VYPR

CVEs

27,348 total · page 547 of 547

  • CVE-2004-0285CriNov 23, 2004
    risk 0.67cvss 9.8epss 0.08

    PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMVconfig[cfg_serverpath] parameter.

  • CVE-2004-0847CriNov 3, 2004
    risk 0.73cvss 9.8epss 0.76

    The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability."

  • CVE-2004-0772CriOct 20, 2004
    risk 0.64cvss 9.8epss 0.07

    Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.

  • CVE-2004-1363CriAug 4, 2004
    risk 0.64cvss 9.8epss 0.09

    Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.

  • CVE-2004-2061CriJul 27, 2004
    risk 0.67cvss 9.8epss 0.06

    RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a (1) http://, (2) ftp://, or (3) file:// URL.

  • CVE-2004-0434CriJul 7, 2004
    risk 0.64cvss 9.8epss 0.07

    k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow.

  • CVE-2004-0005CriMar 3, 2004
    risk 0.65cvss 9.8epss 0.11

    Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be written beyond the buffer, (2) octal encoding in yahoo_decode that causes a pointer…

  • CVE-2004-0030CriJan 20, 2004
    risk 0.67cvss 9.8epss 0.07

    PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server…

  • CVE-2003-1233CriDec 31, 2003
    risk 0.64cvss 9.8epss 0.02

    Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \Device\PhysicalMemory or…

  • CVE-2003-0545CriNov 17, 2003
    risk 0.71cvss 9.8epss 0.85

    Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.

  • CVE-2003-0899CriNov 3, 2003
    risk 0.68cvss 9.8epss 0.22

    Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences.

  • CVE-2003-0791CriOct 7, 2003
    risk 0.64cvss 9.8epss 0.02

    The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.

  • CVE-2003-0466CriAug 27, 2003
    risk 0.73cvss 9.8epss 0.78

    Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow,…

  • CVE-2003-0252CriAug 18, 2003
    risk 0.65cvss 9.8epss 0.16

    Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines.

  • CVE-2003-0356CriJun 9, 2003
    risk 0.64cvss 9.8epss 0.10

    Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and…

  • CVE-2003-0174CriMay 12, 2003
    risk 0.64cvss 9.8epss 0.01

    The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password.

  • CVE-2002-1484CriApr 22, 2003
    risk 0.68cvss 9.8epss 0.14

    DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP address and port, which produces a connection status in…

  • CVE-2002-1798CriDec 31, 2002
    risk 0.63cvss 9.1epss 0.05

    MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to admin/credit_card_info.php.

  • CVE-2002-2119CriDec 31, 2002
    risk 0.64cvss 9.8epss 0.03

    Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remote attackers to conduct brute force password guessing.

  • CVE-2002-1816CriDec 31, 2002
    risk 0.67cvss 9.8epss 0.09

    Off-by-one buffer overflow in the sock_gets function in sockhelp.c for ATPhttpd 0.4b and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.

  • CVE-2002-1820CriDec 31, 2002
    risk 0.64cvss 9.8epss 0.02

    register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administrative account Admin with a capital "A," but allows a remote attacker to impersonate the administrator by registering an account name of admin with a lower case "a."

  • CVE-2002-1347CriDec 18, 2002
    risk 0.64cvss 9.8epss 0.07

    Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication…

  • CVE-2002-0391CriAug 12, 2002
    risk 0.68cvss 9.8epss 0.58

    Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as…

  • CVE-2002-0671CriJul 23, 2002
    risk 0.64cvss 9.8epss 0.01

    Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing.

  • CVE-2002-0639CriJul 3, 2002
    risk 0.65cvss 9.8epss 0.18

    Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.

  • CVE-2002-0059CriMar 15, 2002
    risk 0.64cvss 9.8epss 0.10

    The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed…

  • CVE-2002-0083CriMar 15, 2002
    risk 0.68cvss 9.8epss 0.15

    Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.

  • CVE-2001-1496CriDec 31, 2001
    risk 0.64cvss 9.8epss 0.05

    Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code.

  • CVE-2001-1481CriDec 31, 2001
    risk 0.64cvss 9.8epss 0.03

    Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges.

  • CVE-2001-0766CriOct 18, 2001
    risk 0.67cvss 9.8epss 0.09

    Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.

  • CVE-2001-1125CriOct 5, 2001
    risk 0.64cvss 9.8epss 0.02

    Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.

  • CVE-2001-0967CriAug 31, 2001
    risk 0.64cvss 9.8epss 0.01

    Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting passwords using the crypt() function, which makes it easier for an attacker to conduct brute force password guessing.

  • CVE-2001-1155CriAug 23, 2001
    risk 0.64cvss 9.8epss 0.02

    TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing.

  • CVE-2001-0609CriAug 2, 2001
    risk 0.68cvss 9.8epss 0.18

    Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function.

  • CVE-2001-1291CriJul 12, 2001
    risk 0.67cvss 9.8epss 0.09

    The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing.

  • CVE-2001-0395CriJul 2, 2001
    risk 0.64cvss 9.8epss 0.02

    Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which could allow remote attackers to conduct brute force password guessing.

  • CVE-2001-0248CriJun 18, 2001
    risk 0.65cvss 9.8epss 0.11

    Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings.

  • CVE-2001-0249CriJun 18, 2001
    risk 0.65cvss 9.8epss 0.20

    Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.

  • CVE-2001-1339CriMay 24, 2001
    risk 0.67cvss 9.8epss 0.07

    Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when bad passwords are entered, which makes it easier for remote attackers to conduct brute force password guessing attacks.

  • CVE-2000-0944CriDec 19, 2000
    risk 0.68cvss 9.8epss 0.11

    CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password.

  • CVE-2000-1218CriApr 14, 2000
    risk 0.64cvss 9.8epss 0.06

    The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.

  • CVE-1999-1588CriDec 31, 1999
    risk 0.67cvss 9.8epss 0.10

    Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:002:" to the listen (aka System V listener) port, TCP port 2766.

  • CVE-1999-1324CriDec 31, 1999
    risk 0.64cvss 9.8epss 0.03

    VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing.

  • CVE-1999-0426CriMar 1, 1999
    risk 0.68cvss 9.8epss 0.11

    The default permissions of /dev/kmem in Linux versions before 2.0.36 allows IP spoofing.

  • CVE-1999-0006CriJul 14, 1998
    risk 0.68cvss 9.8epss 0.12

    Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command.

  • CVE-1999-0511CriJan 1, 1997
    risk 0.60cvss 9.1epss 0.07

    IP forwarding is enabled on a machine which is not a router or firewall.

  • CVE-1999-0043CriDec 4, 1996
    risk 0.67cvss 9.8epss 0.45

    Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.

  • CVE-1999-0066CriJul 31, 1995
    risk 0.68cvss 9.8epss 0.12

    AnyForm CGI remote execution.