5
Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.
05-07-2022 - 18:43 10-04-2008 - 19:05
CVE-2008-3142 7.5
Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicod
05-07-2022 - 18:41 01-08-2008 - 14:41
CVE-2008-1887 9.3
Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when asse
27-06-2022 - 16:33 18-04-2008 - 17:05
CVE-2013-2466 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
13-05-2022 - 14:53 18-06-2013 - 22:55
CVE-2013-2424 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality via ve
13-05-2022 - 14:53 17-04-2013 - 18:55
CVE-2013-2469 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
13-05-2022 - 14:53 18-06-2013 - 22:55
CVE-2013-2418 4.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to D
13-05-2022 - 14:53 17-04-2013 - 18:55
CVE-2013-2435 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
13-05-2022 - 14:53 17-04-2013 - 18:55
CVE-2013-2447 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown
13-05-2022 - 14:53 18-06-2013 - 22:55
CVE-2013-2455 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown
13-05-2022 - 14:53 18-06-2013 - 22:55
CVE-2013-2444 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect av
13-05-2022 - 14:53 18-06-2013 - 22:55
CVE-2013-2407 6.4
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors rel
13-05-2022 - 14:53 18-06-2013 - 22:55
CVE-2013-2384 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integ
13-05-2022 - 14:53 17-04-2013 - 18:55
CVE-2013-1475 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
13-05-2022 - 14:53 02-02-2013 - 00:55
CVE-2013-1487 10.0
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 13 and earlier and 6 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to De
13-05-2022 - 14:53 20-02-2013 - 21:55
CVE-2013-1481 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknow
13-05-2022 - 14:53 02-02-2013 - 00:55
CVE-2013-0438 4.3
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
13-05-2022 - 14:53 02-02-2013 - 00:55
CVE-2013-0432 6.4
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
13-05-2022 - 14:53 02-02-2013 - 00:55
CVE-2013-2432 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, i
13-05-2022 - 14:52 17-04-2013 - 18:55
CVE-2013-2422 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via u
13-05-2022 - 14:52 17-04-2013 - 18:55
CVE-2013-2454 5.8
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrit
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2445 7.8
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vec
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2452 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2450 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vec
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2412 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serviceab
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2383 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integ
13-05-2022 - 14:52 17-04-2013 - 18:55
CVE-2013-2442 7.5
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2419 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unkno
13-05-2022 - 14:52 17-04-2013 - 18:55
CVE-2013-3743 9.3
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AW
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2430 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; JavaFX 2.2.7 and earlier; and OpenJDK 6 and 7 allows remote attackers to affe
13-05-2022 - 14:52 17-04-2013 - 18:55
CVE-2013-2420 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integ
13-05-2022 - 14:52 17-04-2013 - 18:55
CVE-2013-2465 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2451 3.7
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vect
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2417 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unkno
13-05-2022 - 14:52 17-04-2013 - 18:55
CVE-2013-2471 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2470 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2437 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2473 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2443 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2012-3342 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-2433 4.3
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnera
13-05-2022 - 14:52 17-04-2013 - 18:55
CVE-2013-2472 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2464 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2457 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors relate
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2453 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2468 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2459 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2012-3213 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scri
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-2463 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2440 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
13-05-2022 - 14:52 17-04-2013 - 18:55
CVE-2013-2456 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2446 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via vectors
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2439 6.9
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows local users to affect confidentiality, integr
13-05-2022 - 14:52 17-04-2013 - 18:55
CVE-2013-2394 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, i
13-05-2022 - 14:52 17-04-2013 - 18:55
CVE-2013-2448 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-2429 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integ
13-05-2022 - 14:52 17-04-2013 - 18:55
CVE-2013-1473 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect integrity via unknown vectors related to Deployment.
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-1480 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0809 10.0
Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unkn
13-05-2022 - 14:52 05-03-2013 - 22:06
CVE-2013-1557 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integ
13-05-2022 - 14:52 17-04-2013 - 18:55
CVE-2013-1500 3.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-1478 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-1537 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integ
13-05-2022 - 14:52 17-04-2013 - 18:55
CVE-2013-1493 10.0
The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via
13-05-2022 - 14:52 05-03-2013 - 22:06
CVE-2013-1571 4.3
Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vec
13-05-2022 - 14:52 18-06-2013 - 22:55
CVE-2013-1476 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-1486 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability
13-05-2022 - 14:52 20-02-2013 - 21:55
CVE-2013-1558 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
13-05-2022 - 14:52 17-04-2013 - 18:55
CVE-2013-1540 4.3
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnera
13-05-2022 - 14:52 17-04-2013 - 18:55
CVE-2013-1569 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integ
13-05-2022 - 14:52 17-04-2013 - 18:55
CVE-2013-1518 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integ
13-05-2022 - 14:52 17-04-2013 - 18:55
CVE-2013-1563 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability
13-05-2022 - 14:52 17-04-2013 - 18:55
CVE-2012-1541 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0445 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and av
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0442 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0427 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors rela
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0435 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0450 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and av
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0423 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0443 4.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0428 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0434 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0433 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors rela
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0429 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and av
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0419 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0425 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0409 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX.
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0441 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0426 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0446 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0440 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via v
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0424 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vect
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-0351 7.5
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
13-05-2022 - 14:52 02-02-2013 - 00:55
CVE-2013-2467 6.9
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 5.0 Update 45 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Java installer.
13-05-2022 - 14:49 18-06-2013 - 22:55
CVE-2009-2625 5.0
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop a
13-05-2022 - 14:44 06-08-2009 - 15:30
CVE-2013-2461 7.5
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and
13-05-2022 - 14:35 18-06-2013 - 22:55
CVE-2005-0233 7.5
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homog
28-02-2022 - 17:41 08-02-2005 - 05:00
CVE-2009-0080 6.9
The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows
08-11-2021 - 21:45 15-04-2009 - 08:00
CVE-2004-0081 5.0
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
08-11-2021 - 15:48 23-11-2004 - 05:00
CVE-2009-1530 9.3
Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code by repeatedly adding HTML doc
23-07-2021 - 15:12 10-06-2009 - 18:30
CVE-2004-0549 10.0
The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying
23-07-2021 - 15:12 06-08-2004 - 04:00
CVE-2009-1528 9.3
Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly synchronize AJAX requests, which allows allows remote attackers to execute arbitr
23-07-2021 - 15:04 10-06-2009 - 18:30
CVE-2009-1531 9.3
Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code via frequent calls to the getElementsByTagName function combi
23-07-2021 - 15:04 10-06-2009 - 18:30
CVE-2006-1188 7.5
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.
23-07-2021 - 15:04 11-04-2006 - 23:02
CVE-2005-2087 5.0
Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedd
23-07-2021 - 15:04 05-07-2005 - 04:00
CVE-2005-1790 2.6
Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "M
23-07-2021 - 15:04 01-06-2005 - 04:00
CVE-2004-0214 10.0
Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long s
23-07-2021 - 15:03 03-11-2004 - 05:00
CVE-2005-1211 5.1
Buffer overflow in the PNG image rendering component of Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted PNG file.
23-07-2021 - 15:03 14-06-2005 - 04:00
CVE-2004-0727 7.5
Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to
23-07-2021 - 15:02 27-07-2004 - 04:00
CVE-2003-0309 7.5
Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple
23-07-2021 - 15:02 09-06-2003 - 04:00
CVE-2004-0420 10.0
The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demo
23-07-2021 - 15:02 07-07-2004 - 04:00
CVE-2002-0027 7.5
Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Ver
23-07-2021 - 12:55 08-03-2002 - 05:00
CVE-2002-0648 5.0
The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.
23-07-2021 - 12:55 24-09-2002 - 04:00
CVE-2002-0190 7.5
Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerabilit
23-07-2021 - 12:55 29-05-2002 - 04:00
CVE-2002-1254 7.5
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model and access information on the local system or in other domains, and possibly execute code, via cached methods and objects, aka "Cross Domain Verification
23-07-2021 - 12:55 11-12-2002 - 05:00
CVE-2002-1217 7.5
Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Docu
23-07-2021 - 12:55 28-10-2002 - 05:00
CVE-2002-1187 6.8
Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting,
23-07-2021 - 12:55 11-12-2002 - 05:00
CVE-2002-0022 7.5
Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings
23-07-2021 - 12:55 08-03-2002 - 05:00
CVE-2002-0193 7.5
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating sys
23-07-2021 - 12:55 29-05-2002 - 04:00
CVE-2006-3450 7.5
Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain
23-07-2021 - 12:55 08-08-2006 - 23:04
CVE-2002-1188 6.4
Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security chec
23-07-2021 - 12:55 11-12-2002 - 05:00
CVE-2002-1142 7.5
Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Dat
23-07-2021 - 12:55 29-11-2002 - 05:00
CVE-2002-0023 5.0
Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.
23-07-2021 - 12:55 08-03-2002 - 05:00
CVE-2002-0189 7.5
Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability.
23-07-2021 - 12:55 29-05-2002 - 04:00
CVE-2005-4089 7.1
Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) file
23-07-2021 - 12:55 08-12-2005 - 11:03
CVE-2006-4868 9.3
Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Marku
23-07-2021 - 12:55 19-09-2006 - 19:07
CVE-2002-1185 5.0
Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes duri
23-07-2021 - 12:55 11-12-2002 - 05:00
CVE-2002-0371 7.5
Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server
23-07-2021 - 12:55 03-07-2002 - 04:00
CVE-2006-3280 7.5
Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies
23-07-2021 - 12:55 28-06-2006 - 22:05
CVE-2002-0078 7.5
The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability.
23-07-2021 - 12:55 29-03-2002 - 05:00
CVE-2006-3638 7.5
Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the
23-07-2021 - 12:55 08-08-2006 - 23:04
CVE-2002-1186 5.0
Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site tha
23-07-2021 - 12:55 11-12-2002 - 05:00
CVE-2002-0026 7.5
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made.
23-07-2021 - 12:55 08-03-2002 - 05:00
CVE-2006-2218 9.3
Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object
23-07-2021 - 12:55 05-05-2006 - 12:46
CVE-2005-2830 5.0
Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."
23-07-2021 - 12:55 14-12-2005 - 11:03
CVE-2006-1190 10.0
Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and al
23-07-2021 - 12:55 11-04-2006 - 23:02
CVE-2004-1043 5.0
Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local z
23-07-2021 - 12:55 31-12-2004 - 05:00
CVE-2004-1050 10.0
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vul
23-07-2021 - 12:55 31-12-2004 - 05:00
CVE-2005-0055 7.5
Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory
23-07-2021 - 12:55 02-05-2005 - 04:00
CVE-2003-1326 7.5
Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."
23-07-2021 - 12:55 19-02-2003 - 05:00
CVE-2003-0814 7.5
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJP
23-07-2021 - 12:55 03-02-2004 - 05:00
CVE-2006-1189 10.0
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-byte character sets (DBCS), aka the "Double Byte Char
23-07-2021 - 12:55 11-04-2006 - 23:02
CVE-2003-1328 7.5
The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Secur
23-07-2021 - 12:55 19-02-2003 - 05:00
CVE-2004-0842 7.5
Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based b
23-07-2021 - 12:55 23-12-2004 - 05:00
CVE-2005-0555 7.5
Buffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka "Content Advisor Memory Corruption Vulnerability."
23-07-2021 - 12:55 12-04-2005 - 04:00
CVE-2003-1025 4.3
Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka
23-07-2021 - 12:55 20-01-2004 - 05:00
CVE-2003-0817 7.5
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.
23-07-2021 - 12:55 03-02-2004 - 05:00
CVE-2001-0875 7.5
Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download.
23-07-2021 - 12:55 26-11-2001 - 05:00
CVE-2005-2831 7.5
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for
23-07-2021 - 12:55 14-12-2005 - 11:03
CVE-2001-0727 7.5
Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, ak
23-07-2021 - 12:55 14-12-2001 - 05:00
CVE-2006-1303 9.3
Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransfo
23-07-2021 - 12:55 13-06-2006 - 19:06
CVE-2005-0554 7.5
Buffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption V
23-07-2021 - 12:55 02-05-2005 - 04:00
CVE-2003-0815 7.5
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or
23-07-2021 - 12:55 03-02-2004 - 05:00
CVE-2003-1041 7.5
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it
23-07-2021 - 12:55 14-06-2004 - 04:00
CVE-2006-1359 9.3
Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.
23-07-2021 - 12:55 23-03-2006 - 00:06
CVE-2003-0809 7.5
Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page.
23-07-2021 - 12:55 17-11-2003 - 05:00
CVE-2006-1626 4.3
Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a
23-07-2021 - 12:55 05-04-2006 - 10:04
CVE-2004-0839 5.0
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities
23-07-2021 - 12:55 18-08-2004 - 04:00
CVE-2004-1166 7.5
CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the com
23-07-2021 - 12:55 31-12-2004 - 05:00
CVE-2003-1027 10.0
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as de
23-07-2021 - 12:55 20-01-2004 - 05:00
CVE-2006-1388 7.5
Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.
23-07-2021 - 12:55 24-03-2006 - 20:02
CVE-2003-1026 9.3
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is c
23-07-2021 - 12:55 20-01-2004 - 05:00
CVE-2003-0114 5.0
The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files.
23-07-2021 - 12:55 12-05-2003 - 04:00
CVE-2003-0816 7.5
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file:
23-07-2021 - 12:55 03-02-2004 - 05:00
CVE-2003-0344 7.5
Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.
23-07-2021 - 12:55 16-06-2003 - 04:00
CVE-2003-0113 7.5
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields.
23-07-2021 - 12:55 12-05-2003 - 04:00
CVE-2005-0553 5.1
Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corrupt
23-07-2021 - 12:55 02-05-2005 - 04:00
CVE-2003-0233 7.5
Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115.
23-07-2021 - 12:55 12-05-2003 - 04:00
CVE-2005-2829 5.1
Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a malicious new window above a file download box, then (2) using a keyboard shortcut and delaying the dis
23-07-2021 - 12:55 14-12-2005 - 11:03
CVE-2003-0823 7.5
Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.
23-07-2021 - 12:55 03-02-2004 - 05:00
CVE-2004-0841 5.0
Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerabi
23-07-2021 - 12:55 23-12-2004 - 05:00
CVE-2003-0838 7.5
Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer trea
23-07-2021 - 12:55 17-11-2003 - 05:00
CVE-2005-0053 7.5
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."
23-07-2021 - 12:55 02-05-2005 - 04:00
CVE-2006-3637 5.1
Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML R
23-07-2021 - 12:19 08-08-2006 - 23:04
CVE-2006-2382 10.0
Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka "HTML Decod
23-07-2021 - 12:19 13-06-2006 - 19:06
CVE-2006-2385 7.6
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht)
23-07-2021 - 12:19 13-06-2006 - 19:06
CVE-2006-2383 9.3
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control,
23-07-2021 - 12:19 13-06-2006 - 19:06
CVE-2006-2384 4.3
Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after
23-07-2021 - 12:19 13-06-2006 - 19:06
CVE-2004-0566 7.5
Integer overflow in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value.
23-07-2021 - 12:19 27-07-2004 - 04:00
CVE-2009-0550 9.3
Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on
23-07-2021 - 12:19 15-04-2009 - 08:00
CVE-2006-1186 10.0
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.
23-07-2021 - 12:19 11-04-2006 - 23:02
CVE-2006-3639 7.5
Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted
23-07-2021 - 12:18 09-08-2006 - 00:04
CVE-2006-3640 5.0
Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Dis
23-07-2021 - 12:18 09-08-2006 - 00:04
CVE-2005-0056 5.1
Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cro
23-07-2021 - 12:18 02-05-2005 - 04:00
CVE-2001-0339 7.5
Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability.
23-07-2021 - 12:18 27-06-2001 - 04:00
CVE-2001-0154 7.5
HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly.
23-07-2021 - 12:18 03-05-2001 - 04:00
CVE-2005-1988 5.1
Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption
23-07-2021 - 12:18 10-08-2005 - 04:00
CVE-2001-0002 7.5
Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs.
23-07-2021 - 12:18 21-07-2001 - 04:00
CVE-2005-1990 5.1
Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, inc
23-07-2021 - 12:18 10-08-2005 - 04:00
CVE-2004-0845 6.4
Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the us
23-07-2021 - 12:18 03-11-2004 - 05:00
CVE-2004-0843 5.0
Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulner
23-07-2021 - 12:18 03-11-2004 - 05:00
CVE-2005-0054 5.1
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to gene
23-07-2021 - 12:18 02-05-2005 - 04:00
CVE-2005-1989 7.5
Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability
23-07-2021 - 12:18 10-08-2005 - 04:00
CVE-2004-0216 10.0
Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when ca
23-07-2021 - 12:18 03-11-2004 - 05:00
CVE-2008-3013 9.3
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint
23-07-2021 - 12:17 11-09-2008 - 01:11
CVE-2006-1192 2.6
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to anot
23-07-2021 - 12:17 11-04-2006 - 23:02
CVE-2006-5581 9.3
Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via certain DHTML script functions, such as normalize, and "incorrectly created elements" that trigger memory corruption, aka "DHTML Script F
23-07-2021 - 12:16 12-12-2006 - 20:28
CVE-2006-5579 9.3
Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using JavaScript to cause certain errors simultaneously, which results in the access of previously freed memory, aka "Script Error Handling Memory Corruption Vulnerabi
23-07-2021 - 12:16 12-12-2006 - 20:28
CVE-2009-0552 9.3
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in me
23-07-2021 - 12:16 15-04-2009 - 08:00
CVE-2003-0083 5.0
Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities relate
15-07-2021 - 20:37 02-04-2003 - 05:00
CVE-2003-0132 5.0
A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
15-07-2021 - 20:14 11-04-2003 - 04:00
CVE-2012-4558 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remo
06-06-2021 - 11:15 26-02-2013 - 16:55
CVE-2012-4557 5.0
The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an
06-06-2021 - 11:15 30-11-2012 - 19:55
CVE-2007-6420 4.3
Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
06-06-2021 - 11:15 12-01-2008 - 00:46
CVE-2007-6421 3.5
Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the U
06-06-2021 - 11:15 08-01-2008 - 19:46
CVE-2012-3499 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagema
06-06-2021 - 11:15 26-02-2013 - 16:55
CVE-2007-6422 4.0
The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb
06-06-2021 - 11:15 08-01-2008 - 18:46
CVE-2012-2687 2.6
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to in
06-06-2021 - 11:15 22-08-2012 - 19:55
CVE-2010-0010 6.8
Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary co
06-06-2021 - 11:15 02-02-2010 - 16:30
CVE-2003-0192 6.4
Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which c
06-06-2021 - 11:15 18-08-2003 - 04:00
CVE-2003-0254 5.0
Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
06-06-2021 - 11:15 18-08-2003 - 04:00
CVE-2003-0987 7.5
mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
06-06-2021 - 11:15 03-03-2004 - 05:00
CVE-2003-0253 5.0
The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
06-06-2021 - 11:15 18-08-2003 - 04:00
CVE-2004-0113 5.0
Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
06-06-2021 - 11:15 29-03-2004 - 05:00
CVE-2003-0020 5.0
Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
06-06-2021 - 11:15 18-03-2003 - 05:00
CVE-2004-0492 10.0
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes
06-06-2021 - 11:15 06-08-2004 - 04:00
CVE-2003-0993 7.5
mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
06-06-2021 - 11:15 29-03-2004 - 05:00
CVE-2003-0542 7.2
Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9
06-06-2021 - 11:15 03-11-2003 - 05:00
CVE-2007-4476 7.5
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
17-05-2021 - 19:55 05-09-2007 - 01:17
CVE-2010-1321 6.8
The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allo
02-02-2021 - 18:53 19-05-2010 - 18:30
CVE-2007-2798 9.0
Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.
