Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1884 | 2 Ipswitch, Progress | 3 Ws Ftp Pro, Ws Ftp Server, Ipswitch Ws Ftp Server | 2019-08-13 | 7.5 HIGH | N/A |
| Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access. | |||||
| CVE-2004-1643 | 1 Progress | 1 Ipswitch Ws Ftp Server | 2019-08-13 | 5.0 MEDIUM | N/A |
| WS_FTP 5.0.2 allows remote authenticated users to cause a denial of service (CPU consumption) via a CD command that contains an invalid path with a "../" sequence. | |||||
| CVE-2004-1883 | 1 Progress | 1 Ipswitch Ws Ftp Server | 2019-08-13 | 7.2 HIGH | N/A |
| Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow remote authenticated users to execute arbitrary code by causing a large error string to be generated by the ALLO handler, or (2) may allow remote FTP administrators to execute arbitrary code by causing a long hostname or username to be inserted into a reply to a STAT command while a file is being transferred. | |||||
| CVE-2004-1885 | 1 Progress | 1 Ipswitch Ws Ftp Server | 2019-08-13 | 7.2 HIGH | N/A |
| Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify certain iFtpSvc options that are handled by iftpmgr.exe. | |||||
| CVE-2006-5278 | 1 Cisco | 2 Unified Callmanager, Unified Communications Manager | 2019-08-01 | 10.0 HIGH | N/A |
| Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow. | |||||
| CVE-2004-1179 | 1 Debian | 1 Debmake | 2019-07-31 | 2.1 LOW | N/A |
| The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before 3.7.7 allows local users to overwrite arbitrary files via a symlink attack on temporary directories. | |||||
| CVE-2006-4911 | 1 Cisco | 1 Ips Sensor Software | 2019-07-31 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 before 5.1(2), when running in inline or promiscuous mode, allows remote attackers to bypass traffic inspection via a "crafted sequence of fragmented IP packets". | |||||
| CVE-2006-5201 | 1 Sun | 9 Jdk, Jre, Jsse and 6 more | 2019-07-31 | 4.0 MEDIUM | N/A |
| Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1. | |||||
| CVE-2006-0615 | 1 Sun | 3 Jdk, Jre, Sdk | 2019-07-31 | 4.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 4 and earlier, SDK and JRE 1.4.x through 1.4.2_09 allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "second and third issues." | |||||
| CVE-2005-3671 | 3 Frees Wan, Openswan, Xelerance | 3 Frees Wan, Openswan, Openswan | 2019-07-29 | 7.8 HIGH | N/A |
| The Internet Key Exchange version 1 (IKEv1) implementation in Openswan 2 (openswan-2) before 2.4.4, and freeswan in SUSE LINUX 9.1 before 2.04_1.5.4-1.23, allow remote attackers to cause a denial of service via (1) a crafted packet using 3DES with an invalid key length, or (2) unspecified inputs when Aggressive Mode is enabled and the PSK is known, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | |||||
| CVE-2013-6466 | 1 Xelerance | 1 Openswan | 2019-07-29 | 5.0 MEDIUM | N/A |
| Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. | |||||
| CVE-2011-3380 | 1 Xelerance | 1 Openswan | 2019-07-29 | 5.0 MEDIUM | N/A |
| Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto IKE daemon crash) via an ISAKMP message with an invalid KEY_LENGTH attribute, which is not properly handled by the error handling function. | |||||
| CVE-2005-0162 | 2 Openswan, Xelerance | 2 Openswan, Openswan | 2019-07-29 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code. | |||||
| CVE-2013-0733 | 1 Corel | 2 Paintshop Pro X5, Paintshop Pro X6 | 2019-07-18 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in Corel PaintShop Pro X5 and X6 16.0.0.113, 15.2.0.2, and earlier allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .jpg file. | |||||
| CVE-2006-6589 | 1 Apache | 2 Ofbiz, Opentaps | 2019-07-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6587 | 1 Apache | 1 Ofbiz | 2019-07-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message. | |||||
| CVE-2006-6588 | 1 Apache | 1 Ofbiz | 2019-07-17 | 7.5 HIGH | N/A |
| The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact. | |||||
| CVE-2014-4459 | 1 Apple | 5 Iphone Os, Itunes, Mac Os X and 2 more | 2019-07-16 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document. | |||||
| CVE-2007-1278 | 2 Adobe, Microsoft | 3 Coldfusion, Jrun, Internet Information Server | 2019-07-03 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root. | |||||
| CVE-2001-0899 | 2 Phpnuke, Rick Fournier | 2 Php-nuke, Network Tools | 2019-07-01 | 7.5 HIGH | N/A |
| Network Tools 0.2 for PHP-Nuke allows remote attackers to execute commands on the server via shell metacharacters in the $hostinput variable. | |||||