CVE Cross Reference 2003
The information on this page may be obsolete. For the current documentation, please log into the mySAINT portal using your customer login and password.
Current CVEs
| CVE Description | SAINT®® Tutorial | SAINT®® Vuln. ID | SANS Top 20 | ||
 |
Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter. |
Cross site scripting |
web_prog_asp_mscontent | ||
 |
Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information. |
Windows Locator vulnerability Note: Authentication is required to detect this vulnerability |
win_patch_locator | ||
 |
Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure." |
Outlook and Outlook Express Note: Authentication is required to detect this vulnerability |
mail_client_outlook | ||
|
The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows local users to modify or delete the data. |
Bugzilla vulnerabilities |
web_prog_cgi_bugzilla | ||
|
The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file. |
Bugzilla vulnerabilities |
web_prog_cgi_bugzilla | ||
|
Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names. |
Apache vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_apache_version | ||
|
Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served. |
Apache vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_apache_version | ||
|
Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. |
Apache vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_apache_version | ||
|
Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3. |
Horde IMP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_web_imp | ||
|
Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute arbitrary code via a DHCP message containing a long hostname. |
dhcpd vulnerabilities |
misc_dhcp | ||
|
Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure. |
KCMS server vulnerabilities |
rpc_kcms | ||
|
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. |
sunrpc vulnerabilities |
rpc_kadmin rpc_openafs rpc_sunrpc |
||
|
Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters. |
Mailman vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_misc_mailman | ||
|
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character. |
Apache Tomcat vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_dev_tomcatnull web_dev_tomcatver |
||
|
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file. |
Apache Tomcat vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_dev_tomcatnull web_dev_tomcatver |
||
|
Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML. |
Apache Tomcat vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_dev_tomcatnull web_dev_tomcatver |
||
|
Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp. |
Apache Tomcat vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_dev_tomcatver | ||
|
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters. |
Darwin vulnerabilities |
web_server_darwin web_server_quicktime |
||
|
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain the physical path of the server's installation path via a NULL file parameter. |
Darwin vulnerabilities |
web_server_darwin web_server_quicktime |
||
|
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to list arbitrary directories. |
Darwin vulnerabilities |
web_server_darwin web_server_quicktime |
||
|
Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message. |
Darwin vulnerabilities |
web_server_darwin web_server_quicktime |
||
|
Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute certain code via a request to port 7070 with the script in an argument to the rtsp DESCRIBE method, which is inserted into a log file and executed when the log is viewed using a browser. |
Darwin vulnerabilities |
web_server_darwin web_server_quicktime |
||
|
Buffer overflow in the MP3 broadcasting module of Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via a long filename. |
Darwin vulnerabilities |
web_server_darwin web_server_quicktime |
||
|
Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code (1) via a long attachment filename that is not properly handled by the hypermail executable, or (2) by connecting to the mail CGI program from an IP address that reverse-resolves to a long hostname. |
http cgi access |
web_prog_cgi_mail | ||
|
MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference. |
Kerberos detected Note: Authentication is required to detect this vulnerability |
misc_kerberospkg | ||
|
Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys. |
Kerberos detected Note: Authentication is required to detect this vulnerability |
misc_kerberospkg | ||
|
Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names. |
Kerberos detected Note: Authentication is required to detect this vulnerability |
misc_kerberospkg | ||
|
The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun"). |
Kerberos detected Note: Authentication is required to detect this vulnerability |
misc_kerberospkg | ||
|
Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user. |
MySQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version | ||
|
ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack." |
OpenSSL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_openssl | ||
|
The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun"). |
Kerberos detected Note: Authentication is required to detect this vulnerability |
misc_kerberospkg | ||
|
Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code. |
Samba vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
win_samba | ||
|
Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings (cgi.force_redirect or --enable-force-cgi-redirect). |
PHP vulnerabilities |
web_prog_php_cgi | ||
|
Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server. |
apcupsd vulnerabilities |
misc_apcupsd | ||
|
Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before 3.10.5, may allow attackers to cause a denial of service or execute arbitrary code, related to usage of the vsprintf function. |
apcupsd vulnerabilities |
misc_apcupsd | ||
|
Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements. |
Cisco vulnerabilities Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ios | ||
|
miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges. |
Webmin vulnerabilities |
web_tool_webminspoof | ||
|
Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0. |
IIS WebDAV vulnerabilities Windows updates needed Note: Authentication is recommended to improve the accuracy of this check |
web_server_iis_webdav win_patch_ntdll |
||
|
The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise." |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_bytecode | ||
|
Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_kerneldebug | ||
|
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_patch | ||
|
The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_patch | ||
|
Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the "Third Party Plugin Rendering" vulnerability, a different vulnerability than CVE-2003-0233. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_patch | ||
|
Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka "Modal Dialog script execution." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_patch | ||
|
Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver. |
BizTalk Server vulnerability |
web_dev_biztalk | ||
|
Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote attackers to execute arbitrary code via a long distinguished name (DN) during NotesRPC authentication and an outer field length that is less than that of the DN field. |
Lotus NotesRPC vulnerability |
misc_notesrpc | ||
|
Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line. |
Lotus Domino HTTP vulnerability |
web_server_lotus_domino | ||
|
A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed. |
Apache vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_apache_version | ||
|
Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names. |
Apache vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_apache_version | ||
|
SNMP daemon in the DX200 based network element for Nokia Serving GPRS support node (SGSN) allows remote attackers to read SNMP options via arbitrary community strings. |
Guessable Read Community |
net_snmp_read | ||
|
Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack. |
Kerberos detected Note: Authentication is required to detect this vulnerability |
misc_kerberospkg | ||
|
Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing." |
Kerberos detected Note: Authentication is required to detect this vulnerability |
misc_kerberospkg | ||
|
The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length. |
RealPlayer vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_reallinux misc_realplayer |
||
|
Adobe Acrobat Reader (acroread) 6, under certain circumstances when running with the "Certified plug-ins only" option disabled, loads plug-ins with signatures used for older versions of Acrobat, which can allow attackers to cause Acrobat to enter Certified mode and run untrusted plugins by modifying the CTIsCertifiedMode function. |
Adobe Acrobat vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_acroread | ||
|
The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null terminate a message buffer after a call to Qvsnprintf, which could allow authenticated users to execute arbitrary code via a buffer overflow in a mdef command with a long macro name. |
pop version |
mail_pop_qpop | ||
|
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). |
OpenSSL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_openssl | ||
|
The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that (1) obtain the database administrator username and encrypted password in a configuration file from the ePO server using a certain request, (2) crack the password due to weak cryptography, and (3) use the password to pass commands through xp_cmdshell. |
McAfee ePolicy Orchestrator |
web_tool_epolicy | ||
|
Heap-based buffer overflow in ePO agent for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request containing long parameters. |
McAfee ePolicy Orchestrator |
web_tool_epolicy | ||
|
MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf. |
MySQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version | ||
|
BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code. |
WebLogic vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_dev_weblogic | ||
|
Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user. |
http potential problems |
web_prog_cgi_bonsai | ||
|
bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi. |
http potential problems |
web_prog_cgi_bonsai | ||
|
Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244. |
http potential problems |
web_prog_cgi_bonsai | ||
|
bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication. |
http potential problems |
web_prog_cgi_bonsai | ||
|
Directory traversal vulnerability in Cross-Referencing Linux (LXR) allows remote attackers to read arbitrary files via .. (dot dot) sequences in the v parameter. |
http cgi access |
web_prog_cgi_source | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser. |
SquirrelMail vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_web_squirrel | ||
|
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337. |
Sendmail vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_smtp_sendmail | ||
|
Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allows remote attackers to execute arbitrary code via a long QuickTime URL. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allow remote attackers to cause a denial of service or execute arbitrary code via (1) the s_ViewName option in the PresetFields parameter for iNotes, (2) the Foldername option in the PresetFields parameter for iNotes, or (3) a long Host header, which is inserted into a long Location header and used during a redirect operation. |
Lotus Domino HTTP vulnerability |
web_server_lotus_domino | ||
|
Buffer overflow in the COM Object Control Handler for Lotus Domino 6.0.1 and earlier allows remote attackers to execute arbitrary code via multiple attack vectors, as demonstrated using the InitializeUsingNotesUserName method in the iNotes ActiveX control. |
Lotus Domino HTTP vulnerability |
web_server_lotus_domino | ||
|
Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via an incomplete POST request, as demonstrated using the h_PageUI form. |
Lotus Domino HTTP vulnerability |
web_server_lotus_domino | ||
|
Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via a "Fictionary Value Field POST request" as demonstrated using the s_Validation form with a long, unknown parameter name. |
Lotus Domino HTTP vulnerability |
web_server_lotus_domino | ||
|
The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used. |
Apache vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_apache_version | ||
|
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack. |
OpenSSH vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
shell_ssh_openssh | ||
|
Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite. |
Apache vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_apache_version | ||
|
Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201. |
Samba vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
win_samba | ||
|
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code. |
Samba vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
win_samba | ||
 |
Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002. |
Cisco Secure ACS vulnerabilities |
web_tool_acs | ||
|
Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monkeyd) 0.6.1 and earlier allows remote attackers to execute arbitrary code via a POST request with a large body. |
Monkey HTTP Daemon |
web_server_monkey | ||
|
Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message. |
http IIS access Note: Authentication is recommended to improve the accuracy of this check |
web_server_iis_iis | ||
|
Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overrun." |
http IIS access Note: Authentication is recommended to improve the accuracy of this check |
web_server_iis_iis | ||
|
The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page. |
http IIS access Note: Authentication is recommended to improve the accuracy of this check |
web_server_iis_iis | ||
|
Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled. |
http IIS access Note: Authentication is recommended to improve the accuracy of this check |
web_server_iis_iis | ||