02-02-2021 - 18:32 26-06-2007 - 22:30
CVE-2007-2443 8.3
Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.
02-02-2021 - 18:28 26-06-2007 - 22:30
CVE-2004-0643 4.6
Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.
02-02-2021 - 18:08 28-09-2004 - 04:00
CVE-2002-0869 7.5
Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka
23-11-2020 - 19:49 12-11-2002 - 05:00
CVE-2002-0147 7.5
Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun."
23-11-2020 - 19:49 22-04-2002 - 04:00
CVE-2002-0073 5.0
The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters.
23-11-2020 - 19:49 22-04-2002 - 04:00
CVE-2002-0075 7.5
Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message.
23-11-2020 - 19:49 22-04-2002 - 04:00
CVE-2002-0149 7.5
Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names.
23-11-2020 - 19:49 22-04-2002 - 04:00
CVE-2002-1182 5.0
IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned.
23-11-2020 - 19:49 12-11-2002 - 05:00
CVE-2002-0150 7.5
Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values.
23-11-2020 - 19:49 22-04-2002 - 04:00
CVE-2002-0074 7.5
Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session.
23-11-2020 - 19:49 22-04-2002 - 04:00
CVE-2002-0148 7.5
Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.
23-11-2020 - 19:49 22-04-2002 - 04:00
CVE-2002-1181 6.8
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IIS
23-11-2020 - 19:49 12-11-2002 - 05:00
CVE-2003-0226 5.0
Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled.
23-11-2020 - 19:49 09-06-2003 - 04:00
CVE-2003-0718 5.0
The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML element
23-11-2020 - 19:49 03-11-2004 - 05:00
CVE-2003-0223 6.8
Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message.
23-11-2020 - 19:49 09-06-2003 - 04:00
CVE-2003-0227 5.0
The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Informatio
13-11-2020 - 16:30 09-06-2003 - 04:00
CVE-2009-0590 5.0
The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid
03-11-2020 - 17:38 27-03-2009 - 16:30
CVE-2009-3767 4.3
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-
14-10-2020 - 17:13 23-10-2009 - 19:30
CVE-2004-0179 6.8
Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code.
13-10-2020 - 16:52 01-06-2004 - 04:00
CVE-2011-1253 9.3
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP
28-09-2020 - 12:58 12-10-2011 - 02:52
CVE-2012-0004 9.3
Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code
28-09-2020 - 12:58 10-01-2012 - 21:55
CVE-2012-0004 9.3
Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code
28-09-2020 - 12:58 10-01-2012 - 21:55
CVE-2011-0664 9.3
Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code vi
28-09-2020 - 12:58 16-06-2011 - 20:55
CVE-2012-0003 9.3
Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MI
28-09-2020 - 12:58 10-01-2012 - 21:55
CVE-2012-0003 9.3
Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MI
28-09-2020 - 12:58 10-01-2012 - 21:55
CVE-2011-1253 9.3
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP
28-09-2020 - 12:58 12-10-2011 - 02:52
CVE-2011-0664 9.3
Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code vi
28-09-2020 - 12:58 16-06-2011 - 20:55
CVE-2007-3378 6.8
The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execu
18-09-2020 - 19:15 29-06-2007 - 18:30
CVE-2009-1072 4.9
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash o
02-09-2020 - 16:01 25-03-2009 - 01:30
CVE-2009-2848 5.9
The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone
28-08-2020 - 13:10 18-08-2009 - 21:00
CVE-2009-0834 3.6
The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass
26-08-2020 - 12:57 06-03-2009 - 11:30
CVE-2009-1630 4.4
The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass pe
21-08-2020 - 18:45 14-05-2009 - 17:30
CVE-2009-3228 2.1
The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users
13-08-2020 - 12:59 19-10-2009 - 20:00
CVE-2004-0203 4.3
Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query.
09-04-2020 - 13:51 23-11-2004 - 05:00
CVE-2004-0840 10.0
The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute
09-04-2020 - 13:51 03-11-2004 - 05:00
CVE-2004-0574 10.0
The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, poss
09-04-2020 - 13:50 03-11-2004 - 05:00
CVE-2003-0904 6.0
Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authenticatio
09-04-2020 - 13:49 20-01-2004 - 05:00
CVE-2002-0055 5.0
SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
09-04-2020 - 13:46 08-03-2002 - 05:00
CVE-2006-0002 7.5
Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulatio
09-04-2020 - 13:29 10-01-2006 - 22:03
CVE-2005-1987 7.5
Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstra
09-04-2020 - 13:28 13-10-2005 - 10:02
CVE-2005-0560 7.5
Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port
09-04-2020 - 13:27 02-05-2005 - 04:00
CVE-2001-0509 5.0
Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
02-04-2020 - 12:56 20-09-2001 - 04:00
CVE-2001-0543 5.0
Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts.
02-04-2020 - 12:52 20-09-2001 - 04:00
CVE-2002-0049 6.4
Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.
02-04-2020 - 12:38 08-03-2002 - 05:00
CVE-2008-1447 5.0
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic vi
24-03-2020 - 18:19 08-07-2008 - 23:41
CVE-2010-3282 1.9
389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-root
29-01-2020 - 15:27 09-01-2020 - 21:15
CVE-2004-0523 10.0
Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.
21-01-2020 - 15:47 18-08-2004 - 04:00
CVE-2003-0082 5.0
The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its hea
21-01-2020 - 15:47 02-04-2003 - 05:00
CVE-2010-1323 2.6
MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distrib
21-01-2020 - 15:46 02-12-2010 - 16:22
CVE-2010-1324 4.3
MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum,
21-01-2020 - 15:46 02-12-2010 - 16:22
CVE-2009-4212 10.0
Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly
21-01-2020 - 15:45 13-01-2010 - 19:30
CVE-2009-0844 5.8
The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that tri
21-01-2020 - 15:45 09-04-2009 - 00:30
CVE-2009-0845 5.0
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via in
21-01-2020 - 15:45 27-03-2009 - 16:30
CVE-2004-0644 5.0
The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding.
21-01-2020 - 15:45 28-09-2004 - 04:00
CVE-2003-0058 5.0
MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.
21-01-2020 - 15:44 19-02-2003 - 05:00
CVE-2008-5031 10.0
Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs fun
25-10-2019 - 11:53 10-11-2008 - 16:15
CVE-2010-3639 9.3
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to cause a denial of service or possibly execute arbitrary code via unkn
09-10-2019 - 23:01 07-11-2010 - 22:00
CVE-2003-0150 9.0
MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by mod
07-10-2019 - 16:41 24-03-2003 - 05:00
CVE-2003-0073 5.0
Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.
07-10-2019 - 16:41 19-02-2003 - 05:00
CVE-2002-1230 4.6
NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demon
30-04-2019 - 14:27 04-11-2002 - 05:00
CVE-2002-1258 5.0
Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in
30-04-2019 - 14:27 23-12-2002 - 05:00
CVE-2002-0863 5.0
Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka
30-04-2019 - 14:27 11-10-2002 - 04:00
CVE-2002-0724 7.5
Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServer
30-04-2019 - 14:27 24-09-2002 - 04:00
CVE-2006-2371 7.5
Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via cer
30-04-2019 - 14:27 13-06-2006 - 19:06
CVE-2002-1256 5.0
The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the
30-04-2019 - 14:27 23-12-2002 - 05:00
CVE-2002-0694 7.5
The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet File
30-04-2019 - 14:27 10-10-2002 - 04:00
CVE-2006-2379 9.3
Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.
30-04-2019 - 14:27 13-06-2006 - 19:06
CVE-2002-1561 5.0
The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference
30-04-2019 - 14:27 02-04-2003 - 05:00
CVE-2002-0693 7.5
Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long
30-04-2019 - 14:27 10-10-2002 - 04:00
CVE-2002-0720 7.2
A handler routine for the Network Connection Manager (NCM) in Windows 2000 allows local users to gain privileges via a complex attack that causes the handler to run in the LocalSystem context with user-specified code.
30-04-2019 - 14:27 05-09-2002 - 04:00
CVE-2006-2370 7.5
Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC
30-04-2019 - 14:27 13-06-2006 - 19:06
CVE-2002-0151 7.2
Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request.
30-04-2019 - 14:27 04-04-2002 - 05:00
CVE-2002-0366 7.2
Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry.
30-04-2019 - 14:27 03-07-2002 - 04:00
CVE-2003-0010 7.5
Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a lar
30-04-2019 - 14:27 24-03-2003 - 05:00
CVE-2003-0003 7.5
Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter inf
30-04-2019 - 14:27 07-02-2003 - 05:00
CVE-2005-0048 7.5
Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Valid
30-04-2019 - 14:27 02-05-2005 - 04:00
CVE-2003-0660 7.5
The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers to execute arbitrary code without user appr
30-04-2019 - 14:27 17-11-2003 - 05:00
CVE-2004-0894 7.2
LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.
30-04-2019 - 14:27 10-01-2005 - 05:00
CVE-2003-0109 7.5
Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
30-04-2019 - 14:27 31-03-2003 - 05:00
CVE-2001-0241 10.0
Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0.
30-04-2019 - 14:27 27-06-2001 - 04:00
CVE-2003-0345 7.5
Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
30-04-2019 - 14:27 18-08-2003 - 04:00
CVE-2003-0822 7.5
Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
30-04-2019 - 14:27 15-12-2003 - 05:00
CVE-2005-1218 5.0
The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
30-04-2019 - 14:27 10-08-2005 - 04:00
CVE-2005-2307 5.0
netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, aka "Network Connection Manager Vulnerability."
30-04-2019 - 14:27 19-07-2005 - 04:00
CVE-2005-0047 7.2
Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."
30-04-2019 - 14:27 02-05-2005 - 04:00
CVE-2001-0879 5.0
Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service.
30-04-2019 - 14:27 20-12-2001 - 05:00
CVE-2003-0111 7.5
The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Fla
30-04-2019 - 14:27 05-05-2003 - 04:00
CVE-2006-0034 7.5
Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code v
30-04-2019 - 14:27 10-05-2006 - 02:14
CVE-2006-1313 6.8
Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary
30-04-2019 - 14:27 13-06-2006 - 19:06
CVE-2005-2827 7.2
The thread termination routine in the kernel for Windows NT 4.0 and 2000 (NTOSKRNL.EXE) allows local users to modify kernel memory and execution flow via steps in which a terminating thread causes Asynchronous Procedure Call (APC) entries to free the
30-04-2019 - 14:27 14-12-2005 - 01:03
CVE-2005-1191 5.0
The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View co
30-04-2019 - 14:27 02-05-2005 - 04:00
CVE-2003-0717 7.5
The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
30-04-2019 - 14:27 17-11-2003 - 05:00
CVE-2004-0201 10.0
Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vuln
30-04-2019 - 14:27 06-08-2004 - 04:00
CVE-2003-0112 4.6
Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger.
30-04-2019 - 14:27 12-05-2003 - 04:00
CVE-2005-1981 2.1
Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
30-04-2019 - 14:27 10-08-2005 - 04:00
CVE-2003-0824 5.0
Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain
30-04-2019 - 14:27 15-12-2003 - 05:00
CVE-2004-1319 5.0
The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the par
30-04-2019 - 14:27 15-12-2004 - 05:00
CVE-2004-0568 10.0
HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious
30-04-2019 - 14:27 10-01-2005 - 05:00
CVE-2005-0057 7.5
The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow.
30-04-2019 - 14:27 02-05-2005 - 04:00
CVE-2005-0063 7.5
The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML App
30-04-2019 - 14:27 02-05-2005 - 04:00
CVE-2005-1982 3.6
Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain control
30-04-2019 - 14:27 10-08-2005 - 04:00
CVE-2004-1080 10.0
The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS re
30-04-2019 - 14:27 10-01-2005 - 05:00
CVE-2003-0825 9.3
The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute
30-04-2019 - 14:27 03-03-2004 - 05:00
CVE-2005-1212 7.5
Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a bookmark link file (.cbo, cbl, or .cbm extension) with a long User field.
30-04-2019 - 14:27 14-06-2005 - 04:00
CVE-2003-0662 9.3
Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
30-04-2019 - 14:27 17-11-2003 - 05:00
CVE-2003-0352 7.5
Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
30-04-2019 - 14:27 18-08-2003 - 04:00
CVE-2005-0803 5.0
The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be
30-04-2019 - 14:27 02-05-2005 - 04:00
CVE-2004-0212 10.0
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Interne
30-04-2019 - 14:27 06-08-2004 - 04:00
CVE-2003-0715 10.0
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a d
30-04-2019 - 14:27 17-09-2003 - 04:00
CVE-2004-1305 5.0
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory ad
30-04-2019 - 14:27 23-12-2004 - 05:00
CVE-2005-0061 7.2
The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.
30-04-2019 - 14:27 02-05-2005 - 04:00
CVE-2005-0045 7.5
The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2)
30-04-2019 - 14:27 02-05-2005 - 04:00
CVE-2006-0012 5.1
Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "
30-04-2019 - 14:27 12-04-2006 - 00:02
CVE-2005-1214 5.1
Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page.
30-04-2019 - 14:27 14-06-2005 - 04:00
CVE-2003-0818 7.5
Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encod
30-04-2019 - 14:27 03-03-2004 - 05:00
CVE-2004-0571 10.0
Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability
30-04-2019 - 14:27 10-01-2005 - 05:00
CVE-2004-0202 5.0
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
30-04-2019 - 14:27 06-08-2004 - 04:00
CVE-2005-0060 7.2
Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.
30-04-2019 - 14:27 02-05-2005 - 04:00
CVE-2003-0001 5.0
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
30-04-2019 - 14:27 17-01-2003 - 05:00
CVE-2004-0210 7.2
The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
30-04-2019 - 14:27 06-08-2004 - 04:00
CVE-2005-0059 10.0
Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
30-04-2019 - 14:27 02-05-2005 - 04:00
CVE-2005-0044 7.5
The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validat
30-04-2019 - 14:27 02-05-2005 - 04:00
CVE-2006-1184 5.0
Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of
30-04-2019 - 14:27 10-05-2006 - 02:14
CVE-2003-0711 7.5
Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL.
30-04-2019 - 14:27 17-11-2003 - 05:00
CVE-2004-0893 7.2
The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges,
30-04-2019 - 14:27 10-01-2005 - 05:00
CVE-2003-0659 7.2
Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application.
30-04-2019 - 14:27 17-11-2003 - 05:00
CVE-2005-2122 10.0
Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Serve
30-04-2019 - 14:27 21-10-2005 - 18:02
CVE-2003-0661 5.0
The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information.
30-04-2019 - 14:27 20-10-2003 - 04:00
CVE-2003-0605 7.5
The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject int
30-04-2019 - 14:27 27-08-2003 - 04:00
CVE-2003-0528 10.0
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CV
30-04-2019 - 14:27 17-09-2003 - 04:00
CVE-2004-0901 10.0
Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site,
30-04-2019 - 14:27 10-01-2005 - 05:00
CVE-2003-0812 7.5
Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated
30-04-2019 - 14:27 15-12-2003 - 05:00
CVE-2003-0350 4.6
The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility M
30-04-2019 - 14:27 18-08-2003 - 04:00
CVE-2005-0050 10.0
The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) a
30-04-2019 - 14:27 02-05-2005 - 04:00
CVE-2006-0010 9.3
Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded
30-04-2019 - 14:27 10-01-2006 - 22:03
CVE-2013-4854 7.8
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertio
22-04-2019 - 17:48 29-07-2013 - 13:59
CVE-2006-2373 10.0
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEIT
26-03-2019 - 19:17 13-06-2006 - 19:06
CVE-2011-3190 7.5
Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive in
25-03-2019 - 11:33 31-08-2011 - 23:55
CVE-2011-2204 1.9
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive inf
25-03-2019 - 11:33 29-06-2011 - 17:55
CVE-2012-0022 5.0
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters
25-03-2019 - 11:33 19-01-2012 - 04:01
CVE-2010-2227 6.4
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via
25-03-2019 - 11:32 13-07-2010 - 17:30
CVE-2009-3548 7.5
The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
25-03-2019 - 11:31 12-11-2009 - 23:30
CVE-2009-2693 5.8
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat
25-03-2019 - 11:30 28-01-2010 - 20:30
CVE-2007-1355 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attacker
25-03-2019 - 11:29 21-05-2007 - 20:30
CVE-2008-1436 9.0
Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service
26-02-2019 - 14:04 21-04-2008 - 17:05
CVE-2009-0088 9.3
The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via
26-02-2019 - 14:04 15-04-2009 - 08:00
CVE-2009-0086 10.0
Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in
26-02-2019 - 14:04 15-04-2009 - 08:00
CVE-2010-0818 9.3
The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attacker
26-02-2019 - 14:04 15-09-2010 - 19:00
CVE-2009-0089 5.8
Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a differe
26-02-2019 - 14:04 15-04-2009 - 08:00
CVE-2009-0551 9.3
Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP docum
26-02-2019 - 14:04 15-04-2009 - 08:00
CVE-2009-0078 7.2
The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the
26-02-2019 - 14:04 15-04-2009 - 08:00
CVE-2009-0554 9.3
Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page
26-02-2019 - 14:04 15-04-2009 - 08:00
CVE-2009-0079 6.9
The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account,
26-02-2019 - 14:04 15-04-2009 - 08:00
CVE-2009-0084 9.3
Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is
26-02-2019 - 14:04 15-04-2009 - 08:00
CVE-2011-2455 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
29-11-2018 - 15:41 11-11-2011 - 16:55
CVE-2011-2453 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
29-11-2018 - 15:40 11-11-2011 - 16:55
CVE-2011-2454 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
29-11-2018 - 15:40 11-11-2011 - 16:55
CVE-2011-2452 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
29-11-2018 - 15:39 11-11-2011 - 16:55
CVE-2011-2459 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
29-11-2018 - 15:38 11-11-2011 - 16:55
CVE-2011-2451 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
29-11-2018 - 15:38 11-11-2011 - 16:55
CVE-2011-2460 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
29-11-2018 - 15:38 11-11-2011 - 16:55
CVE-2011-2456 10.0
Buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecifi
29-11-2018 - 15:37 11-11-2011 - 16:55
CVE-2011-2450 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (he
29-11-2018 - 15:37 11-11-2011 - 16:55
CVE-2011-2457 10.0
Stack-based buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code v
29-11-2018 - 15:37 11-11-2011 - 16:55
CVE-2011-2458 9.3
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross
29-11-2018 - 15:37 11-11-2011 - 16:55
CVE-2011-2445 10.0
Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (me
29-11-2018 - 15:36 11-11-2011 - 16:55
CVE-2009-4538 10.0
drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a r
16-11-2018 - 15:53 12-01-2010 - 17:30
CVE-2009-4537 7.8
drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via
16-11-2018 - 15:52 12-01-2010 - 17:30
CVE-2009-4536 7.8
drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypas
16-11-2018 - 15:51 12-01-2010 - 17:30
CVE-2009-1633 7.1
Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to U
08-11-2018 - 20:29 28-05-2009 - 20:30
CVE-2009-0143 4.3
Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast.
