Max CVSS 10.0 Min CVSS 1.2 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2005-0758 4.6
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.
16-10-2019 - 20:01 13-05-2005 - 04:00
CVE-2008-2829 5.0
php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c lega
09-10-2019 - 22:55 23-06-2008 - 20:41
CVE-2008-1447 5.0
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic vi
09-10-2019 - 22:55 08-07-2008 - 23:41
CVE-2007-1701 6.8
PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling se
09-10-2019 - 22:52 27-03-2007 - 01:19
CVE-2009-2446 8.5
Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other
07-10-2019 - 16:42 13-07-2009 - 17:30
CVE-2006-4226 3.6
MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have pe
07-10-2019 - 16:42 18-08-2006 - 20:04
CVE-2006-4031 2.1
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy. This vuln
07-10-2019 - 16:42 09-08-2006 - 22:04
CVE-2006-0903 4.6
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query f
07-10-2019 - 16:42 27-02-2006 - 23:02
CVE-2008-0456 2.6
CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject
15-08-2019 - 09:15 25-01-2008 - 01:00
CVE-2002-1592 5.0
The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information. Upgrade t
15-08-2019 - 09:15 06-05-2002 - 04:00
CVE-2008-0122 10.0
Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code
01-08-2019 - 12:12 16-01-2008 - 02:00
CVE-2007-0063 10.0
Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build
16-07-2019 - 12:20 21-09-2007 - 19:17
CVE-2007-0061 10.0
The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server be
16-07-2019 - 12:20 21-09-2007 - 19:17
CVE-2003-0367 2.1
znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.
23-05-2019 - 14:04 02-07-2003 - 04:00
CVE-2007-5333 5.0
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as se
25-03-2019 - 11:29 12-02-2008 - 01:00
CVE-2006-3835 5.0
Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.
25-03-2019 - 11:29 25-07-2006 - 13:22
CVE-2008-2719 6.8
Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM) 2.02 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted file that triggers a stack-based buffer ove
30-10-2018 - 16:28 16-06-2008 - 23:41
CVE-2004-1287 10.0
Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.
30-10-2018 - 16:28 10-01-2005 - 05:00
CVE-2008-2939 4.3
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary we
30-10-2018 - 16:27 06-08-2008 - 18:41
CVE-2007-2926 4.3
ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query i
30-10-2018 - 16:27 24-07-2007 - 17:30
CVE-2007-2241 7.1
Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the query_addsoa function. Succe
30-10-2018 - 16:27 02-05-2007 - 10:19
CVE-2009-2406 6.9
Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vec
30-10-2018 - 16:26 31-07-2009 - 19:00
CVE-2007-5360 7.5
Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_STANDALONE_PROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to P
30-10-2018 - 16:26 08-01-2008 - 20:46
CVE-2007-5236 5.4
Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files vi
30-10-2018 - 16:26 06-10-2007 - 00:17
CVE-2007-2453 1.2
The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number genera
30-10-2018 - 16:26 11-06-2007 - 23:30
CVE-2006-5215 2.6
The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a sy
30-10-2018 - 16:26 10-10-2006 - 04:06
CVE-2004-0112 5.0
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a
30-10-2018 - 16:26 23-11-2004 - 05:00
CVE-2004-0079 5.0
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
30-10-2018 - 16:26 23-11-2004 - 05:00
CVE-2009-0282 9.3
Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wireless card drivers including rt2400, rt2500, rt2570, and rt61, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrar
30-10-2018 - 16:25 27-01-2009 - 18:30
CVE-2008-3077 4.9
arch/x86/kernel/ptrace.c in the Linux kernel before 2.6.25.10 on the x86_64 platform leaks task_struct references into the sys32_ptrace function, which allows local users to cause a denial of service (system crash) or have unspecified other impact vi
30-10-2018 - 16:25 09-07-2008 - 00:41
CVE-2008-2750 7.8
The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux kernel 2.6 before 2.6.26-rc6 allows remote attackers to cause a denial of service (kernel heap memory corruption and system crash) and possibly have unspecified other impact via a c
30-10-2018 - 16:25 18-06-2008 - 19:41
CVE-2008-2168 4.3
Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
30-10-2018 - 16:25 13-05-2008 - 21:20
CVE-2008-2137 4.4
The (1) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c and the (2) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3, omit some virtual-address range (aka span)
30-10-2018 - 16:25 29-05-2008 - 16:32
CVE-2008-1673 10.0
The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, wh
30-10-2018 - 16:25 10-06-2008 - 00:32
CVE-2008-0600 7.2
The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vuln
30-10-2018 - 16:25 12-02-2008 - 21:00
CVE-2008-0455 4.3
Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated use
30-10-2018 - 16:25 25-01-2008 - 01:00
CVE-2007-6423 7.8
** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this is
30-10-2018 - 16:25 12-01-2008 - 00:46
CVE-2007-6422 4.0
The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb
30-10-2018 - 16:25 08-01-2008 - 18:46
CVE-2007-6421 3.5
Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the U
30-10-2018 - 16:25 08-01-2008 - 19:46
CVE-2007-6420 4.3
Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
30-10-2018 - 16:25 12-01-2008 - 00:46
CVE-2007-6388 4.3
Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or H
30-10-2018 - 16:25 08-01-2008 - 18:46
CVE-2007-5000 4.3
Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inje
30-10-2018 - 16:25 13-12-2007 - 18:46
CVE-2007-4465 4.3
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using t
30-10-2018 - 16:25 14-09-2007 - 00:17
CVE-2007-3007 5.0
PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this
30-10-2018 - 16:25 04-06-2007 - 17:30
CVE-2007-2872 6.8
Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.
30-10-2018 - 16:25 04-06-2007 - 17:30
CVE-2007-2844 9.3
PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite interna
30-10-2018 - 16:25 24-05-2007 - 18:30
CVE-2007-2727 2.6
The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), whi
30-10-2018 - 16:25 16-05-2007 - 22:30
CVE-2007-2511 7.2
Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors.
30-10-2018 - 16:25 09-05-2007 - 00:19
CVE-2007-2510 5.1
Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters.
30-10-2018 - 16:25 09-05-2007 - 00:19
CVE-2007-1890 7.5
Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1, on FreeBSD and possibly other platforms, allows context-dependent attackers to execute arbitrary code via certain maxsize values, as demonstrated by 0xffffffff
30-10-2018 - 16:25 06-04-2007 - 01:19
CVE-2007-1888 7.5
Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some
30-10-2018 - 16:25 06-04-2007 - 01:19
CVE-2007-1887 7.5
Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by ca
30-10-2018 - 16:25 06-04-2007 - 01:19
CVE-2007-1885 7.5
Integer overflow in the str_replace function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via a single character search string in conjunction with a long replacement string, which overflows
30-10-2018 - 16:25 06-04-2007 - 01:19
CVE-2007-1884 6.8
Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers that arise in the p
30-10-2018 - 16:25 06-04-2007 - 01:19
CVE-2007-1883 7.8
PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to read arbitrary memory locations via an interruption that triggers a user space error handler that changes a parameter to an arbitrary pointer, as demonstrated via t
30-10-2018 - 16:25 06-04-2007 - 01:19
CVE-2007-1835 4.6
PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path (session.save_path), uses the TMPDIR default after checking the restrictions, which allows local users to bypass open_basedir restrictions.
30-10-2018 - 16:25 03-04-2007 - 00:19
CVE-2007-1825 7.5
Buffer overflow in the imap_mail_compose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. NOTE: as of 20070411, it appears that this issue
30-10-2018 - 16:25 02-04-2007 - 23:19
CVE-2007-1777 7.5
Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, tr
30-10-2018 - 16:25 30-03-2007 - 01:19
CVE-2007-1717 5.0
The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NO
30-10-2018 - 16:25 28-03-2007 - 00:19
CVE-2007-1700 7.5
The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbit
30-10-2018 - 16:25 27-03-2007 - 01:19
CVE-2007-1582 6.8
The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting certain functions in the GD (ext/gd) extension and unspecified other extensions via a userspace error
30-10-2018 - 16:25 21-03-2007 - 23:19
CVE-2007-1581 9.3
The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify in
30-10-2018 - 16:25 21-03-2007 - 23:19
CVE-2007-1396 6.8
The import_request_variables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the (1) GET, (2) POST, (3) COOKIE, (4) FILES, (5) SERVER, (6) SESSION, and other superglobals from being overwritte
30-10-2018 - 16:25 10-03-2007 - 22:19
CVE-2007-1380 5.0
The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, w
30-10-2018 - 16:25 10-03-2007 - 00:19
CVE-2007-1379 5.1
The ovrimos_close function in the Ovrimos extension for PHP before 4.4.5 can trigger efree of an arbitrary address, which might allow context-dependent attackers to execute arbitrary code.
30-10-2018 - 16:25 10-03-2007 - 00:19
CVE-2007-1378 5.1
The ovrimos_longreadlen function in the Ovrimos extension for PHP before 4.4.5 allows context-dependent attackers to write to arbitrary memory locations via the result_id and length arguments.
30-10-2018 - 16:25 10-03-2007 - 00:19
CVE-2007-1376 7.5
The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associ
30-10-2018 - 16:25 10-03-2007 - 00:19
CVE-2007-1001 6.8
Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP)
30-10-2018 - 16:25 06-04-2007 - 00:19
CVE-2007-0905 7.5
PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383.
30-10-2018 - 16:25 13-02-2007 - 23:28
CVE-2006-7051 4.9
The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x allows local users to cause a denial of service (memory consumption) and possibly bypass memory limits or cause other processes to be killed by creating a large number of posix ti
30-10-2018 - 16:25 24-02-2007 - 00:28
CVE-2006-5706 7.2
Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. NOTE: the tempnam vector migh
30-10-2018 - 16:25 04-11-2006 - 01:07
CVE-2006-5465 7.5
Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.
30-10-2018 - 16:25 04-11-2006 - 00:07
CVE-2006-5214 1.2
Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is perf
30-10-2018 - 16:25 10-10-2006 - 04:06
CVE-2006-4812 10.0
Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend En
30-10-2018 - 16:25 10-10-2006 - 04:06
CVE-2006-4625 3.6
PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
30-10-2018 - 16:25 12-09-2006 - 16:07
CVE-2006-4481 7.2
The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. NOTE: the error_log function is covered by CVE-2006-3011, and the imap_o
30-10-2018 - 16:25 31-08-2006 - 21:04
CVE-2006-2660 2.1
Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prev
30-10-2018 - 16:25 13-06-2006 - 18:02
CVE-2006-1608 2.1
The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI.
30-10-2018 - 16:25 10-04-2006 - 19:02
CVE-2006-1494 2.6
Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function.
30-10-2018 - 16:25 10-04-2006 - 19:02
CVE-2006-1015 6.4
Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mail function, allows remote attackers to read and create arbitrary
30-10-2018 - 16:25 07-03-2006 - 00:02
CVE-2005-3392 7.5
Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
30-10-2018 - 16:25 01-11-2005 - 12:47
CVE-2005-3391 7.5
Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd.
30-10-2018 - 16:25 01-11-2005 - 12:47
CVE-2005-0488 5.0
Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
30-10-2018 - 16:25 14-06-2005 - 04:00
CVE-2004-2546 6.4
Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption).
30-10-2018 - 16:25 31-12-2004 - 05:00
CVE-2003-0863 7.5
The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote at
30-10-2018 - 16:25 17-11-2003 - 05:00
CVE-2003-0861 10.0
Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors.
30-10-2018 - 16:25 17-11-2003 - 05:00
CVE-2003-0860 10.0
Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors.
30-10-2018 - 16:25 17-11-2003 - 05:00
CVE-2007-5268 4.3
pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image.
26-10-2018 - 14:11 08-10-2007 - 21:17
CVE-2007-5266 4.3
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a n
26-10-2018 - 14:11 08-10-2007 - 21:17
CVE-2007-4657 7.5
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn func
26-10-2018 - 14:05 04-09-2007 - 22:17
CVE-2007-3998 5.0
The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certai
26-10-2018 - 13:59 04-09-2007 - 18:17
CVE-2007-3997 7.5
The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.
26-10-2018 - 13:59 04-09-2007 - 18:17
CVE-2008-0226 7.5
Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yass
19-10-2018 - 19:02 10-01-2008 - 23:46
CVE-2007-1484 4.6
The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operatio
19-10-2018 - 18:18 16-03-2007 - 21:19
CVE-2007-1475 5.4
Multiple buffer overflows in the (1) ibase_connect and (2) ibase_pconnect functions in the interbase extension in PHP 4.4.6 and earlier allow context-dependent attackers to execute arbitrary code via a long argument. Successful exploitation requires
19-10-2018 - 18:18 16-03-2007 - 21:19
CVE-2007-1411 6.8
Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versions, allows local and possibly remote attackers to execute arbitrary code via long server name arguments to the (1) mssql_connect and (2) mssql_pconnect functions.
19-10-2018 - 18:18 10-03-2007 - 22:19
CVE-2006-0670 5.0
Buffer overflow in l2cap.c in hcidump 1.29 allows remote attackers to cause a denial of service (crash) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet.
19-10-2018 - 15:45 13-02-2006 - 22:02
CVE-2006-0553 6.5
PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to gain additional privileges via "knowledge of the backend protocol" using a crafted SET ROLE to other database users, a different vulnerability than CVE-2006-0678.
