Total
311 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2003-1449 | 1 Aladdin Knowledge Systems | 1 Esafe Gateway | 2024-08-08 | N/A |
| Aladdin Knowlege Systems eSafe Gateway 3.5.126.0 does not check the entire stream of Content Vectoring Protocol (CVP) data, which allows remote attackers to bypass virus protection. | ||||
| CVE-2003-1452 | 1 Qualcomm | 1 Qpopper | 2024-08-08 | N/A |
| Untrusted search path vulnerability in Qualcomm qpopper 4.0 through 4.05 allows local users to execute arbitrary code by modifying the PATH environment variable to reference a malicious smbpasswd program. | ||||
| CVE-2003-1457 | 1 Auerswald | 1 Comsuite Cti Controlcenter | 2024-08-08 | N/A |
| Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositron" user account with an easily guessable password, which allows local users or remote attackers to gain access. | ||||
| CVE-2003-1422 | 1 Gentoo | 1 Syslinux | 2024-08-08 | N/A |
| Multiple unspecified vulnerabilities in the installer for SYSLINUX 2.01, when running setuid root, allow local users to gain privileges via unknown vectors. | ||||
| CVE-2003-1357 | 2 Microsoft, Replicom | 2 Windows Nt, Proxyview | 2024-08-08 | N/A |
| ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access. | ||||
| CVE-2003-1367 | 1 Great Circle Associates | 1 Majordomo | 2024-08-08 | N/A |
| The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to "open" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a "which" command. | ||||
| CVE-2003-1341 | 1 Trend Micro | 2 Officescan, Virus Buster | 2024-08-08 | N/A |
| The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe. | ||||
| CVE-2003-1362 | 1 Hp | 2 Bastille, Hp-ux | 2024-08-08 | N/A |
| Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configure the (1) NOVRFY and (2) NOEXPN options in the sendmail.cf file, which could allow remote attackers to verify the existence of system users and expand defined sendmail aliases. | ||||
| CVE-2003-1352 | 1 Gabber | 1 Gabber | 2024-08-08 | N/A |
| Gabber 0.8.7 sends an email to a specific address during user login and logout, which allows remote attackers to obtain user session activity and Gabber version number by sniffing. | ||||
| CVE-2004-2760 | 1 Openbsd | 1 Openssh | 2024-08-08 | N/A |
| sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability. | ||||
| CVE-2004-2692 | 1 Kyberdigi Labs | 1 Php-exec-dir | 2024-08-08 | N/A |
| The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not handled using the php_escape_shell_cmd function. | ||||
| CVE-2004-0605 | 2 Ircd-hybrid, Ircd-ratbox | 2 Ircd-hybrid, Ircd-ratbox | 2024-08-08 | N/A |
| Non-registered IRC users using (1) ircd-hybrid 7.0.1 and earlier, (2) ircd-ratbox 1.5.1 and earlier, or (3) ircd-ratbox 2.0rc6 and earlier do not have a rate-limit imposed, which could allow remote attackers to cause a denial of service by repeatedly making requests, which are slowly dequeued. | ||||
| CVE-2005-4837 | 3 Net-snmp, Redhat, Sourceforge | 3 Net-snmp, Enterprise Linux, Net-snmp | 2024-08-08 | N/A |
| snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177. | ||||
| CVE-2005-0197 | 1 Cisco | 1 Ios | 2024-08-07 | N/A |
| Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Label Switching (MPLS) installed but disabled, allows remote attackers to cause a denial of service (device reload) via a crafted packet sent to the disabled interface. | ||||
| CVE-2006-7236 | 3 Debian, Invisible-island, Ubuntu | 3 Debian Linux, Xterm, Linux | 2024-08-07 | N/A |
| The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences. | ||||
| CVE-2006-6899 | 2 Bluez Project, Redhat | 2 Bluez, Enterprise Linux | 2024-08-07 | N/A |
| hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack. | ||||
| CVE-2006-3677 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2024-08-07 | N/A |
| Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution. | ||||
| CVE-2006-3291 | 1 Cisco | 1 Ios | 2024-08-07 | N/A |
| The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote attackers to access the system. | ||||
| CVE-2006-2363 | 1 Limbo Cms | 1 Limbo Cms | 2024-08-07 | N/A |
| SQL injection vulnerability in the weblinks option (weblinks.html.php) in Limbo CMS allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2006-0848 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-08-07 | N/A |
| The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension. | ||||