08-11-2018 - 20:21 14-03-2009 - 18:30
CVE-2009-0322 4.9
drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and 2.6.28.x before 2.6.28.2, allows local users to cause a denial of service (system crash) via a read system call that specifies zero bytes from the (1) image_type or (2) packet_size
08-11-2018 - 20:20 28-01-2009 - 18:30
CVE-2012-5146 5.0
Google Chrome before 24.0.1312.52 allows remote attackers to bypass the Same Origin Policy via a malformed URL.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2013-2475 3.3
The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet.
30-10-2018 - 16:27 07-03-2013 - 15:55
CVE-2013-2483 3.3
The acn_add_dmp_data function in epan/dissectors/packet-acn.c in the ACN dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via an invali
30-10-2018 - 16:27 07-03-2013 - 15:55
CVE-2012-5150 7.5
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving seek operations on video data.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2013-2480 3.3
The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow remote attackers to cause a denial of service (application crash) via a malformed packet.
30-10-2018 - 16:27 07-03-2013 - 15:55
CVE-2013-2487 7.8
epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via crafted in
30-10-2018 - 16:27 07-03-2013 - 15:55
CVE-2012-5147 7.5
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2013-2476 6.1
The dissect_hartip function in epan/dissectors/packet-hartip.c in the HART/IP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a packet with a header that is too short.
30-10-2018 - 16:27 07-03-2013 - 15:55
CVE-2013-2477 3.3
The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly manage function pointers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
30-10-2018 - 16:27 07-03-2013 - 15:55
CVE-2012-5152 5.0
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving seek operations on video data.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2012-5149 7.5
Integer overflow in the audio IPC layer in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2013-2481 2.9
Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to c
30-10-2018 - 16:27 07-03-2013 - 15:55
CVE-2012-5148 7.5
The hyphenation functionality in Google Chrome before 24.0.1312.52 does not properly validate file names, which has unspecified impact and attack vectors.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2012-5154 7.5
Integer overflow in Google Chrome before 24.0.1312.52 on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to allocation of shared memory.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2013-2479 3.3
The dissect_mpls_echo_tlv_dd_map function in epan/dissectors/packet-mpls-echo.c in the MPLS Echo dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via invalid Sub-tlv data.
30-10-2018 - 16:27 07-03-2013 - 15:55
CVE-2013-2478 3.3
The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service (a
30-10-2018 - 16:27 07-03-2013 - 15:55
CVE-2012-5153 7.5
Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds access to stack memory.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2013-2484 3.3
The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet.
30-10-2018 - 16:27 07-03-2013 - 15:55
CVE-2012-5145 7.5
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG layout.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2013-2482 6.1
The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
30-10-2018 - 16:27 07-03-2013 - 15:55
CVE-2013-2486 6.1
The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a deni
30-10-2018 - 16:27 07-03-2013 - 15:55
CVE-2013-2485 6.1
The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.
30-10-2018 - 16:27 07-03-2013 - 15:55
CVE-2013-2488 5.0
The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a denial of service (application crash) via a large
30-10-2018 - 16:27 07-03-2013 - 15:55
CVE-2013-2266 7.8
libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as
30-10-2018 - 16:27 28-03-2013 - 16:55
CVE-2011-2464 5.0
Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.
30-10-2018 - 16:27 08-07-2011 - 20:55
CVE-2013-0836 6.8
Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, does not properly implement garbage collection, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via craf
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2013-0835 5.0
Unspecified vulnerability in the Geolocation implementation in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (application crash) via unknown vectors.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2013-0831 7.5
Directory traversal vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to have an unspecified impact by leveraging access to an extension process.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2013-0833 5.0
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to printing.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2013-0837 7.5
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2013-0830 7.5
The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a NUL character required for termination of an unspecified data structure, which has unknown impact and attack vectors.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2013-0832 7.5
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2013-0834 5.0
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving glyphs.
30-10-2018 - 16:27 15-01-2013 - 21:55
CVE-2007-5236 5.4
Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files vi
30-10-2018 - 16:26 06-10-2007 - 00:17
CVE-2010-4454 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and ava
30-10-2018 - 16:26 17-02-2011 - 19:00
CVE-2010-4450 3.7
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux all
30-10-2018 - 16:26 17-02-2011 - 19:00
CVE-2010-3569 10.0
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2010-4466 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows allows remot
30-10-2018 - 16:26 17-02-2011 - 19:00
CVE-2010-3572 10.0
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2010-4448 2.6
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java ap
30-10-2018 - 16:26 17-02-2011 - 19:00
CVE-2010-3562 10.0
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the pr
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2010-3574 10.0
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2010-3571 10.0
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the pr
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2010-4469 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Jav
30-10-2018 - 16:26 17-02-2011 - 19:00
CVE-2010-4473 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and ava
30-10-2018 - 16:26 17-02-2011 - 19:00
CVE-2010-4462 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and ava
30-10-2018 - 16:26 17-02-2011 - 19:00
CVE-2010-4447 4.3
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Jav
30-10-2018 - 16:26 17-02-2011 - 19:00
CVE-2010-4475 4.3
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Jav
30-10-2018 - 16:26 17-02-2011 - 19:00
CVE-2010-3565 10.0
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous inf
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2010-3556 10.0
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Per: http://w
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2010-3559 10.0
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2010-3557 6.8
Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2007-4590 3.3
The get_system_info command in Ignite-UX C.7.0 through C.7.3, and DynRootDisk (DRD) A.1.0.16.417 through A.2.0.0.592, on HP-UX B.11.11, B.11.23, and B.11.31 does not inform local users of networking changes made by the command, which has unknown impa
30-10-2018 - 16:26 29-08-2007 - 01:17
CVE-2010-3554 10.0
Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2010-4476 5.0
The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows rem
30-10-2018 - 16:26 17-02-2011 - 19:00
CVE-2010-4465 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Jav
30-10-2018 - 16:26 17-02-2011 - 19:00
CVE-2010-3568 10.0
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2010-3541 5.1
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2009-4142 4.3
The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks b
30-10-2018 - 16:26 21-12-2009 - 16:30
CVE-2009-3882 7.5
Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6
30-10-2018 - 16:26 09-11-2009 - 19:30
CVE-2010-3553 10.0
Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2009-3864 7.5
The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which
30-10-2018 - 16:26 05-11-2009 - 16:30
CVE-2009-3876 5.0
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consum
30-10-2018 - 16:26 05-11-2009 - 16:30
CVE-2010-3551 5.0
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors.
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2011-2425 10.0
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a
30-10-2018 - 16:26 10-08-2011 - 22:55
CVE-2009-3877 5.0
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consum
30-10-2018 - 16:26 05-11-2009 - 16:30
CVE-2011-2416 10.0
Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbit
30-10-2018 - 16:26 10-08-2011 - 22:55
CVE-2009-2676 6.8
Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attacke
30-10-2018 - 16:26 05-08-2009 - 19:30
CVE-2002-0678 7.2
CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.
30-10-2018 - 16:26 23-07-2002 - 04:00
CVE-2011-2139 6.4
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to bypass the Same Origin Pol
30-10-2018 - 16:26 10-08-2011 - 22:55
CVE-2011-2140 10.0
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a
30-10-2018 - 16:26 10-08-2011 - 22:55
CVE-2009-3293 7.5
Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index."
30-10-2018 - 16:26 22-09-2009 - 10:30
CVE-2011-2136 10.0
Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbit
30-10-2018 - 16:26 10-08-2011 - 22:55
CVE-2009-3875 5.0
The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers
30-10-2018 - 16:26 05-11-2009 - 16:30
CVE-2011-2414 10.0
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitr
30-10-2018 - 16:26 10-08-2011 - 22:55
CVE-2011-2138 10.0
Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbit
30-10-2018 - 16:26 10-08-2011 - 22:55
CVE-2002-0573 7.5
Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command canno
30-10-2018 - 16:26 03-07-2002 - 04:00
CVE-2002-0085 5.0
cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a denial of service (crash) via an invalid procedure call in an RPC request.
30-10-2018 - 16:26 15-03-2002 - 05:00
CVE-2010-3548 5.0
Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the p
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2009-4143 10.0
PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.
30-10-2018 - 16:26 21-12-2009 - 16:30
CVE-2011-2137 10.0
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitr
30-10-2018 - 16:26 10-08-2011 - 21:55
CVE-2002-0088 7.2
Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long media installation path.
30-10-2018 - 16:26 15-03-2002 - 05:00
CVE-2011-2417 10.0
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a
30-10-2018 - 16:26 10-08-2011 - 22:55
CVE-2009-3883 7.5
Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to
30-10-2018 - 16:26 09-11-2009 - 19:30
CVE-2011-2135 10.0
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a
30-10-2018 - 16:26 10-08-2011 - 22:55
CVE-2002-0089 7.2
Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS argument in the .cdtoc file.
30-10-2018 - 16:26 15-03-2002 - 05:00
CVE-2010-3549 6.8
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE
30-10-2018 - 16:26 19-10-2010 - 22:00
CVE-2009-3291 7.5
The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.
30-10-2018 - 16:26 22-09-2009 - 10:30
CVE-2002-0796 10.0
Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges.
30-10-2018 - 16:26 12-08-2002 - 04:00
CVE-2007-3899 9.3
Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability."
30-10-2018 - 16:26 09-10-2007 - 22:17
CVE-2011-2130 10.0
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitr
30-10-2018 - 16:26 10-08-2011 - 21:55
CVE-2002-1317 7.5
Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.
30-10-2018 - 16:26 11-12-2002 - 05:00
CVE-2009-3865 9.3
The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752.
30-10-2018 - 16:26 05-11-2009 - 16:30
CVE-2009-3728 5.0
Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local Internation
30-10-2018 - 16:26 09-11-2009 - 19:30
CVE-2009-3557 5.0
The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix argu
30-10-2018 - 16:26 23-11-2009 - 17:30
CVE-2002-0797 10.0
Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges.
30-10-2018 - 16:26 12-08-2002 - 04:00
CVE-2009-4018 7.5
The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute pr
30-10-2018 - 16:26 29-11-2009 - 13:07
CVE-2002-1199 5.0
The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments.
30-10-2018 - 16:26 28-10-2002 - 05:00
CVE-2002-0677 7.5
CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the
30-10-2018 - 16:26 23-07-2002 - 04:00
CVE-2011-2424 9.3
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute arbitrary code or
30-10-2018 - 16:26 15-08-2011 - 21:55
CVE-2011-2415 10.0
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitr
30-10-2018 - 16:26 10-08-2011 - 22:55
CVE-2002-0084 7.2
Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long mount argument.
30-10-2018 - 16:26 15-03-2002 - 05:00
CVE-2009-3292 7.5
Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing."
30-10-2018 - 16:26 22-09-2009 - 10:30
CVE-2011-2134 10.0
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitr
30-10-2018 - 16:26 10-08-2011 - 21:55
CVE-2002-1296 7.2
Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences in the pc_clname field of a pcinfo_t structure, which cause priocntl to load a malicious kernel module.
30-10-2018 - 16:26 23-12-2002 - 05:00
CVE-2002-0679 10.0
Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.
30-10-2018 - 16:26 05-09-2002 - 04:00
CVE-2001-1076 7.2
Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable.
30-10-2018 - 16:26 05-07-2001 - 04:00
CVE-2004-1359 4.6
Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 allow local users to execute arbitrary code as the uucp user.
30-10-2018 - 16:26 04-03-2004 - 05:00
CVE-2003-0609 7.2
Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LD_PRELOAD environment variable.
30-10-2018 - 16:26 27-08-2003 - 04:00
CVE-2006-0227 2.6
Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, and 10 allow local users to delete arbitrary files or disable the LP print service via unknown attack vectors.
30-10-2018 - 16:26 17-01-2006 - 20:07
CVE-2001-0779 10.0
Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username.
30-10-2018 - 16:26 18-10-2001 - 04:00
CVE-2011-0866 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and
30-10-2018 - 16:26 14-06-2011 - 18:55
CVE-2011-0864 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to
30-10-2018 - 16:26 14-06-2011 - 18:55
CVE-2003-0196 10.0
Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.
30-10-2018 - 16:26 05-05-2003 - 04:00
CVE-2004-1347 5.0
X Display Manager (XDM) on Solaris 8 allows remote attackers to cause a denial of service (XDM crash) via an invalid X Display Manager Control Protocol (XDMCP) request.
30-10-2018 - 16:26 10-08-2004 - 04:00
CVE-2004-1360 2.1
Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when invoked by conv_lpd, allows local users to overwrite arbitrary files.
30-10-2018 - 16:26 27-02-2004 - 05:00
CVE-2004-0790 5.0
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have
30-10-2018 - 16:26 12-04-2005 - 04:00
CVE-1999-0689 7.2
The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack.
30-10-2018 - 16:26 13-09-1999 - 04:00
CVE-2001-0797 10.0
Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.
30-10-2018 - 16:26 12-12-2001 - 05:00
CVE-2011-0865 2.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to
30-10-2018 - 16:26 14-06-2011 - 18:55
CVE-2001-0422 7.2
Buffer overflow in Xsun in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable.
30-10-2018 - 16:26 02-07-2001 - 04:00
CVE-2003-0027 5.0
Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.
30-10-2018 - 16:26 07-02-2003 - 05:00
CVE-2003-0669 1.2
Unknown vulnerability in Solaris 2.6 through 9 causes a denial of service (system panic) via "a rare race condition" or an attack by local users.
30-10-2018 - 16:26 27-08-2003 - 04:00
CVE-2007-1270 5.0
Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors.
30-10-2018 - 16:26 06-04-2007 - 00:19
CVE-2004-1351 10.0
Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 through 9 allows remote attackers to execute arbitrary code.
30-10-2018 - 16:26 07-12-2004 - 05:00
CVE-2003-0914 4.3
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.
30-10-2018 - 16:26 15-12-2003 - 05:00
CVE-2011-0815 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to
30-10-2018 - 16:26 14-06-2011 - 18:55
CVE-2011-0862 10.0
Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and avail
30-10-2018 - 16:26 14-06-2011 - 18:55
CVE-2011-0802 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability vi
30-10-2018 - 16:26 14-06-2011 - 18:55
CVE-2003-0092 7.2
Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Solaris 9 allows local users to gain root privileges via a long HOME environment variable.
30-10-2018 - 16:26 02-04-2003 - 05:00
CVE-2003-0694 10.0
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
30-10-2018 - 16:26 06-10-2003 - 04:00
CVE-2008-0967 6.9
Untrusted search path vulnerability in vmware-authd in VMware Workstation 5.x before 5.5.7 build 91707 and 6.x before 6.0.4 build 93057, VMware Player 1.x before 1.0.7 build 91707 and 2.x before 2.0.4 build 93057, and VMware Server before 1.0.6 build
30-10-2018 - 16:26 05-06-2008 - 20:32
CVE-2004-0791 5.0
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench a
30-10-2018 - 16:26 12-04-2005 - 04:00
CVE-2004-0654 2.1
Unknown vulnerability in the Basic Security Module (BSM), when configured to audit either the Administrative (ad) or the System-Wide Administration (as) audit class in Solaris 7, 8, and 9, allows local users to cause a denial of service (kernel panic
30-10-2018 - 16:26 06-08-2004 - 04:00
CVE-2003-0999 7.2
Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint library in Solaris 2.6 through 9 may allow attackers to execute arbitrary code or read or write arbitrary files.
30-10-2018 - 16:26 05-01-2004 - 05:00
CVE-2011-0814 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability vi
30-10-2018 - 16:26 14-06-2011 - 18:55
CVE-2003-0091 7.2
Stack-based buffer overflow in the bsd_queue() function for lpq on Solaris 2.6 and 7 allows local users to gain root privilege.
30-10-2018 - 16:26 02-04-2003 - 05:00
CVE-2001-0594 4.6
kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument.
30-10-2018 - 16:26 02-08-2001 - 04:00
CVE-2011-0867 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to
30-10-2018 - 16:26 14-06-2011 - 18:55
CVE-2003-0201 10.0
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.
30-10-2018 - 16:26 05-05-2003 - 04:00
CVE-2007-1271 6.6
Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow attackers to gain privileges or cause a denial of service (application crash) via unspecified vectors.
30-10-2018 - 16:26 06-04-2007 - 00:19
CVE-1999-0691 7.2
Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.
30-10-2018 - 16:26 13-09-1999 - 04:00
CVE-2004-1352 7.2
Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may allow local users to execute arbitrary code.