19-10-2018 - 15:45 14-02-2006 - 19:06
CVE-2006-0454 5.0
Linux kernel before 2.6.15.3 down to 2.6.12, while constructing an ICMP response in icmp_send, does not properly handle when the ip_options_echo function in icmp.c fails, which allows remote attackers to cause a denial of service (crash) via vectors
19-10-2018 - 15:44 07-02-2006 - 18:06
CVE-2006-0321 5.0
fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster.
19-10-2018 - 15:44 24-01-2006 - 00:03
CVE-2006-0236 5.1
GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that
19-10-2018 - 15:43 18-01-2006 - 01:07
CVE-2005-4667 3.7
Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses
19-10-2018 - 15:41 31-12-2005 - 05:00
CVE-2005-4348 7.8
fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers.
19-10-2018 - 15:40 21-12-2005 - 00:03
CVE-2005-3964 7.5
Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, and possibly other versions, allows attackers to execute arbitrary code via the (1) diag_issue_diagnostic function in UilDiags.c and (2) open_source_file function in UilSrcSrc.c.
19-10-2018 - 15:39 02-12-2005 - 11:03
CVE-2005-3628 7.5
Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary co
19-10-2018 - 15:38 31-12-2005 - 05:00
CVE-2005-3627 7.5
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components"
19-10-2018 - 15:37 31-12-2005 - 05:00
CVE-2005-3626 5.0
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
19-10-2018 - 15:37 31-12-2005 - 05:00
CVE-2005-3625 10.0
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and
19-10-2018 - 15:37 31-12-2005 - 05:00
CVE-2005-3624 5.0
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to int
19-10-2018 - 15:37 31-12-2005 - 05:00
CVE-2005-3357 5.4
mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers
19-10-2018 - 15:36 31-12-2005 - 05:00
CVE-2005-3352 4.3
Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
19-10-2018 - 15:35 13-12-2005 - 20:03
CVE-2005-3193 5.1
Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-
19-10-2018 - 15:35 07-12-2005 - 00:03
CVE-2005-3192 7.5
Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitra
19-10-2018 - 15:35 08-12-2005 - 01:03
CVE-2005-3191 5.1
Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KD
19-10-2018 - 15:34 07-12-2005 - 01:03
CVE-2005-3186 7.5
Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer o
19-10-2018 - 15:34 18-11-2005 - 06:03
CVE-2005-3120 7.5
Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.
19-10-2018 - 15:34 17-10-2005 - 20:06
CVE-2005-3011 1.2
The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
19-10-2018 - 15:34 21-09-2005 - 20:03
CVE-2005-2976 7.5
Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-200
19-10-2018 - 15:34 18-11-2005 - 06:03
CVE-2005-2975 7.8
io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors.
19-10-2018 - 15:34 18-11-2005 - 06:03
CVE-2005-2970 5.0
Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused f
19-10-2018 - 15:34 25-10-2005 - 17:06
CVE-2005-2929 7.5
Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments.
19-10-2018 - 15:34 18-11-2005 - 06:03
CVE-2005-2728 5.0
The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
19-10-2018 - 15:33 30-08-2005 - 11:45
CVE-2005-2491 7.5
Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, whic
19-10-2018 - 15:33 23-08-2005 - 04:00
CVE-2005-2096 7.5
zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted
19-10-2018 - 15:32 06-07-2005 - 04:00
CVE-2005-2088 4.3
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfe
19-10-2018 - 15:32 05-07-2005 - 04:00
CVE-2005-1704 4.6
Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of sect
19-10-2018 - 15:31 24-05-2005 - 04:00
CVE-2005-1268 5.0
Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one
19-10-2018 - 15:31 05-08-2005 - 04:00
CVE-2005-0953 3.7
Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.
19-10-2018 - 15:31 02-05-2005 - 04:00
CVE-2004-2761 5.0
The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate. There are
19-10-2018 - 15:30 05-01-2009 - 20:30
CVE-2004-1186 5.0
Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service (application crash).
19-10-2018 - 15:30 31-12-2004 - 05:00
CVE-2004-1185 7.5
Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames.
19-10-2018 - 15:30 21-01-2005 - 05:00
CVE-2004-1170 10.0
a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.
19-10-2018 - 15:30 10-01-2005 - 05:00
CVE-2004-0688 7.5
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a
19-10-2018 - 15:30 20-10-2004 - 04:00
CVE-2004-0687 7.5
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
19-10-2018 - 15:30 20-10-2004 - 04:00
CVE-2004-0230 5.0
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that u
19-10-2018 - 15:30 18-08-2004 - 04:00
CVE-2003-1557 7.6
Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, when using BSMTP mode ("-B"), allows remote attackers to execute arbitrary code via email containing headers with leading "." characters.
19-10-2018 - 15:29 31-12-2003 - 05:00
CVE-2003-1307 4.3
** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then inte
19-10-2018 - 15:29 31-12-2003 - 05:00
CVE-2003-0147 5.0
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the us
19-10-2018 - 15:29 31-03-2003 - 05:00
CVE-2003-0131 7.5
The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKC
19-10-2018 - 15:29 24-03-2003 - 05:00
CVE-2006-3626 6.2
Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root.
18-10-2018 - 16:48 18-07-2006 - 15:46
CVE-2006-3467 7.5
Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PCF file, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861.
18-10-2018 - 16:47 21-07-2006 - 14:03
CVE-2006-3376 7.5
Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field i
18-10-2018 - 16:47 06-07-2006 - 20:05
CVE-2006-3334 7.5
Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing,
18-10-2018 - 16:46 30-06-2006 - 23:05
CVE-2006-3083 7.2
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain pr
18-10-2018 - 16:45 09-08-2006 - 10:04
CVE-2006-2940 7.8
OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates tha
18-10-2018 - 16:44 28-09-2006 - 18:07
CVE-2006-2937 7.8
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.
18-10-2018 - 16:43 28-09-2006 - 18:07
CVE-2006-2916 6.0
artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from droppin
18-10-2018 - 16:43 15-06-2006 - 10:02
CVE-2006-2754 5.0
Stack-based buffer overflow in st.c in slurpd for OpenLDAP before 2.3.22 might allow attackers to execute arbitrary code via a long hostname.
18-10-2018 - 16:41 01-06-2006 - 17:02
CVE-2006-2607 7.2
do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a progr
18-10-2018 - 16:40 25-05-2006 - 20:02
CVE-2006-2450 7.5
auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue
18-10-2018 - 16:40 18-07-2006 - 15:40
CVE-2006-2414 5.0
Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
18-10-2018 - 16:39 16-05-2006 - 10:02
CVE-2006-2369 7.5
RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is ac
18-10-2018 - 16:39 15-05-2006 - 16:06
CVE-2006-1549 2.1
PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a reliable third party that some later versions are also affected. Upgrade to PHP 5.1.3-RC3
18-10-2018 - 16:33 10-04-2006 - 22:58
CVE-2006-1174 3.7
useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and poss
18-10-2018 - 16:31 28-05-2006 - 23:02
CVE-2006-1014 3.2
Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mb_send_mail function, allows context-dependent attackers to read and crea
18-10-2018 - 16:30 07-03-2006 - 00:02
CVE-2006-6811 4.3
KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. NOTE: this issue
17-10-2018 - 21:49 29-12-2006 - 11:28
CVE-2006-6383 4.6
PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP v
17-10-2018 - 21:47 10-12-2006 - 20:28
CVE-2006-6236 9.3
Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the (1) src, (2) setPageMode, (3) setLayoutMode, and (4) setNamedDest methods
17-10-2018 - 21:47 03-12-2006 - 19:28
CVE-2006-6235 10.0
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated s
17-10-2018 - 21:47 07-12-2006 - 11:28
CVE-2006-6144 5.0
The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) v
17-10-2018 - 21:46 31-12-2006 - 05:00
CVE-2006-6143 9.3
The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attacke
17-10-2018 - 21:46 31-12-2006 - 05:00
CVE-2006-6106 7.5
Multiple buffer overflows in the cmtp_recv_interopmsg function in the Bluetooth driver (net/bluetooth/cmtp/capi.c) in the Linux kernel 2.4.22 up to 2.4.33.4 and 2.6.2 before 2.6.18.6, and 2.6.19.x, allow remote attackers to cause a denial of service
17-10-2018 - 21:46 19-12-2006 - 19:28
CVE-2006-6097 4.0
GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function
17-10-2018 - 21:46 24-11-2006 - 18:07
CVE-2006-6027 9.3
Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the LoadFile method in an AcroPDF ActiveX control.
17-10-2018 - 21:46 21-11-2006 - 23:07
CVE-2006-5974 7.8
fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or
17-10-2018 - 21:46 31-12-2006 - 05:00
CVE-2006-5870 9.3
Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that trig
17-10-2018 - 21:45 31-12-2006 - 05:00
CVE-2006-5864 5.1
Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as de
17-10-2018 - 21:45 11-11-2006 - 01:07
CVE-2006-5752 4.3
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML vi
17-10-2018 - 21:44 27-06-2007 - 17:30
CVE-2006-5456 5.1
Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage functio
17-10-2018 - 21:43 23-10-2006 - 17:07
CVE-2006-4980 7.5
Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts.
17-10-2018 - 21:40 10-10-2006 - 04:06
CVE-2006-4924 7.8
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack d
17-10-2018 - 21:40 27-09-2006 - 01:07
CVE-2006-4842 3.6
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrar
17-10-2018 - 21:39 12-10-2006 - 00:07
CVE-2006-4811 6.8
Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary
17-10-2018 - 21:39 18-10-2006 - 17:07
CVE-2006-4810 4.6
Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file.
17-10-2018 - 21:39 08-11-2006 - 21:07
CVE-2006-4624 2.6
CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.
17-10-2018 - 21:38 07-09-2006 - 19:04
CVE-2006-4600 2.3
slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).
17-10-2018 - 21:38 07-09-2006 - 00:04
CVE-2006-4514 7.5
Heap-based buffer overflow in the ole_info_read_metabat function in Gnome Structured File library (libgsf) 1.14.0, and other versions before 1.14.2, allows context-dependent attackers to execute arbitrary code via a large num_metabat value in an OLE
17-10-2018 - 21:37 30-11-2006 - 23:28
CVE-2006-4343 4.3
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer derefer
17-10-2018 - 21:36 28-09-2006 - 18:07
CVE-2006-4339 4.3
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key
17-10-2018 - 21:35 05-09-2006 - 17:04
CVE-2006-4338 5.0
unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive.
17-10-2018 - 21:35 19-09-2006 - 21:07
CVE-2006-4337 7.5
Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive.
17-10-2018 - 21:34 19-09-2006 - 21:07
CVE-2006-4336 7.5
Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index.
17-10-2018 - 21:34 19-09-2006 - 21:07
CVE-2006-4335 7.5
Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code v
17-10-2018 - 21:34 19-09-2006 - 21:07
CVE-2006-4334 5.0
Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference.
17-10-2018 - 21:34 19-09-2006 - 21:07
CVE-2006-4144 2.6
Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values
17-10-2018 - 21:33 15-08-2006 - 23:04
CVE-2006-4096 5.0
BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty.
17-10-2018 - 21:33 06-09-2006 - 00:04
CVE-2006-4095 5.0
BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned.
17-10-2018 - 21:33 06-09-2006 - 00:04
CVE-2006-3879 5.0
Integer overflow in the loadChunk function in loaders/load_gt2.c in libmikmod in Mikmod Sound System 3.2.2 allows remote attackers to cause a denial of service via a GRAOUMF TRACKER (GT2) module file with a large (0xffffffff) comment length value in
17-10-2018 - 21:32 27-07-2006 - 01:04
CVE-2006-3747 7.6
Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (applica
17-10-2018 - 21:29 28-07-2006 - 18:02
CVE-2006-3738 10.0
Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. Failed exploit attempts may crash appl
17-10-2018 - 21:29 28-09-2006 - 18:07
CVE-2006-3731 2.6
Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted attackers to cause a denial of service (crash) via a form with a multipart/form-data encoding and a user-uploaded file. NOTE: a third party has claimed that this issue might be related
17-10-2018 - 21:29 21-07-2006 - 14:03
CVE-2006-7232 3.5
sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY.
17-10-2018 - 17:59 31-12-2006 - 05:00
CVE-2006-5868 9.3
Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image.
17-10-2018 - 17:51 22-11-2006 - 01:07
CVE-2007-3478 4.3
Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TT
16-10-2018 - 16:50 28-06-2007 - 18:30
CVE-2007-3477 5.0
The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.
16-10-2018 - 16:50 28-06-2007 - 18:30
CVE-2007-3476 4.3
Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a se
16-10-2018 - 16:50 28-06-2007 - 18:30
CVE-2007-3475 4.3
The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map.
16-10-2018 - 16:49 28-06-2007 - 18:30
CVE-2007-3474 2.6
Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 have unspecified impact and user-assisted remote attack vectors. An integer overflow exists in the "gdImageCreateTrueColor()" function.
16-10-2018 - 16:49 28-06-2007 - 18:30
CVE-2007-3473 4.3
The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure.
16-10-2018 - 16:49 28-06-2007 - 18:30
CVE-2007-3472 4.3
Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact. An integer overflow exists in the "gdImageCreateTrueColor()" fun
16-10-2018 - 16:49 28-06-2007 - 18:30
CVE-2007-3372 2.1
The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error.
