Max CVSS | 10.0 | Min CVSS | 1.2 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2004-0778 | 5.0 |
CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.
|
14-02-2024 - 15:07 | 20-10-2004 - 04:00 | |
CVE-2005-3313 | 5.0 |
The IRC protocol dissector in Ethereal 0.10.13 allows remote attackers to cause a denial of service (infinite loop).
|
14-02-2024 - 01:17 | 01-11-2005 - 12:47 | |
CVE-2005-0009 | 5.0 |
Unknown vulnerability in the Gnutella dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (application crash).
|
14-02-2024 - 01:17 | 02-05-2005 - 04:00 | |
CVE-2005-0008 | 5.0 |
Unknown vulnerability in the DNP dissector in Ethereal 0.10.5 through 0.10.8 allows remote attackers to cause "memory corruption."
|
14-02-2024 - 01:17 | 02-05-2005 - 04:00 | |
CVE-2003-0432 | 10.0 |
Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors.
|
14-02-2024 - 01:17 | 24-07-2003 - 04:00 | |
CVE-2007-2442 | 10.0 |
The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cl
|
09-02-2024 - 03:23 | 26-06-2007 - 22:30 | |
CVE-2009-0846 | 10.0 |
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code
|
09-02-2024 - 03:21 | 09-04-2009 - 00:30 | |
CVE-2009-1837 | 9.3 |
Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading,
|
02-02-2024 - 16:03 | 12-06-2009 - 21:30 | |
CVE-2009-3560 | 5.0 |
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that
|
01-11-2023 - 17:16 | 04-12-2009 - 21:30 | |
CVE-2010-1436 | 4.9 |
gfs2 in the Linux kernel 2.6.18, and possibly other versions, does not properly handle when the gfs2_quota struct occupies two separate pages, which allows local users to cause a denial of service (kernel panic) via certain manipulations that cause a
|
13-02-2023 - 04:17 | 21-05-2010 - 17:30 | |
CVE-2010-0733 | 3.5 |
Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related
|
13-02-2023 - 04:16 | 19-03-2010 - 19:30 | |
CVE-2008-3527 | 4.6 |
arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 does not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vec
|
13-02-2023 - 02:19 | 05-11-2008 - 15:00 | |
CVE-2007-0450 | 5.0 |
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence
|
13-02-2023 - 02:17 | 16-03-2007 - 22:19 | |
CVE-2006-3467 | 7.5 |
Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PCF file, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861.
|
13-02-2023 - 02:16 | 21-07-2006 - 14:03 | |
CVE-2009-2687 | 4.3 |
The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.
|
19-01-2023 - 16:38 | 05-08-2009 - 19:30 | |
CVE-2005-1990 | 5.1 |
Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, inc
|
23-07-2021 - 12:18 | 10-08-2005 - 04:00 | |
CVE-2007-6421 | 3.5 |
Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the U
|
06-06-2021 - 11:15 | 08-01-2008 - 19:46 | |
CVE-2004-0493 | 6.4 |
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header
|
06-06-2021 - 11:15 | 06-08-2004 - 04:00 | |
CVE-2004-0179 | 6.8 |
Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code.
|
13-10-2020 - 16:52 | 01-06-2004 - 04:00 | |
CVE-2004-0457 | 4.6 |
The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
|
17-12-2019 - 17:11 | 28-09-2004 - 04:00 | |
CVE-2001-0241 | 10.0 |
Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0.
|
30-04-2019 - 14:27 | 27-06-2001 - 04:00 | |
CVE-2006-1313 | 6.8 |
Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary
|
30-04-2019 - 14:27 | 13-06-2006 - 19:06 | |
CVE-2007-1358 | 2.6 |
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform
|
25-03-2019 - 11:29 | 10-05-2007 - 00:19 | |
CVE-2009-4536 | 7.8 |
drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypas
|
16-11-2018 - 15:51 | 12-01-2010 - 17:30 | |
CVE-2007-3698 | 7.8 |
The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of serv
|
30-10-2018 - 16:26 | 11-07-2007 - 22:30 | |
CVE-2009-3373 | 10.0 |
Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors.
|
30-10-2018 - 16:25 | 29-10-2009 - 14:30 | |
CVE-2004-0595 | 6.8 |
The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explore
|
30-10-2018 - 16:25 | 27-07-2004 - 04:00 | |
CVE-2007-3998 | 5.0 |
The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certai
|
26-10-2018 - 13:59 | 04-09-2007 - 18:17 | |
CVE-2005-2708 | 2.1 |
The search_binary_handler function in exec.c in Linux 2.4 kernel on 64-bit x86 architectures does not check a return code for a particular function call when virtual memory is low, which allows local users to cause a denial of service (panic), as dem
|
19-10-2018 - 15:33 | 25-10-2005 - 18:02 | |
CVE-2005-0546 | 7.5 |
Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow i
|
19-10-2018 - 15:31 | 02-05-2005 - 04:00 | |
CVE-2005-0088 | 7.5 |
The publisher handler for mod_python 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL.