|
The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request. |
Windows Media vulnerabilities |
web_mod_nsiislog | ||
|
Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_skins | ||
|
Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability. |
Microsoft SQL Server Note: Authentication is recommended to improve the accuracy of this check |
database_mssql_mssql | ||
|
Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe. |
Microsoft SQL Server Note: Authentication is recommended to improve the accuracy of this check |
database_mssql_mssql | ||
|
Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow. |
Microsoft SQL Server Note: Authentication is recommended to improve the accuracy of this check |
database_mssql_mssql | ||
|
The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash). |
http cgi access |
web_prog_file_doubleslash | ||
|
Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter for the (1) normal_html.cgi or (2) member_html.cgi scripts. |
http cgi access |
web_prog_cgi_normalhtml | ||
|
Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors. |
Apache vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_apache_version | ||
|
Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines. |
mountd vulnerabilities |
rpc_mountd | ||
|
The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service. |
Apache vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_apache_version | ||
|
Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket. |
Apache vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_apache_version | ||
|
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication. |
Cisco VPN vulnerabilities Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_vpn | ||
|
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7 allows remote attackers to cause a denial of service (reload) via a malformed SSH initialization packet. |
Cisco VPN vulnerabilities Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_vpn | ||
|
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7A allow remote attackers to cause a denial of service (slowdown and possibly reload) via a flood of malformed ICMP packets. |
Cisco VPN vulnerabilities Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_vpn | ||
|
Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers to execute arbitrary code via (1) a long EHLO argument to slmail.exe, (2) a long XTRN argument to slmail.exe, (3) a long string to POPPASSWD, or (4) a long password to the POP3 server. |
SLMail vulnerabilities |
mail_pop_slmail mail_pop_slmailpp mail_smtp_slmail |
||
|
Multiple buffer overflows in SLWebMail 3 on Windows systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long Language parameter to showlogin.dll, (2) a long CompanyID parameter to recman.dll, (3) a long CompanyID parameter to admin.dll, or (4) a long CompanyID parameter to globallogin.dll. |
SLMail vulnerabilities |
mail_web_slmail | ||
|
ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote attackers to read arbitrary files by directly calling ShowGodLog.dll with an argument specifying the full path of the target file. |
SLMail vulnerabilities |
mail_web_slmail | ||
|
SLWebMail 3 on Windows systems allows remote attackers to identify the full path of the server via invalid requests to DLLs such as WebMailReq.dll, which reveals the path in an error message. |
SLMail vulnerabilities |
mail_web_slmail | ||
|
admin.php in miniPortail allows remote attackers to gain administrative privileges by setting the miniPortailAdmin cookie to an "adminok" value. |
GuppY miniPortail vulnerabilities |
web_prog_php_guppy web_prog_php_miniportail |
||
|
SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary PHP code by modifying the sourcedir parameter to reference a URL on a remote web server that contains the code. |
PHP injection |
web_prog_php_yabbse | ||
|
Directory traversal vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the file parameter. |
http cgi access |
web_prog_cgi_normalhtml | ||
|
Cross-site scripting (XSS) vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to insert arbitrary web script via the file parameter. |
http cgi access |
web_prog_cgi_normalhtml | ||
|
Multiple buffer overflows in the SMTP Service for ESMTP CMailServer 4.0.2003.03.27 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands. |
CMailServer vulnerability |
mail_smtp_cmail | ||
|
Adobe Acrobat 5 does not properly validate JavaScript in PDF files, which allows remote attackers to write arbitrary files into the Plug-ins folder that spread to other PDF documents, as demonstrated by the W32.Yourde virus. |
Adobe Acrobat vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_acrobat | ||
|
IBM AIX 5.2 and earlier distributes Sendmail with a configuration file (sendmail.cf) with the (1) promiscuous_relay, (2) accept_unresolvable_domains, and (3) accept_unqualified_senders features enabled, which allows Sendmail to be used as an open mail relay for sending spam e-mail. |
SMTP mail relay |
mail_smtp_relay | ||
|
SQL injection vulnerability in register.asp in Snitz Forums 2000 before 3.4.03, and possibly 3.4.07 and earlier, allows remote attackers to execute arbitrary stored procedures via the Email variable. |
Snitz Forums 2000 vulnerabilities |
web_prog_asp_snitzsqli | ||
|
Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote attackers to inject arbitrary web script and HTML via the "Preview Message" capability. |
vBulletin vulnerabilities |
web_prog_php_vbulletin | ||
|
The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967. |
Cisco vulnerabilities Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_rtr | ||
|
Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a large number of FRAME or IFRAME tags, aka the "File Download Dialog Vulnerability." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_patch | ||
|
Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request. |
http server read access |
web_server_read | ||
|
header.php in ttCMS 2.3 and earlier allows remote attackers to inject arbitrary PHP code by setting the ttcms_user_admin parameter to "1" and modifying the admin_root parameter to point to a URL that contains a Trojan horse header.inc.php script. |
PHP injection |
web_prog_php_ttcms | ||
|
Sybase Adaptive Server Enterprise (ASE) 12.5 allows remote attackers to cause a denial of service (hang) via a remote password array with an invalid length, which triggers a heap-based buffer overflow. |
Sybase vulnerabilities |
database_sybase | ||
|
CesarFTP 0.99g stores user names and passwords in plaintext in the settings.ini file, which could allow local users to gain privileges. |
CesarFTP vulnerabilities |
ftp_cesar | ||
|
Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_patch | ||
|
Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_directx | ||
|
Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll. |
Windows Media vulnerabilities |
web_mod_nsiislog | ||
|
Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_rpc | ||
|
Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_mdac | ||
|
Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code by causing a negative argument to be provided to the insstr function as used in a NASL script. |