16-10-2018 - 16:48 22-06-2007 - 21:30
CVE-2007-3304 4.7
Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the m
16-10-2018 - 16:48 20-06-2007 - 22:30
CVE-2007-3303 4.9
Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creati
16-10-2018 - 16:48 20-06-2007 - 22:30
CVE-2007-3280 9.0
The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any l
16-10-2018 - 16:48 19-06-2007 - 21:30
CVE-2007-3279 10.0
PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions tha
16-10-2018 - 16:48 19-06-2007 - 21:30
CVE-2007-3278 6.9
PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host param
16-10-2018 - 16:48 19-06-2007 - 21:30
CVE-2007-3205 5.0
The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it
16-10-2018 - 16:47 13-06-2007 - 10:30
CVE-2007-3149 7.2
sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment
16-10-2018 - 16:47 11-06-2007 - 18:30
CVE-2007-3108 1.2
The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.
16-10-2018 - 16:47 08-08-2007 - 01:17
CVE-2007-2930 4.3
The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote
16-10-2018 - 16:46 12-09-2007 - 01:17
CVE-2007-2452 6.0
Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format
16-10-2018 - 16:44 04-06-2007 - 16:30
CVE-2007-2444 7.2
Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to
16-10-2018 - 16:43 14-05-2007 - 21:19
CVE-2007-2264 9.3
Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM (.ra or .ram) file with a large size value in the RA h
16-10-2018 - 16:42 31-10-2007 - 17:46
CVE-2007-2263 9.3
Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file with malformed record headers.
16-10-2018 - 16:42 31-10-2007 - 17:46
CVE-2007-2026 7.8
The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressi
16-10-2018 - 16:41 13-04-2007 - 18:19
CVE-2007-1863 5.0
cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with
16-10-2018 - 16:40 27-06-2007 - 17:30
CVE-2007-1734 7.2
The DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later does not verify the upper bounds of the optlen value, which allows local users running on certain architectures to read kernel memory or cause a
16-10-2018 - 16:40 28-03-2007 - 22:19
CVE-2007-1730 6.6
Integer signedness error in the DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read kernel memory or cause a denial of service (oops) via a negative optlen value.
16-10-2018 - 16:40 28-03-2007 - 10:19
CVE-2007-1709 4.3
Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC extension (PECL phpDOC) in PHP 5.2.1 allows context-dependent attackers to execute arbitrary code via a long argument string.
16-10-2018 - 16:40 27-03-2007 - 01:19
CVE-2007-1401 6.9
Buffer overflow in the crack extension (CrackLib), as bundled with PHP 4.4.6 and other versions before 5.0.0, might allow local users to gain privileges via a long argument to the crack_opendict function.
16-10-2018 - 16:38 10-03-2007 - 22:19
CVE-2007-1036 7.5
The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.
16-10-2018 - 16:36 21-02-2007 - 11:28
CVE-2007-1030 7.8
Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a denial of service (infinite loop) via a DNS response containing a label pointer that references its own offset.
16-10-2018 - 16:36 21-02-2007 - 11:28
CVE-2007-0911 7.8
Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).
16-10-2018 - 16:35 13-02-2007 - 23:28
CVE-2007-0770 9.3
Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOT
16-10-2018 - 16:34 12-02-2007 - 20:28
CVE-2007-0654 9.3
Integer underflow in X MultiMedia System (xmms) 1.2.10 allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which results in a stack-based buffer overflow.
16-10-2018 - 16:33 21-03-2007 - 22:19
CVE-2007-0653 9.3
Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which triggers memory corruption.
16-10-2018 - 16:33 21-03-2007 - 22:19
CVE-2007-0455 7.5
Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded
16-10-2018 - 16:32 30-01-2007 - 17:28
CVE-2007-0454 7.5
Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during
16-10-2018 - 16:32 06-02-2007 - 02:28
CVE-2007-0453 4.6
Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 through 3.0.23d, as used in the winbindd daemon on Solaris, allows attackers to execute arbitrary code via the (1) gethostbyname and (2) getipnodebyname functions.
16-10-2018 - 16:32 06-02-2007 - 02:28
CVE-2007-0227 5.0
slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. NOTE: another researcher reports that the issue is not present in slocate 2.7.
16-10-2018 - 16:31 13-01-2007 - 02:28
CVE-2007-0086 7.8
** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the sam
16-10-2018 - 16:31 05-01-2007 - 18:28
CVE-2007-0080 6.6
** DISPUTED ** Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has bee
16-10-2018 - 16:31 05-01-2007 - 11:28
CVE-2007-0062 10.0
Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 5501
16-10-2018 - 16:30 21-09-2007 - 19:17
CVE-2006-7180 6.8
ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets before WPA authentication succeeds, which allows remote attackers to obtain sensitive information (related to network structure), and possibly cause a denial of service (disrupted a
16-10-2018 - 16:29 30-03-2007 - 01:19
CVE-2006-7179 7.8
ieee80211_input.c in MadWifi before 0.9.3 does not properly process Channel Switch Announcement Information Elements (CSA IEs), which allows remote attackers to cause a denial of service (loss of communication) via a Channel Switch Count less than or
16-10-2018 - 16:29 30-03-2007 - 01:19
CVE-2006-7178 7.8
MadWifi before 0.9.3 does not properly handle reception of an AUTH frame by an IBSS node, which allows remote attackers to cause a denial of service (system crash) via a certain AUTH frame.
16-10-2018 - 16:29 30-03-2007 - 01:19
CVE-2006-7177 7.8
MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a denial of service (system crash) via unspecified vectors that lead to a kernel panic in the ieee80211_input function, related to "packets coming from a 'malicious' WinXP system."
16-10-2018 - 16:29 30-03-2007 - 01:19
CVE-2006-7139 2.6
Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, allows remote attackers to cause a denial of service (crash) via an HTML e-mail with certain table and frameset tags that trigger a segmentation fault, possibly involving invalid fre
16-10-2018 - 16:29 07-03-2007 - 20:19
CVE-2005-0109 4.7
Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain
16-10-2018 - 12:06 05-03-2005 - 05:00
CVE-2008-0674 7.5
Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255.
15-10-2018 - 22:02 18-02-2008 - 23:00
CVE-2008-0599 10.0
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
15-10-2018 - 22:01 05-05-2008 - 17:20
CVE-2008-0227 7.5
yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update f
15-10-2018 - 21:58 10-01-2008 - 23:46
CVE-2008-0172 5.0
The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression
15-10-2018 - 21:58 17-01-2008 - 23:00
CVE-2008-0171 5.0
regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression.
15-10-2018 - 21:58 17-01-2008 - 23:00
CVE-2008-0166 7.8
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptograp
15-10-2018 - 21:58 13-05-2008 - 17:20
CVE-2008-0010 2.1
The copy_from_user_mmap_sem function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which allow local users to read from arbitrary kernel memory locations.
15-10-2018 - 21:57 12-02-2008 - 21:00
CVE-2008-0009 2.1
The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations.
15-10-2018 - 21:57 12-02-2008 - 21:00
CVE-2008-0005 4.3
mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
15-10-2018 - 21:56 12-01-2008 - 00:46
CVE-2007-6514 4.3
Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled b
15-10-2018 - 21:54 21-12-2007 - 22:46
CVE-2007-6348 6.8
SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary cod
15-10-2018 - 21:52 14-12-2007 - 19:46
CVE-2007-6304 5.0
The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) vi
15-10-2018 - 21:51 10-12-2007 - 21:46
CVE-2007-6303 3.5
MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE S
15-10-2018 - 21:51 10-12-2007 - 21:46
CVE-2007-6279 9.3
Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file.
15-10-2018 - 21:51 07-12-2007 - 11:46
CVE-2007-6278 9.3
Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file.
15-10-2018 - 21:51 07-12-2007 - 11:46
CVE-2007-6227 7.2
QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an "overflow," via certain Windows executable programs, as dem
15-10-2018 - 21:51 04-12-2007 - 18:46
CVE-2007-6203 4.3
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using w
15-10-2018 - 21:50 03-12-2007 - 22:46
CVE-2007-6200 10.0
Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspec
15-10-2018 - 21:50 01-12-2007 - 06:46
CVE-2007-6199 9.3
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.
15-10-2018 - 21:50 01-12-2007 - 06:46
CVE-2007-6113 4.3
Integer signedness error in the DNP3 dissector in Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP3 packet.
15-10-2018 - 21:49 23-11-2007 - 20:46
CVE-2007-6039 2.1
PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in (1) the domain parameter to the dgettext function, the message parameter to the (2) dcgettext or (3) gettext function, the
15-10-2018 - 21:49 20-11-2007 - 19:46
CVE-2007-5971 6.9
Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. Information from Apple: http://docs.info.apple.com/article.html?artnum=307562
15-10-2018 - 21:48 06-12-2007 - 02:46
CVE-2007-5966 7.2
Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details
15-10-2018 - 21:48 20-12-2007 - 00:46
CVE-2007-5937 6.8
Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to execute arbitrary code via a crafted DVI input file.
15-10-2018 - 21:47 13-11-2007 - 22:46
CVE-2007-5936 3.6
dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.
15-10-2018 - 21:47 13-11-2007 - 22:46
CVE-2007-5935 6.8
Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag.
15-10-2018 - 21:47 13-11-2007 - 22:46
CVE-2007-5902 10.0
Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request.
15-10-2018 - 21:47 06-12-2007 - 02:46
CVE-2007-5900 6.9
PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625.
15-10-2018 - 21:47 20-11-2007 - 18:46
CVE-2007-5898 6.4
The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465.
15-10-2018 - 21:46 20-11-2007 - 18:46
CVE-2007-5894 9.3
** DISPUTED ** The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original
15-10-2018 - 21:46 06-12-2007 - 02:46
CVE-2007-5741 7.5
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.
15-10-2018 - 21:46 07-11-2007 - 21:46
CVE-2007-5424 7.5
The disable_functions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using ini_alter when ini_set is disabled.
15-10-2018 - 21:44 12-10-2007 - 23:17
CVE-2007-5378 4.3
Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolkit 8.4.12 and earlier, and 8.3.5 and earlier, allows user-assisted attackers to cause a denial of service (segmentation fault) via an animated GIF in which the first subimage is sm
15-10-2018 - 21:44 12-10-2007 - 01:17
CVE-2007-5267 4.3
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266.
15-10-2018 - 21:41 08-10-2007 - 21:17
CVE-2007-5191 6.9
mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.
15-10-2018 - 21:41 04-10-2007 - 16:17
CVE-2007-5045 9.3
Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link (QTL) file with an embed XM
15-10-2018 - 21:40 24-09-2007 - 00:17
CVE-2007-5020 9.3
Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file, related to the mailto: option and Internet Explorer 7 on Windows XP. NOTE: this information is based upon
15-10-2018 - 21:40 21-09-2007 - 18:17
CVE-2007-4999 4.3
libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996.
15-10-2018 - 21:39 29-10-2007 - 22:46
CVE-2007-4996 4.3
libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an in
15-10-2018 - 21:39 01-10-2007 - 20:17
CVE-2007-4995 9.3
Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.
15-10-2018 - 21:39 13-10-2007 - 01:17
CVE-2007-4990 7.5
The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of
15-10-2018 - 21:39 05-10-2007 - 21:17
CVE-2007-4987 9.3
Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\0' character to an out-of-bounds address.
15-10-2018 - 21:39 24-09-2007 - 22:17
CVE-2007-4904 4.3
RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0.6.778 on Fedora Core 6 (FC6) and possibly other platforms, allow user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that trigg
15-10-2018 - 21:38 17-09-2007 - 16:17
CVE-2007-4889 6.8
The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.
15-10-2018 - 21:38 14-09-2007 - 01:17
CVE-2007-4887 4.3
The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerabilit
15-10-2018 - 21:38 14-09-2007 - 00:17
CVE-2007-4850 5.0
curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vuln
15-10-2018 - 21:38 25-01-2008 - 01:00
CVE-2007-4752 7.5
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted
15-10-2018 - 21:37 12-09-2007 - 01:17
CVE-2007-4724 4.3
Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
15-10-2018 - 21:37 05-09-2007 - 19:17
CVE-2007-4599 9.3
Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 and 2, for Windows allows remote attackers to execute arbitrary code via a crafted playlist (PLS) file.
15-10-2018 - 21:36 31-10-2007 - 17:46
CVE-2007-4573 7.2
The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users t
15-10-2018 - 21:36 24-09-2007 - 22:17
CVE-2007-4568 6.8
Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers
15-10-2018 - 21:36 05-10-2007 - 21:17
CVE-2007-4565 5.0
sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.
15-10-2018 - 21:36 28-08-2007 - 01:17
CVE-2007-4251 4.3
OpenOffice.org (OOo) 2.2 does not properly handle files with multiple extensions, which allows user-assisted remote attackers to cause a denial of service.
15-10-2018 - 21:34 08-08-2007 - 23:17
CVE-2007-4224 4.3
KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property.
15-10-2018 - 21:33 08-08-2007 - 21:17
CVE-2007-4138 6.9
The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for
15-10-2018 - 21:33 14-09-2007 - 01:17
CVE-2007-4091 6.8
Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.
15-10-2018 - 21:33 16-08-2007 - 00:17
CVE-2007-4033 7.5
Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloa
15-10-2018 - 21:32 27-07-2007 - 22:30
CVE-2007-3847 5.0
The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffe
15-10-2018 - 21:31 23-08-2007 - 22:17
CVE-2007-3844 4.3
Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an a
15-10-2018 - 21:31 08-08-2007 - 01:17
CVE-2007-3820 2.6
konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed.
15-10-2018 - 21:31 17-07-2007 - 01:30
CVE-2007-3782 3.5
MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.
15-10-2018 - 21:30 15-07-2007 - 22:30
CVE-2007-3781 4.0
MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.