|
19-10-2018 - 15:31 | 02-05-2005 - 04:00 | |
CVE-2005-0237 | 5.0 |
The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from o
|
19-10-2018 - 15:31 | 02-05-2005 - 04:00 | |
CVE-2005-1762 | 2.1 |
The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform allows local users to cause a denial of service (kernel crash) via a "non-canonical" address.
|
19-10-2018 - 15:31 | 02-08-2005 - 04:00 | |
CVE-2004-0750 | 7.5 |
Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares are exported to multiple hosts, can produce incorrect permissions and prevent the all_squash option from being applied.
|
19-10-2018 - 15:30 | 20-10-2004 - 04:00 | |
CVE-2006-2313 | 7.5 |
PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte charact
|
18-10-2018 - 16:39 | 24-05-2006 - 10:06 | |
CVE-2006-2426 | 6.4 |
Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of ar
|
18-10-2018 - 16:39 | 17-05-2006 - 10:06 | |
CVE-2006-6498 | 6.8 |
Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to
|
17-10-2018 - 21:48 | 20-12-2006 - 01:28 | |
CVE-2006-4569 | 2.6 |
The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduc
|
17-10-2018 - 21:37 | 15-09-2006 - 19:07 | |
CVE-2006-3805 | 7.5 |
The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object
|
17-10-2018 - 21:30 | 27-07-2006 - 20:04 | |
CVE-2006-3803 | 5.1 |
Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temp
|
17-10-2018 - 21:30 | 27-07-2006 - 19:04 | |
CVE-2006-5868 | 9.3 |
Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image.
|
17-10-2018 - 17:51 | 22-11-2006 - 01:07 | |
CVE-2006-4093 | 4.9 |
Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the "HID0 attention enable on PPC970 at boot time." Upgrade to Linux Kernel version 2.4.33.1
|
17-10-2018 - 17:00 | 21-08-2006 - 21:04 | |
CVE-2007-3392 | 5.0 |
Wireshark before 0.99.6 allows remote attackers to cause a denial of service via malformed (1) SSL or (2) MMS packets that trigger an infinite loop.
|
16-10-2018 - 16:49 | 26-06-2007 - 00:30 | |
CVE-2007-1536 | 9.3 |
Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.
|
16-10-2018 - 16:38 | 20-03-2007 - 20:19 | |
CVE-2007-0800 | 4.3 |
Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocke
|
16-10-2018 - 16:34 | 07-02-2007 - 11:28 | |
CVE-2007-6118 | 7.8 |
The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors.
|
15-10-2018 - 21:50 | 23-11-2007 - 20:46 | |
CVE-2007-5794 | 4.3 |
Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was o
|
15-10-2018 - 21:46 | 13-11-2007 - 23:46 | |
CVE-2007-5269 | 5.0 |
Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle
|
15-10-2018 - 21:42 | 08-10-2007 - 21:17 | |
CVE-2007-5116 | 7.5 |
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.
|
15-10-2018 - 21:40 | 07-11-2007 - 23:46 | |
CVE-2006-0022 | 7.6 |
Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a ma
|
12-10-2018 - 21:38 | 13-06-2006 - 19:06 | |
CVE-2005-2123 | 7.5 |
Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format im
|
12-10-2018 - 21:37 | 29-11-2005 - 21:03 | |
CVE-2004-0124 | 2.6 |
The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."
|
12-10-2018 - 21:34 | 01-06-2004 - 04:00 | |
CVE-2003-0906 | 7.6 |
Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or E
|
12-10-2018 - 21:33 | 01-06-2004 - 04:00 | |
CVE-2009-0387 | 9.3 |
Array index error in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11 allows remote attackers to cause a denial of service (application crash) and possibly execute ar
|
11-10-2018 - 21:01 | 02-02-2009 - 19:30 | |
CVE-2008-3916 | 9.3 |
Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special pr
|
11-10-2018 - 20:50 | 04-09-2008 - 18:41 | |
CVE-2008-3146 | 10.0 |
Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid
|
11-10-2018 - 20:47 | 02-09-2008 - 14:24 | |
CVE-2008-2952 | 5.0 |
liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error.