30-10-2018 - 16:26 01-12-2004 - 05:00
CVE-2007-5398 9.3
Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requ
30-10-2018 - 16:25 16-11-2007 - 18:46
CVE-2007-5348 9.3
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerP
30-10-2018 - 16:25 11-09-2008 - 01:01
CVE-2007-6015 9.3
Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC stri
30-10-2018 - 16:25 13-12-2007 - 21:46
CVE-2008-3012 9.3
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint
30-10-2018 - 16:25 11-09-2008 - 01:11
CVE-2007-4572 9.3
Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon se
30-10-2018 - 16:25 16-11-2007 - 18:46
CVE-2002-1180 7.5
A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access
30-10-2018 - 16:25 12-11-2002 - 05:00
CVE-2002-0033 10.0
Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name.
30-10-2018 - 16:25 29-05-2002 - 04:00
CVE-2002-0364 7.5
Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise."
30-10-2018 - 16:25 03-07-2002 - 04:00
CVE-2009-3872 9.3
Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges
30-10-2018 - 16:25 05-11-2009 - 16:30
CVE-2009-3868 9.3
Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a c
30-10-2018 - 16:25 05-11-2009 - 16:30
CVE-2009-3873 9.3
The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem,"
30-10-2018 - 16:25 05-11-2009 - 16:30
CVE-2009-3869 9.3
Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and S
30-10-2018 - 16:25 05-11-2009 - 16:30
CVE-2002-0158 7.2
Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument.
30-10-2018 - 16:25 02-04-2002 - 05:00
CVE-2002-0079 7.5
Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.
30-10-2018 - 16:25 22-04-2002 - 04:00
CVE-2009-3871 9.3
Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and
30-10-2018 - 16:25 05-11-2009 - 16:30
CVE-2002-0372 7.5
Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement s
30-10-2018 - 16:25 03-07-2002 - 04:00
CVE-2009-2674 7.5
Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during dis
30-10-2018 - 16:25 05-08-2009 - 19:30
CVE-2009-3874 9.3
Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary co
30-10-2018 - 16:25 05-11-2009 - 16:30
CVE-2009-3867 9.3
Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to
30-10-2018 - 16:25 05-11-2009 - 16:30
CVE-2002-0071 7.5
Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names.
30-10-2018 - 16:25 22-04-2002 - 04:00
CVE-2008-3014 9.3
Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 20
30-10-2018 - 16:25 11-09-2008 - 01:11
CVE-2008-2168 4.3
Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
30-10-2018 - 16:25 13-05-2008 - 21:20
CVE-2004-1355 2.1
Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.
30-10-2018 - 16:25 26-04-2004 - 04:00
CVE-2001-0151 5.0
IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests.
30-10-2018 - 16:25 02-06-2001 - 04:00
CVE-2000-0778 5.0
IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability.
30-10-2018 - 16:25 20-10-2000 - 04:00
CVE-2001-0652 7.2
Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable.
30-10-2018 - 16:25 30-10-2001 - 05:00
CVE-2003-0228 7.5
Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that cause
30-10-2018 - 16:25 27-05-2003 - 04:00
CVE-2009-1303 5.0
The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGE
30-10-2018 - 16:25 22-04-2009 - 18:30
CVE-2003-0225 5.0
The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory cons
30-10-2018 - 16:25 09-06-2003 - 04:00
CVE-2000-0886 7.5
IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability.
30-10-2018 - 16:25 19-12-2000 - 05:00
CVE-2004-1348 5.0
Unknown vulnerability in in.named on Solaris 8 allows remote attackers to cause a denial of service (process crash).
30-10-2018 - 16:25 06-09-2004 - 04:00
CVE-2007-0042 7.8
Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechani
30-10-2018 - 16:25 10-07-2007 - 22:30
CVE-2006-0161 4.6
Unspecified vulnerability in uucp in Sun Solaris 8 and 9 has unknown impact and attack vectors. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this is related to CVE-2004-0780.
30-10-2018 - 16:25 10-01-2006 - 19:03
CVE-2003-0224 10.0
Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer
30-10-2018 - 16:25 09-06-2003 - 04:00
CVE-2004-1356 2.1
Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.
30-10-2018 - 16:25 23-04-2004 - 04:00
CVE-2004-1353 7.2
Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role Based Access Control (RBAC), allows local users to execute certain commands with additional privileges.
30-10-2018 - 16:25 19-10-2004 - 04:00
CVE-2004-0800 4.6
Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 allows local users to gain privileges via format strings in the argv[0] value.
30-10-2018 - 16:25 24-08-2004 - 04:00
CVE-2006-0008 7.2
The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and cl
30-10-2018 - 16:25 14-02-2006 - 19:06
CVE-2004-0573 7.5
Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
30-10-2018 - 16:25 28-09-2004 - 04:00
CVE-2004-1354 5.0
The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inaccessible, which could allow remote attackers to obtain sensitive information
30-10-2018 - 16:25 14-05-2004 - 04:00
CVE-2004-0082 7.5
The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable pas
30-10-2018 - 16:25 03-03-2004 - 05:00
CVE-2000-0884 7.5
IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.
30-10-2018 - 16:25 19-12-2000 - 05:00
CVE-2001-0507 7.2
IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability.
30-10-2018 - 16:25 20-09-2001 - 04:00
CVE-2009-1311 4.3
Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during
30-10-2018 - 16:25 22-04-2009 - 18:30
CVE-2003-1024 7.2
Unknown vulnerability in the ls-F builtin function in tcsh on Solaris 8 allows local users to create or delete files as other users, and gain privileges.
30-10-2018 - 16:25 20-01-2004 - 05:00
CVE-2004-0200 9.3
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to
30-10-2018 - 16:25 28-09-2004 - 04:00
CVE-2009-0087 9.3
Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and the Word 6 text converter in Microsoft Office Word 2000 SP3 and 2002 SP3; allows remote attackers to exe
30-10-2018 - 16:25 15-04-2009 - 08:00
CVE-2004-1154 10.0
Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of securit
30-10-2018 - 16:25 10-01-2005 - 05:00
CVE-2006-0748 9.3
Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via "an invalid and non-sensical ordering of table-related tags" that
19-10-2018 - 15:46 14-04-2006 - 10:02
CVE-2006-0749 9.3
nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via
19-10-2018 - 15:46 14-04-2006 - 10:02
CVE-2006-0476 7.6
Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).
19-10-2018 - 15:45 31-01-2006 - 11:03
CVE-2006-0298 5.8
The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read.
19-10-2018 - 15:44 02-02-2006 - 22:02
CVE-2006-0297 5.1
Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSu
19-10-2018 - 15:44 02-02-2006 - 22:02
CVE-2006-0299 6.4
The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange info
19-10-2018 - 15:44 02-02-2006 - 23:06
CVE-2006-0294 7.5
Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to o
19-10-2018 - 15:43 02-02-2006 - 20:06
CVE-2006-0292 7.5
The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garb
19-10-2018 - 15:43 02-02-2006 - 20:06
CVE-2006-0293 7.5
The function allocation code (js_NewFunction in jsfun.c) in Firefox 1.5 allows attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that opera
19-10-2018 - 15:43 02-02-2006 - 20:06
CVE-2006-0296 5.0
The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf fil
19-10-2018 - 15:43 02-02-2006 - 20:06
CVE-2006-0295 5.1
Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory
19-10-2018 - 15:43 02-02-2006 - 20:06
CVE-2006-0021 7.8
Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."
19-10-2018 - 15:42 14-02-2006 - 19:06
CVE-2006-0028 5.1
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead
19-10-2018 - 15:42 14-03-2006 - 23:02
CVE-2006-0031 5.1
Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, whi
19-10-2018 - 15:42 14-03-2006 - 23:02
CVE-2006-0023 4.3
Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1)
19-10-2018 - 15:42 08-02-2006 - 02:18
CVE-2005-4560 7.5
The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows P
19-10-2018 - 15:41 28-12-2005 - 19:03
CVE-2006-0009 5.1
Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware suc
19-10-2018 - 15:41 14-03-2006 - 23:02
CVE-2006-0006 9.3
Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary c
19-10-2018 - 15:41 14-02-2006 - 22:06
CVE-2006-0003 5.1
Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown att
19-10-2018 - 15:41 12-04-2006 - 00:02
CVE-2006-0014 5.1
Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.
19-10-2018 - 15:41 12-04-2006 - 00:02
CVE-2005-4134 5.0
Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not
19-10-2018 - 15:40 09-12-2005 - 15:03
CVE-2005-3983 7.8
Unknown vulnerability in the login page for HP Systems Insight Manager (SIM) 4.0 and 4.1, when accessed by Microsoft Internet Explorer with the MS04-025 patch, leads to a denial of service (browser hang). NOTE: although the advisory is vague, this is
19-10-2018 - 15:39 04-12-2005 - 11:03
CVE-2005-2127 7.5
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for
19-10-2018 - 15:32 19-08-2005 - 04:00
CVE-2005-0688 5.0
Windows Server 2003 and XP SP2, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, aka a reoccurrence o
19-10-2018 - 15:31 05-03-2005 - 05:00
CVE-2004-1060 5.0
Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment w
19-10-2018 - 15:30 12-04-2004 - 04:00
CVE-2004-0230 5.0
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that u
19-10-2018 - 15:30 18-08-2004 - 04:00
CVE-2002-0649 7.5
Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04
19-10-2018 - 15:29 12-08-2002 - 04:00
CVE-2004-0057 5.0
The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be
19-10-2018 - 15:29 17-02-2004 - 05:00
CVE-2003-0085 10.0
Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.
19-10-2018 - 15:29 31-03-2003 - 05:00
CVE-2003-0251 5.0
ypserv NIS server before 2.7 allows remote attackers to cause a denial of service via a TCP client request that does not respond to the server, which causes ypserv to block.
19-10-2018 - 15:29 24-07-2003 - 04:00
CVE-2006-3436 4.3
Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
18-10-2018 - 16:47 10-10-2006 - 21:07
CVE-2006-3451 7.5
Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via uns
18-10-2018 - 16:47 08-08-2006 - 23:04
CVE-2006-2111 4.3
A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cr
18-10-2018 - 16:38 01-05-2006 - 19:06
CVE-2006-1993 5.1
Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which ca
18-10-2018 - 16:37 25-04-2006 - 12:50
CVE-2006-1742 5.0
The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remot
18-10-2018 - 16:36 14-04-2006 - 10:02
CVE-2006-1790 10.0
A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.
18-10-2018 - 16:36 14-04-2006 - 19:02
CVE-2006-1737 9.3
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via
18-10-2018 - 16:35 14-04-2006 - 18:02
CVE-2006-1735 9.3
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javas
18-10-2018 - 16:35 14-04-2006 - 10:02
CVE-2006-1739 9.3
The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary
18-10-2018 - 16:35 14-04-2006 - 10:02
CVE-2006-1733 6.8
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute
18-10-2018 - 16:35 14-04-2006 - 10:02
CVE-2006-1740 2.6
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing
18-10-2018 - 16:35 14-04-2006 - 10:02
CVE-2006-1738 5.0
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (
18-10-2018 - 16:35 14-04-2006 - 18:02
CVE-2006-1734 6.8
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal func
18-10-2018 - 16:35 14-04-2006 - 10:02
CVE-2006-1741 4.3
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new p
18-10-2018 - 16:35 14-04-2006 - 10:02
CVE-2006-1736 2.6
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image li
18-10-2018 - 16:35 14-04-2006 - 10:02
CVE-2006-1727 7.6
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to t
18-10-2018 - 16:34 14-04-2006 - 10:02
CVE-2006-1723 7.5
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due
18-10-2018 - 16:34 14-04-2006 - 10:02
CVE-2006-1732 4.3
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS)
18-10-2018 - 16:34 14-04-2006 - 10:02
CVE-2006-1725 2.6
Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes certain windows to become translucent due to an interaction between XUL content windows and the history mechanism, which might allow user-assisted remote attackers to trick users in
18-10-2018 - 16:34 14-04-2006 - 10:02
CVE-2006-1729 4.3
Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file
18-10-2018 - 16:34 14-04-2006 - 10:02
CVE-2006-1726 9.3
Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox'
18-10-2018 - 16:34 14-04-2006 - 10:02
CVE-2006-1724 7.5
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via atta
18-10-2018 - 16:34 14-04-2006 - 10:02
CVE-2006-1728 9.3
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypt
18-10-2018 - 16:34 14-04-2006 - 10:02
CVE-2006-1730 9.3
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing prop
18-10-2018 - 16:34 14-04-2006 - 10:02
CVE-2006-1731 4.3
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are calle
18-10-2018 - 16:34 14-04-2006 - 10:02
CVE-2006-1531 7.5
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due
18-10-2018 - 16:33 14-04-2006 - 10:02
CVE-2006-1530 7.5
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due
18-10-2018 - 16:33 14-04-2006 - 10:02
CVE-2006-1529 7.5
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due
18-10-2018 - 16:33 14-04-2006 - 10:02
CVE-2006-1245 7.5
Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, a
18-10-2018 - 16:31 17-03-2006 - 01:02
CVE-2006-1045 2.6
The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive info
18-10-2018 - 16:30 07-03-2006 - 11:02
CVE-2006-0884 9.3
The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript U
18-10-2018 - 16:29 24-02-2006 - 22:02
CVE-2006-5870 9.3
Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that trig
17-10-2018 - 21:45 31-12-2006 - 05:00
CVE-2006-5577 4.3
Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure V
17-10-2018 - 21:43 12-12-2006 - 20:28
CVE-2006-5578 2.6
Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulne
17-10-2018 - 21:43 12-12-2006 - 20:28
CVE-2006-4702 6.8
Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. A
17-10-2018 - 21:39 13-12-2006 - 01:28
CVE-2007-2219 9.3
Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.
16-10-2018 - 16:42 12-06-2007 - 20:30
CVE-2007-0940 9.3
Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, a
16-10-2018 - 16:35 08-05-2007 - 23:19
CVE-2007-6425 10.0
Unspecified vulnerability in HP-UX B.11.31, when running ARPA Transport, allows remote attackers to cause a denial of service via unknown vectors.
15-10-2018 - 21:53 23-01-2008 - 21:00
CVE-2007-6203 4.3
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using w
15-10-2018 - 21:50 03-12-2007 - 22:46
CVE-2007-4887 4.3
The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerabilit
15-10-2018 - 21:38 14-09-2007 - 00:17
CVE-2007-4752 7.5
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted
15-10-2018 - 21:37 12-09-2007 - 01:17
CVE-2012-0163 9.3
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted AS
12-10-2018 - 22:02 10-04-2012 - 21:55
CVE-2009-2528 9.3
GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vu
12-10-2018 - 21:52 14-10-2009 - 10:30
CVE-2009-2518 9.3
Integer overflow in GDI+ in Microsoft Office XP SP3 allows remote attackers to execute arbitrary code via an Office document with a bitmap (aka BMP) image that triggers memory corruption, aka "Office BMP Integer Overflow Vulnerability."
12-10-2018 - 21:52 14-10-2009 - 10:30
CVE-2009-3126 9.3
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP
12-10-2018 - 21:52 14-10-2009 - 10:30
CVE-2009-2502 9.3
Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3
12-10-2018 - 21:51 14-10-2009 - 10:30
CVE-2009-2495 7.8
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obt
12-10-2018 - 21:51 29-07-2009 - 17:30
CVE-2009-2501 9.3
Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 G
12-10-2018 - 21:51 14-10-2009 - 10:30
CVE-2009-2500 9.3
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP
12-10-2018 - 21:51 14-10-2009 - 10:30
CVE-2009-2496 9.3
Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, In
12-10-2018 - 21:51 12-08-2009 - 17:30
CVE-2009-2493 9.3
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2,
12-10-2018 - 21:51 29-07-2009 - 17:30
CVE-2009-1534 9.3
Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary c
12-10-2018 - 21:51 12-08-2009 - 17:30
CVE-2009-2504 9.3
Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Mi
12-10-2018 - 21:51 14-10-2009 - 10:30
CVE-2009-2503 9.3
GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold a
12-10-2018 - 21:51 14-10-2009 - 10:30
CVE-2009-1137 9.3
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulne
12-10-2018 - 21:51 12-05-2009 - 22:30
CVE-2009-1136 9.3
The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Micro
12-10-2018 - 21:51 15-07-2009 - 15:30
CVE-2009-0222 9.3
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka
12-10-2018 - 21:50 12-05-2009 - 22:30
CVE-2009-1131 9.3
Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Dat
12-10-2018 - 21:50 12-05-2009 - 22:30
CVE-2009-0225 9.3
Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corrupti
12-10-2018 - 21:50 12-05-2009 - 22:30
CVE-2009-1129 9.3
Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a fil
12-10-2018 - 21:50 12-05-2009 - 22:30
CVE-2009-0238 9.3
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remot
12-10-2018 - 21:50 25-02-2009 - 16:30
CVE-2009-0223 9.3
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulne
12-10-2018 - 21:50 12-05-2009 - 22:30
CVE-2009-1128 9.3
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vul
12-10-2018 - 21:50 12-05-2009 - 22:30
CVE-2009-0235 9.3
Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corrupti
12-10-2018 - 21:50 15-04-2009 - 08:00
CVE-2009-1130 9.3
Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that
12-10-2018 - 21:50 12-05-2009 - 22:30
CVE-2009-0565 9.3
Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Forma
12-10-2018 - 21:50 10-06-2009 - 18:00
CVE-2009-0227 9.3
Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a fil
12-10-2018 - 21:50 12-05-2009 - 22:30
CVE-2009-0224 9.3
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; PowerPoint Viewer 2003 and 2007 SP1 and SP2; PowerPoint in Microsoft Office 2004 for Mac and 2008 for Mac; Open XML File Format Converter for Mac; Microsoft Works 8.5 and
12-10-2018 - 21:50 12-05-2009 - 22:30
CVE-2009-0220 9.3
Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file th
12-10-2018 - 21:50 12-05-2009 - 22:30
CVE-2009-0226 9.3
Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0
12-10-2018 - 21:50 12-05-2009 - 22:30
CVE-2009-0556 9.3
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value tha
12-10-2018 - 21:50 03-04-2009 - 18:30
CVE-2009-0237 4.3
Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2006, 2006
12-10-2018 - 21:50 15-04-2009 - 08:00
CVE-2009-0563 9.3
Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Mi
12-10-2018 - 21:50 10-06-2009 - 18:00
CVE-2009-0901 9.3
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Serv
12-10-2018 - 21:50 29-07-2009 - 17:30
CVE-2009-0221 9.3
Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field
12-10-2018 - 21:50 12-05-2009 - 22:30
CVE-2009-0562 9.3
The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Accelerati
12-10-2018 - 21:50 12-08-2009 - 17:30
CVE-2008-4841 9.3
The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corrupti
12-10-2018 - 21:49 10-12-2008 - 14:00
CVE-2009-0100 9.3
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007
12-10-2018 - 21:49 15-04-2009 - 08:00
CVE-2009-0077 5.0
The firewall engine in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2004 SP3, 2006, 2006 Supportability Update, and 2006 SP1; does not properly manage the sessio
12-10-2018 - 21:49 15-04-2009 - 08:00
CVE-2009-0102 9.3
Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerabi
12-10-2018 - 21:49 09-12-2009 - 18:30
CVE-2009-0099 5.0
The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage
12-10-2018 - 21:49 10-02-2009 - 22:30
CVE-2009-0098 9.3
Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message
12-10-2018 - 21:49 10-02-2009 - 22:30
CVE-2009-0217 5.0
The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLog
12-10-2018 - 21:49 14-07-2009 - 23:30
CVE-2008-4020 4.3
Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a "Content-Disposition: attachment" header and is accessed through a cdo: URL, which rende
12-10-2018 - 21:48 15-10-2008 - 00:12
CVE-2008-2540 9.3
Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downlo
12-10-2018 - 21:47 03-06-2008 - 15:32
CVE-2008-3015 9.3
Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2,
12-10-2018 - 21:47 11-09-2008 - 01:11
CVE-2008-3007 9.3
Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "
12-10-2018 - 21:47 11-09-2008 - 01:11
CVE-2008-1088 9.3
Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."