15-10-2018 - 21:30 15-07-2007 - 22:30
CVE-2007-3731 4.9
The Linux kernel 2.6.20 and 2.6.21 does not properly handle an invalid LDT segment selector in %cs (the xcs field) during ptrace single-step operations, which allows local users to cause a denial of service (NULL dereference and OOPS) via certain cod
15-10-2018 - 21:30 17-09-2007 - 17:17
CVE-2006-3588 2.6
Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to cause a denial of service (browser crash) via a malformed, compressed .swf file, a different issue than CVE-2006-3587.
12-10-2018 - 21:40 13-07-2006 - 21:05
CVE-2006-3587 5.1
Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to execute arbitrary commands via a malformed .swf file that results in "multiple improper memory access" errors.
12-10-2018 - 21:40 13-07-2006 - 21:05
CVE-2008-2950 7.5
The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document.
11-10-2018 - 20:45 07-07-2008 - 23:41
CVE-2008-2711 4.3
fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference wh
11-10-2018 - 20:42 16-06-2008 - 21:41
CVE-2008-2666 5.0
Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to
11-10-2018 - 20:42 20-06-2008 - 01:41
CVE-2008-2665 5.0
Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and earlier allows remote attackers to bypass safe_mode restrictions via a .. (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after
11-10-2018 - 20:42 20-06-2008 - 01:41
CVE-2008-2382 5.0
The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message.
11-10-2018 - 20:41 24-12-2008 - 18:29
CVE-2008-2371 7.5
Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins
11-10-2018 - 20:41 07-07-2008 - 23:41
CVE-2008-2364 5.0
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service
11-10-2018 - 20:40 13-06-2008 - 18:41
CVE-2008-2357 6.8
Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this
11-10-2018 - 20:40 21-05-2008 - 13:24
CVE-2008-1926 7.5
Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the lo
11-10-2018 - 20:37 24-04-2008 - 05:05
CVE-2008-1675 7.2
The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading
11-10-2018 - 20:36 02-05-2008 - 16:05
CVE-2008-1672 4.3
OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.
11-10-2018 - 20:36 29-05-2008 - 16:32
CVE-2008-1657 6.5
OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
11-10-2018 - 20:35 02-04-2008 - 18:44
CVE-2008-1563 4.3
The "decode as" feature in packet-bssap.c in the SCCP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet.
11-10-2018 - 20:35 31-03-2008 - 22:44
CVE-2008-1562 5.0
The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740.
11-10-2018 - 20:35 31-03-2008 - 22:44
CVE-2008-1561 5.0
Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.5 through 0.99.8 allow remote attackers to cause a denial of service (application crash) via a malformed packet to the (1) X.509sat or (2) Roofnet dissectors. NOTE: Vector 2
11-10-2018 - 20:35 31-03-2008 - 22:44
CVE-2008-1483 6.9
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and
11-10-2018 - 20:35 24-03-2008 - 23:44
CVE-2008-1384 5.0
Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring f
11-10-2018 - 20:33 27-03-2008 - 17:44
CVE-2008-1364 7.8
Unspecified vulnerability in the DHCP service in VMware Workstation 5.5.x before 5.5.6, VMware Player 1.0.x before 1.0.6, VMware ACE 1.0.x before 1.0.5, VMware Server 1.0.x before 1.0.5, and VMware Fusion 1.1.x before 1.1.1 allows attackers to cause
11-10-2018 - 20:32 20-03-2008 - 00:44
CVE-2008-1309 9.3
The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1
11-10-2018 - 20:31 12-03-2008 - 17:44
CVE-2008-1145 5.0
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access a
11-10-2018 - 20:29 04-03-2008 - 23:44
CVE-2008-1072 4.7
The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malformed packet, possibly related to a Cairo library bug.
11-10-2018 - 20:29 28-02-2008 - 22:44
CVE-2008-1071 4.3
The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet.
11-10-2018 - 20:29 28-02-2008 - 22:44
CVE-2008-1026 6.8
Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition
11-10-2018 - 20:29 17-04-2008 - 19:05
CVE-2009-2692 7.2
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using
10-10-2018 - 19:41 14-08-2009 - 15:16
CVE-2009-2407 6.9
Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vecto
10-10-2018 - 19:40 31-07-2009 - 19:00
CVE-2009-1349 4.3
Cross-site scripting (XSS) vulnerability in C2Net Stronghold 2.3 allows remote attackers to inject arbitrary web script or HTML via the URI.
10-10-2018 - 19:36 21-04-2009 - 15:30
CVE-2009-1298 7.8
The ip_frag_reasm function in net/ipv4/ip_fragment.c in the Linux kernel 2.6.32-rc8, and 2.6.29 and later versions before 2.6.32, calls IP_INC_STATS_BH with an incorrect argument, which allows remote attackers to cause a denial of service (NULL point
10-10-2018 - 19:35 08-12-2009 - 23:30
CVE-2008-5134 10.0
Buffer overflow in the lbs_process_bss function in drivers/net/wireless/libertas/scan.c in the libertas subsystem in the Linux kernel before 2.6.27.5 allows remote attackers to have an unknown impact via an "invalid beacon/probe response."
03-10-2018 - 21:56 18-11-2008 - 16:00
CVE-2007-6109 10.0
Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function,
03-10-2018 - 21:51 07-12-2007 - 11:46
CVE-2007-4662 7.5
Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors.
03-10-2018 - 21:48 04-09-2007 - 22:17
CVE-2007-4661 7.5
The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting
03-10-2018 - 21:48 04-09-2007 - 22:17
CVE-2007-4658 7.5
The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.
03-10-2018 - 21:48 04-09-2007 - 22:17
CVE-2007-4567 7.8
The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic)
03-10-2018 - 21:48 21-12-2007 - 00:46
CVE-2007-4351 10.0
Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-ba
03-10-2018 - 21:47 31-10-2007 - 22:46
CVE-2007-3799 4.3
The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the sessio
03-10-2018 - 21:47 16-07-2007 - 22:30
CVE-2006-2906 5.4
The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop.
03-10-2018 - 21:43 08-06-2006 - 16:06
CVE-2006-2656 7.5
Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is c
03-10-2018 - 21:41 30-05-2006 - 18:02
CVE-2006-2193 7.5
Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 charac
03-10-2018 - 21:40 08-06-2006 - 19:06
CVE-2006-1057 3.7
Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.
03-10-2018 - 21:36 25-04-2006 - 01:02
CVE-2006-0459 7.5
flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contain
03-10-2018 - 21:35 29-03-2006 - 23:02
CVE-2006-0151 7.2
sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.
03-10-2018 - 21:34 09-01-2006 - 23:03
CVE-2005-4268 3.7
Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits.
03-10-2018 - 21:34 15-12-2005 - 18:11
CVE-2005-3183 4.3
The HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-libwww) allows remote servers to cause a denial of service (segmentation fault) via a crafted multipart/byteranges MIME message that triggers an out-of-bounds read.
03-10-2018 - 21:31 12-10-2005 - 22:02
CVE-2005-3054 2.1
fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directori
03-10-2018 - 21:31 26-09-2005 - 19:03
CVE-2005-2959 4.6
Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though oth
03-10-2018 - 21:31 25-10-2005 - 16:02
CVE-2005-0605 7.5
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
03-10-2018 - 21:29 02-03-2005 - 05:00
CVE-2006-6772 9.3
Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL ce
13-08-2018 - 21:47 27-12-2006 - 23:28
CVE-2005-2969 5.0
The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allow
03-05-2018 - 01:29 18-10-2005 - 21:02
CVE-2005-1751 3.7
Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759.
03-05-2018 - 01:29 25-05-2005 - 04:00
CVE-2004-0941 10.0
Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set
03-05-2018 - 01:29 09-02-2005 - 05:00
CVE-2004-0748 5.0
mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
03-05-2018 - 01:29 20-10-2004 - 04:00
CVE-2003-0695 7.5
Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a differe
03-05-2018 - 01:29 06-10-2003 - 04:00
CVE-2003-0693 10.0
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CV
03-05-2018 - 01:29 22-09-2003 - 04:00
CVE-2003-0545 10.0
Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.
03-05-2018 - 01:29 17-11-2003 - 05:00
CVE-2003-0544 5.0
OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer wh
03-05-2018 - 01:29 17-11-2003 - 05:00
CVE-2003-0543 5.0
Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.
03-05-2018 - 01:29 17-11-2003 - 05:00
CVE-2003-0542 7.2
Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9
03-05-2018 - 01:29 03-11-2003 - 05:00
CVE-2003-0192 6.4
Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which c
03-05-2018 - 01:29 18-08-2003 - 04:00
CVE-2000-1137 4.6
GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.
03-05-2018 - 01:29 09-01-2001 - 05:00
CVE-2008-1198 7.1
The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshare
06-01-2018 - 02:29 06-03-2008 - 21:44
CVE-2001-0925 5.0
The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1
19-12-2017 - 02:29 12-03-2001 - 05:00
CVE-2000-1199 4.6
PostgreSQL stores usernames and passwords in plaintext in (1) pg_shadow and (2) pg_pwd, which allows attackers with sufficient privileges to gain access to databases.
19-12-2017 - 02:29 31-08-2001 - 04:00
CVE-2007-6358 4.9
pdftops.pl before 1.20 in alternate pdftops filter allows local users to overwrite arbitrary files via a symlink attack on the pdfin.[PID].tmp temporary file, which is created when pdftops reads a PDF file from stdin, such as when pdftops is invoked
16-11-2017 - 02:29 15-12-2007 - 01:46
CVE-2006-6719 5.0
The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
19-10-2017 - 01:29 23-12-2006 - 11:28
CVE-2006-4124 4.6
The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUG_FILE environment variable, which is used to create world-writable files when libXm is run from a setuid program.
19-10-2017 - 01:29 14-08-2006 - 23:04
CVE-2006-1542 3.7
Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory tha
19-10-2017 - 01:29 30-03-2006 - 11:02
CVE-1999-1572 2.1
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files
19-10-2017 - 01:29 16-07-1996 - 04:00
CVE-2006-2440 7.5
Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function.
12-10-2017 - 01:29 18-05-2006 - 10:02
CVE-2007-3380 5.0
The Distributed Lock Manager (DLM) in the cluster manager for Linux kernel 2.6.15 allows remote attackers to cause a denial of service (loss of lock services) by connecting to the DLM port, which probably prevents other processes from accessing the s
11-10-2017 - 01:32 20-07-2007 - 23:30
CVE-2007-3294 7.5
Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unsp
11-10-2017 - 01:32 20-06-2007 - 21:30
CVE-2007-3105 4.6
Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater
11-10-2017 - 01:32 27-07-2007 - 21:30
CVE-2007-3104 4.9
The sysfs_readdir function in the Linux kernel 2.6, as used in Red Hat Enterprise Linux (RHEL) 4.5 and other distributions, allows users to cause a denial of service (kernel OOPS) by dereferencing a null pointer to an inode in a dentry.
11-10-2017 - 01:32 26-06-2007 - 18:30
CVE-2007-2878 4.9
The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run on a 64-bit system, allow local users to corrupt a kernel_dirent struct and cause a denial of service (system crash) via unknown vectors.
11-10-2017 - 01:32 29-05-2007 - 20:30
CVE-2007-2721 4.3
The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as origina
11-10-2017 - 01:32 16-05-2007 - 20:30
CVE-2007-2027 4.4
Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be l
11-10-2017 - 01:32 13-04-2007 - 18:19
CVE-2007-1900 5.0
CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression
11-10-2017 - 01:32 10-04-2007 - 18:19
CVE-2007-1710 4.3
The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a
11-10-2017 - 01:31 27-03-2007 - 01:19
CVE-2007-1584 6.8
Buffer underflow in the header function in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by passing an all-whitespace string to this function, which causes it to write '\0' characters in whitespace that precedes the string.
11-10-2017 - 01:31 21-03-2007 - 23:19
CVE-2007-1413 7.5
Buffer overflow in the snmpget function in the snmp extension in PHP 5.2.3 and earlier, including PHP 4.4.6 and probably other PHP 4 versions, allows context-dependent attackers to execute arbitrary code via a long value in the third argument (object
11-10-2017 - 01:31 12-03-2007 - 23:19
CVE-2007-1412 7.8
The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 allows context-dependent attackers to obtain sensitive information (script source code) via a long string in the second argument.
11-10-2017 - 01:31 12-03-2007 - 23:19
CVE-2007-1375 5.0
Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991.
11-10-2017 - 01:31 10-03-2007 - 00:19
CVE-2007-1218 6.8
Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally re
11-10-2017 - 01:31 02-03-2007 - 21:18
CVE-2007-0010 2.1
The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.
11-10-2017 - 01:31 24-01-2007 - 19:28
CVE-2006-7108 4.1
login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_m
11-10-2017 - 01:31 04-03-2007 - 22:19
CVE-2006-6921 2.1
Unspecified versions of the Linux kernel allow local users to cause a denial of service (unrecoverable zombie process) via a program with certain instructions that prevent init from properly reaping a child whose parent has died.
