Total
18193 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2004-2214 | 1 Mbedthis | 1 Appweb Http Server | 2024-11-20 | 9.8 Critical |
Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to bypass access restrictions via a URI with mixed case characters. | ||||
CVE-2004-2154 | 3 Apple, Canonical, Redhat | 3 Cups, Ubuntu Linux, Enterprise Linux | 2024-11-20 | 9.8 Critical |
CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive. | ||||
CVE-2004-2061 | 1 Risearch | 2 Risearch, Risearch Pro | 2024-11-20 | 9.8 Critical |
RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a (1) http://, (2) ftp://, or (3) file:// URL. | ||||
CVE-2004-1363 | 1 Oracle | 7 Application Server, Collaboration Suite, Database Server and 4 more | 2024-11-20 | 9.8 Critical |
Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed. | ||||
CVE-2004-0772 | 4 Debian, Mit, Openpkg and 1 more | 4 Debian Linux, Kerberos 5, Openpkg and 1 more | 2024-11-20 | 9.8 Critical |
Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code. | ||||
CVE-2004-0434 | 2 Debian, Heimdal Project | 2 Debian Linux, Heimdal | 2024-11-20 | 9.8 Critical |
k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow. | ||||
CVE-2004-0285 | 3 Allmyguests Project, Allmylinks Project, Allmyvisitors Project | 3 Allmyguests, Allmylinks, Allmyvisitors | 2024-11-20 | 9.8 Critical |
PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMVconfig[cfg_serverpath] parameter. | ||||
CVE-2004-0030 | 1 Phpgedview | 1 Phpgedview | 2024-11-20 | 9.8 Critical |
PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains the code. | ||||
CVE-2004-0005 | 1 Gaim Project | 1 Gaim | 2024-11-20 | 9.8 Critical |
Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be written beyond the buffer, (2) octal encoding in yahoo_decode that causes a pointer to reference memory beyond the terminating null byte, (3) a quoted printable string to the gaim_quotedp_decode MIME decoder that causes a null byte to be written beyond the buffer, and (4) quoted printable encoding in gaim_quotedp_decode that causes a pointer to reference memory beyond the terminating null byte. | ||||
CVE-2003-1233 | 1 Pedestalsoftware | 1 Integrity Protection Driver | 2024-11-20 | 9.8 Critical |
Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \Device\PhysicalMemory or (2) to a drive letter using the subst command. | ||||
CVE-2003-0899 | 1 Acme | 1 Thttpd | 2024-11-20 | 9.8 Critical |
Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences. | ||||
CVE-2003-0791 | 2 Mozilla, Sco | 2 Mozilla, Openserver | 2024-11-20 | 9.8 Critical |
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed. | ||||
CVE-2003-0545 | 2 Openssl, Redhat | 2 Openssl, Linux | 2024-11-20 | 9.8 Critical |
Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding. | ||||
CVE-2003-0466 | 7 Apple, Freebsd, Netbsd and 4 more | 10 Mac Os X, Mac Os X Server, Freebsd and 7 more | 2024-11-20 | 9.8 Critical |
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. | ||||
CVE-2003-0356 | 2 Ethereal, Redhat | 3 Ethereal, Enterprise Linux, Linux | 2024-11-20 | 9.8 Critical |
Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions. | ||||
CVE-2003-0252 | 2 Linux-nfs, Redhat | 3 Nfs-utils, Enterprise Linux, Linux | 2024-11-20 | 9.8 Critical |
Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines. | ||||
CVE-2003-0174 | 1 Sgi | 1 Irix | 2024-11-20 | 9.8 Critical |
The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password. | ||||
CVE-2002-2444 | 1 Snoopy Project | 1 Snoopy | 2024-11-20 | 9.8 Critical |
Snoopy before 2.0.0 has a security hole in exec cURL | ||||
CVE-2002-2119 | 1 Novell | 1 Edirectory | 2024-11-20 | 9.8 Critical |
Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remote attackers to conduct brute force password guessing. | ||||
CVE-2002-1820 | 1 Ultimate Php Board Project | 1 Ultimate Php Board | 2024-11-20 | 9.8 Critical |
register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administrative account Admin with a capital "A," but allows a remote attacker to impersonate the administrator by registering an account name of admin with a lower case "a." |