Nessus vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_nessusgui | ||
|
Multiple buffer overflows in libnasl in Nessus before 2.0.6 allow local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code via (1) a long proto argument to the scanner_add_port function, (2) a long user argument to the ftp_log_in function, (3) a long pass argument to the ftp_log_in function. |
Nessus vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_nessusgui | ||
|
Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus and possibly libnasl, a different set of vulnerabilities than those identified by CVE-2003-0372 and CVE-2003-0373, aka "similar issues in other nasl functions as well as in libnessus." |
Nessus vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_nessusgui | ||
|
Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB 1.8.x (aka Partagium) allows remote attackers to insert arbitrary HTML and web script via the "member" parameter. |
XMB vulnerabilities |
web_prog_php_xmb | ||
|
OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address. |
OpenSSH vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
shell_ssh_openssh | ||
|
objects.inc.php4 in BLNews 2.1.3 allows remote attackers to execute arbitrary PHP code via a Server[path] parameter that points to malicious code on an attacker-controlled web site. |
PHP injection |
web_prog_php_blnews | ||
|
Buffer overflow in FastTrack (FT) network code, as used in Kazaa 2.0.2 and possibly other versions and products, allows remote attackers to execute arbitrary code via a packet containing a large list of supernodes, aka "Packet 0' death." |
peer to peer file sharing |
misc_p2p_kazaa | ||
|
Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI EXEC feature enabled, allows remote attackers to execute arbitrary code via a text variable to a Vignette Application that is later displayed. |
Vignette vulnerabilities |
web_cms_vignette | ||
|
Vignette StoryServer 4 and 5, Vignette V/5, and possibly other versions allows remote attackers to perform unauthorized SELECT queries by setting the vgn_creds cookie to an arbitrary value and directly accessing the save template. |
Vignette vulnerabilities |
web_cms_vignette | ||
|
Vignette StoryServer and Vignette V/5 does not properly calculate the size of text variables, which causes Vignette to return unauthorized portions of memory, as demonstrated using the "-->" string in a CookieName argument to the login template, referred to as a "memory leak" in some reports. |
Vignette vulnerabilities |
web_cms_vignette | ||
|
Vignette StoryServer and Vignette V/5 allows remote attackers to obtain sensitive information via a request for the /vgn/style template. |
Vignette vulnerabilities |
web_cms_vignette | ||
|
The default login template (/vgn/login) in Vignette StoryServer 5 and Vignette V/5 generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks. |
Vignette vulnerabilities |
web_cms_vignette | ||
|
Vignette StoryServer 5 and Vignette V/5 allows remote attackers to read and modify license information, and cause a denial of service (service halt) by directly accessing the /vgn/license template. |
Vignette vulnerabilities |
web_cms_vignette | ||
|
Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, allow remote attackers to insert arbitrary HTML and script via text variables, as demonstrated using the errInfo parameter of the default login template. |
Vignette vulnerabilities |
web_cms_vignette | ||
|
Vignette StoryServer 5 and Vignette V/6 allows remote attackers to execute arbitrary TCL code via (1) an HTTP query or cookie which is processed in the NEEDS command, or (2) an HTTP Referrer that is processed in the VALID_PATHS command. |
Vignette vulnerabilities |
web_cms_vignette | ||
|
Buffer overflow in AnalogX Proxy 4.13 allows remote attackers to execute arbitrary code via a long URL to port 6588. |
AnalogX vulnerabilities |
web_proxy_analogx | ||
|
Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension. |
Sun ONE Application Server |
web_dev_sunonesource | ||
|
Sun ONE Application Server 7.0 for Windows 2000/XP does not log the complete URI of a long HTTP request, which could allow remote attackers to hide malicious activities. |
Sun ONE Application Server |
web_dev_sunone | ||
|
Cross-site scripting (XSS) vulnerability in the webapps-simple sample application for (1) Sun ONE Application Server 7.0 for Windows 2000/XP or (2) Sun Java System Web Server 6.1 allows remote attackers to insert arbitrary web script or HTML via an HTTP request that generates an "Invalid JSP file" error, which inserts the text in the resulting error message. |
Sun ONE Application Server |
web_dev_sunone | ||
|
The installation of Sun ONE Application Server 7.0 for Windows 2000/XP creates a statefile with world-readable permissions, which allows local users to gain privileges by reading a plaintext password in the statefile. |
Sun ONE Application Server |
web_dev_sunone | ||
|
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0502. |
Darwin vulnerabilities |
web_server_darwin web_server_quicktime |
||
|
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via a request to view_broadcast.cgi that does not contain the required parameters. |
Darwin vulnerabilities |
web_server_darwin web_server_quicktime |
||
|
parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to obtain the source code for parseable files via the filename parameter. |
Darwin vulnerabilities |
web_server_darwin web_server_quicktime |
||
|
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to obtain the source code for scripts by appending encoded space (%20) or . (%2e) characters to an HTTP request for the script, e.g. view_broadcast.cgi. |
Darwin vulnerabilities |
web_server_darwin web_server_quicktime |
||
|
Directory traversal vulnerability in Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to read arbitrary files via a ... (triple dot) in an HTTP request. |
Darwin vulnerabilities |
web_server_darwin web_server_quicktime |
||
|
Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote attackers to execute arbitrary code via a long ul parameter. |
http cgi access |
web_prog_cgi_search | ||
|
Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote attackers to execute arbitrary code via a long tmplt parameter. |
http cgi access |
web_prog_cgi_search | ||
|
Buffer overflow in webfs before 1.17.1 allows remote attackers to execute arbitrary code via an HTTP request with a long Request-URI. |
webfs vulnerabilities |
web_server_webfs | ||
|
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. |
FTP vulnerabilities |
ftp_wuftpd ftp_wuftpold |
||
|
Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port. |
Postfix vulnerabilities |
mail_smtp_postfix | ||
|
Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align" argument in an HR tag. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_htmlconv | ||
|
Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers to execute arbitrary code via an HTTP request to WebAdmin.dll with a long USER argument. |
http potential problems |
web_prog_cgi_webadmindll | ||
|
Directory traversal vulnerability in iWeb Server allows remote attackers to read arbitrary files via an HTTP request containing .. sequences, a different vulnerability than CVE-2003-0475. |