12-10-2018 - 21:45 08-04-2008 - 23:05
CVE-2007-3891 6.8
Unspecified vulnerability in Windows Vista Weather Gadgets in Windows Vista allows remote attackers to execute arbitrary code via crafted HTML attributes.
12-10-2018 - 21:44 14-08-2007 - 22:17
CVE-2008-0103 9.3
Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling e
12-10-2018 - 21:44 13-02-2008 - 00:00
CVE-2007-3033 4.3
Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlines Gadget (aka Sidebar RSS Feeds Gadget) in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are no
12-10-2018 - 21:43 14-08-2007 - 22:17
CVE-2007-3032 6.8
Unspecified vulnerability in Windows Vista Contacts Gadget in Windows Vista allows user-assisted remote attackers to execute arbitrary code via crafted contact information that is not properly handled when it is imported.
12-10-2018 - 21:43 14-08-2007 - 22:17
CVE-2007-0948 9.3
Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and i
12-10-2018 - 21:43 14-08-2007 - 22:17
CVE-2007-1201 9.3
Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components Data
12-10-2018 - 21:43 11-03-2008 - 23:44
CVE-2006-2389 9.3
Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption
12-10-2018 - 21:40 11-07-2006 - 21:05
CVE-2006-0025 9.3
Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size.
12-10-2018 - 21:38 13-06-2006 - 19:06
CVE-2006-0013 6.5
Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CV
12-10-2018 - 21:38 14-02-2006 - 19:06
CVE-2006-0022 7.6
Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a ma
12-10-2018 - 21:38 13-06-2006 - 19:06
CVE-2006-0030 5.1
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption.
12-10-2018 - 21:38 14-03-2006 - 23:02
CVE-2006-0029 5.1
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corrupt
12-10-2018 - 21:38 14-03-2006 - 23:02
CVE-2005-2123 7.5
Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format im
12-10-2018 - 21:37 29-11-2005 - 21:03
CVE-2005-2119 5.0
The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an i
12-10-2018 - 21:37 12-10-2005 - 13:04
CVE-2005-0564 7.5
Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.
12-10-2018 - 21:36 12-07-2005 - 04:00
CVE-2005-1215 7.5
Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers.
12-10-2018 - 21:36 14-06-2005 - 04:00
CVE-2005-1985 7.5
The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.
12-10-2018 - 21:36 13-10-2005 - 10:02
CVE-2005-1208 10.0
Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer ov
12-10-2018 - 21:36 14-06-2005 - 04:00
CVE-2005-1979 5.0
Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "unexpected protocol command during the reconnection request," which is not properly handled by the T
12-10-2018 - 21:36 12-10-2005 - 13:04
CVE-2005-1983 10.0
Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious applica
12-10-2018 - 21:36 10-08-2005 - 04:00
CVE-2005-1205 5.0
The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
12-10-2018 - 21:36 14-06-2005 - 04:00
CVE-2005-1984 7.5
Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.
12-10-2018 - 21:36 10-08-2005 - 04:00
CVE-2005-1216 7.5
Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter.
12-10-2018 - 21:36 14-06-2005 - 04:00
CVE-2005-1213 7.5
Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.
12-10-2018 - 21:36 14-06-2005 - 04:00
CVE-2005-1207 7.2
Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters.
12-10-2018 - 21:36 14-06-2005 - 04:00
CVE-2005-0550 2.1
Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".
12-10-2018 - 21:36 02-05-2005 - 04:00
CVE-2005-0558 5.1
Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document.
12-10-2018 - 21:36 02-05-2005 - 04:00
CVE-2005-0058 7.5
Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to elevate privileges or execute arbitrary code via a cr
12-10-2018 - 21:36 10-08-2005 - 04:00
CVE-2005-1980 5.0
Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transaction Internet Protocol (TIP) message that causes DTC to repeatedly connect to a target IP and port nu
12-10-2018 - 21:36 12-10-2005 - 13:04
CVE-2005-0551 10.0
Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that p
12-10-2018 - 21:36 02-05-2005 - 04:00
CVE-2005-0562 7.5
GIF file validation error in MSN Messenger 6.2 allows remote attackers in a user's contact list to execute arbitrary code via a GIF image with an improper height and width.
12-10-2018 - 21:36 12-04-2005 - 04:00
CVE-2005-1219 7.5
Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.
12-10-2018 - 21:36 12-07-2005 - 04:00
CVE-2005-1978 7.5
COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code.
12-10-2018 - 21:36 12-10-2005 - 13:04
CVE-2005-1206 7.5
Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."
12-10-2018 - 21:36 14-06-2005 - 04:00
CVE-2004-0892 7.5
Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spo
12-10-2018 - 21:35 27-01-2005 - 05:00
CVE-2004-1244 7.5
Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability."
12-10-2018 - 21:35 08-02-2004 - 05:00
CVE-2004-0963 10.0
Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a
12-10-2018 - 21:35 09-02-2005 - 05:00
CVE-2004-0897 10.0
The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
12-10-2018 - 21:35 11-01-2005 - 05:00
CVE-2004-0844 5.0
Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Doubl
12-10-2018 - 21:35 03-11-2004 - 05:00
CVE-2005-0051 7.5
The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows remote attackers to obtain sensitive information (users who are accessing resources) via an anonymous logon using a named pipe, which is not properly authenticated, aka the "Named Pipe
12-10-2018 - 21:35 02-05-2005 - 04:00
CVE-2004-0900 10.0
The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Req
12-10-2018 - 21:35 10-01-2005 - 05:00
CVE-2004-0847 7.5
The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Valid
12-10-2018 - 21:35 03-11-2004 - 05:00
CVE-2004-0846 7.5
Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated.
12-10-2018 - 21:35 03-11-2004 - 05:00
CVE-2004-1049 5.1
Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and I
12-10-2018 - 21:35 31-12-2004 - 05:00
CVE-2004-0899 5.0
The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP logging enabled, does not properly validate the length of certain messages, which allows remote attackers to cause a denial of service (application cra
12-10-2018 - 21:35 10-01-2005 - 05:00
CVE-2004-0848 7.5
Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.
12-10-2018 - 21:35 08-02-2005 - 05:00
CVE-2004-0204 7.5
Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.
12-10-2018 - 21:34 06-08-2004 - 04:00
CVE-2004-0575 10.0
Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unche
12-10-2018 - 21:34 03-11-2004 - 05:00
CVE-2004-0572 10.0
Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grp
12-10-2018 - 21:34 03-11-2004 - 05:00
CVE-2004-0211 2.1
The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program.
12-10-2018 - 21:34 03-11-2004 - 05:00
CVE-2004-0597 10.0
Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transpar
12-10-2018 - 21:34 23-11-2004 - 05:00
CVE-2004-0206 7.5
Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or appl
12-10-2018 - 21:34 03-11-2004 - 05:00
CVE-2004-0205 7.2
Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function.
12-10-2018 - 21:34 06-08-2004 - 04:00
CVE-2004-0380 10.0
The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM)
12-10-2018 - 21:34 04-05-2004 - 04:00
CVE-2004-0197 7.5
Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote attackers to execute arbitrary code via a specially-crafted database query.
12-10-2018 - 21:34 01-06-2004 - 04:00
CVE-2004-0199 5.1
Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability
12-10-2018 - 21:34 14-06-2004 - 04:00
CVE-2004-0208 7.2
The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a wa
12-10-2018 - 21:34 03-11-2004 - 05:00
CVE-2004-0122 5.0
Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files.
12-10-2018 - 21:34 15-04-2004 - 04:00
CVE-2004-0569 7.5
The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote attackers to read active memory or cause a denial of service (system crash) via a malicious message, possibly related to improper length values.
12-10-2018 - 21:34 03-11-2004 - 05:00
CVE-2004-0215 5.0
Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.
12-10-2018 - 21:34 06-08-2004 - 04:00
CVE-2004-0123 7.5
Double free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
12-10-2018 - 21:34 01-06-2004 - 04:00
CVE-2004-0209 10.0
Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image form
12-10-2018 - 21:34 03-11-2004 - 05:00
CVE-2004-0124 2.6
The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."
12-10-2018 - 21:34 01-06-2004 - 04:00
CVE-2003-0807 5.0
Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted r
12-10-2018 - 21:33 01-06-2004 - 04:00
CVE-2003-0906 7.6
Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or E
12-10-2018 - 21:33 01-06-2004 - 04:00
CVE-2004-0120 5.0
The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.
12-10-2018 - 21:33 01-06-2004 - 04:00
CVE-2003-0910 7.2
The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descri
12-10-2018 - 21:33 01-06-2004 - 04:00
CVE-2003-0909 7.2
Windows XP allows local users to execute arbitrary programs by creating a task at an elevated privilege level through the eventtriggers.exe command-line tool or the Task Scheduler service, aka "Windows Management Vulnerability."
12-10-2018 - 21:33 01-06-2004 - 04:00
CVE-2003-0820 7.5
Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
12-10-2018 - 21:33 15-12-2003 - 05:00
CVE-2003-0908 7.2
The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the
12-10-2018 - 21:33 01-06-2004 - 04:00
CVE-2003-0819 10.0
Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS t
12-10-2018 - 21:33 17-02-2004 - 05:00
CVE-2004-0117 7.5
Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code.
12-10-2018 - 21:33 01-06-2004 - 04:00
CVE-2004-0116 5.0
An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
12-10-2018 - 21:33 01-06-2004 - 04:00
CVE-2003-0719 7.5
Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows re
12-10-2018 - 21:33 01-06-2004 - 04:00
CVE-2003-0903 10.0
Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.
12-10-2018 - 21:33 17-02-2004 - 05:00
CVE-2003-0821 7.5
Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
12-10-2018 - 21:33 15-12-2003 - 05:00
CVE-2003-0806 7.5
Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.
12-10-2018 - 21:33 01-06-2004 - 04:00
CVE-2004-0118 7.2
The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code.
12-10-2018 - 21:33 01-06-2004 - 04:00
CVE-2003-0905 5.0
Unknown vulnerability in Windows Media Station Service and Windows Media Monitor Service components of Windows Media Services 4.1 allows remote attackers to cause a denial of service (disallowing new connections) via a certain sequence of TCP/IP pack
12-10-2018 - 21:33 15-04-2004 - 04:00
CVE-2002-1183 7.5
Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862).
12-10-2018 - 21:32 11-12-2002 - 05:00
CVE-2002-1143 5.0
Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka
12-10-2018 - 21:32 11-04-2003 - 04:00
CVE-2003-0525 5.0
The getCanonicalPath function in Windows NT 4.0 may free memory that it does not own and cause heap corruption, which allows attackers to cause a denial of service (crash) via requests that cause a long file name to be passed to getCanonicalPath, as
12-10-2018 - 21:32 27-08-2003 - 04:00
CVE-2003-0110 5.0
The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, ma
12-10-2018 - 21:32 05-05-2003 - 04:00
CVE-2003-0526 6.8
Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleans
12-10-2018 - 21:32 18-08-2003 - 04:00
CVE-2003-0353 7.5
Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
12-10-2018 - 21:32 27-08-2003 - 04:00
CVE-2003-0346 7.5
Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which l
12-10-2018 - 21:32 27-08-2003 - 04:00
CVE-2003-0663 5.0
Unknown vulnerability in the Local Security Authority Subsystem Service (LSASS) in Windows 2000 domain controllers allows remote attackers to cause a denial of service via a crafted LDAP message.
12-10-2018 - 21:32 01-06-2004 - 04:00
CVE-2003-0533 7.5
Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and
12-10-2018 - 21:32 01-06-2004 - 04:00
CVE-2003-0664 7.5
Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.
12-10-2018 - 21:32 20-10-2003 - 04:00
CVE-2003-0231 5.0
Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
12-10-2018 - 21:32 27-08-2003 - 04:00
CVE-2003-0306 7.2
Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to execute arbitrary code as the XP user via a desktop.ini file with a long .ShellClassInfo parameter.
12-10-2018 - 21:32 09-06-2003 - 04:00
CVE-2003-0232 7.2
Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.
12-10-2018 - 21:32 27-08-2003 - 04:00
CVE-2003-0349 7.5
Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via
12-10-2018 - 21:32 24-07-2003 - 04:00
CVE-2003-0230 7.2
Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.
12-10-2018 - 21:32 27-08-2003 - 04:00
CVE-2002-0641 7.5
Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSER
12-10-2018 - 21:31 23-07-2002 - 04:00
CVE-2002-0699 5.0
Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's
12-10-2018 - 21:31 04-10-2002 - 04:00
CVE-2002-1056 7.5
Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary s
12-10-2018 - 21:31 16-05-2002 - 04:00
CVE-2002-0642 7.2
The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Perm
12-10-2018 - 21:31 23-07-2002 - 04:00
CVE-2002-0367 7.2
smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, a
12-10-2018 - 21:31 25-06-2002 - 04:00
CVE-2002-0154 7.5
Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.
12-10-2018 - 21:31 16-05-2002 - 04:00
CVE-2002-0186 7.5
Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."
12-10-2018 - 21:31 03-07-2002 - 04:00
CVE-2002-0070 7.6
Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled.
12-10-2018 - 21:31 15-03-2002 - 05:00
CVE-2002-0624 7.5
Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authenticat
12-10-2018 - 21:31 23-07-2002 - 04:00
CVE-2002-0018 10.0
In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Admin
12-10-2018 - 21:30 08-03-2002 - 05:00
CVE-2002-0013 10.0
Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by th
12-10-2018 - 21:30 13-02-2002 - 05:00
CVE-2002-0020 7.5
Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options.
12-10-2018 - 21:30 08-03-2002 - 05:00
CVE-2002-0012 10.0
Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candi
12-10-2018 - 21:30 13-02-2002 - 05:00
CVE-2002-0053 7.5
Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be
12-10-2018 - 21:30 08-03-2002 - 05:00
CVE-2001-0719 7.5
Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file.
12-10-2018 - 21:30 06-12-2001 - 05:00
CVE-2002-0056 7.5
Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to (1) OpenDataSource or (2) OpenRowset in an ad hoc connection.
12-10-2018 - 21:30 08-03-2002 - 05:00
CVE-2001-0333 7.5
Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.
12-10-2018 - 21:30 27-06-2001 - 04:00
CVE-2001-0542 7.5
Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability repo
12-10-2018 - 21:30 20-12-2001 - 05:00
CVE-2001-0500 10.0
Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data
12-10-2018 - 21:30 21-07-2001 - 04:00
CVE-2001-0045 10.0
The default permissions for the RAS Administration key in Windows NT 4.0 allows local users to execute arbitrary commands by changing the value to point to a malicious DLL, aka one of the "Registry Permissions" vulnerabilities.
12-10-2018 - 21:30 16-02-2001 - 05:00
CVE-2001-0047 7.5
The default permissions for the MTS Package Administration registry key in Windows NT 4.0 allows local users to install or modify arbitrary Microsoft Transaction Server (MTS) packages and gain privileges, aka one of the "Registry Permissions" vulnera
12-10-2018 - 21:30 16-02-2001 - 05:00
CVE-2001-0344 7.2
An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.
12-10-2018 - 21:30 21-07-2001 - 04:00
CVE-2001-0046 4.6
The default permissions for the SNMP Parameters registry key in Windows NT 4.0 allows remote attackers to read and possibly modify the SNMP community strings to obtain sensitive information or modify network configuration, aka one of the "Registry Pe
12-10-2018 - 21:30 16-02-2001 - 05:00
CVE-1999-0874 10.0
Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.
12-10-2018 - 21:29 16-06-1999 - 04:00
CVE-1999-0736 5.0
The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files.
12-10-2018 - 21:29 07-05-1999 - 04:00
CVE-2000-1081 4.6
The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which
12-10-2018 - 21:29 09-01-2001 - 05:00
CVE-2000-0377 5.0
The Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of service via a malformed request, which causes the winlogon process to fail, aka the "Remote Registry Access Authentication" vulnerability.
12-10-2018 - 21:29 08-06-2000 - 04:00
CVE-1999-0278 5.0
In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.
12-10-2018 - 21:29 01-06-1998 - 04:00
CVE-2000-0979 6.4
File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first characte
12-10-2018 - 21:29 19-12-2000 - 05:00
CVE-2009-0361 4.6
Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files b
11-10-2018 - 21:01 13-02-2009 - 17:30
CVE-2009-0360 6.2
Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configurat
11-10-2018 - 21:01 13-02-2009 - 17:30
CVE-2009-0159 6.8
Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.
11-10-2018 - 21:00 14-04-2009 - 15:30
CVE-2009-0037 6.8
The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or o
11-10-2018 - 20:59 05-03-2009 - 02:30
CVE-2009-0028 2.1
The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting thi
11-10-2018 - 20:58 27-02-2009 - 17:30
CVE-2009-0016 5.0
Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header.
11-10-2018 - 20:58 14-03-2009 - 18:30
CVE-2008-5700 1.9
libata in the Linux kernel before 2.6.27.9 does not set minimum timeouts for SG_IO requests, which allows local users to cause a denial of service (Programmed I/O mode on drives) via multiple simultaneous invocations of an unspecified test program.
11-10-2018 - 20:56 22-12-2008 - 15:30
CVE-2008-5303 6.9
Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this
11-10-2018 - 20:54 01-12-2008 - 17:30
CVE-2008-5302 6.9
Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, an
11-10-2018 - 20:54 01-12-2008 - 17:30
CVE-2008-4552 7.5
The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended acce
11-10-2018 - 20:52 14-10-2008 - 20:00
CVE-2008-4556 10.0
Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request.
