Total 18193 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2004-2214 1 Mbedthis 1 Appweb Http Server 2024-11-20 9.8 Critical
Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to bypass access restrictions via a URI with mixed case characters.
CVE-2004-2154 3 Apple, Canonical, Redhat 3 Cups, Ubuntu Linux, Enterprise Linux 2024-11-20 9.8 Critical
CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive.
CVE-2004-2061 1 Risearch 2 Risearch, Risearch Pro 2024-11-20 9.8 Critical
RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a (1) http://, (2) ftp://, or (3) file:// URL.
CVE-2004-1363 1 Oracle 7 Application Server, Collaboration Suite, Database Server and 4 more 2024-11-20 9.8 Critical
Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.
CVE-2004-0772 4 Debian, Mit, Openpkg and 1 more 4 Debian Linux, Kerberos 5, Openpkg and 1 more 2024-11-20 9.8 Critical
Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.
CVE-2004-0434 2 Debian, Heimdal Project 2 Debian Linux, Heimdal 2024-11-20 9.8 Critical
k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow.
CVE-2004-0285 3 Allmyguests Project, Allmylinks Project, Allmyvisitors Project 3 Allmyguests, Allmylinks, Allmyvisitors 2024-11-20 9.8 Critical
PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMVconfig[cfg_serverpath] parameter.
CVE-2004-0030 1 Phpgedview 1 Phpgedview 2024-11-20 9.8 Critical
PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains the code.
CVE-2004-0005 1 Gaim Project 1 Gaim 2024-11-20 9.8 Critical
Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be written beyond the buffer, (2) octal encoding in yahoo_decode that causes a pointer to reference memory beyond the terminating null byte, (3) a quoted printable string to the gaim_quotedp_decode MIME decoder that causes a null byte to be written beyond the buffer, and (4) quoted printable encoding in gaim_quotedp_decode that causes a pointer to reference memory beyond the terminating null byte.
CVE-2003-1233 1 Pedestalsoftware 1 Integrity Protection Driver 2024-11-20 9.8 Critical
Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \Device\PhysicalMemory or (2) to a drive letter using the subst command.
CVE-2003-0899 1 Acme 1 Thttpd 2024-11-20 9.8 Critical
Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "&lt;" and "&gt;" sequences.
CVE-2003-0791 2 Mozilla, Sco 2 Mozilla, Openserver 2024-11-20 9.8 Critical
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.
CVE-2003-0545 2 Openssl, Redhat 2 Openssl, Linux 2024-11-20 9.8 Critical
Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.
CVE-2003-0466 7 Apple, Freebsd, Netbsd and 4 more 10 Mac Os X, Mac Os X Server, Freebsd and 7 more 2024-11-20 9.8 Critical
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.
CVE-2003-0356 2 Ethereal, Redhat 3 Ethereal, Enterprise Linux, Linux 2024-11-20 9.8 Critical
Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions.
CVE-2003-0252 2 Linux-nfs, Redhat 3 Nfs-utils, Enterprise Linux, Linux 2024-11-20 9.8 Critical
Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines.
CVE-2003-0174 1 Sgi 1 Irix 2024-11-20 9.8 Critical
The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password.
CVE-2002-2444 1 Snoopy Project 1 Snoopy 2024-11-20 9.8 Critical
Snoopy before 2.0.0 has a security hole in exec cURL
CVE-2002-2119 1 Novell 1 Edirectory 2024-11-20 9.8 Critical
Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remote attackers to conduct brute force password guessing.
CVE-2002-1820 1 Ultimate Php Board Project 1 Ultimate Php Board 2024-11-20 9.8 Critical
register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administrative account Admin with a capital "A," but allows a remote attacker to impersonate the administrator by registering an account name of admin with a lower case "a."