http server read access |
web_server_read | ||
|
Directory traversal vulnerability in iWeb Server 2 allows remote attackers to read arbitrary files via an HTTP request containing URL-encoded .. sequences ("%5c%2e%2e"), a different vulnerability than CVE-2003-0474. |
http server read access |
web_server_read | ||
|
Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium allow remote attackers to insert arbitrary script via (1) the member parameter to member.php or (2) the action parameter to buddy.php. |
XMB vulnerabilities |
web_prog_php_xmb | ||
|
Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topic_id parameter. |
Cross site scripting |
web_prog_php_phpbbxss | ||
|
SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter. |
SQL injection |
web_prog_sql_viewtopic | ||
|
Cross-site scripting (XSS) vulnerability in search.asp for Snitz Forums 3.4.03 and earlier allows remote attackers to execute arbitrary web script via the Search parameter. |
MaxWebPortal vulnerabilities |
web_prog_asp_snitz | ||
|
Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as other users by stealing and replaying the encrypted password after obtaining a valid session ID. |
MaxWebPortal vulnerabilities |
web_prog_asp_snitz | ||
|
password.asp in Snitz Forums 3.4.03 and earlier allows remote attackers to reset passwords and gain privileges as other users by via a direct request to password.asp with a modified member id. |
MaxWebPortal vulnerabilities |
web_prog_asp_snitz | ||
|
Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations. |
Mantis vulnerabilities |
web_prog_php_mantis | ||
|
Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to cause a denial of service (crash) via a .. (dot dot) sequence followed by an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0421. |
Darwin vulnerabilities |
web_server_darwin web_server_quicktime |
||
|
Buffer overflow in the ShellExecute API function of SHELL32.DLL in Windows 2000 before SP4 may allow attackers to cause a denial of service or execute arbitrary code via a long third argument. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_shellexecute | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware 0.9.14.003 (aka webdistro) allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to index.php in the addressbook module. |
phpGroupWare vulnerabilities |
web_prog_php_groupware | ||
|
Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_netmeeting | ||
|
Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_netmeeting | ||
|
Stack-based buffer overflow in Active Directory in Windows 2000 before SP4 allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via an LDAP version 3 search request with a large number of (1) "AND," (2) "OR," and possibly other statements, which causes LSASS.EXE to crash. |
Active Directory vulnerability Note: Authentication is recommended to improve the accuracy of this check |
win_activedir | ||
|
Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat Reader (acroread) 5.0.7 and earlier allows remote attackers to execute arbitrary code via a .pdf file with a long mailto link. |
Adobe Acrobat vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_acroread | ||
|
SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal authentication information and gain privileges via the ProductCode parameter in (1) 10expand.asp, (2) 10browse.asp, and (3) 20review.asp. |
http potential problems |
web_prog_asp_expand | ||
|
Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a denial of service (crash) via a TypingUser message in which the "TypingUser" string has been modified. |
Trillian vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_trillian | ||
|
Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 allow remote attackers to (1) gain access to the admin control panel via the idadmin parameter to login.asp or (2) gain other privileges via the Email parameter to Custva.asp. |
SQL injection |
web_prog_sql_productcart | ||
|
Cross-site scripting (XSS) vulnerability in msg.asp for certain versions of ProductCart allow remote attackers to execute arbitrary web script via the message parameter. |
Cross site scripting |
web_prog_asp_productcart | ||
|
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_rpcss | ||
|
Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_patch | ||
|
Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the "Browser Cache Script Execution in My Computer Zone" vulnerability. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_patch | ||
|
Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the "Object Type" vulnerability. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_patch | ||
|
Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_ms04011 | ||
|
The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up. |
Postfix vulnerabilities |
mail_smtp_postfix | ||
|
Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures. |
Apache vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_apache_version | ||
|
Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values. |
OpenSSL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_openssl | ||
|
OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. |
OpenSSL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_openssl | ||
|
Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding. |
OpenSSL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_openssl | ||
|
mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by modifying the MAIN_PATH parameter to reference a URL on a remote web server that contains the code. |
PHP injection |
web_prog_php_phpforum | ||
|
SQL injection vulnerability in shopexd.asp for VP-ASP allows remote attackers to gain administrator privileges via the id parameter. |
SQL injection |
web_prog_sql_vpasp | ||
|
Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full. |
Cisco vulnerabilities Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ios | ||
|
Heap-based buffer overflow in the name services daemon (nsd) in SGI IRIX 6.5.x through 6.5.21f, and possibly earlier versions, allows attackers to gain root privileges via the AUTH_UNIX gid list. |
IRIX nsd |
misc_irixnsd | ||
|
Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_mozilla | ||
|
Buffer overflow in WiTango Application Server and Tango 2000 allows remote attackers to execute arbitrary code via a long cookie to Witango_UserReference. |
Witango Application Server |
web_dev_witango | ||
|
Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root. |
phpGroupWare vulnerabilities |
web_prog_php_groupware | ||
|
Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz graph generation feature for local dependency graphs. |
Bugzilla vulnerabilities |
web_prog_cgi_bugzilla | ||
|
Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versions allows local users to overwrite arbitrary files via a symlink attack on temporary files that are created in directories with group-writable or world-writable permissions. |
Bugzilla vulnerabilities |
web_prog_cgi_bugzilla | ||
|
The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_rpcss | ||
|
Directory traversal vulnerability in ePO agent for McAfee ePolicy Orchestrator 3.0 allows remote attackers to read arbitrary files via a certain HTTP request. |