11-10-2017 - 01:31 12-01-2007 - 23:28
CVE-2006-6142 6.8
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in
11-10-2017 - 01:31 05-12-2006 - 11:28
CVE-2006-6107 1.7
Unspecified vulnerability in the match_rule_equal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service (lost process messages). This vulnrability is addre
11-10-2017 - 01:31 14-12-2006 - 00:28
CVE-2006-6103 6.6
Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during
11-10-2017 - 01:31 31-12-2006 - 05:00
CVE-2006-6102 10.0
Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption durin
11-10-2017 - 01:31 31-12-2006 - 05:00
CVE-2006-6101 6.6
Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption dur
11-10-2017 - 01:31 31-12-2006 - 05:00
CVE-2006-6056 4.9
Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when SELinux hooks are enabled, allows local users to cause a denial of service (crash) via a malformed file stream that triggers a NULL pointer dereference in the superblock_doinit functio
11-10-2017 - 01:31 22-11-2006 - 01:07
CVE-2006-6054 4.0
The ext2 file system code in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext2 stream with malformed data structures that triggers an error in the ext2_check_page due to a length that is smaller than the minimum.
11-10-2017 - 01:31 22-11-2006 - 01:07
CVE-2006-6053 4.9
The ext3fs_dirhash function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext3 stream with malformed data structures.
11-10-2017 - 01:31 22-11-2006 - 01:07
CVE-2006-5989 5.0
Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array.
11-10-2017 - 01:31 20-11-2006 - 21:07
CVE-2006-5757 1.2
Race condition in the __find_get_block_slow function in the ISO9660 filesystem in Linux 2.6.18 and possibly other versions allows local users to cause a denial of service (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed d
11-10-2017 - 01:31 06-11-2006 - 20:07
CVE-2006-5753 7.2
Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors.
11-10-2017 - 01:31 30-01-2007 - 19:28
CVE-2006-5467 5.0
The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier
11-10-2017 - 01:31 27-10-2006 - 18:07
CVE-2006-5051 9.3
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. Successful
11-10-2017 - 01:31 27-09-2006 - 23:07
CVE-2006-4814 4.6
The mincore function in the Linux kernel before 2.4.33.6 does not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock.
11-10-2017 - 01:31 20-12-2006 - 02:28
CVE-2006-4790 5.0
verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signe
11-10-2017 - 01:31 14-09-2006 - 19:07
CVE-2006-4262 5.1
Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long pathname that is not properly handled during file li
11-10-2017 - 01:31 23-08-2006 - 10:04
CVE-2006-4227 6.5
MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has bee
11-10-2017 - 01:31 18-08-2006 - 20:04
CVE-2006-4146 5.1
Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_blo
11-10-2017 - 01:31 31-08-2006 - 22:04
CVE-2006-3918 4.3
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected ba
11-10-2017 - 01:31 28-07-2006 - 00:04
CVE-2006-3744 5.1
Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows.
11-10-2017 - 01:31 25-08-2006 - 01:04
CVE-2006-3743 5.1
Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images.
11-10-2017 - 01:31 25-08-2006 - 01:04
CVE-2006-3619 2.6
Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC 4.1.1 and earlier, and 3.4.6 and earlier, allows user-assisted attackers to overwrite arbitrary files via a .jar file containing filenames with "../" sequences.
11-10-2017 - 01:31 25-07-2006 - 19:17
CVE-2006-3469 4.0
Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_forma
11-10-2017 - 01:31 21-07-2006 - 14:03
CVE-2006-3465 7.5
Unspecified vulnerability in the custom tag support for the TIFF library (libtiff) before 3.8.2 allows remote attackers to cause a denial of service (instability or crash) and execute arbitrary code via unknown vectors.
11-10-2017 - 01:31 03-08-2006 - 01:04
CVE-2006-3464 7.5
TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecifi
11-10-2017 - 01:31 03-08-2006 - 01:04
CVE-2006-3463 7.8
The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large td_nstrips value,
11-10-2017 - 01:31 03-08-2006 - 01:04
CVE-2006-3462 7.5
Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors involving decoding large RLE images.
11-10-2017 - 01:31 03-08-2006 - 01:04
CVE-2006-3461 7.5
Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors.
11-10-2017 - 01:31 03-08-2006 - 01:04
CVE-2006-3460 7.5
Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line
11-10-2017 - 01:31 03-08-2006 - 01:04
CVE-2006-3459 7.5
Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, incl
11-10-2017 - 01:31 03-08-2006 - 01:04
CVE-2006-1168 7.5
The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.
11-10-2017 - 01:30 14-08-2006 - 20:04
CVE-2006-1058 2.1
BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.
11-10-2017 - 01:30 04-04-2006 - 10:04
CVE-2005-2968 7.5
Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash.
11-10-2017 - 01:30 20-09-2005 - 22:03
CVE-2005-2700 10.0
ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass inten
11-10-2017 - 01:30 06-09-2005 - 23:03
CVE-2005-2693 4.6
cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack.
11-10-2017 - 01:30 26-08-2005 - 15:50
CVE-2005-2475 1.2
Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete.
11-10-2017 - 01:30 05-08-2005 - 04:00
CVE-2005-2069 5.0
pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers t
11-10-2017 - 01:30 30-06-2005 - 04:00
CVE-2005-1705 7.2
gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.
11-10-2017 - 01:30 24-05-2005 - 04:00
CVE-2005-1228 5.0
Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.
11-10-2017 - 01:30 02-05-2005 - 04:00
CVE-2005-1194 4.6
Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287.
11-10-2017 - 01:30 04-05-2005 - 04:00
CVE-2005-1111 3.7
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
11-10-2017 - 01:30 02-05-2005 - 04:00
CVE-2005-1038 2.1
crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2
11-10-2017 - 01:30 02-05-2005 - 04:00
CVE-2005-0988 3.7
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip af
11-10-2017 - 01:30 02-05-2005 - 04:00
CVE-2005-0469 7.5
Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands.
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2005-0468 7.5
Heap-based buffer overflow in the env_opt_add function in telnet.c for various BSD-based Telnet clients allows remote attackers to execute arbitrary code via responses that contain a large number of characters that require escaping, which consumers m
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2005-0256 5.0
The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir com
11-10-2017 - 01:29 02-05-2005 - 04:00
CVE-2005-0085 6.8
Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.
11-10-2017 - 01:29 27-04-2005 - 04:00
CVE-2004-1834 2.1
mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
11-10-2017 - 01:29 20-03-2004 - 05:00
CVE-2004-1392 5.0
PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function.
11-10-2017 - 01:29 31-12-2004 - 05:00
CVE-2004-1177 4.3
Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page.
11-10-2017 - 01:29 10-01-2005 - 05:00
CVE-2004-0976 2.1
Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
11-10-2017 - 01:29 09-02-2005 - 05:00
CVE-2004-0975 2.1
The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
11-10-2017 - 01:29 09-02-2005 - 05:00
CVE-2004-0971 2.1
The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
11-10-2017 - 01:29 09-02-2005 - 05:00
CVE-2004-0967 7.2
The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary fi
11-10-2017 - 01:29 09-02-2005 - 05:00
CVE-2004-0942 5.0
Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
11-10-2017 - 01:29 09-02-2005 - 05:00
CVE-2004-0914 10.0
Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) m
11-10-2017 - 01:29 10-01-2005 - 05:00
CVE-2004-0885 7.5
The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host config
11-10-2017 - 01:29 03-11-2004 - 05:00
CVE-2004-0809 5.0
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
11-10-2017 - 01:29 16-09-2004 - 04:00
CVE-2004-0806 7.2
cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges.
11-10-2017 - 01:29 31-12-2004 - 05:00
CVE-2004-0786 5.0
The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
11-10-2017 - 01:29 20-10-2004 - 04:00
CVE-2004-0751 5.0
The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
11-10-2017 - 01:29 20-10-2004 - 04:00
CVE-2004-0747 4.6
Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
11-10-2017 - 01:29 20-10-2004 - 04:00
CVE-2004-0493 6.4
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header
11-10-2017 - 01:29 06-08-2004 - 04:00
CVE-2004-0492 10.0
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes
11-10-2017 - 01:29 06-08-2004 - 04:00
CVE-2004-0488 7.5
Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subje
11-10-2017 - 01:29 07-07-2004 - 04:00
CVE-2004-0175 4.3
Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.
11-10-2017 - 01:29 18-08-2004 - 04:00
CVE-2004-0174 5.0
Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listeni
11-10-2017 - 01:29 04-05-2004 - 04:00
CVE-2003-0987 7.5
mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
11-10-2017 - 01:29 03-03-2004 - 05:00
CVE-2003-0427 7.5
Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to execute arbitrary code via an archive file that contains a file with a long filename.
11-10-2017 - 01:29 24-07-2003 - 04:00
CVE-2003-0254 5.0
Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
11-10-2017 - 01:29 18-08-2003 - 04:00
CVE-2003-0253 5.0
The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
11-10-2017 - 01:29 18-08-2003 - 04:00
CVE-2003-0132 5.0
A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
11-10-2017 - 01:29 11-04-2003 - 04:00
CVE-2003-0083 5.0
Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities relate
11-10-2017 - 01:29 02-04-2003 - 05:00
CVE-2004-0113 5.0
Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
10-10-2017 - 01:30 29-03-2004 - 05:00
CVE-2003-0993 7.5
mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
10-10-2017 - 01:30 29-03-2004 - 05:00
CVE-2003-0020 5.0
Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
10-10-2017 - 01:30 18-03-2003 - 05:00
CVE-2003-0016 7.5
Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
10-10-2017 - 01:30 07-02-2003 - 05:00
CVE-2002-1156 5.0
Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
10-10-2017 - 01:30 11-10-2002 - 04:00
CVE-2002-0840 6.8
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web pag
10-10-2017 - 01:30 11-10-2002 - 04:00
CVE-2002-0004 7.2
Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.
10-10-2017 - 01:30 27-02-2002 - 05:00
CVE-2001-0731 5.0
Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
10-10-2017 - 01:29 01-10-2001 - 04:00
CVE-2001-0730 5.0
split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
10-10-2017 - 01:29 30-10-2001 - 05:00
CVE-2000-0913 5.0
mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
10-10-2017 - 01:29 19-12-2000 - 05:00
CVE-2000-0505 5.0
The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
10-10-2017 - 01:29 31-05-2000 - 04:00
CVE-2009-1232 4.3
Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0
29-09-2017 - 01:34 02-04-2009 - 17:30
CVE-2008-2841 6.8
Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI.
29-09-2017 - 01:31 24-06-2008 - 19:41
CVE-2008-1802 9.3
Buffer overflow in the process_redirect_pdu (rdp.c) function in rdesktop 1.5.0 allows remote attackers to execute arbitrary code via a Remote Desktop Protocol (RDP) redirect request with modified length fields.
29-09-2017 - 01:30 12-05-2008 - 16:20
CVE-2008-1678 5.0
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client hand
29-09-2017 - 01:30 10-07-2008 - 17:41
CVE-2008-0352 7.8
The Linux kernel 2.6.20 through 2.6.21.1 allows remote attackers to cause a denial of service (panic) via a certain IPv6 packet, possibly involving the Jumbo Payload hop-by-hop option (jumbogram).
29-09-2017 - 01:30 18-01-2008 - 00:00
CVE-2008-0053 10.0
Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file.
29-09-2017 - 01:30 18-03-2008 - 23:44
CVE-2007-6283 4.9
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.
29-09-2017 - 01:29 18-12-2007 - 01:46
CVE-2007-5901 6.9
Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code. Information from Apple
29-09-2017 - 01:29 06-12-2007 - 02:46
CVE-2007-5730 6.6
Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. NOTE: some sources have used
29-09-2017 - 01:29 30-10-2007 - 22:46
CVE-2007-5653 9.3
The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill b
29-09-2017 - 01:29 23-10-2007 - 21:47
CVE-2007-5237 7.1
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka "two vulne
29-09-2017 - 01:29 06-10-2007 - 00:17
CVE-2007-5137 6.8
Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) 8.4.13 through 8.4.15 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first. NOTE: this
29-09-2017 - 01:29 28-09-2007 - 21:17
CVE-2007-5081 9.3
Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a crafted RM file.
29-09-2017 - 01:29 31-10-2007 - 17:46
CVE-2007-4584 10.0
Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable.
29-09-2017 - 01:29 29-08-2007 - 01:17
CVE-2007-4571 2.1
The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memor
29-09-2017 - 01:29 26-09-2007 - 10:17
CVE-2007-4507 6.8
Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getuserg
29-09-2017 - 01:29 23-08-2007 - 19:17
CVE-2007-4476 7.5
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
29-09-2017 - 01:29 05-09-2007 - 01:17
CVE-2007-4211 6.0
The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
29-09-2017 - 01:29 08-08-2007 - 02:17
CVE-2007-4133 4.7
The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE units, which allows local users to cause a
29-09-2017 - 01:29 04-10-2007 - 23:17
CVE-2007-4045 5.0
The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of s
29-09-2017 - 01:29 27-07-2007 - 22:30
CVE-2007-3919 6.0
(1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm.
29-09-2017 - 01:29 28-10-2007 - 17:08
CVE-2007-3843 4.3
The Linux kernel before 2.6.23-rc1 checks the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing
29-09-2017 - 01:29 09-08-2007 - 21:17
CVE-2007-3806 6.8
The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platform
29-09-2017 - 01:29 17-07-2007 - 00:30
CVE-2007-3790 5.8
The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument.
29-09-2017 - 01:29 15-07-2007 - 23:30
CVE-2007-3740 4.4
The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges.
29-09-2017 - 01:29 14-09-2007 - 01:17
CVE-2007-3739 4.7
mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not prevent stack expansion from entering into reserved kernel page memory, which allows local users to cause a denial of service (OOPS) via unspecified vectors.
29-09-2017 - 01:29 14-09-2007 - 01:17
CVE-2007-3513 4.9
The lcd_write function in drivers/usb/misc/usblcd.c in the Linux kernel before 2.6.22-rc7 does not limit the amount of memory used by a caller, which allows local users to cause a denial of service (memory consumption).