|
11-10-2018 - 20:45 | 01-07-2008 - 21:41 | |
CVE-2008-2107 | 7.5 |
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subse
|
11-10-2018 - 20:39 | 07-05-2008 - 21:20 | |
CVE-2010-0837 | 7.5 |
Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Per: http://www.oracle.com
|
10-10-2018 - 19:53 | 01-04-2010 - 16:30 | |
CVE-2009-2847 | 4.9 |
The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive informati
|
10-10-2018 - 19:42 | 18-08-2009 - 21:00 | |
CVE-2009-1269 | 5.0 |
Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file.
|
10-10-2018 - 19:35 | 13-04-2009 - 16:30 | |
CVE-2009-0748 | 4.9 |
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate the superblock configuration, which allows local users to cause a denial of service (NULL pointer dereference and
|
10-10-2018 - 19:30 | 27-02-2009 - 17:30 | |
CVE-2009-0352 | 10.0 |
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbit
|
03-10-2018 - 21:58 | 04-02-2009 - 19:30 | |
CVE-2008-5317 | 10.0 |
Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain "number of entries" value, which is interpreted impr
|
03-10-2018 - 21:56 | 03-12-2008 - 17:30 | |
CVE-2007-5208 | 7.6 |
hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) 1.x and 2.x before 2.7.10 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a from address, which is not properly handled when invoking sen
|
03-10-2018 - 21:49 | 13-10-2007 - 00:17 | |
CVE-2007-4351 | 10.0 |
Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-ba
|
03-10-2018 - 21:47 | 31-10-2007 - 22:46 | |
CVE-2006-2276 | 4.9 |
bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to cause a denial of service (CPU consumption) via a certain sh ip bgp command entered in the telnet interface.
|
03-10-2018 - 21:40 | 10-05-2006 - 02:14 | |
CVE-2005-3656 | 10.0 |
Multiple format string vulnerabilities in logging functions in mod_auth_pgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to execute arbitrary code, as demonstrated via the us
|
03-10-2018 - 21:33 | 31-12-2005 - 05:00 | |
CVE-2005-3257 | 4.6 |
The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and possibly other versions including 2.6.14.4, allows local users to use the KDSKBSENT ioctl on terminals of other users and gain privileges, as demonstrated by modifying key bindings using
|
03-10-2018 - 21:31 | 18-10-2005 - 22:02 | |
CVE-2005-0749 | 7.2 |
The load_elf_library in the Linux kernel before 2.6.11.6 allows local users to cause a denial of service (kernel crash) via a crafted ELF library or executable, which causes a free of an invalid pointer.
|
03-10-2018 - 21:29 | 01-04-2005 - 05:00 | |
CVE-2004-1267 | 6.5 |
Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS 1.1.22 allows remote attackers to execute arbitrary code via a crafted HPGL file.
|
03-10-2018 - 21:29 | 10-01-2005 - 05:00 | |
CVE-2007-3100 | 2.1 |
usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 uses a semaphore with insecure permissions (world-writable/world-readable) for managing log messages using shared memory, which allows local users to cause a denial of service (
|
11-10-2017 - 01:32 | 14-06-2007 - 19:30 | |
CVE-2006-5297 | 1.2 |
Race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesyste
|
11-10-2017 - 01:31 | 16-10-2006 - 19:07 | |
CVE-2006-4380 | 2.1 |
MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects.
|
11-10-2017 - 01:31 | 28-08-2006 - 18:04 | |
CVE-2006-3463 | 7.8 |
The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large td_nstrips value,
|
11-10-2017 - 01:31 | 03-08-2006 - 01:04 | |
CVE-2007-1353 | 2.1 |
The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux kernel before 2.4.34.3 allows context-dependent attackers to read kernel memory and obtain sensitive information via unspecified vectors involving the copy_from_user function
|
11-10-2017 - 01:31 | 24-04-2007 - 16:19 | |
CVE-2007-1564 | 6.8 |
The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
|
11-10-2017 - 01:31 | 21-03-2007 - 19:19 | |
CVE-2005-4153 | 7.8 |
Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573.
|
11-10-2017 - 01:30 | 11-12-2005 - 02:03 | |
CVE-2005-1159 | 7.5 |
The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the w
|
11-10-2017 - 01:30 | 02-05-2005 - 04:00 | |
CVE-2005-1937 | 2.6 |
A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that wa
|
11-10-2017 - 01:30 | 14-06-2005 - 04:00 | |
CVE-2006-1857 | 9.0 |
Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed HB-ACK chunk.
|
11-10-2017 - 01:30 | 22-05-2006 - 16:06 | |
CVE-2005-1155 | 7.5 |
The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking."
|
11-10-2017 - 01:30 | 02-05-2005 - 04:00 | |
CVE-2005-0365 | 2.1 |
The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
CVE-2005-0588 | 5.0 |
Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
CVE-2004-0975 | 2.1 |
The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
|
11-10-2017 - 01:29 | 09-02-2005 - 05:00 | |
CVE-2004-0405 | 5.0 |
CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180.