McAfee ePolicy Orchestrator |
web_tool_epolicy | ||
|
Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter. |
Gallery vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion | ||
|
Format string vulnerability in ePO service for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request with format strings in the computerlist parameter, which are used when logging a failed name resolution. |
McAfee ePolicy Orchestrator |
web_tool_epolicy | ||
|
Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call. |
NFS vulnerabilities |
rpc_linuxnfsd | ||
|
Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before Support Pack 1, with unknown impact, possibly related to unauthorized access to (1) NCPIP.NLM and (2) JSTCP.NLM. |
Novell iChain vulnerabilities |
web_proxy_ichain | ||
|
BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges. |
WebLogic vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_dev_weblogic | ||
|
Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request. |
Cisco web interface access |
net_cisco_webbo | ||
|
Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and earlier could allow remote attackers to conduct unauthorized database actions. |
phpGroupWare vulnerabilities |
web_prog_php_groupware | ||
|
Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_listbox | ||
|
The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers to execute arbitrary code without user approval. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_authenticode | ||
|
The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information. |
Windows updates needed |
win_patch_netbt | ||
|
Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_troubleshooter | ||
|
Unknown vulnerability in the Local Security Authority Subsystem Service (LSASS) in Windows 2000 domain controllers allows remote attackers to cause a denial of service via a crafted LDAP message. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_ms04011 | ||
|
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences. |
Sendmail vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_smtp_sendmail | ||
|
"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695. |
OpenSSH vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
shell_ssh_openssh | ||
|
The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data. |
Sendmail vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_smtp_sendmail | ||
|
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695. |
OpenSSH vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
shell_ssh_openssh | ||
|
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. |
Sendmail vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_smtp_sendmail | ||
|
Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693. |
OpenSSH vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
shell_ssh_openssh | ||
|
Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_patch | ||
|
Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_helpcenter | ||
|
The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000. |
Microsoft Exchange vulnerabilities |
mail_smtp_exchangexverb | ||
|
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_rpcss | ||
|
The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_messenger | ||
|
The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes. |
IIS WebDAV vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_iis_webdavxml | ||
|
Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_ms04011 | ||
|
The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets. |
sadmind |
rpc_sadmindauth | ||
|
Buffer overflow in the RTSP protocol parser for the View Source plug-in (vsrcplin.so or vsrcplin3260.dll) for RealNetworks Helix Universal Server 9 and RealSystem Server 8, 7 and RealServer G2 allows remote attackers to execute arbitrary code. |
RealServer vulnerabilities |
misc_realserver | ||
|
Multiple buffer overflows in the XML Database (XDB) functionality for Oracle 9i Database Release 2 allow local users to cause a denial of service or hijack user sessions. |
Oracle XDB vulnerabilities |
database_oracle_xdb | ||
|
Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL. |
Horde vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_horde | ||
|
Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks. |
X Font Server vulnerabilities |
misc_xfs | ||
|
CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the "cmd" parameter with a modifyUser value and a modified "priviledges" parameter. |
CiscoWorks vulnerabilities |
net_cisco_cmf | ||
|
CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the "guest" user to the Admin user on the Modify or delete users pages. |
CiscoWorks vulnerabilities |
net_cisco_cmf | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application. |
WebLogic vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_dev_weblogic | ||
|
SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x and earlier allows remote attackers to execute arbitrary SQL queries, as demonstrated using the year parameter. |
SQL injection |
web_prog_sql_phpwebsite | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via (1) the day parameter in the calendar module, (2) the fatcat_id parameter in the fatcat module, (3) the PAGE_id parameter in the pagemaster module, (4) the PDA_limit parameter in the search, and (5) possibly other parameters in the calendar, fatcat, and pagemaster modules. |
SQL injection |
web_prog_sql_phpwebsite | ||
|
The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to obtain the full pathname of phpWebSite via an invalid year, which generates an error from localtime() in TimeZone.php of the Pear library. |
SQL injection |
web_prog_sql_phpwebsite | ||
|
The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to cause a denial of service (crash) via a long year parameter. |
SQL injection |
web_prog_sql_phpwebsite | ||
|
Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer. |
Exim vulnerability |
mail_smtp_exim mail_smtp_eximbo |
||
|
SNMPc 6.0.8 and earlier performs authentication to the server on the client side, which allows remote attackers to gain privileges by decrypting the password that is returned by the server. |
SNMPc Network Manager vulnerability |
net_snmp_snmpc_scan | ||
|
secure.php in PY-Membres 4.2 and earlier allows remote attackers to bypass authentication by setting the adminpy parameter. |
Administration File Access |
web_prog_php_pymembres | ||
|
SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and earlier allows remote attackers to execute arbitrary SQL queries via the email parameter. |
Administration File Access |
web_prog_php_pymembres | ||
|
Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows remote attackers to execute arbitrary code by creating long directory names and listing them with a LIST command. |
GtkFTPd vulnerability |
ftp_gtkftpd | ||
|
Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests. |
Session Initiation Protocol |
misc_sip | ||
|
Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 allows remote attackers to execute arbitrary code via a long URL (PATH_INFO value). |
http potential problems |
web_prog_cgi_foxweb | ||
|
FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not properly cleanse the "lang" cookie when it contains illegal characters, which allows remote attackers to execute arbitrary code when the cookie is inserted into a Perl "eval" statement. |
http cgi access |
web_prog_cgi_ikonboard | ||
|
Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via long (1) APPE (append) or (2) STAT (status) arguments. |
WS FTP vulnerabilities |
ftp_wsftp | ||
|
Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field. |
MySQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version | ||
|
The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges. |
OpenSSH vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
shell_ssh_openssh | ||
|
The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges. |
OpenSSH vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
shell_ssh_openssh | ||
|
Unknown vulnerability in the Internet Printing Protocol (IPP) implementation in CUPS before 1.1.19 allows remote attackers to cause a denial of service (CPU consumption from a "busy loop") via certain inputs to the IPP port (TCP 631). |
CUPS vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
printer_cups | ||
|
mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client. |
Apache vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_apache_version | ||
|
The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference. |
Zebra Quagga Routing Suite Note: Authentication is recommended to improve the accuracy of this check |
net_quagga net_zebra |
||
|
Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a result of a LIST command, and (2) the GSisText function, which calculates the view-type. |
gopher vulnerabilities |
misc_gopher misc_gopherbo |
||
|
Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_ms04011 | ||
|
Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_rpcrunlib | ||
|
Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_patch | ||
|
Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_workstation | ||
|
A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_rpcrunlib | ||
|
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_crossdom | ||
|
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_crossdom | ||
|
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_crossdom | ||
|
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_crossdom | ||
|
Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_msasn1 | ||
|
Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. |
H323 vulnerabilities Note: Authentication is required to detect this vulnerability |
net_h323 | ||
|
Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request. |
http FrontPage |
web_cms_fp_remotedebug | ||
|
Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_crossdom | ||
|
Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request. |
http FrontPage |
web_cms_fp_smarthtml | ||
|
The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code. |
WINS vulnerability Note: Authentication is required to detect this vulnerability |
win_patch_wins | ||
|
lsh daemon (lshd) does not properly return from certain functions in (1) read_line.c, (2) channel_commands.c, or (3) client_keyexchange.c when long input is provided, which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow attack. |
lsh vulnerabilities |
shell_ssh_lsh | ||
|
ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files. |
ProFTPD vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
ftp_proftp ftp_proftpold |
||
|
Directory traversal vulnerability in webfs before 1.20 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a Hostname header. |
webfs vulnerabilities |
web_server_webfs | ||
|
Stack-based buffer overflow in webfs before 1.20 allows attackers to execute arbitrary code by creating directories that result in a long pathname. |
webfs vulnerabilities |
web_server_webfs | ||
|
Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe). |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_patch | ||
|
Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8. |
JBoss Application Server |
web_dev_jboss web_dev_jbossinfo |
||
|
Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function. |
CFEngine detected Note: Authentication is required to detect this vulnerability |
misc_cfengine | ||
|
OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences. |
OpenSSL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_openssl | ||
|
The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests. |
Apache Tomcat vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_dev_tomcatver | ||
|
Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier allow remote attackers to insert arbitrary SQL and conduct unauthorized activities via (1) the cat parameter in faq.php, (2) the article parameter in faq.php, (3) the tickedid parameter in view.php, and (4) the Password entry on the logon screen. |
SQL injection |
web_prog_sql_deskpro | ||
|
Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences. |
thttpd vulnerabilities |
web_server_thttpd | ||
|
Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before 7.3.4, allows remote attackers to execute arbitrary code. |
PostgreSQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_pgsql | ||
|
Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_mdac | ||
|
Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_ms04011 | ||
|
Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_ms04011 | ||
|
The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_ms04011 | ||
|
Windows XP allows local users to execute arbitrary programs by creating a task at an elevated privilege level through the eventtriggers.exe command-line tool or the Task Scheduler service, aka "Windows Management Vulnerability." |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_ms04011 | ||
|
The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_ms04011 | ||
|
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value. |
DNS vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
dns_bindver | ||
|
Clearswift MAILsweeper before 4.3.15 does not properly detect and filter RAR 3.20 encoded files, which allows remote attackers to bypass intended policy. |
MAILsweeper vulnerabilities |
mail_smtp_sweeper | ||
|
Clearswift MAILsweeper before 4.3.15 does not properly detect and filter ZIP 6.0 encoded files, which allows remote attackers to bypass intended policy. |
MAILsweeper vulnerabilities |
mail_smtp_sweeper | ||
|
Clearswift MAILsweeper before 4.3.15 does not properly detect filenames in BinHex (HQX) encoded files, which allows remote attackers to bypass intended policy. |
MAILsweeper vulnerabilities |
mail_smtp_sweeper | ||
|
Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail. |
rsyncd vulnerabilities |
misc_rsyncd | ||
|
Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities. |
Mailman vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_misc_mailman | ||
|
rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute. |
RADIUS vulnerabilities |
misc_radius | ||
|
Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribute. |
RADIUS vulnerabilities |
misc_radius | ||
|
Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string. |
Apache module vulnerabilities |
web_mod_python | ||