29-09-2017 - 01:29 03-07-2007 - 10:30
CVE-2009-4020 7.8
Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c.
19-09-2017 - 01:29 04-12-2009 - 21:30
CVE-2009-3026 5.0
protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect t
19-09-2017 - 01:29 31-08-2009 - 20:30
CVE-2009-2849 4.7
The md driver (drivers/md/md.c) in the Linux kernel before 2.6.30.2 might allow local users to cause a denial of service (NULL pointer dereference) via vectors related to "suspend_* sysfs attributes" and the (1) suspend_lo_store or (2) suspend_hi_sto
19-09-2017 - 01:29 18-08-2009 - 21:00
CVE-2009-3627 4.3
The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 charac
17-08-2017 - 01:31 29-10-2009 - 14:30
CVE-2009-2846 7.8
The eisa_eeprom_read function in the parisc isa-eeprom component (drivers/parisc/eisa_eeprom.c) in the Linux kernel before 2.6.31-rc6 allows local users to access restricted memory via a negative ppos argument, which bypasses a check that assumes tha
17-08-2017 - 01:30 18-08-2009 - 21:00
CVE-2009-2768 7.2
The load_flat_shared_library function in fs/binfmt_flat.c in the flat subsystem in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impac
17-08-2017 - 01:30 14-08-2009 - 15:16
CVE-2009-2767 7.2
The init_posix_timers function in kernel/posix-timers.c in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (OOPS) or possibly gain privileges via a CLOCK_MONOTONIC_RAW clock_nanosleep call that triggers a NULL point
17-08-2017 - 01:30 14-08-2009 - 15:16
CVE-2009-2691 2.1
The mm_for_maps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier allows local users to read (1) maps and (2) smaps files under proc/ via vectors related to ELF loading, a setuid process, and a race condition.
17-08-2017 - 01:30 14-08-2009 - 15:16
CVE-2009-2042 4.3
libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of s
17-08-2017 - 01:30 12-06-2009 - 20:30
CVE-2009-1892 5.0
dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service (daemon crash) via unspecified requests.
17-08-2017 - 01:30 17-07-2009 - 16:30
CVE-2009-1490 5.0
Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header.
17-08-2017 - 01:30 05-05-2009 - 19:30
CVE-2008-6107 4.9
The (1) sys32_mremap function in arch/sparc64/kernel/sys_sparc32.c, the (2) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c, and the (3) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in the Linux kernel before 2.6.25.4, o
08-08-2017 - 01:33 10-02-2009 - 22:00
CVE-2008-3350 5.0
dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an "unknown client," a different vul
08-08-2017 - 01:31 28-07-2008 - 17:41
CVE-2008-3247 7.2
The LDT implementation in the Linux kernel 2.6.25.x before 2.6.25.11 on x86_64 platforms uses an incorrect size for ldt_desc, which allows local users to cause a denial of service (system crash) or possibly gain privileges via unspecified vectors.
08-08-2017 - 01:31 24-07-2008 - 15:41
CVE-2008-3214 7.8
dnsmasq 2.25 allows remote attackers to cause a denial of service (daemon crash) by (1) renewing a nonexistent lease or (2) sending a DHCPREQUEST for an IP address that is not in the same network, related to the DHCP NAK response from the daemon.
08-08-2017 - 01:31 18-07-2008 - 16:41
CVE-2008-3134 5.0
Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6)
08-08-2017 - 01:31 10-07-2008 - 23:41
CVE-2008-3067 2.1
sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when password entry times out, which might allow local users to obtain a password by reading stdin from the parent process after a sudo child process exits.
08-08-2017 - 01:31 07-07-2008 - 23:41
CVE-2008-2827 4.6
The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-04
08-08-2017 - 01:31 23-06-2008 - 19:41
CVE-2008-2420 6.8
The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates.
08-08-2017 - 01:31 23-05-2008 - 15:32
CVE-2008-2363 9.3
The PartsBatch class in Pan 0.132 and earlier does not properly manage the data structures for Parts batches, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .nzb file t
08-08-2017 - 01:30 02-06-2008 - 21:30
CVE-2008-2310 6.8
Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code.
08-08-2017 - 01:30 01-07-2008 - 18:41
CVE-2008-1628 4.1
Stack-based buffer overflow in the audit_log_user_command function in lib/audit_logging.c in Linux Audit before 1.7 might allow remote attackers to execute arbitrary code via a long command argument. NOTE: some of these details are obtained from thir
08-08-2017 - 01:30 02-04-2008 - 17:44
CVE-2008-1530 9.3
GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user
08-08-2017 - 01:30 27-03-2008 - 23:44
CVE-2008-1033 2.1
The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environmen
08-08-2017 - 01:29 02-06-2008 - 21:30
CVE-2008-0992 5.8
Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value.
08-08-2017 - 01:29 18-03-2008 - 23:44
CVE-2008-0891 4.3
Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from
08-08-2017 - 01:29 29-05-2008 - 16:32
CVE-2008-0883 3.7
acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.
08-08-2017 - 01:29 06-03-2008 - 00:44
CVE-2008-0495 7.8
Unspecified vulnerability in the Pegasus CIM Server in IBM Hardware Management Console (HMC) 7 R3.2.0 allows remote attackers to cause a denial of service via unspecified vectors.
08-08-2017 - 01:29 30-01-2008 - 22:00
CVE-2008-0163 4.4
Linux kernel 2.6, when using vservers, allows local users to access resources of other vservers via a symlink attack in /proc.
08-08-2017 - 01:29 12-02-2008 - 21:00
CVE-2007-6209 4.6
Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
29-07-2017 - 01:34 04-12-2007 - 00:46
CVE-2007-5970 5.8
MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned tabl
29-07-2017 - 01:33 10-12-2007 - 19:46
CVE-2007-5963 4.7
Unspecified vulnerability in kdebase allows local users to cause a denial of service (KDM login inaccessible, or resource consumption) via unknown vectors.
29-07-2017 - 01:33 19-12-2007 - 23:46
CVE-2007-5795 6.3
The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify cri
29-07-2017 - 01:33 02-11-2007 - 22:46
CVE-2007-5729 6.6
The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" hea
29-07-2017 - 01:33 30-10-2007 - 22:46
CVE-2007-5601 9.3
Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers to execute arbitrary code via certain
29-07-2017 - 01:33 20-10-2007 - 20:17
CVE-2007-5502 6.4
The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechan
29-07-2017 - 01:33 01-12-2007 - 06:46
CVE-2007-5501 7.8
The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer
29-07-2017 - 01:33 15-11-2007 - 20:46
CVE-2007-5471 7.8
libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service (daemon exit) via a GSS-TSIG request. NOTE:
29-07-2017 - 01:33 16-10-2007 - 00:17
CVE-2007-5080 9.3
Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflo
29-07-2017 - 01:33 31-10-2007 - 17:46
CVE-2007-4826 3.5
bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debuggi
29-07-2017 - 01:33 12-09-2007 - 10:17
CVE-2007-4663 7.5
Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function.
29-07-2017 - 01:33 04-09-2007 - 22:17
CVE-2007-4659 7.5
The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors.
29-07-2017 - 01:33 04-09-2007 - 22:17
CVE-2007-4652 4.4
The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.
29-07-2017 - 01:33 04-09-2007 - 19:17
CVE-2007-4601 5.0
A regression error in tcp-wrappers 7.6.dbs-10 and 7.6.dbs-11 might allow remote attackers to bypass intended access restrictions when a service uses libwrap but does not specify server connection information.
29-07-2017 - 01:33 30-08-2007 - 22:17
CVE-2007-3728 5.0
Buffer overflow in lib/silcclient/client_notify.c of SILC Client and SILC Toolkit before 1.1.2 allows remote attackers to cause a denial of service via "NICK_CHANGE" notifications.
29-07-2017 - 01:32 12-07-2007 - 17:30
CVE-2007-3564 7.5
libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions.
29-07-2017 - 01:32 18-07-2007 - 17:30
CVE-2007-3375 6.8
Stack-based buffer overflow in Lhaca File Archiver before 1.21 allows user-assisted remote attackers to execute arbitrary code via a crafted LZH archive, as exploited by malware such as Trojan.Lhdropper.
29-07-2017 - 01:32 25-06-2007 - 20:30
CVE-2007-3144 6.4
Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attac
29-07-2017 - 01:32 11-06-2007 - 18:30
CVE-2007-3143 6.4
Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing atta
29-07-2017 - 01:32 11-06-2007 - 18:30
CVE-2007-2958 6.8
Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies.
29-07-2017 - 01:31 27-08-2007 - 17:17
CVE-2007-2893 7.2
Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operati
29-07-2017 - 01:31 30-05-2007 - 01:30
CVE-2007-2519 6.8
Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the
29-07-2017 - 01:31 22-05-2007 - 19:30
CVE-2007-2353 5.0
Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
29-07-2017 - 01:31 30-04-2007 - 22:19
CVE-2007-2243 5.0
OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a s
29-07-2017 - 01:31 25-04-2007 - 16:19
CVE-2007-1889 7.5
Integer signedness error in the _zend_mm_alloc_int function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP
29-07-2017 - 01:31 06-04-2007 - 01:19
CVE-2007-1824 5.1
Buffer overflow in the php_stream_filter_create function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service (application crash) via a php://filter/ URL that has a name ending in the '.' character.
29-07-2017 - 01:31 02-04-2007 - 23:19
CVE-2007-1741 6.2
Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE
29-07-2017 - 01:30 13-04-2007 - 16:19
CVE-2007-1649 7.8
PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed.
29-07-2017 - 01:30 24-03-2007 - 00:19
CVE-2007-1399 10.0
Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from
29-07-2017 - 01:30 10-03-2007 - 22:19
CVE-2007-1366 4.9
QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by "aam 0x0," which triggers a divide-by-zero error.
29-07-2017 - 01:30 02-05-2007 - 17:19
CVE-2007-1322 4.9
QEMU 0.8.2 allows local users to halt a virtual machine by executing the icebp instruction.
29-07-2017 - 01:30 02-05-2007 - 17:19
CVE-2007-1199 4.3
Adobe Reader and Acrobat Trial allow remote attackers to read arbitrary files via a file:// URI in a PDF document, as demonstrated with <</URI(file:///C:/)/S/URI>>, a different issue than CVE-2007-0045.
29-07-2017 - 01:30 02-03-2007 - 21:18
CVE-2007-0650 6.8
Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in teTeX might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename. NOTE: other overflows exist but might not be explo
29-07-2017 - 01:30 01-02-2007 - 19:28
CVE-2007-0248 5.0
The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop.
29-07-2017 - 01:30 16-01-2007 - 18:28
CVE-2007-0247 5.0
squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions.
29-07-2017 - 01:30 16-01-2007 - 18:28
CVE-2007-0240 4.3
Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request.
29-07-2017 - 01:30 22-03-2007 - 18:19
CVE-2007-0103 6.8
The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file wit
29-07-2017 - 01:29 09-01-2007 - 00:28
CVE-2007-0003 7.2
pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.
29-07-2017 - 01:29 23-01-2007 - 21:28
CVE-2006-7098 6.6
The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program
29-07-2017 - 01:29 03-03-2007 - 19:19
CVE-2006-6939 4.6
GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function.
29-07-2017 - 01:29 17-01-2007 - 00:28
CVE-2006-6332 7.5
Stack-based buffer overflow in net80211/ieee80211_wireless.c in MadWifi before 0.9.2.1 allows remote attackers to execute arbitrary code via unspecified vectors, related to the encode_ie and giwscan_cb functions.
29-07-2017 - 01:29 10-12-2006 - 11:28
CVE-2006-6105 4.3
Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog.
20-07-2017 - 01:34 15-12-2006 - 02:28
CVE-2006-5969 4.6
CRLF injection vulnerability in the evalFolderLine function in fvwm 2.5.18 and earlier allows local users to execute arbitrary commands via carriage returns in a directory name, which is not properly handled by fvwm-menu-directory, a variant of CVE-2
20-07-2017 - 01:34 17-11-2006 - 23:07
CVE-2006-5876 7.8
The soup_headers_parse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remote attackers to cause a denial of service (crash) via malformed HTTP headers, probably involving missing fields or values.
20-07-2017 - 01:34 16-01-2007 - 19:28
CVE-2006-5397 2.1
The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE envir
20-07-2017 - 01:33 03-11-2006 - 00:07
CVE-2006-4809 5.1
Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM image.
20-07-2017 - 01:33 07-11-2006 - 00:07
CVE-2006-4808 2.6
Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TGA image.
20-07-2017 - 01:33 07-11-2006 - 00:07
CVE-2006-4807 2.6
loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted TGA image that triggers an out-of-bounds memory read, a different issue than CVE-2006-4808.
20-07-2017 - 01:33 07-11-2006 - 00:07
CVE-2006-4806 5.1
Multiple integer overflows in imlib2 allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) ARGB (loader_argb.c), (2) PNG (loader_png.c), (3) LBM (loader_lbm.c), (4) JPEG (loade
20-07-2017 - 01:33 07-11-2006 - 00:07
CVE-2006-4513 5.1
Multiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file
20-07-2017 - 01:33 28-10-2006 - 00:07
CVE-2006-3672 2.6
KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0
20-07-2017 - 01:32 18-07-2006 - 15:47
CVE-2006-3486 2.1
** DISPUTED ** Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (app
20-07-2017 - 01:32 10-07-2006 - 21:05
CVE-2006-3174 2.6
Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter.