|
11-10-2017 - 01:29 | 01-06-2004 - 04:00 | |
CVE-2005-0174 | 5.0 |
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not
|
11-10-2017 - 01:29 | 07-02-2005 - 05:00 | |
CVE-2005-0592 | 7.5 |
Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string t
|
11-10-2017 - 01:29 | 25-03-2005 - 05:00 | |
CVE-2004-0972 | 2.1 |
The lvmcreate_initrd script in the lvm package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
|
11-10-2017 - 01:29 | 09-02-2005 - 05:00 | |
CVE-2004-0685 | 4.6 |
Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage.
|
11-10-2017 - 01:29 | 23-12-2004 - 05:00 | |
CVE-2005-0103 | 7.5 |
PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code.
|
11-10-2017 - 01:29 | 24-01-2005 - 05:00 | |
CVE-2004-0491 | 2.1 |
The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly maintain the mlock page count when one process unlocks pages that belong to another process, which allows local users to mlock more memory than specified by the rlimit.
|
11-10-2017 - 01:29 | 31-12-2004 - 05:00 | |
CVE-2005-0202 | 5.0 |
Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are inten
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
CVE-2005-0180 | 3.6 |
Multiple integer signedness errors in the sg_scsi_ioctl function in scsi_ioctl.c for Linux 2.6.x allow local users to read or modify kernel memory via negative integers in arguments to the scsi ioctl, which bypass a maximum length check before callin
|
11-10-2017 - 01:29 | 07-03-2005 - 05:00 | |
CVE-2005-0178 | 6.2 |
Race condition in the setsid function in Linux before 2.6.8.1 allows local users to cause a denial of service (crash) and possibly access portions of kernel memory, related to TTY changes, locking, and semaphores.
|
11-10-2017 - 01:29 | 07-03-2005 - 05:00 | |
CVE-2004-1234 | 2.1 |
load_elf_binary in Linux before 2.4.26 allows local users to cause a denial of service (system crash) via an ELF binary in which the interpreter is NULL.
|
11-10-2017 - 01:29 | 31-12-2004 - 05:00 | |
CVE-2009-0688 | 7.5 |
Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/sasl
|
29-09-2017 - 01:33 | 15-05-2009 - 15:30 | |
CVE-2009-0358 | 3.3 |
Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser
|
29-09-2017 - 01:33 | 04-02-2009 - 19:30 | |
CVE-2008-4405 | 7.2 |
xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have
|
29-09-2017 - 01:32 | 03-10-2008 - 17:41 | |
CVE-2008-2941 | 4.9 |
The hpssd message parser in hpssd.py in HP Linux Imaging and Printing (HPLIP) 1.6.7 allows local users to cause a denial of service (process stop) via a crafted packet, as demonstrated by sending "msg=0" to TCP port 2207.
|
29-09-2017 - 01:31 | 14-08-2008 - 20:41 | |
CVE-2008-1376 | 7.5 |
A certain Red Hat build script for nfs-utils before 1.0.9-35z.el5_2 on Red Hat Enterprise Linux (RHEL) 5 omits TCP wrappers support, which might allow remote attackers to bypass intended access restrictions.
|
29-09-2017 - 01:30 | 01-08-2008 - 14:41 | |
CVE-2007-4574 | 4.7 |
Unspecified vulnerability in the "stack unwinder fixes" in kernel in Red Hat Enterprise Linux 5, when running on AMD64 and Intel 64, allows local users to cause a denial of service via unknown vectors.
|
29-09-2017 - 01:29 | 23-10-2007 - 10:46 | |
CVE-2010-1169 | 8.5 |
PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2 does not properly restrict PL/perl procedures, which allows remote authenticated users, with da
|
19-09-2017 - 01:30 | 19-05-2010 - 18:30 | |
CVE-2010-0162 | 4.3 |
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving S
|
19-09-2017 - 01:30 | 22-02-2010 - 13:00 | |
CVE-2009-3071 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via
|
19-09-2017 - 01:29 | 10-09-2009 - 21:30 | |
CVE-2009-4248 | 9.3 |
Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac Re
|
19-09-2017 - 01:29 | 25-01-2010 - 19:30 | |
CVE-2009-4247 | 9.3 |
Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.x; RealPlayer SP 1.0.0 and 1.0.1; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, 11.0, and 1
|
19-09-2017 - 01:29 | 25-01-2010 - 19:30 | |
CVE-2009-2964 | 6.8 |
Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences
|
19-09-2017 - 01:29 | 25-08-2009 - 17:30 |