11-10-2018 - 20:52 14-10-2008 - 22:36
CVE-2008-3870 10.0
Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request that triggers a heap-based buffer overflow, related to improper memory allocation.
11-10-2018 - 20:50 26-05-2009 - 21:30
CVE-2008-3869 10.0
Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request, related to improper decoding of request parameters.
11-10-2018 - 20:50 26-05-2009 - 21:30
CVE-2008-3636 7.2
Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear So
11-10-2018 - 20:48 11-09-2008 - 01:13
CVE-2010-4435 10.0
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the Jan
10-10-2018 - 20:08 19-01-2011 - 17:00
CVE-2010-3573 5.1
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous inform
10-10-2018 - 20:04 19-10-2010 - 22:00
CVE-2010-3613 4.0
named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a
10-10-2018 - 20:04 06-12-2010 - 13:44
CVE-2010-3567 10.0
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information w
10-10-2018 - 20:04 19-10-2010 - 22:00
CVE-2010-3566 10.0
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information w
10-10-2018 - 20:04 19-10-2010 - 22:00
CVE-2010-3561 7.5
Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information
10-10-2018 - 20:03 19-10-2010 - 22:00
CVE-2010-3550 9.3
Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
10-10-2018 - 20:02 19-10-2010 - 22:00
CVE-2010-1646 6.2
The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last
10-10-2018 - 19:57 07-06-2010 - 17:12
CVE-2010-1039 10.0
Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers
10-10-2018 - 19:55 20-05-2010 - 17:30
CVE-2010-0624 6.8
Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arb
10-10-2018 - 19:53 15-03-2010 - 13:28
CVE-2010-0734 6.8
content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of se
10-10-2018 - 19:53 19-03-2010 - 19:30
CVE-2010-0426 6.9
sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges vi
10-10-2018 - 19:52 24-02-2010 - 18:30
CVE-2010-0427 4.4
sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.
10-10-2018 - 19:52 25-02-2010 - 19:30
CVE-2009-3731 4.3
Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1;
10-10-2018 - 19:47 16-12-2009 - 18:30
CVE-2009-3027 10.0
VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF)
10-10-2018 - 19:42 11-12-2009 - 16:30
CVE-2009-2847 4.9
The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive informati
10-10-2018 - 19:42 18-08-2009 - 21:00
CVE-2009-2730 7.5
libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof a
10-10-2018 - 19:42 12-08-2009 - 10:30
CVE-2009-2813 6.0
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle error
10-10-2018 - 19:42 14-09-2009 - 16:30
CVE-2009-2671 5.0
The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2)
10-10-2018 - 19:41 05-08-2009 - 19:30
CVE-2009-2670 5.0
The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which
10-10-2018 - 19:41 05-08-2009 - 19:30
CVE-2009-2675 10.0
Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header
10-10-2018 - 19:41 05-08-2009 - 19:30
CVE-2009-2672 7.5
The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications,
10-10-2018 - 19:41 05-08-2009 - 19:30
CVE-2009-2673 7.5
The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspec
10-10-2018 - 19:41 05-08-2009 - 19:30
CVE-2009-2417 7.5
lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof a
10-10-2018 - 19:40 14-08-2009 - 15:16
CVE-2009-2267 6.9
VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.
10-10-2018 - 19:39 02-11-2009 - 15:30
CVE-2009-1439 7.8
Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) via a long nativeFileSystem field in a Tree Connect response to an SMB mount request.
10-10-2018 - 19:36 27-04-2009 - 18:00
CVE-2009-1384 5.0
pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
10-10-2018 - 19:36 28-05-2009 - 20:30
CVE-2009-1337 4.4
The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies
10-10-2018 - 19:36 22-04-2009 - 15:30
CVE-2009-1312 4.3
Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or
10-10-2018 - 19:35 22-04-2009 - 18:30
CVE-2009-1336 4.9
fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly initialize a certain structure member that stores the maximum NFS filename length, which allows local users to cause a denial of service (OOPS) via a long filename, related to the en
10-10-2018 - 19:35 22-04-2009 - 15:30
CVE-2009-1252 6.8
Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing a
10-10-2018 - 19:35 19-05-2009 - 19:30
CVE-2009-1104 5.8
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other p
10-10-2018 - 19:34 25-03-2009 - 23:30
CVE-2009-1106 6.4
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary
10-10-2018 - 19:34 25-03-2009 - 23:30
CVE-2009-1107 4.3
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent t
10-10-2018 - 19:34 25-03-2009 - 23:30
CVE-2009-1103 6.4
Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access fil
10-10-2018 - 19:34 25-03-2009 - 23:30
CVE-2009-1102 6.4
Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code gener
10-10-2018 - 19:34 25-03-2009 - 23:30
CVE-2009-1105 7.5
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities
10-10-2018 - 19:34 25-03-2009 - 23:30
CVE-2009-1098 9.3
Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code v
10-10-2018 - 19:33 25-03-2009 - 23:30
CVE-2009-1100 5.0
Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors relate
10-10-2018 - 19:33 25-03-2009 - 23:30
CVE-2009-1099 7.5
Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a
10-10-2018 - 19:33 25-03-2009 - 23:30
CVE-2009-1095 10.0
Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pa
10-10-2018 - 19:33 25-03-2009 - 23:30
CVE-2009-1101 5.0
Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) f
10-10-2018 - 19:33 25-03-2009 - 23:30
CVE-2009-1093 5.0
LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initiali
10-10-2018 - 19:33 25-03-2009 - 23:30
CVE-2009-1094 10.0
Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP
10-10-2018 - 19:33 25-03-2009 - 23:30
CVE-2009-1097 9.3
Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow durin
10-10-2018 - 19:33 25-03-2009 - 23:30
CVE-2009-1096 10.0
Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pac
10-10-2018 - 19:33 25-03-2009 - 23:30
CVE-2009-0847 4.3
The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, rela
10-10-2018 - 19:32 09-04-2009 - 00:30
CVE-2009-0745 4.9
The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause
10-10-2018 - 19:30 27-02-2009 - 17:30
CVE-2009-0675 2.1
The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset t
10-10-2018 - 19:30 22-02-2009 - 22:30
CVE-2009-0746 4.9
The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate a certain rec_len field, which allows local users to cause a denial of service (OOPS) by attempting to mount a c
10-10-2018 - 19:30 27-02-2009 - 17:30
CVE-2009-0747 4.9
The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the i_size_high structure member during operations on arbitrary types of files, which allows local users to cause a denial of servic
10-10-2018 - 19:30 27-02-2009 - 17:30
CVE-2009-0696 4.3
The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon ex
10-10-2018 - 19:30 29-07-2009 - 17:30
CVE-2009-0748 4.9
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate the superblock configuration, which allows local users to cause a denial of service (NULL pointer dereference and
10-10-2018 - 19:30 27-02-2009 - 17:30
CVE-2009-0676 2.1
The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt
10-10-2018 - 19:30 22-02-2009 - 22:30
CVE-2009-2404 9.3
Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a d
03-10-2018 - 22:00 03-08-2009 - 14:30
CVE-2009-1310 4.3
Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element.
03-10-2018 - 22:00 22-04-2009 - 18:30
CVE-2009-1309 4.3
Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ sco
03-10-2018 - 22:00 22-04-2009 - 18:30
CVE-2009-1307 6.8
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web
03-10-2018 - 21:59 22-04-2009 - 18:30
CVE-2009-1306 4.3
The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other at
03-10-2018 - 21:59 22-04-2009 - 18:30
CVE-2009-1304 5.0
The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving
03-10-2018 - 21:59 22-04-2009 - 18:30
CVE-2009-1305 5.0
The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP
03-10-2018 - 21:59 22-04-2009 - 18:30
CVE-2009-1302 5.0
The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1
03-10-2018 - 21:59 22-04-2009 - 18:30
CVE-2009-0772 9.3
The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetO
03-10-2018 - 21:58 05-03-2009 - 02:30
CVE-2009-0776 7.1
nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
03-10-2018 - 21:58 05-03-2009 - 02:30
CVE-2009-0774 9.3
The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different v
03-10-2018 - 21:58 05-03-2009 - 02:30
CVE-2005-0448 1.2
Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.
03-10-2018 - 21:29 02-05-2005 - 04:00
CVE-2013-0166 5.0
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) vi
09-08-2018 - 01:29 08-02-2013 - 19:55
CVE-2002-1220 5.0
BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.
03-05-2018 - 01:29 29-11-2002 - 05:00
CVE-2002-1221 5.0
BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference.
03-05-2018 - 01:29 29-11-2002 - 05:00
CVE-2002-1318 10.0
Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to
03-05-2018 - 01:29 11-12-2002 - 05:00
CVE-2002-1219 7.5
Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).
03-05-2018 - 01:29 29-11-2002 - 05:00
CVE-2003-0985 7.2
The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing
03-05-2018 - 01:29 20-01-2004 - 05:00
CVE-2003-0695 7.5
Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a differe
03-05-2018 - 01:29 06-10-2003 - 04:00
CVE-2003-0544 5.0
OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer wh
03-05-2018 - 01:29 17-11-2003 - 05:00
CVE-2004-0541 10.0
Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable).
03-05-2018 - 01:29 06-08-2004 - 04:00
CVE-2003-0693 10.0
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CV
03-05-2018 - 01:29 22-09-2003 - 04:00
CVE-2004-0077 7.2
The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local
03-05-2018 - 01:29 03-03-2004 - 05:00
CVE-2003-0834 7.2
Buffer overflow in CDE libDtHelp library allows local users to execute arbitrary code via (1) a modified DTHELPUSERSEARCHPATH environment variable and the Help feature, (2) DTSEARCHPATH, or (3) LOGNAME.
03-05-2018 - 01:29 01-12-2003 - 05:00
CVE-2005-2871 7.5
Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with al
03-05-2018 - 01:29 09-09-2005 - 18:03
CVE-2005-0989 5.0
The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.
03-05-2018 - 01:29 02-05-2005 - 04:00
CVE-2005-0401 5.1
FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollba
03-05-2018 - 01:29 02-05-2005 - 04:00
CVE-2004-0148 7.2
wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.
03-05-2018 - 01:29 15-04-2004 - 04:00
CVE-2005-0399 5.1
Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a
03-05-2018 - 01:29 02-05-2005 - 04:00
CVE-1999-0693 7.2
Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.
03-05-2018 - 01:29 02-03-2000 - 05:00
CVE-2003-0682 7.5
"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.
03-05-2018 - 01:29 06-10-2003 - 04:00
CVE-2003-0688 5.0
The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that caus
03-05-2018 - 01:29 20-10-2003 - 04:00
CVE-2005-3295 2.1
Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms allows local users to cause a denial of service due to a "specific stack size."
03-05-2018 - 01:29 23-10-2005 - 21:02
CVE-2003-0681 7.5
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
03-05-2018 - 01:29 06-10-2003 - 04:00
CVE-2003-0543 5.0
Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.
03-05-2018 - 01:29 17-11-2003 - 05:00
CVE-2004-1316 5.0
Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which
03-05-2018 - 01:29 29-12-2004 - 05:00
CVE-2012-4929 2.6
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plain
22-04-2018 - 01:29 15-09-2012 - 18:55
CVE-2007-6750 5.0
The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
10-01-2018 - 02:29 27-12-2011 - 18:55
CVE-2011-4858 5.0
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU con
09-01-2018 - 02:29 05-01-2012 - 19:55
CVE-2011-4313 5.0
query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named e
06-01-2018 - 02:29 29-11-2011 - 17:55
CVE-2010-4452 10.0
Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confident
22-12-2017 - 02:29 17-02-2011 - 19:00
CVE-2010-4470 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the
22-12-2017 - 02:29 17-02-2011 - 19:00
CVE-2010-4463 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 21 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrit
22-12-2017 - 02:29 17-02-2011 - 19:00
CVE-2010-4468 4.0
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect c
22-12-2017 - 02:29 17-02-2011 - 19:00
CVE-2010-4472 2.6
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous
22-12-2017 - 02:29 17-02-2011 - 19:00
CVE-2010-4467 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrit
22-12-2017 - 02:29 17-02-2011 - 19:00
CVE-2010-4471 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect co
22-12-2017 - 02:29 17-02-2011 - 19:00
CVE-2011-0873 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors rel
22-12-2017 - 02:29 14-06-2011 - 18:55
CVE-2011-0786 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, in
22-12-2017 - 02:29 14-06-2011 - 18:55
CVE-2011-0869 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 26 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related t
22-12-2017 - 02:29 14-06-2011 - 18:55
CVE-2011-0868 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.
22-12-2017 - 02:29 14-06-2011 - 18:55
CVE-2011-0817 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, in
22-12-2017 - 02:29 14-06-2011 - 18:55
CVE-2011-0788 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, in
22-12-2017 - 02:29 14-06-2011 - 18:55
CVE-2011-0872 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect availability via unknown vectors related to NIO.
22-12-2017 - 02:29 14-06-2011 - 18:55
CVE-2011-0863 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability
22-12-2017 - 02:29 14-06-2011 - 18:55
CVE-2000-1079 7.5
Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast d
19-12-2017 - 02:29 29-08-2000 - 04:00
CVE-2013-3744 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2400. P
18-11-2017 - 02:29 18-06-2013 - 22:55
CVE-2000-1134 7.2
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via
19-10-2017 - 01:29 09-01-2001 - 05:00
CVE-1999-0562 7.5
The registry in Windows NT can be accessed remotely by users who are not administrators.
19-10-2017 - 01:29 01-01-1997 - 05:00
CVE-2007-1900 5.0
CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression
11-10-2017 - 01:32 10-04-2007 - 18:19
CVE-2007-2990 4.9
Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 allows local users to cause a denial of service (daemon termination) via unspecified manipulations of the /var/run/.inetd.uds Unix domain socket file.
11-10-2017 - 01:32 01-06-2007 - 10:30
CVE-2006-6304 7.5
The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to O_EXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump.
11-10-2017 - 01:31 14-12-2006 - 20:28
CVE-2005-2264 7.5
Firefox before 1.0.5 allows remote attackers to steal sensitive information by opening a malicious link in the Firefox sidebar using the _search target, then injecting script into other pages via a data: URL.
11-10-2017 - 01:30 13-07-2005 - 04:00
CVE-2005-2269 7.5
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to
11-10-2017 - 01:30 13-07-2005 - 04:00
CVE-2005-0752 7.5
The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag.
11-10-2017 - 01:30 18-04-2005 - 04:00
CVE-2005-2702 7.5
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters.
11-10-2017 - 01:30 23-09-2005 - 19:03
CVE-2005-1159 7.5
The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the w
11-10-2017 - 01:30 02-05-2005 - 04:00
CVE-2005-1154 7.5
Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site sc
11-10-2017 - 01:30 02-05-2005 - 04:00
CVE-2005-1160 5.1
The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval func
11-10-2017 - 01:30 02-05-2005 - 04:00
CVE-2006-1389 7.8
Unspecified vulnerability in swagentd in HP-UX B.11.00, B.11.04, and B.11.11 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
11-10-2017 - 01:30 25-03-2006 - 00:06
CVE-2005-2706 6.4
Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla.
11-10-2017 - 01:30 23-09-2005 - 19:03
CVE-2005-1937 2.6
A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that wa
11-10-2017 - 01:30 14-06-2005 - 04:00
CVE-2005-1153 7.5
Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option.
11-10-2017 - 01:30 02-05-2005 - 04:00
CVE-2005-2266 5.0
Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensit
11-10-2017 - 01:30 13-07-2005 - 04:00
CVE-2005-2267 7.5
Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may le
11-10-2017 - 01:30 13-07-2005 - 04:00
CVE-2005-2262 5.1
Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" (in Firefox) or "Set as Background" (in Netscape) context menu on an image URL that is really a java
11-10-2017 - 01:30 13-07-2005 - 04:00
CVE-2005-2701 7.5
Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag.
11-10-2017 - 01:30 23-09-2005 - 19:03
CVE-2005-3779 7.2
Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 allows local users to gain privileges via unknown vectors.
11-10-2017 - 01:30 23-11-2005 - 01:03
CVE-2005-2261 7.5
Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.
11-10-2017 - 01:30 13-07-2005 - 04:00
CVE-2005-1532 7.5
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a va
11-10-2017 - 01:30 12-05-2005 - 04:00
CVE-2005-2270 7.5
Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.
11-10-2017 - 01:30 13-07-2005 - 04:00
CVE-2005-1477 5.1
The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when
11-10-2017 - 01:30 09-05-2005 - 04:00
CVE-2005-1531 7.5
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL
11-10-2017 - 01:30 12-05-2005 - 04:00
CVE-2005-1476 5.1
Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477.
11-10-2017 - 01:30 09-05-2005 - 04:00
CVE-2005-3564 7.2
envd daemon in HP-UX B.11.00 through B.11.11 allows local users to obtain privileges via unknown attack vectors.
11-10-2017 - 01:30 16-11-2005 - 07:42
CVE-2005-1156 7.5
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."
11-10-2017 - 01:30 02-05-2005 - 04:00
CVE-2005-2705 7.5
Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code.
11-10-2017 - 01:30 23-09-2005 - 19:03
CVE-2005-2265 5.0
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead
11-10-2017 - 01:30 13-07-2005 - 04:00
CVE-2005-1155 7.5
The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking."
11-10-2017 - 01:30 02-05-2005 - 04:00
CVE-2005-2260 7.5
The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dan
11-10-2017 - 01:30 13-07-2005 - 04:00
CVE-2005-2707 5.0
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks.
11-10-2017 - 01:30 23-09-2005 - 19:03
CVE-2005-1158 5.0
Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the _search target of the Firefox sidebar.
11-10-2017 - 01:30 02-05-2005 - 04:00
CVE-2006-0516 2.1
Unspecified vulnerability in the kernel processing in Solaris 10 64 bit platform, when running in 64-bit mode, allows local users to cause a denial of service (system panic) via unknown attack vectors.
11-10-2017 - 01:30 02-02-2006 - 11:02
CVE-2005-2268 2.6
Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "D
11-10-2017 - 01:30 13-07-2005 - 04:00
CVE-2005-3565 7.5
Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and B.11.23 while running in "Trusted Mode" allows remote attackers to gain unauthorized system access via unknown attack vectors.
11-10-2017 - 01:30 16-11-2005 - 07:42
CVE-2005-2704 5.0
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface.
