Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1082 | 8 Apache, Apple, Avaya and 5 more | 14 Http Server, Apache Mod Digest Apple, Communication Manager and 11 more | 2018-10-30 | 7.5 HIGH | N/A |
| mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials. | |||||
| CVE-2002-0848 | 1 Cisco | 2 Vpn 5000 Concentrator, Vpn 5000 Concentrator Series Software | 2018-10-30 | 5.0 MEDIUM | N/A |
| Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, and 5.2.23.0003 and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends the user password in cleartext in a validation retry request, which could allow remote attackers to steal passwords via sniffing. | |||||
| CVE-2002-1092 | 1 Cisco | 1 Vpn 3000 Concentrator Series Software | 2018-10-30 | 7.5 HIGH | N/A |
| Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when configured to use internal authentication with group accounts and without any user accounts, allows remote VPN clients to log in using PPTP or IPSEC user authentication. | |||||
| CVE-2004-0360 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 7.2 HIGH | N/A |
| Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local users to gain privileges via unknown attack vectors. | |||||
| CVE-2003-1437 | 6 Bea, Hp, Ibm and 3 more | 8 Weblogic Server, Hp-ux, Aix and 5 more | 2018-10-30 | 2.1 LOW | N/A |
| BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access. | |||||
| CVE-2003-0863 | 1 Php | 1 Php | 2018-10-30 | 7.5 HIGH | N/A |
| The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications. | |||||
| CVE-2003-0982 | 1 Cisco | 9 Application And Content Networking Software, Content Distribution Manager 4630, Content Distribution Manager 4650 and 6 more | 2018-10-30 | 7.5 HIGH | N/A |
| Buffer overflow in the authentication module for Cisco ACNS 4.x before 4.2.11, and 5.x before 5.0.5, allows remote attackers to execute arbitrary code via a long password. | |||||
| CVE-2002-1695 | 2 Microsoft, Symantec | 3 Internet Information Server, Internet Information Services, Norton Internet Security | 2018-10-30 | 5.0 MEDIUM | N/A |
| Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running. | |||||
| CVE-2003-1302 | 1 Php | 1 Php | 2018-10-30 | 5.0 MEDIUM | N/A |
| The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a (1) To or (2) From header with an address that contains a large number of "\" (backslash) characters. | |||||
| CVE-2003-0225 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2018-10-30 | 5.0 MEDIUM | N/A |
| The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page. | |||||
| CVE-2002-0372 | 1 Microsoft | 1 Windows Media Player | 2018-10-30 | 7.5 HIGH | N/A |
| Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player". | |||||
| CVE-2003-1563 | 1 Sun | 3 Cluster, Solaris, Sunos | 2018-10-30 | 4.0 MEDIUM | N/A |
| Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real Application Clusters (OPS/RAC) allows local users to cause a denial of service (cluster node panic or abort) by launching a daemon listening on a TCP port that would otherwise be used by the Distributed Lock Manager (DLM), possibly involving this daemon responding in a manner that spoofs a cluster reconfiguration. | |||||
| CVE-2002-0071 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2018-10-30 | 7.5 HIGH | N/A |
| Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names. | |||||
| CVE-2004-0882 | 4 Conectiva, Redhat, Samba and 1 more | 7 Linux, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2018-10-30 | 10.0 HIGH | N/A |
| Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value. | |||||
| CVE-2003-0861 | 1 Php | 1 Php | 2018-10-30 | 10.0 HIGH | N/A |
| Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors. | |||||
| CVE-2003-0166 | 1 Php | 1 Php | 2018-10-30 | 7.5 HIGH | N/A |
| Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions. | |||||
| CVE-2004-0815 | 1 Samba | 1 Samba | 2018-10-30 | 7.5 HIGH | N/A |
| The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style sequences in pathnames. | |||||
| CVE-2003-1024 | 1 Sun | 1 Sunos | 2018-10-30 | 7.2 HIGH | N/A |
| Unknown vulnerability in the ls-F builtin function in tcsh on Solaris 8 allows local users to create or delete files as other users, and gain privileges. | |||||
| CVE-2004-0951 | 1 Hp | 1 Ignite-ux | 2018-10-30 | 7.5 HIGH | N/A |
| The make_recovery command for the TFTP server in HP Ignite-UX before C.6.2.241 makes a copy of the password file in the TFTP directory tree, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2001-0902 | 1 Microsoft | 1 Internet Information Services | 2018-10-30 | 7.5 HIGH | N/A |
| Microsoft IIS 5.0 allows remote attackers to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters. | |||||