VYPR

CVEs

100,075 total · page 2000 of 2,002

  • CVE-2005-2946HigSep 16, 2005
    risk 0.49cvss 7.5epss 0.01

    The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature.

  • CVE-2005-2801HigSep 6, 2005
    risk 0.49cvss 7.5epss 0.03

    xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 does not properly compare the name_index fields when sharing xattr blocks, which could prevent default ACLs from being applied.

  • CVE-2005-1920HigJul 26, 2005
    risk 0.49cvss 7.5epss 0.04

    The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information.

  • CVE-2005-2281HigJul 18, 2005
    risk 0.49cvss 7.5epss 0.01

    WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which makes it easier for attackers to crack passwords.

  • CVE-2005-2182HigJul 11, 2005
    risk 0.49cvss 7.5epss 0.01

    Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message.

  • CVE-2005-2181HigJul 11, 2005
    risk 0.49cvss 7.5epss 0.01

    Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message.

  • CVE-2005-2160HigJul 6, 2005
    risk 0.49cvss 7.5epss 0.02

    IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information.

  • CVE-2005-0772HigJun 28, 2005
    risk 0.52cvss 7.5epss 0.36

    VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 through 9.1.307 for Netware, allows remote attackers to cause a denial of service (Remote Agent crash) via (1) a crafted packet in NDMLSRVR.DLL or (2) a request packet with an invalid (non-0) "Error Status"…

  • CVE-2005-1306HigJun 15, 2005
    risk 0.53cvss 7.5epss 0.15

    The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to determine the existence of files via Javascript containing XML script, aka the "XML External Entity vulnerability."

  • CVE-2005-1891HigJun 9, 2005
    risk 0.49cvss 7.5epss 0.02

    The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 and earlier allows remote attackers to cause a denial of service (crash) via a malformed buddy icon that causes an integer underflow in a loop counter variable.

  • CVE-2005-1941HigJun 8, 2005
    risk 0.51cvss 7.8epss 0.00

    SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-styler.py, and (3) source2html.py with read and write world permissions, which allows local users to execute arbitrary code.

  • CVE-2005-1794HigJun 1, 2005
    risk 0.49cvss 7.4epss 0.16

    Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks.

  • CVE-2005-1831HigMay 31, 2005
    risk 0.55cvss 8.4epss 0.00

    Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue,…

  • CVE-2005-1828HigMay 26, 2005
    risk 0.49cvss 7.5epss 0.01

    D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information.

  • CVE-2005-0877HigMay 2, 2005
    risk 0.49cvss 7.5epss 0.02

    Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that were not made by Dnsmasq.

  • CVE-2005-0891HigMay 2, 2005
    risk 0.49cvss 7.5epss 0.04

    Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.

  • CVE-2005-1036HigMay 2, 2005
    risk 0.51cvss 7.8epss 0.00

    FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to cause a denial of service, obtain sensitive information, and possibly gain…

  • CVE-2005-0490HigMay 2, 2005
    risk 0.58cvss 8.8epss 0.06

    Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the…

  • CVE-2004-1002HigMar 1, 2005
    risk 0.49cvss 7.5epss 0.03

    Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote attackers to cause a denial of service (daemon crash) via a CBCP packet with an invalid length value that causes pppd to access an incorrect memory location.

  • CVE-2004-0940HigFeb 9, 2005
    risk 0.54cvss 7.8epss 0.05

    Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.

  • CVE-2004-1842HigDec 31, 2004
    risk 0.60cvss 8.8epss 0.02

    Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php.

  • CVE-2004-2013HigDec 31, 2004
    risk 0.51cvss 7.8epss 0.01

    Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in socket.c in the Linux kernel 2.4.25 and earlier allows local users to execute arbitrary code via an optlen value of -1, which causes kmalloc to allocate 0 bytes of memory.