11-10-2017 - 01:30 23-09-2005 - 19:03
CVE-2005-2703 5.0
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smugglin
11-10-2017 - 01:30 23-09-2005 - 19:03
CVE-2005-2263 5.0
The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which ca
11-10-2017 - 01:30 13-07-2005 - 04:00
CVE-2005-3296 10.0
The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
11-10-2017 - 01:30 23-10-2005 - 21:02
CVE-2004-0758 5.0
Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is tr
11-10-2017 - 01:29 18-08-2004 - 04:00
CVE-2005-0593 2.6
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which caus
11-10-2017 - 01:29 04-03-2005 - 05:00
CVE-2003-0135 7.5
vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP wrappers (tcp_wrappers) but is installed as a standalone service, which inadvertently prevents vsftpd from restricting access as intended.
11-10-2017 - 01:29 11-04-2003 - 04:00
CVE-2005-0585 2.6
Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.
11-10-2017 - 01:29 25-03-2005 - 05:00
CVE-2005-0142 2.1
Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. conten
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2004-1156 4.3
Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up windo
11-10-2017 - 01:29 31-12-2004 - 05:00
CVE-2004-0760 6.4
Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI.
11-10-2017 - 01:29 18-08-2004 - 04:00
CVE-2005-0231 2.6
Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing."
11-10-2017 - 01:29 07-02-2005 - 05:00
CVE-2005-0584 2.6
Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks.
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2005-0527 5.1
Firefox 1.0 allows remote attackers to execute arbitrary code via plugins that load "privileged content" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka "Firescrolling."
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2005-0149 5.0
Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail me
11-10-2017 - 01:29 15-02-2005 - 05:00
CVE-2004-1345 7.2
Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) 2.1 for Solaris 8 and Solaris 9 allows local users with the "ESMUser" role to gain root access.
11-10-2017 - 01:29 21-06-2004 - 04:00
CVE-2003-0935 6.4
Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed.
11-10-2017 - 01:29 01-12-2003 - 05:00
CVE-2005-0588 5.0
Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2003-0722 10.0
The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.
11-10-2017 - 01:29 22-09-2003 - 04:00
CVE-2004-0164 5.0
KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message th
11-10-2017 - 01:29 03-03-2004 - 05:00
CVE-2004-0083 10.0
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CV
11-10-2017 - 01:29 03-03-2004 - 05:00
CVE-2003-0195 5.0
CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out.
11-10-2017 - 01:29 16-06-2003 - 04:00
CVE-2004-1153 10.0
Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an .ETD document containing format string specifiers in (1) title
11-10-2017 - 01:29 10-01-2005 - 05:00
CVE-2005-0591 2.6
Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka "Firespoofing."
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2004-0154 5.0
rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers to cause a denial of service (crash) via an NFS mount of a directory from a client whose reverse DNS lookup name is different from the forward lookup name.
11-10-2017 - 01:29 14-06-2004 - 04:00
CVE-2004-0084 10.0
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a d
11-10-2017 - 01:29 03-03-2004 - 05:00
CVE-2004-0521 10.0
SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php.
11-10-2017 - 01:29 18-08-2004 - 04:00
CVE-2005-0145 2.6
Firefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature.
11-10-2017 - 01:29 24-01-2005 - 05:00
CVE-2004-0010 7.2
Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges.
11-10-2017 - 01:29 03-03-2004 - 05:00
CVE-2004-0764 10.0
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files.
11-10-2017 - 01:29 18-08-2004 - 04:00
CVE-2004-0403 5.0
Racoon before 20040408a allows remote attackers to cause a denial of service (memory consumption) via an ISAKMP packet with a large length field.
11-10-2017 - 01:29 01-06-2004 - 04:00
CVE-2005-0590 5.0
The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequen
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2003-0468 5.0
Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes
11-10-2017 - 01:29 27-08-2003 - 04:00
CVE-2005-0402 2.6
Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page.
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2003-0136 2.1
psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file.
11-10-2017 - 01:29 05-05-2003 - 04:00
CVE-2004-0599 5.0
Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (applic
11-10-2017 - 01:29 23-11-2004 - 05:00
CVE-2005-0150 5.0
Firefox before 1.0 allows the user to store a (1) javascript: or (2) data: URLs as a Livefeed bookmark, then executes it in the security context of the currently loaded page when the user later accesses the bookmark, which could allow remote attacker
11-10-2017 - 01:29 26-05-2005 - 04:00
CVE-2004-0757 10.0
Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code.
11-10-2017 - 01:29 18-08-2004 - 04:00
CVE-2003-1023 7.5
Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code during symlink conversion.
11-10-2017 - 01:29 20-01-2004 - 05:00
CVE-2003-0973 5.0
Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string.
11-10-2017 - 01:29 15-12-2003 - 05:00
CVE-2005-0589 5.0
The Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete capability.
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2005-0230 5.1
Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execu
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2005-0143 2.6
Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.
11-10-2017 - 01:29 23-03-2005 - 05:00
CVE-2005-0255 5.0
String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2003-0848 4.6
Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used.
11-10-2017 - 01:29 17-11-2003 - 05:00
CVE-2005-0592 7.5
Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string t
11-10-2017 - 01:29 25-03-2005 - 05:00
CVE-2004-0155 7.5
The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-
11-10-2017 - 01:29 01-06-2004 - 04:00
CVE-2004-0110 7.5
Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.
11-10-2017 - 01:29 15-03-2004 - 05:00
CVE-2004-1357 5.0
The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not properly log IP addresses when SSHD is configured with the ListenAddress as 0.0.0.0, which makes it easier for remote attackers to hide the source of their activities.
11-10-2017 - 01:29 07-04-2004 - 04:00
CVE-2003-0992 4.3
Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users.
11-10-2017 - 01:29 17-02-2004 - 05:00
CVE-2004-1358 5.0
The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module (BSM), which allows attackers to avoid having their activity logged.
11-10-2017 - 01:29 12-03-2004 - 05:00
CVE-2003-0984 4.6
Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space.
11-10-2017 - 01:29 05-01-2004 - 05:00
CVE-2004-0763 5.0
Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method.
11-10-2017 - 01:29 18-08-2004 - 04:00
CVE-2004-0520 6.8
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.
11-10-2017 - 01:29 18-08-2004 - 04:00
CVE-2004-0762 5.0
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.
11-10-2017 - 01:29 18-08-2004 - 04:00
CVE-2004-0722 10.0
Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.
11-10-2017 - 01:29 18-08-2004 - 04:00
CVE-2003-0977 7.5
CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.
11-10-2017 - 01:29 05-01-2004 - 05:00
CVE-2004-0761 5.0
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted.
11-10-2017 - 01:29 18-08-2004 - 04:00
CVE-2004-0718 7.5
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other
11-10-2017 - 01:29 27-07-2004 - 04:00
CVE-2004-0938 5.0
FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet.
11-10-2017 - 01:29 03-11-2004 - 05:00
CVE-2003-0211 5.0
Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections.
11-10-2017 - 01:29 05-05-2003 - 04:00
CVE-2004-0519 6.8
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in
11-10-2017 - 01:29 18-08-2004 - 04:00
CVE-2004-0106 7.2
Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.
11-10-2017 - 01:29 03-03-2004 - 05:00
CVE-2005-0141 2.6
Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab.
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2003-0965 6.8
Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities.
11-10-2017 - 01:29 17-02-2004 - 05:00
CVE-2005-0148 5.0
Thunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is in
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2004-1380 5.0
Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoo
11-10-2017 - 01:29 20-10-2004 - 04:00
CVE-2004-1346 2.1
The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users to cause a denial of service (kernel panic) via a malformed probe request to the SVM.
11-10-2017 - 01:29 19-06-2004 - 04:00
CVE-2005-0586 2.6
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2004-0097 10.0
Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
11-10-2017 - 01:29 03-03-2004 - 05:00
CVE-2004-0003 4.6
Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking."
11-10-2017 - 01:29 03-03-2004 - 05:00
CVE-2004-0653 2.1
Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by r
11-10-2017 - 01:29 06-08-2004 - 04:00
CVE-2004-0107 4.6
The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108.
11-10-2017 - 01:29 15-04-2004 - 04:00
CVE-2004-0598 5.0
The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference.
11-10-2017 - 01:29 23-11-2004 - 05:00
CVE-2005-0144 2.6
Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2004-1381 5.0
Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other
11-10-2017 - 01:29 20-10-2004 - 04:00
CVE-2005-0147 7.5
Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials.
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2004-0368 10.0
Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and other operating systems allows remote attackers to execute arbitrary code via a crafted XDMCP packet.
11-10-2017 - 01:29 04-05-2004 - 04:00
CVE-2003-0540 5.0
The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Error
11-10-2017 - 01:29 27-08-2003 - 04:00
CVE-2002-0651 7.5
Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.
10-10-2017 - 01:30 03-07-2002 - 04:00
CVE-2002-0906 7.5
Buffer overflow in Sendmail before 8.12.5, when configured to use a custom DNS map to query TXT records, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malicious DNS server.
10-10-2017 - 01:30 04-10-2002 - 04:00
CVE-2002-0090 7.2
Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option.
10-10-2017 - 01:30 15-03-2002 - 05:00
CVE-2002-1265 5.0
The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang).
10-10-2017 - 01:30 12-11-2002 - 05:00
CVE-2001-1328 7.5
Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows remote attackers to execute arbitrary code.
10-10-2017 - 01:30 22-06-2001 - 04:00
CVE-2002-1117 5.0
Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.
10-10-2017 - 01:30 04-10-2002 - 04:00
CVE-2004-0189 7.5
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the acce
10-10-2017 - 01:30 15-03-2004 - 05:00
CVE-2004-0111 5.0
gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.
10-10-2017 - 01:30 15-04-2004 - 04:00
CVE-2004-0001 7.2
Unknown vulnerability in the eflags checking in the 32-bit ptrace emulation for the Linux kernel on AMD64 systems allows local users to gain privileges.
10-10-2017 - 01:30 17-02-2004 - 05:00
CVE-2003-0924 3.7
netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.
10-10-2017 - 01:30 17-02-2004 - 05:00
CVE-2003-0988 7.5
Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file.
10-10-2017 - 01:30 17-02-2004 - 05:00
CVE-2004-0078 7.5
Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages.
10-10-2017 - 01:30 03-03-2004 - 05:00
CVE-2004-0075 2.1
The Vicam USB driver in Linux before 2.4.25 does not use the copy_from_user function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service.
10-10-2017 - 01:30 15-03-2004 - 05:00
CVE-1999-0815 5.0
Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries.
10-10-2017 - 01:29 31-12-1999 - 05:00
CVE-2001-0803 10.0
Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands.
10-10-2017 - 01:29 06-12-2001 - 05:00
CVE-2001-0414 10.0
Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.
10-10-2017 - 01:29 18-06-2001 - 04:00
CVE-2009-1427 4.9
Unspecified vulnerability in HP-UX B.11.31 allows local users to cause a denial of service (system crash) via unknown vectors related to the ttrace system call.
29-09-2017 - 01:34 12-08-2009 - 10:30
CVE-2009-0773 10.0
The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some
29-09-2017 - 01:34 05-03-2009 - 02:30
CVE-2009-0798 5.0
ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop.
29-09-2017 - 01:34 24-04-2009 - 15:30
CVE-2009-0775 10.0
Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not
29-09-2017 - 01:34 05-03-2009 - 02:30
CVE-2009-0777 5.8
Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers
29-09-2017 - 01:34 05-03-2009 - 02:30
CVE-2009-0207 6.8
Unspecified vulnerability in HP-UX B.11.11 running VERITAS Oracle Disk Manager (VRTSodm) 3.5, B.11.23 running VRTSodm 4.1 or VERITAS File System (VRTSvxfs) 4.1, B.11.23 running VRTSodm 5.0 or VRTSvxfs 5.0, and B.11.31 running VRTSodm 5.0 allows local
29-09-2017 - 01:33 25-03-2009 - 01:30
CVE-2009-0418 9.3
The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity), read p
29-09-2017 - 01:33 04-02-2009 - 19:30
CVE-2009-0719 6.0
Unspecified vulnerability in useradd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and directories via unknown vectors, a different issue than CVE-2008-1660.
29-09-2017 - 01:33 29-04-2009 - 15:30
CVE-2008-4416 4.6
Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.
29-09-2017 - 01:32 05-12-2008 - 00:30
CVE-2008-4116 9.3
Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 o
29-09-2017 - 01:32 18-09-2008 - 15:04
CVE-2008-2929 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Dir
29-09-2017 - 01:31 29-08-2008 - 18:41
CVE-2008-2928 10.0
Multiple buffer overflows in the adminutil library in CGI applications in Red Hat Directory Server 7.1 before SP7 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted Accept-Language HTTP
29-09-2017 - 01:31 29-08-2008 - 18:41
CVE-2008-2930 7.1
Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests with patterns, related to
29-09-2017 - 01:31 29-08-2008 - 18:41
CVE-2008-3283 7.8
Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authent
29-09-2017 - 01:31 29-08-2008 - 18:41
CVE-2008-2476 9.3
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origi
29-09-2017 - 01:31 03-10-2008 - 15:07
CVE-2008-1659 7.2
Unspecified vulnerability in HP LDAP-UX vB.04.10 through vB.04.15 allows local users to gain privileges via unknown vectors.
29-09-2017 - 01:30 08-05-2008 - 00:20
CVE-2008-1664 7.8
Unspecified vulnerability in libc on HP HP-UX B.11.23 and B.11.31 allows remote attackers to cause a denial of service via unknown vectors.
29-09-2017 - 01:30 08-08-2008 - 19:41
CVE-2008-0718 4.7
Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in Sun Solaris 9 and 10, when 64-bit mode is enabled, allows local users to cause a denial of service (panic) via unspecified vectors.
29-09-2017 - 01:30 12-02-2008 - 02:00
CVE-2007-5237 7.1
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka "two vulne
29-09-2017 - 01:29 06-10-2007 - 00:17
CVE-2007-4125 7.1
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause an unspecified denial of service via unknown vectors.
29-09-2017 - 01:29 01-08-2007 - 16:17
CVE-2013-2449 4.3
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. NOTE: the previous inform
19-09-2017 - 01:36 18-06-2013 - 22:55
CVE-2013-2400 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-3744. P
19-09-2017 - 01:36 18-06-2013 - 22:55
CVE-2013-2462 9.3
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Per: http://
19-09-2017 - 01:36 18-06-2013 - 22:55
CVE-2013-2434 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
19-09-2017 - 01:36 17-04-2013 - 18:55
CVE-2013-2460 9.3
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Servicea
19-09-2017 - 01:36 18-06-2013 - 22:55
CVE-2013-2458 5.8
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. NOTE: the p
19-09-2017 - 01:36 18-06-2013 - 22:55
CVE-2013-1590 2.9
Buffer overflow in the NTLMSSP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet.
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1586 2.9
The fragment_set_tot_len function in epan/reassemble.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly determine the length of a reassembled packet for the DTLS dissector, which allows remote attackers to cause a denial of s
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1582 2.9
The dissect_clnp function in epan/dissectors/packet-clnp.c in the CLNP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly manage an offset variable, which allows remote attackers to cause a denial of service (infinite
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1576 2.9
The dissect_sdp_media_attribute function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly process crypto-suite parameters, which allows remote attackers to cause a denial o
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1572 2.9
The dissect_oampdu_event_notification function in epan/dissectors/packet-slowprotocols.c in the IEEE 802.3 Slow Protocols dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle certain short lengths, which allows r
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1579 2.9
The rtps_util_add_bitmap function in epan/dissectors/packet-rtps.c in the RTPS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly implement certain nested loops for processing bitmap data, which allows remote attacker
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1489 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very Hig
19-09-2017 - 01:36 31-01-2013 - 14:55
CVE-2013-1587 2.9
The dissect_rohc_ir_packet function in epan/dissectors/packet-rohc.c in the ROHC dissector in Wireshark 1.8.x before 1.8.5 does not properly handle unknown profiles, which allows remote attackers to cause a denial of service (application crash) via a
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1589 2.9
Double free vulnerability in epan/proto.c in the dissection engine in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet.
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1578 2.9
The dissect_pw_eth_heuristic function in epan/dissectors/packet-pw-eth.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle apparent Ethernet address values at the beginning of MPLS data, which allows remote attackers to
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1588 2.9
Multiple buffer overflows in the dissect_pft_fec_detailed function in the DCP-ETSI dissector in epan/dissectors/packet-dcp-etsi.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allow remote attackers to cause a denial of service (application
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1581 2.9
The dissect_pft_fec_detailed function in epan/dissectors/packet-dcp-etsi.c in the DCP-ETSI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle fragment gaps, which allows remote attackers to cause a denial of se
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1484 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
19-09-2017 - 01:36 20-02-2013 - 21:55
CVE-2013-1585 2.9
epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly validate certain length values for the MS-MMC dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1580 2.9
The dissect_cmstatus_tlv function in plugins/docsis/packet-cmstatus.c in the DOCSIS CM-STATUS dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a position variable, which allows remote attackers to caus
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-2268 7.5
Unspecified vulnerability in the MathML implementation in WebKit in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, has unknown impact and remote attack vectors, related to a "high severity security issue.
19-09-2017 - 01:36 23-02-2013 - 21:55
CVE-2013-1667 7.5
The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
19-09-2017 - 01:36 14-03-2013 - 03:13
CVE-2013-1584 2.9
The dissect_version_5_and_6_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of ser
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1574 2.9
The dissect_bthci_eir_ad_data function in epan/dissectors/packet-bthci_cmd.c in the Bluetooth HCI dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 uses an incorrect data type for a counter variable, which allows remote attackers to c
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1573 2.9
The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a large number of padding bits, which allows remote attackers to cause a denial o
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1575 2.9
The dissect_r3_cmd_alarmconfigure function in epan/dissectors/packet-assa_r3.c in the R3 dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle a certain alarm length, which allows remote attackers to cause a denia
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1583 2.9
The dissect_version_4_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1485 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries. Per vendor Note 1 "Applies to client deployment
19-09-2017 - 01:36 20-02-2013 - 21:55
CVE-2013-1577 2.9
The dissect_sip_p_charging_func_addresses function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle offset data associated with a quoted string, which allows remote
19-09-2017 - 01:36 03-02-2013 - 01:55
CVE-2013-1491 10.0
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as d
19-09-2017 - 01:36 08-03-2013 - 18:55
CVE-2012-5885 5.0
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce)
19-09-2017 - 01:35 17-11-2012 - 19:55
CVE-2012-5157 4.3
Google Chrome before 24.0.1312.52 does not properly handle image data in PDF documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.
