Total
269 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1184 | 1 Web-app.org | 1 Webapp | 2024-02-04 | 5.0 MEDIUM | N/A |
| The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setting of "no," which makes it easier for automated programs to submit false data. | |||||
| CVE-2007-5964 | 1 Redhat | 1 Enterprise Linux | 2024-02-04 | 6.9 MEDIUM | N/A |
| The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 5, omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server. | |||||
| CVE-2007-1692 | 1 Microsoft | 2 Windows 2000, Windows 2003 Server | 2024-02-04 | 7.5 HIGH | N/A |
| The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet Explorer. NOTE: it could be argued that if an attacker already has control over WINS/DNS, then web traffic could already be intercepted by modifying WINS or DNS records, so this would not cross privilege boundaries and would not be a vulnerability. It has also been reported that DHCP is an alternate attack vector. | |||||
| CVE-2007-5943 | 1 Simple Machines | 1 Simple Machines Forum | 2024-02-04 | 5.0 MEDIUM | N/A |
| Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the "show results as messages" option, then searching for possible keywords contained in that message. | |||||
| CVE-2007-6409 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2024-02-04 | 4.3 MEDIUM | N/A |
| The gg protocol handler in Gadu-Gadu, when this product is installed but not running, does not properly handle the skin attribute, which allows remote attackers to cause a denial of service (resource consumption) via unspecified network traffic. | |||||
| CVE-2008-1287 | 1 Ibm | 1 Rational Clearquest | 2024-02-04 | 5.0 MEDIUM | N/A |
| IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames. | |||||
| CVE-2007-6199 | 2 Rsync, Slackware | 2 Rsync, Slackware Linux | 2024-02-04 | 9.3 HIGH | N/A |
| rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy. | |||||
| CVE-2007-5422 | 1 Sun | 1 Sunos | 2024-02-04 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in "Solaris Auditing" in the Basic Security Module (BSM) in Sun Solaris 10, when configured for auditing of networking (nt) events, allows local users to cause a denial of service (panic) via unspecified vectors. | |||||
| CVE-2007-5420 | 1 3com | 1 3crwe554g72t | 2024-02-04 | 2.6 LOW | N/A |
| The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote management is disabled but a web server has been configured, serves a web page to external clients, which might allow remote attackers to obtain information about the router's existence and product details. | |||||
| CVE-2007-1507 | 1 Openafs | 1 Openafs | 2024-02-04 | 7.5 HIGH | N/A |
| The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache. | |||||
| CVE-2007-4687 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 9.3 HIGH | N/A |
| The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files. | |||||
| CVE-2004-2687 | 2 Apple, Samba | 2 Xcode, Samba | 2024-02-04 | 9.3 HIGH | N/A |
| distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks. | |||||
| CVE-2005-4837 | 2 Net-snmp, Sourceforge | 2 Net-snmp, Net-snmp | 2024-02-04 | 10.0 HIGH | N/A |
| snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177. | |||||
| CVE-2005-4845 | 1 Sun | 1 Java Plug-in | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the 1.4.2_03 and 1.4.2_04 <applet> redirector controls, allow remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer. | |||||
| CVE-2006-2363 | 1 Limbo Cms | 1 Limbo Cms | 2024-02-04 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in the weblinks option (weblinks.html.php) in Limbo CMS allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2004-2692 | 1 Kyberdigi Labs | 1 Php-exec-dir | 2024-02-04 | 9.3 HIGH | N/A |
| The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not handled using the php_escape_shell_cmd function. | |||||
| CVE-2006-0848 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 5.1 MEDIUM | N/A |
| The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension. | |||||
| CVE-2005-0197 | 1 Cisco | 1 Ios | 2024-02-04 | 6.1 MEDIUM | N/A |
| Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Label Switching (MPLS) installed but disabled, allows remote attackers to cause a denial of service (device reload) via a crafted packet sent to the disabled interface. | |||||
| CVE-2006-3291 | 1 Cisco | 1 Ios | 2024-02-04 | 9.3 HIGH | N/A |
| The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote attackers to access the system. | |||||
| CVE-2004-2760 | 1 Openbsd | 1 Openssh | 2024-02-04 | 6.8 MEDIUM | N/A |
| sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability. | |||||