  • CVE-2004-2339HigDec 31, 2004
    risk 0.55cvss 8.4epss 0.01

    Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been…

  • CVE-2004-2397HigDec 31, 2004
    risk 0.49cvss 7.5epss 0.01

    The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates.

  • CVE-2004-2172HigDec 31, 2004
    risk 0.52cvss 7.5epss 0.07

    EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via a chosen plaintext attack.

  • CVE-2004-0816HigDec 23, 2004
    risk 0.53cvss 7.5epss 0.12

    Integer underflow in the firewall logging rules for iptables in Linux before 2.6.8 allows remote attackers to cause a denial of service (application crash) via a malformed IP packet.

  • CVE-2004-1083HigDec 3, 2004
    risk 0.49cvss 7.5epss 0.02

    Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate…

  • CVE-2004-0079HigNov 23, 2004
    risk 0.50cvss 7.5epss 0.10

    The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

  • CVE-2004-0346HigNov 23, 2004
    risk 0.51cvss 7.8epss 0.06

    Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command.

  • CVE-2004-0747HigOct 20, 2004
    risk 0.51cvss 7.8epss 0.02

    Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.

  • CVE-2004-0689HigSep 28, 2004
    risk 0.46cvss 7.1epss 0.00

    KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.

  • CVE-2004-0458HigSep 28, 2004
    risk 0.49cvss 7.5epss 0.03

    mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference.

  • CVE-2004-1714HigAug 11, 2004
    risk 0.49cvss 7.1epss 0.01

    BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying…

  • CVE-2004-0213HigAug 6, 2004
    risk 0.54cvss 7.8epss 0.21

    Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly…

  • CVE-2004-0210HigKEVAug 6, 2004
    risk 0.66cvss 7.8epss 0.08

    The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.

  • CVE-2004-1703HigJul 30, 2004
    risk 0.60cvss 8.8epss 0.02

    Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag.

  • CVE-2003-1048HigJul 27, 2004
    risk 0.53cvss 7.8epss 0.27

    Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.

  • CVE-2004-0389HigJun 1, 2004
    risk 0.56cvss 7.5epss 0.52

    RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote attackers to cause a denial of service (crash) via malformed requests that trigger a null dereference, as demonstrated using (1) GET_PARAMETER or (2) DESCRIBE requests.

  • CVE-2004-0119HigJun 1, 2004
    risk 0.52cvss 7.5epss 0.40

    The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during…

  • CVE-2004-0174HigMay 4, 2004
    risk 0.43cvss 7.5epss 0.12

    Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."

  • CVE-2004-0365HigMay 4, 2004
    risk 0.49cvss 7.5epss 0.06

    The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference.

  • CVE-2004-1967HigApr 25, 2004
    risk 0.57cvss 8.8epss 0.02

    Cross-site request forgery (CSRF) vulnerabilities in (1) cp_forums.php, (2) cp_usergroup.php, (3) cp_ipbans.php, (4) myhome.php, (5) post.php, or (6) moderator.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary code by including the…

  • CVE-2004-0217HigApr 15, 2004
    risk 0.46cvss 7.0epss 0.00

    The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log.

  • CVE-2003-1000HigJan 5, 2004
    risk 0.49cvss 7.5epss 0.03

    xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference.

  • CVE-2003-1013HigJan 5, 2004
    risk 0.49cvss 7.5epss 0.03

    The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference.

  • CVE-2003-0844HigNov 17, 2003
    risk 0.46cvss 7.1epss 0.00

    mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on…

  • CVE-2003-0625HigAug 27, 2003
    risk 0.52cvss 7.5epss 0.07

    Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake, which leaks the memory in the server's response.

  • CVE-2003-0578HigAug 18, 2003
    risk 0.51cvss 7.8epss 0.00

    cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files.

  • CVE-2003-0411HigJun 30, 2003
    risk 0.54cvss 7.5epss 0.27

    Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension.

  • CVE-2003-0063HigMar 3, 2003
    risk 0.48cvss 7.3epss 0.03

    The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence,…