19-09-2017 - 01:35 15-01-2013 - 21:55
CVE-2012-5151 6.8
Integer overflow in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code in a PDF document.
19-09-2017 - 01:35 15-01-2013 - 21:55
CVE-2012-4159 10.0
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
19-09-2017 - 01:35 15-08-2012 - 10:31
CVE-2012-5156 6.8
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving PDF fields.
19-09-2017 - 01:35 15-01-2013 - 21:55
CVE-2012-4157 10.0
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
19-09-2017 - 01:35 15-08-2012 - 10:31
CVE-2012-4155 10.0
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
19-09-2017 - 01:35 15-08-2012 - 10:31
CVE-2012-4152 10.0
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
19-09-2017 - 01:35 15-08-2012 - 10:31
CVE-2012-4154 10.0
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
19-09-2017 - 01:35 15-08-2012 - 10:31
CVE-2012-4156 10.0
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
19-09-2017 - 01:35 15-08-2012 - 10:31
CVE-2012-4431 4.3
org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
19-09-2017 - 01:35 19-12-2012 - 11:55
CVE-2012-4150 10.0
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
19-09-2017 - 01:35 15-08-2012 - 10:31
CVE-2012-4148 10.0
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
19-09-2017 - 01:35 15-08-2012 - 10:31
CVE-2012-4158 10.0
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
19-09-2017 - 01:35 15-08-2012 - 10:31
CVE-2012-4534 2.6
org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by termi
19-09-2017 - 01:35 19-12-2012 - 11:55
CVE-2012-4153 10.0
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
19-09-2017 - 01:35 15-08-2012 - 10:31
CVE-2012-4151 10.0
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
19-09-2017 - 01:35 15-08-2012 - 10:31
CVE-2012-4149 10.0
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
19-09-2017 - 01:35 15-08-2012 - 10:31
CVE-2012-4160 10.0
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
19-09-2017 - 01:35 15-08-2012 - 10:31
CVE-2012-4147 10.0
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051,
19-09-2017 - 01:35 15-08-2012 - 10:31
CVE-2012-3546 4.3
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then
19-09-2017 - 01:35 19-12-2012 - 11:55
CVE-2013-0921 6.8
The Isolated Sites feature in Google Chrome before 26.0.1410.43 does not properly enforce the use of separate processes, which makes it easier for remote attackers to bypass intended access restrictions via a crafted web site.
19-09-2017 - 01:35 28-03-2013 - 12:18
CVE-2013-0905 7.5
Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG animation.
19-09-2017 - 01:35 05-03-2013 - 21:55
CVE-2013-0912 7.5
WebKit in Google Chrome before 25.0.1364.160 allows remote attackers to execute arbitrary code via vectors that leverage "type confusion."
19-09-2017 - 01:35 11-03-2013 - 10:55
CVE-2013-0904 7.5
The Web Audio implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:35 05-03-2013 - 21:55
CVE-2013-0906 7.5
The IndexedDB implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:35 05-03-2013 - 21:55
CVE-2013-0842 10.0
Google Chrome before 24.0.1312.56 does not properly handle %00 characters in pathnames, which has unspecified impact and attack vectors.
19-09-2017 - 01:35 24-01-2013 - 21:55
CVE-2013-0829 6.4
Google Chrome before 24.0.1312.52 does not properly maintain database metadata, which allows remote attackers to bypass intended file-access restrictions via unspecified vectors.
19-09-2017 - 01:35 15-01-2013 - 21:55
CVE-2013-0920 7.5
Use-after-free vulnerability in the extension bookmarks API in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:35 28-03-2013 - 12:18
CVE-2013-0910 7.5
Google Chrome before 25.0.1364.152 does not properly manage the interaction between the browser process and renderer processes during authorization of the loading of a plug-in, which makes it easier for remote attackers to bypass intended access rest
19-09-2017 - 01:35 05-03-2013 - 21:55
CVE-2013-0903 7.5
Use-after-free vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of browser navigation.
19-09-2017 - 01:35 05-03-2013 - 21:55
CVE-2013-0922 7.5
Google Chrome before 26.0.1410.43 does not properly restrict brute-force access attempts against web sites that require HTTP Basic Authentication, which has unspecified impact and attack vectors.
19-09-2017 - 01:35 28-03-2013 - 12:18
CVE-2013-0840 10.0
Google Chrome before 24.0.1312.56 does not validate URLs during the opening of new windows, which has unspecified impact and remote attack vectors.
19-09-2017 - 01:35 24-01-2013 - 21:55
CVE-2013-0908 7.5
Google Chrome before 25.0.1364.152 does not properly manage bindings of extension processes, which has unspecified impact and attack vectors.
19-09-2017 - 01:35 05-03-2013 - 21:55
CVE-2013-0918 6.8
Google Chrome before 26.0.1410.43 does not prevent navigation to developer tools in response to a drag-and-drop operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site.
19-09-2017 - 01:35 28-03-2013 - 12:18
CVE-2013-0907 7.5
Race condition in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media threads.
19-09-2017 - 01:35 05-03-2013 - 21:55
CVE-2013-0926 6.8
Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site.
19-09-2017 - 01:35 28-03-2013 - 12:18
CVE-2013-0828 6.8
The PDF functionality in Google Chrome before 24.0.1312.52 does not properly perform a cast of an unspecified variable during processing of the root of the structure tree, which allows remote attackers to cause a denial of service or possibly have un
19-09-2017 - 01:35 15-01-2013 - 21:55
CVE-2013-0909 5.0
The XSS Auditor in Google Chrome before 25.0.1364.152 allows remote attackers to obtain sensitive HTTP Referer information via unspecified vectors.
19-09-2017 - 01:35 05-03-2013 - 21:55
CVE-2013-0923 5.0
The USB Apps API in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors.
19-09-2017 - 01:35 28-03-2013 - 12:18
CVE-2013-0841 7.5
Array index error in the content-blocking functionality in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:35 24-01-2013 - 21:55
CVE-2013-0925 7.5
Google Chrome before 26.0.1410.43 does not ensure that an extension has the tabs (aka APIPermission::kTab) permission before providing a URL to this extension, which has unspecified impact and remote attack vectors.
19-09-2017 - 01:35 28-03-2013 - 12:18
CVE-2013-0902 7.5
Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 25.0.1364.152 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:35 05-03-2013 - 21:55
CVE-2013-0911 7.5
Directory traversal vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to have an unspecified impact via vectors related to databases.
19-09-2017 - 01:35 05-03-2013 - 21:55
CVE-2013-0917 5.0
The URL loader in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
19-09-2017 - 01:35 28-03-2013 - 12:18
CVE-2013-0916 7.5
Use-after-free vulnerability in the Web Audio implementation in Google Chrome before 26.0.1410.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
19-09-2017 - 01:35 28-03-2013 - 12:18
CVE-2013-0924 7.5
The extension functionality in Google Chrome before 26.0.1410.43 does not verify that use of the permissions API is consistent with file permissions, which has unspecified impact and attack vectors.
19-09-2017 - 01:35 28-03-2013 - 12:18
CVE-2013-0839 7.5
Use-after-free vulnerability in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of fonts in CANVAS elements.
19-09-2017 - 01:35 24-01-2013 - 21:55
CVE-2013-0640 9.3
Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February
19-09-2017 - 01:35 14-02-2013 - 01:55
CVE-2013-0612 10.0
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0606, CVE-2013-0615, CVE-2013-0617, a
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0618 10.0
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0607, CVE-2013-0608, CVE-2013
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0610 10.0
Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0626.
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0601 10.0
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CV
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0622 10.0
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-0624.
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0607 10.0
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0608, CVE-2013-0611, CVE-2013
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0444 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. NOTE
19-09-2017 - 01:35 02-02-2013 - 00:55
CVE-2013-0616 10.0
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CV
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0605 10.0
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CV
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0437 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to
19-09-2017 - 01:35 02-02-2013 - 00:55
CVE-2013-0619 10.0
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CV
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0449 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. Per http://www.oracle.com/technetwork/topics/
19-09-2017 - 01:35 02-02-2013 - 00:55
CVE-2013-0623 10.0
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CV
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0611 10.0
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0607, CVE-2013-0608, CVE-2013
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0641 9.3
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013.
19-09-2017 - 01:35 14-02-2013 - 01:55
CVE-2013-0621 10.0
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0606, CVE-2013-0612, CVE-2013-0615, a
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0620 10.0
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CV
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0603 10.0
Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0604.
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0617 10.0
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0606, CVE-2013-0612, CVE-2013-0615, a
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0602 10.0
Use-after-free vulnerability in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors.
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0624 10.0
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-0622.
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0613 10.0
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0609.
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0401 10.0
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demo
19-09-2017 - 01:35 08-03-2013 - 18:55
CVE-2013-0627 7.2
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows local users to gain privileges via unknown vectors.
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0604 10.0
Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0603.
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0431 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Iss
19-09-2017 - 01:35 31-01-2013 - 14:55
CVE-2013-0606 10.0
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0612, CVE-2013-0615, CVE-2013-0617, a
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0614 10.0
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0607, CVE-2013-0608, CVE-2013
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0609 10.0
Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0613.
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0615 10.0
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0606, CVE-2013-0612, CVE-2013-0617, a
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0626 10.0
Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0610.
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2013-0608 10.0
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0607, CVE-2013-0611, CVE-2013
19-09-2017 - 01:35 10-01-2013 - 11:56
CVE-2011-4159 6.8
Unspecified vulnerability in System Administration Manager (SAM) in EMS before A.04.20.11.04_01 on HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors.
19-09-2017 - 01:34 19-11-2011 - 03:58
CVE-2012-1525 10.0
Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
19-09-2017 - 01:34 15-08-2012 - 10:31
CVE-2012-1699 3.6
The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of se
19-09-2017 - 01:34 21-12-2012 - 05:46
CVE-2012-2746 2.1
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated us
19-09-2017 - 01:34 03-07-2012 - 16:40
CVE-2012-2678 1.2
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#use
19-09-2017 - 01:34 03-07-2012 - 16:40
CVE-2012-2051 10.0
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4147,
19-09-2017 - 01:34 15-08-2012 - 10:31
CVE-2012-2050 10.0
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
19-09-2017 - 01:34 15-08-2012 - 10:31
CVE-2012-1530 10.0
Heap-based buffer overflow in the XSLT engine in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PDF file containi
19-09-2017 - 01:34 10-01-2013 - 11:56
CVE-2012-2733 5.0
java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of servic
19-09-2017 - 01:34 16-11-2012 - 21:55
CVE-2012-2049 10.0
Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.
19-09-2017 - 01:34 15-08-2012 - 10:31
CVE-2011-3164 6.8
Unspecified vulnerability in HP-UX Containers (formerly HP-UX Secure Resource Partitions (SRP)) A.03.00, A.03.00.002, and A.03.01, when running with patch PHKL_42310, allows local users to gain privileges via unknown vectors. Per: http://h20565.www2.
19-09-2017 - 01:33 04-11-2011 - 21:55
CVE-2011-2992 10.0
The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products allows remote attackers to cause a denial of service (memory corruption and application crash) or possi
19-09-2017 - 01:33 18-08-2011 - 18:55
CVE-2011-2398 6.8
Unspecified vulnerability in the dynamic loader in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges or cause a denial of service via unknown vectors.
19-09-2017 - 01:33 11-07-2011 - 20:55
CVE-2011-0547 10.0
Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster
19-09-2017 - 01:32 19-08-2011 - 21:55
CVE-2010-3563 10.0
Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained
19-09-2017 - 01:31 19-10-2010 - 22:00
CVE-2010-4422 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
19-09-2017 - 01:31 17-02-2011 - 19:00
CVE-2010-4108 6.8
HP HP-UX B.11.11, B.11.23, and B.11.31 does not properly support threaded processes, which allows remote authenticated users to cause a denial of service via unspecified vectors.
19-09-2017 - 01:31 08-12-2010 - 18:00
CVE-2010-3570 7.6
Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
19-09-2017 - 01:31 19-10-2010 - 22:00
CVE-2010-5107 5.0
The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodi
19-09-2017 - 01:31 07-03-2013 - 20:55
CVE-2010-3555 9.3
Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained
19-09-2017 - 01:31 19-10-2010 - 22:00
CVE-2010-3564 6.4
Unspecified vulnerability in the Oracle Communications Messaging Server (Sun Java System Messaging Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webma
19-09-2017 - 01:31 14-10-2010 - 18:00
CVE-2010-3558 10.0
Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
19-09-2017 - 01:31 19-10-2010 - 22:00
CVE-2010-3560 2.6
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors. Per: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176
19-09-2017 - 01:31 19-10-2010 - 22:00
CVE-2010-3552 10.0
Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Per: http://www.oracle.com/technetwork
19-09-2017 - 01:31 19-10-2010 - 22:00
CVE-2010-2712 6.8
Unspecified vulnerability in Software Distributor (sd) in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors.
19-09-2017 - 01:31 30-08-2010 - 21:00
CVE-2010-2931 9.3
Stack-based buffer overflow in SigPlus Pro 3.74 ActiveX control allows remote attackers to execute arbitrary code via a long eighth argument (HexString) to the LCDWriteString method.
19-09-2017 - 01:31 05-08-2010 - 13:23
CVE-2010-2935 9.3
simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or pos
19-09-2017 - 01:31 25-08-2010 - 20:00
CVE-2010-1820 6.8
Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through 10.6.4 does not properly handle errors, which allows remote attackers to bypass the password requirement for shared-folder access by leveraging knowledge of a valid account name.
19-09-2017 - 01:30 21-09-2010 - 20:00
CVE-2010-1141 8.5
VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; V
19-09-2017 - 01:30 12-04-2010 - 18:30
CVE-2010-1447 8.5
The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows
19-09-2017 - 01:30 19-05-2010 - 18:30
CVE-2010-1168 7.5
The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and
19-09-2017 - 01:30 21-06-2010 - 16:30
CVE-2010-0826 1.9
The Free Software Foundation (FSF) Berkeley DB NSS module (aka libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid
19-09-2017 - 01:30 05-04-2010 - 15:30
CVE-2010-0382 7.6
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to ha
19-09-2017 - 01:30 22-01-2010 - 22:00
CVE-2010-0097 4.3
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a f
19-09-2017 - 01:30 22-01-2010 - 22:00
CVE-2010-1030 4.4
Unspecified vulnerability in HP-UX B.11.31, with AudFilter rules enabled, allows local users to cause a denial of service via unknown vectors.
19-09-2017 - 01:30 31-03-2010 - 18:00
CVE-2010-0742 7.5
The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid
19-09-2017 - 01:30 03-06-2010 - 14:30
CVE-2010-0451 4.0
The installation process for NFS/ONCplus B.11.31_08 and earlier on HP HP-UX B.11.31 changes the NFS_SERVER setting in the nfsconf file, which might allow remote attackers to obtain filesystem access via NFS requests.
19-09-2017 - 01:30 29-03-2010 - 22:30
CVE-2009-4565 7.5
sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a
19-09-2017 - 01:29 04-01-2010 - 21:30
CVE-2009-4184 6.2
Unspecified vulnerability in HP Enterprise Cluster Master Toolkit (ECMT) B.05.00 on HP-UX B.11.23 (11i v2) and HP-UX B.11.31 (11i v3) allows local users to gain access to an Oracle or Sybase database via unknown vectors.
19-09-2017 - 01:29 03-02-2010 - 18:30
CVE-2009-3880 5.0
The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitiv
19-09-2017 - 01:29 09-11-2009 - 19:30
CVE-2009-3884 5.0
The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265.
19-09-2017 - 01:29 09-11-2009 - 19:30
CVE-2009-4355 5.0
Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to
19-09-2017 - 01:29 14-01-2010 - 19:30
CVE-2009-3886 7.5
The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP (1) application or (2) applet, which has unspecified impact and attack vectors, related to a "regression
19-09-2017 - 01:29 09-11-2009 - 19:30
CVE-2009-2682 7.2
Unspecified vulnerability in Role-Based Access Control (RBAC) in HP HP-UX B.11.23 and B.11.31 allows local users to bypass intended access restrictions via unknown vectors.
19-09-2017 - 01:29 24-09-2009 - 18:30
CVE-2009-3881 7.5
Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak v
19-09-2017 - 01:29 09-11-2009 - 19:30
CVE-2009-2905 4.6
Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cause a denial of service (application crash) or possibly execute arbitrary code via a request to display a crafted text dialog box.
19-09-2017 - 01:29 29-09-2009 - 19:30
CVE-2009-3729 5.0
Unspecified vulnerability in the TrueType font parsing functionality in Sun Java SE 5.0 before Update 22 and 6 before Update 17 allows remote attackers to cause a denial of service (application crash) via a certain test suite, aka Bug Id 6815780.
19-09-2017 - 01:29 09-11-2009 - 19:30
CVE-2009-3245 10.0
OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent at
19-09-2017 - 01:29 05-03-2010 - 19:30
CVE-2009-3885 5.0
Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows allows remote attackers to cause a denial of service via a BMP file containing a link to a UNC share pathname for an International Color Consortium (ICC) profile file, probably a rela
19-09-2017 - 01:29 09-11-2009 - 19:30
CVE-2009-3879 7.5
Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are re
19-09-2017 - 01:29 09-11-2009 - 19:30
CVE-2009-2817 9.3
Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .pls file.
19-09-2017 - 01:29 24-09-2009 - 18:30
CVE-2009-2695 7.2
The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that target page zero and other low memory addresses, which allows local users to gain privileges by exploiting NULL pointer dereference vulnerabilities, related to (1) the
19-09-2017 - 01:29 28-08-2009 - 15:30
CVE-2009-3866 9.3
The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP fil
19-09-2017 - 01:29 05-11-2009 - 16:30
CVE-2009-3286 4.6
NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privi
19-09-2017 - 01:29 22-09-2009 - 10:30
CVE-2009-3736 6.9
ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a T
19-09-2017 - 01:29 29-11-2009 - 13:07
CVE-2009-2679 7.8
Unspecified vulnerability in bootpd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service via unknown attack vectors.
19-09-2017 - 01:29 05-10-2009 - 18:30
CVE-2009-3563 6.4
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchang
19-09-2017 - 01:29 09-12-2009 - 18:30
CVE-1999-0621 5.0
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration En
01-08-2008 - 04:00 01-01-1999 - 05:00
Back to Top Mark selected
Back to Top