20-07-2017 - 01:32 23-06-2006 - 00:02
CVE-2006-3145 5.0
Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code when assembling the header, possibly related to an off-by-one error.
20-07-2017 - 01:32 22-06-2006 - 22:06
CVE-2006-3093 6.8
Multiple unspecified vulnerabilities in Adobe Acrobat Reader (acroread) before 7.0.8 have unknown impact and unknown vectors. This vulnerability is addressed in the following product release: Adobe, Acrobat Reader, 7.0.8
20-07-2017 - 01:32 19-06-2006 - 21:02
CVE-2006-3011 4.6
The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode.
20-07-2017 - 01:31 26-06-2006 - 21:05
CVE-2006-3005 5.0
The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted JPEG file that exceeds the intended me
20-07-2017 - 01:31 13-06-2006 - 10:02
CVE-2006-2563 2.1
The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters.
20-07-2017 - 01:31 29-05-2006 - 16:02
CVE-2006-2502 5.1
Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
20-07-2017 - 01:31 22-05-2006 - 16:06
CVE-2006-2083 7.5
Integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow.
20-07-2017 - 01:31 28-04-2006 - 21:02
CVE-2006-2073 5.0
Unspecified vulnerability in ISC BIND allows remote attackers to cause a denial of service via a crafted DNS message with a "broken" TSIG, as demonstrated by the OUSPG PROTOS DNS test suite.
20-07-2017 - 01:31 27-04-2006 - 22:02
CVE-2006-1251 5.0
Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provide
20-07-2017 - 01:30 19-03-2006 - 01:02
CVE-2006-1095 7.2
Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
20-07-2017 - 01:30 09-03-2006 - 13:06
CVE-2006-0883 5.0
OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting mu
20-07-2017 - 01:30 07-03-2006 - 02:02
CVE-2006-0743 5.0
Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
20-07-2017 - 01:30 09-03-2006 - 20:02
CVE-2006-0730 5.0
Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (
20-07-2017 - 01:30 16-02-2006 - 11:02
CVE-2006-0405 5.0
The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations
20-07-2017 - 01:29 25-01-2006 - 02:03
CVE-2006-0043 4.6
Buffer overflow in the realpath function in nfs-server rpc.mountd, as used in SUSE Linux 9.1 through 10.0, allows local users to execute arbitrary code via unspecified vectors involving mount requests and symlinks.
20-07-2017 - 01:29 31-01-2006 - 02:03
CVE-2005-4808 7.6
Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file. This vulnerability is addressed in
20-07-2017 - 01:29 31-12-2005 - 05:00
CVE-2005-4158 4.6
Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that
20-07-2017 - 01:29 11-12-2005 - 02:03
CVE-2005-1544 7.5
Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag.
11-07-2017 - 01:32 14-05-2005 - 04:00
CVE-2005-1229 4.6
Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file.
11-07-2017 - 01:32 02-05-2005 - 04:00
CVE-2005-0373 7.5
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.
11-07-2017 - 01:32 07-10-2004 - 04:00
CVE-2004-2343 7.2
** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this i
11-07-2017 - 01:31 31-12-2004 - 05:00
CVE-2004-2300 7.2
Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed setuid root, allows local users to execute arbitrary code via a long -p command line argument. NOTE: it is not clear whether there are any standard configurations in which snmpd
11-07-2017 - 01:31 31-12-2004 - 05:00
CVE-2004-1808 2.1
Extcompose in metamail does not verify the output file before writing to it, which allows local users to overwrite arbitrary files via a symlink attack.
11-07-2017 - 01:31 31-12-2004 - 05:00
CVE-2004-1717 7.5
Multiple buffer overflows in the psscan function in ps.c for gv (ghostview) allow remote attackers to execute arbitrary code via a Postscript file with a long (1) BoundingBox, (2) comment, (3) Orientation, (4) PageOrder, or (5) Pages value.
11-07-2017 - 01:31 16-08-2004 - 04:00
CVE-2004-1377 2.1
The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
11-07-2017 - 01:30 27-12-2004 - 05:00
CVE-2004-1296 2.1
The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
11-07-2017 - 01:30 31-12-2004 - 05:00
CVE-2004-1051 7.2
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.
11-07-2017 - 01:30 01-03-2005 - 05:00
CVE-2004-1002 5.0
Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote attackers to cause a denial of service (daemon crash) via a CBCP packet with an invalid length value that causes pppd to access an incorrect memory location.
11-07-2017 - 01:30 01-03-2005 - 05:00
CVE-2004-0996 2.1
main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
11-07-2017 - 01:30 10-01-2005 - 05:00
CVE-2004-0940 6.9
Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
11-07-2017 - 01:30 09-02-2005 - 05:00
CVE-2004-0829 5.0
smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service (daemon crash) by sending a FindNextPrintChangeNotify request without a previous FindFirstPrintChangeNotify, as demonstrated by the SMB client in Windows XP SP2.
11-07-2017 - 01:30 31-12-2004 - 05:00
CVE-2004-0811 7.5
Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
11-07-2017 - 01:30 31-12-2004 - 05:00
CVE-2004-0603 10.0
gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1
11-07-2017 - 01:30 06-12-2004 - 05:00
CVE-2003-0789 10.0
mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
11-07-2017 - 01:29 03-11-2003 - 05:00
CVE-2003-0618 2.1
Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local user to obtain sensitive information about files for which the user does not have appropriate permissions.
11-07-2017 - 01:29 04-05-2004 - 04:00
CVE-2003-0245 5.0
Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrate
11-07-2017 - 01:29 09-06-2003 - 04:00
CVE-2003-0189 5.0
The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid u
11-07-2017 - 01:29 09-06-2003 - 04:00
CVE-2002-1650 7.5
The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter.
11-07-2017 - 01:29 31-12-2002 - 05:00
CVE-2002-1649 4.3
Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag.
11-07-2017 - 01:29 31-12-2002 - 05:00
CVE-2002-1648 7.5
Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters.
11-07-2017 - 01:29 31-12-2002 - 05:00
CVE-2002-1642 7.2
PostgreSQL 7.2.1 and 7.2.2 allows local users to delete transaction log (pg_clog) data and cause a denial of service (data loss) via the VACUUM command.
11-07-2017 - 01:29 03-10-2002 - 04:00
CVE-2002-1593 5.0
mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module. The ven
11-07-2017 - 01:29 25-09-2002 - 04:00
CVE-2000-1205 4.3
Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error
11-07-2017 - 01:29 01-02-2000 - 05:00
CVE-2005-2991 2.1
ncompress 4.2.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files using (1) zdiff or (2) zcmp, a different vulnerability than CVE-2004-0970.
18-10-2016 - 03:32 20-09-2005 - 20:03
CVE-2005-2541 10.0
Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
18-10-2016 - 03:28 10-08-2005 - 04:00
CVE-2005-1753 5.0
** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache disput
18-10-2016 - 03:22 31-12-2005 - 05:00
CVE-2005-0602 6.2
Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges.
18-10-2016 - 03:12 02-05-2005 - 04:00
CVE-2003-0134 5.0
Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
18-10-2016 - 02:29 11-04-2003 - 04:00
CVE-2003-0017 5.0
Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
18-10-2016 - 02:28 07-02-2003 - 05:00
CVE-2002-1850 5.0
mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock b
18-10-2016 - 02:27 31-12-2002 - 05:00
CVE-2002-0843 7.5
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
18-10-2016 - 02:22 11-10-2002 - 04:00
CVE-2002-0839 7.2
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that
18-10-2016 - 02:22 11-10-2002 - 04:00
CVE-2002-0661 7.5
Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
18-10-2016 - 02:21 12-08-2002 - 04:00
CVE-2002-0654 5.0
Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that o
18-10-2016 - 02:21 05-09-2002 - 04:00
CVE-2002-0639 10.0
Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.
18-10-2016 - 02:20 03-07-2002 - 04:00
CVE-2002-0061 7.5
Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the
18-10-2016 - 02:15 21-03-2002 - 05:00
CVE-2001-1342 5.0
Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a n
18-10-2016 - 02:14 12-05-2001 - 04:00
CVE-1999-1199 10.0
Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
18-10-2016 - 02:02 07-08-1998 - 04:00
CVE-2007-1862 5.0
The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentiall
11-10-2013 - 02:33 04-06-2007 - 23:30
CVE-2008-3196 7.8
skeleton.c in yacc does not properly handle reduction of a rule with an empty right hand side, which allows context-dependent attackers to cause an out-of-bounds stack access when the yacc stack pointer points to the end of the stack.
27-11-2012 - 03:48 16-07-2008 - 18:41
CVE-2007-2448 2.1
Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via
06-11-2012 - 03:38 14-06-2007 - 23:30
CVE-2007-3642 7.8
The decode_choice function in net/netfilter/nf_conntrack_h323_asn1.c in the Linux kernel before 2.6.20.15, 2.6.21.x before 2.6.21.6, and before 2.6.22 allows remote attackers to cause a denial of service (crash) via an encoded, out-of-range index val
31-10-2012 - 02:39 10-07-2007 - 01:30
CVE-2001-0729 5.0
Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
23-10-2012 - 01:11 30-10-2001 - 05:00
CVE-2009-4131 7.2
The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel before 2.6.32-git6 allows local users to overwrite arbitrary files via a crafted request, related to insufficient checks for file permissions.
19-03-2012 - 04:00 13-12-2009 - 01:30
CVE-2009-3234 4.9
Buffer overflow in the perf_copy_attr function in kernel/perf_counter.c in the Linux kernel 2.6.31-rc1 allows local users to cause a denial of service (crash) and execute arbitrary code via a "big size data" to the perf_counter_open system call.
19-03-2012 - 04:00 17-09-2009 - 10:30
CVE-2009-2844 7.8
cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and other versions before 2.6.31-rc6 allows remote attackers to cause a denial of service (crash) via a sequence of beacon frames in which one frame omits an SSID Information Element (IE)
19-03-2012 - 04:00 18-08-2009 - 21:00
CVE-2006-4572 7.5
ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows remote attackers to (1) bypass a rule that disallows a protocol, via a packet with the protocol header not located immediately after the fragment header, aka "ip6_tables protocol byp
19-03-2012 - 04:00 07-11-2006 - 00:07
CVE-2006-6297 5.0
Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics 3, as used by konqueror, digikam, and other KDE image browsers, allows remote attackers to cause a denial of service (stack consumption) via a crafted EXIF section i
04-08-2011 - 04:00 05-12-2006 - 11:28
CVE-2005-4807 7.5
Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code.
02-08-2011 - 04:00 31-12-2005 - 05:00
CVE-2007-1461 7.8
The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended direct
13-07-2011 - 04:00 14-03-2007 - 18:19
CVE-2007-1460 5.0
The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories.
24-05-2011 - 04:00 14-03-2007 - 18:19
CVE-2006-4434 5.0
Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the sev
10-03-2011 - 05:00 29-08-2006 - 00:04
CVE-2007-6313 6.5
MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements.
08-03-2011 - 03:02 18-02-2008 - 23:00
CVE-2007-5965 4.3
QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly verify SSL certificates, which might make it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service, or trick a service into acce
08-03-2011 - 03:01 08-01-2008 - 01:46
CVE-2007-5797 7.5
SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
08-03-2011 - 03:01 03-11-2007 - 00:46
CVE-2007-5377 6.9
The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
08-03-2011 - 03:00 12-10-2007 - 00:17
CVE-2007-5087 4.9
The ATM module in the Linux kernel before 2.4.35.3, when CLIP support is enabled, allows local users to cause a denial of service (kernel panic) by reading /proc/net/atm/arp before the CLIP module has been loaded.
08-03-2011 - 03:00 26-09-2007 - 10:17
CVE-2007-5007 6.8
Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command.
08-03-2011 - 02:59 12-12-2007 - 22:10
CVE-2007-1522 6.8
Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which call
08-03-2011 - 02:52 20-03-2007 - 20:19
CVE-2007-1521 6.8
Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a
08-03-2011 - 02:52 20-03-2007 - 20:19
CVE-2007-1287 4.3
A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as origina
08-03-2011 - 02:51 06-03-2007 - 20:19
CVE-2007-0157 7.8
Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a bu
08-03-2011 - 02:48 09-01-2007 - 21:28
CVE-2006-6698 1.9
The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files under directories with names based on the username, even when GCONF_GLOBAL_LOCKS is not set, which allows local users to cause a denial of service by creating the directories ahead of
08-03-2011 - 02:46 22-12-2006 - 18:28
CVE-2006-6660 4.3
The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag.
08-03-2011 - 02:46 20-12-2006 - 23:28
CVE-2006-6493 5.1
Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerberos.c in OpenLDAP 2.4.3 and earlier, when OpenLDAP is compiled with the --enable-kbind (Kerberos KBIND) option, allows remote attackers to execute arbitrary code via an LDAP bind r
08-03-2011 - 02:46 13-12-2006 - 00:28
CVE-2006-4447 7.2
X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those ca
08-03-2011 - 02:40 30-08-2006 - 01:04
CVE-2005-3582 7.2
ImageMagick before 6.2.4.2-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime.
08-03-2011 - 02:26 16-11-2005 - 07:42
CVE-2005-3258 5.0
The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain "odd" responses.
08-03-2011 - 02:26 20-10-2005 - 10:02
CVE-2005-1730 9.3
Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted packets, as demonstrated by "OpenSSL ASN.1 brute forcer." NOTE: this
08-03-2011 - 02:22 31-12-2005 - 05:00
CVE-2002-0392 7.5
Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
08-03-2011 - 02:08 03-07-2002 - 04:00
CVE-2007-5708 7.1
slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from being initialized properly and might allow attackers
07-03-2011 - 05:00 30-10-2007 - 19:46
CVE-2007-0822 1.9
umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed
15-09-2010 - 05:43 07-02-2007 - 20:28
CVE-2006-5749 1.7
The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c in the Linux 2.4 kernel before 2.4.34-rc4 does not call the init_timer function for the ISDN PPP CCP reset state timer, which has unknown attack vectors and results in a system cr
15-09-2010 - 05:30 31-12-2006 - 05:00
CVE-2006-3018 7.5
Unspecified vulnerability in the session extension functionality in PHP before 5.1.3 has unknown impact and attack vectors related to heap corruption.
15-09-2010 - 04:54 14-06-2006 - 23:02
CVE-2007-5972 9.0
Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master ke
27-05-2010 - 05:19 06-12-2007 - 02:46
CVE-2006-2789 2.6
Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-interne
02-04-2010 - 07:56 02-06-2006 - 22:02
CVE-2006-2194 7.2
The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user
02-04-2010 - 07:43 05-07-2006 - 18:05
CVE-2005-4746 7.8
Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors "while expanding %t".
02-04-2010 - 06:30 31-12-2005 - 05:00
CVE-2005-4745 7.5
SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. The vendor released version 1.1.1 to address this issue.
02-04-2010 - 06:30 31-12-2005 - 05:00
CVE-2005-4636 4.6
OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings
12-11-2009 - 05:51 31-12-2005 - 05:00
CVE-2009-0653 7.5
OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970.
25-06-2009 - 04:00 20-02-2009 - 19:30
CVE-2009-1631 2.1
The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by
23-05-2009 - 05:31 14-05-2009 - 17:30
CVE-2009-0671 5.0
** REJECT ** Format string vulnerability in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit imap-2007d and other applications, allows remote attackers to execute arbitrary code via format string specifiers in the i
26-02-2009 - 07:08 22-02-2009 - 22:30
CVE-2007-3961 5.0
Off-by-one error in the fsp_readdir_r function in fsplib.c in fsplib before 0.9 allows remote attackers to cause a denial of service via a directory entry whose length is exactly MAXNAMELEN, which prevents a terminating null byte from being added. Ve
15-11-2008 - 06:54 25-07-2007 - 17:30
CVE-2007-3636 7.5
Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher.
15-11-2008 - 06:53 10-07-2007 - 00:30
CVE-2007-0823 1.9
xterm on Slackware Linux 10.2 stores information that had been displayed for a different user account using the same xterm process, which might allow local users to bypass file permissions and read other users' files, or obtain other sensitive inform
15-11-2008 - 06:42 07-02-2007 - 20:28
CVE-2007-3962 7.5
Multiple stack-based buffer overflows in fsplib.c in fsplib before 0.9 might allow remote attackers to execute arbitrary code via (1) a long filename that is not properly handled by the fsp_readdir_native function when MAXNAMLEN is greater than 255,
15-11-2008 - 05:00 25-07-2007 - 17:30
CVE-2007-3635 4.3
Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before 2.1 for Squirrelmail might allow "local authenticated users" to inject certain commands via unspecified vectors. NOTE: this might overlap CVE-2005-1924, CVE-2006-4169, or CVE-2007-
15-11-2008 - 05:00 10-07-2007 - 00:30
CVE-2007-3634 6.5
Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function,
15-11-2008 - 05:00 10-07-2007 - 00:30
CVE-2007-1742 3.7
suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated u
13-11-2008 - 06:36 13-04-2007 - 17:19
CVE-2007-2176 10.0
Unspecified vulnerability in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving Javascript errors. NOTE: this might be the same issue as CVE-2007-2175.
13-11-2008 - 05:00 24-04-2007 - 16:19
CVE-2007-4049 5.0
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2000-1205. Reason: This candidate is a duplicate of CVE-2000-1205. Notes: All CVE users should reference CVE-2000-1205 instead of this candidate. All references and descriptions in t
11-09-2008 - 00:57 30-07-2007 - 16:30
CVE-2007-4044 5.0
** REJECT ** The MS-RPC functionality in smbd in Samba 3 on SUSE Linux before 20070720 does not include "one character in the shell escape handling." NOTE: this issue was originally characterized as a shell metacharacter issue due to an incomplete
11-09-2008 - 00:57 27-07-2007 - 22:30
CVE-2007-0448 10.0
The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the s
11-09-2008 - 00:49 24-05-2007 - 18:30
CVE-2005-4835 7.1
The ath_rate_sample function in the ath_rate/sample/sample.c sample code in MadWifi before 0.9.3 allows remote attackers to cause a denial of service (failed KASSERT and system crash) by moving a connected system to a location with low signal strengt
10-09-2008 - 19:54 31-12-2005 - 05:00
CVE-2005-1344 7.5
Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to
10-09-2008 - 19:38 02-05-2005 - 04:00
CVE-2004-1880 5.0
Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier allows remote attackers to cause a denial of service (memory consumption).
10-09-2008 - 19:32 31-12-2004 - 05:00
CVE-2002-2061 7.5
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.
10-09-2008 - 19:16 31-12-2002 - 05:00
CVE-2001-1507 7.5
OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged.
10-09-2008 - 19:10 31-12-2001 - 05:00
CVE-2000-1206 5.0
Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
10-09-2008 - 19:06 20-08-1999 - 04:00
CVE-2007-6025 7.1
Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 and earlier allows remote attackers to cause a denial of service (crash) via crafted TSF data.
05-09-2008 - 21:32 19-11-2007 - 22:46
CVE-2007-5769 10.0
Double free vulnerability in the getreply function in ftp.c in netkit ftp (netkit-ftp) 0.17 20040614 and later allows remote FTP servers to cause a denial of service (application crash) and possibly have unspecified other impact via some types of FTP
05-09-2008 - 21:31 06-12-2007 - 15:46
CVE-2007-4849 4.4
JFFS2, as used on One Laptop Per Child (OLPC) build 542 and possibly other Linux systems, when POSIX ACL support is enabled, does not properly store permissions during (1) inode creation or (2) ACL setting, which might allow local users to access res
05-09-2008 - 21:29 12-09-2007 - 20:17
CVE-2007-2833 7.8
Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.
05-09-2008 - 21:24 21-06-2007 - 20:30
CVE-2007-2768 4.3
OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwor
05-09-2008 - 21:23 21-05-2007 - 20:30
CVE-2007-1743 4.4
suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the
05-09-2008 - 21:21 13-04-2007 - 17:19
CVE-2007-1565 7.8
Konqueror 3.5.5 allows remote attackers to cause a denial of service (crash) by using JavaScript to read a child iframe having an ftp:// URI.
05-09-2008 - 21:20 21-03-2007 - 19:19
CVE-2007-1454 4.3
ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML with a '<' character followed by
05-09-2008 - 21:20 14-03-2007 - 18:19
CVE-2007-1453 7.5
Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which causes
05-09-2008 - 21:20 14-03-2007 - 18:19
CVE-2007-1452 5.0
The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST.
05-09-2008 - 21:20 14-03-2007 - 18:19
CVE-2007-1381 7.6
The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10.2.13 in PHP 5, as modified in CVS on 20070224 and fixed on 20070304, calls strlcpy where strlcat was intended and uses improper arguments, which allows context-dependent attackers
05-09-2008 - 21:20 10-03-2007 - 00:19
CVE-2006-7205 5.0
The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service (memory consumption) via a large num value.
05-09-2008 - 21:16 24-05-2007 - 02:30
CVE-2006-7204 2.1
The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents. The vendor has addressed this issue with the following product updat
05-09-2008 - 21:16 22-05-2007 - 19:30
CVE-2006-7175 7.5
The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired.
05-09-2008 - 21:16 27-03-2007 - 23:19
CVE-2006-5649 4.6
Unspecified vulnerability in the "alignment check exception handling" in Ubuntu 5.10, 6.06 LTS, and 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (kernel panic) via unspecified vectors.
05-09-2008 - 21:12 14-12-2006 - 00:28
CVE-2006-3742 10.0
The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a password by attempting to log in multiple times.
05-09-2008 - 21:07 06-09-2006 - 20:04
CVE-2006-3378 7.2
passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or
05-09-2008 - 21:06 06-07-2006 - 20:05
CVE-2005-4784 5.6
Multiple buffer overflows in the POSIX readdir_r function, as used in multiple packages, allow local users to cause a denial of service and possibly execute arbitrary code via (1) a symlink attack that exploits a race condition between opendir and pa
05-09-2008 - 20:57 31-12-2005 - 05:00
CVE-2005-4442 7.2
Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.
05-09-2008 - 20:56 21-12-2005 - 02:03
CVE-2005-2642 7.5
Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt 1.5.10 allows remote attackers to execute arbitrary code, possibly due to interactions with libiconv or gettext.
05-09-2008 - 20:52 23-08-2005 - 04:00
CVE-2005-2547 7.5
security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper.
05-09-2008 - 20:52 12-08-2005 - 04:00
CVE-2005-1306 5.0
The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to determine the existence of files via Javascript containing XML script, aka the "XML External Entity vulnerability."
05-09-2008 - 20:48 15-06-2005 - 04:00
CVE-2005-1119 2.1
Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files.
05-09-2008 - 20:48 02-05-2005 - 04:00
CVE-2004-2731 4.4
Multiple integer overflows in Sbus PROM driver (drivers/sbus/char/openprom.c) for the Linux kernel 2.4.x up to 2.4.27, 2.6.x up to 2.6.7, and possibly later versions, allow local users to execute arbitrary code by specifying (1) a small buffer size t
05-09-2008 - 20:44 31-12-2004 - 05:00
CVE-2004-2654 5.0
The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory
05-09-2008 - 20:44 31-12-2004 - 05:00
CVE-2003-1308 4.6
CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via carriage returns in a filename.
05-09-2008 - 20:36 31-12-2003 - 05:00
CVE-2003-1138 5.0
The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double s
05-09-2008 - 20:36 27-10-2003 - 05:00
CVE-2003-0885 6.4
Xscreensaver 4.14 contains certain debugging code that should have been omitted, which causes Xscreensaver to create temporary files insecurely in the (1) apple2, (2) xanalogtv, and (3) pong screensavers, and allows local users to overwrite arbitrary
05-09-2008 - 20:35 31-12-2003 - 05:00
CVE-2003-0857 4.6
The (1) ipq_read and (2) ipulog_read functions in iptables allow local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.
05-09-2008 - 20:35 31-12-2003 - 05:00
CVE-2003-0460 5.0
The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
05-09-2008 - 20:34 27-08-2003 - 04:00
CVE-2002-2210 6.2
The installation of OpenOffice 1.0.1 allows local users to overwrite files and possibly gain privileges via a symlink attack on the USERNAME_autoresponse.conf temporary file.
05-09-2008 - 20:32 31-12-2002 - 05:00
CVE-2002-2204 7.5
The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote attackers to make it appear that a malicious package comes from a trusted source. A large deg
05-09-2008 - 20:32 31-12-2002 - 05:00
CVE-2002-2196 7.5
Samba before 2.2.5 does not properly terminate the enum_csc_policy data structure, which may allow remote attackers to execute arbitrary code via a buffer overflow attack.
05-09-2008 - 20:32 31-12-2002 - 05:00
CVE-2002-2103 5.0
Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
05-09-2008 - 20:32 31-12-2002 - 05:00
CVE-2002-2043 7.5
SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password.
05-09-2008 - 20:32 31-12-2002 - 05:00
CVE-2002-2013 5.0
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
05-09-2008 - 20:32 31-12-2002 - 05:00
CVE-2002-1903 5.0
Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information.
05-09-2008 - 20:31 31-12-2002 - 05:00
CVE-2002-0510 5.0
The UDP implementation in Linux 2.4.x kernels keeps the IP Identification field at 0 for all non-fragmented packets, which could allow remote attackers to determine that a target system is running Linux.
05-09-2008 - 20:28 12-08-2002 - 04:00
CVE-2002-0497 2.1
Buffer overflow in mtr 0.46 and earlier, when installed setuid root, allows local users to access a raw socket via a long MTR_OPTIONS environment variable.
05-09-2008 - 20:28 12-08-2002 - 04:00
CVE-2001-1556 5.0
The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX
05-09-2008 - 20:26 31-12-2001 - 05:00
CVE-2001-1534 2.1
mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these sess
05-09-2008 - 20:26 31-12-2001 - 05:00
CVE-2000-1204 5.0
Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
05-09-2008 - 20:22 13-10-2000 - 04:00
CVE-2007-1383 10.0
Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destroyed twice, a related issue to CVE-2007-1286.
05-09-2008 - 04:00 10-03-2007 - 00:19
CVE-2006-7221 5.0
Multiple off-by-one errors in fsplib.c in fsplib before 0.8 allow attackers to cause a denial of service via unspecified vectors involving the (1) name and (2) d_name entry attributes.
05-09-2008 - 04:00 25-07-2007 - 17:30
CVE-2007-4721 5.0
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6113. Reason: This candidate is a duplicate of CVE-2007-6113. Notes: All CVE users should reference CVE-2007-6113 instead of this candidate. All references and descriptions in t
11-02-2008 - 05:00 05-09-2007 - 19:17
Back to Top Mark selected
Back to Top