|
mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret. |
Apache vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_apache_version | ||
|
The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field. |
SquirrelMail vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_web_squirrel | ||
|
Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands. |
Mailman vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_misc_mailman | ||
|
Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users. |
Mailman vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_misc_mailman | ||
|
mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions. |
Apache vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_apache_version | ||
|
Directory traversal vulnerability in fsp before 2.81.b18 allows remote users to access files outside the FSP root directory. |
File Service Protocol |
ftp_fsp | ||
|
Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_travellog | ||
|
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_travellog | ||
|
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_travellog | ||
|
Buffer overflow in DameWare Mini Remote Control before 3.73 allows remote attackers to execute arbitrary code via a long pre-authentication request to TCP port 6129. |
Dameware vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_damewareminirc | ||
|
Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) "Interests-Hobbies", (2) "Biography", or (3) "Occupation." |
vBulletin vulnerabilities |
web_prog_php_vbulletin | ||
|
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_htmlhelp | ||
|
SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name. |
Bugzilla vulnerabilities |
web_prog_cgi_bugzilla | ||
|
SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords privileges to execute arbitrary SQL via the id parameter to editkeywords.cgi. |
Bugzilla vulnerabilities |
web_prog_cgi_bugzilla | ||
|
editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is enabled, does not properly remove group add privileges from a group that is being deleted, which allows users with those privileges to perform unauthorized additions to the next group that is assigned with the original group ID. |
Bugzilla vulnerabilities |
web_prog_cgi_bugzilla | ||
|
votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote attackers to read a user's voting page when that user has voted on a restricted bug, which allows remote attackers to read potentially sensitive voting information by modifying the who parameter. |
Bugzilla vulnerabilities |
web_prog_cgi_bugzilla | ||
|
describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows remote attackers to list component descriptions for otherwise restricted products. |
Bugzilla vulnerabilities |
web_prog_cgi_bugzilla | ||
|
Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_modal | ||
|
Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (syslogd crash) and possibly execute arbitrary code via long syslog UDP packets. |
Solaris syslog vulnerability |
misc_solsyslog | ||
|
Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request. |
monit vulnerabilities |
web_tool_monit | ||
|
Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request with a negative Content-Length field. |
monit vulnerabilities |
web_tool_monit | ||
|
PHP remote file inclusion vulnerability in pm/lib.inc.php in pMachine Free and pMachine Pro 2.2 and 2.2.1 allows remote attackers to execute arbitrary PHP code by modifying the pm_path parameter to reference a URL on a remote web server that contains the code. |
PHP injection |
web_prog_php_pmachine | ||
|
BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's password when it throws a ResourceAllocationException. |
WebLogic vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_dev_weblogic | ||
|
The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute. |
Microsoft mail server vulnerabilities |
mail_smtp_windows | ||
|
The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_urlscript | ||
|
The Session Initiation Protocol (SIP) implementation in Alcatel OmniPCX Enterprise 5.0 Lx allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. |
Session Initiation Protocol |
misc_sip | ||
|
The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. |
Session Initiation Protocol |
misc_sip | ||
|
The Session Initiation Protocol (SIP) implementation in Columbia SIP User Agent (sipc) 1.74 and other versions before sipc 2.0 build 2003-02-21 allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. |
Session Initiation Protocol |
misc_sip | ||
|
The Session Initiation Protocol (SIP) implementation in multiple dynamicsoft products including y and certain demo products for AppEngine allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. |
Session Initiation Protocol |
misc_sip | ||
|
The Session Initiation Protocol (SIP) implementation in Ingate Firewall and Ingate SIParator before 3.1.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. |
Session Initiation Protocol |
misc_sip | ||
|
The Session Initiation Protocol (SIP) implementation in IPTel SIP Express Router 0.8.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. |
Session Initiation Protocol |
misc_sip | ||
|
The Session Initiation Protocol (SIP) implementation in Mediatrix Telecom VoIP Access Devices and Gateways running SIPv2.4 and SIPv4.3 firmware allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. |
Session Initiation Protocol |
misc_sip | ||
|
The Session Initiation Protocol (SIP) implementation in Nortel Networks Succession Communication Server 2000, when using SIP-T, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. |
Session Initiation Protocol |
misc_sip | ||
|
Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the password change plugin (ssh-passwd-plugin) is enabled, allows local users to obtain the server's private key. |
SSH Tectia vulnerabilities |
shell_ssh_tectia | ||
|
Buffer overflow in NIPrint 4.10 allows remote attackers to execute arbitrary code via a long string to TCP port 515. |
NIPrint vulnerabilities |
printer_niprint | ||
|
Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows Explorer with SYSTEM privileges, which allows local users to gain privileges. |
NIPrint vulnerabilities |
printer_niprint | ||
|
Cross-site scripting (XSS) vulnerability in Fastream NETFile Server 6.0.3.588 allows remote attackers to inject arbitrary web script or HTML via the URL, which is displayed on a "404 Not Found" error page. |
Cross site scripting |
web_server_css | ||
|
WebTide 7.04 allows remote attackers to list arbitrary directories via an HTTP request for %3f.jsp (encoded "?"). |
JRun vulnerabilities |
web_dev_jrun_hex | ||
|
Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter. |
Cross site scripting |
web_prog_asp_citrixmetaxss | ||
|
Multiple buffer overflows in the FTP service in Plug and Play Web Server 1.0002c allow remote attackers to cause a denial of service (crash) via long (1) dir, (2) ls, (3) delete, (4) mkdir, (5) DELE, (6) RMD, or (7) MKD commands. |
Plug and Play Web FTP Server |
ftp_plugandplay | ||
|
Plug and Play Web Server Proxy 1.0002c allows remote attackers to cause a denial of service (server crash) via an invalid URI in an HTTP GET request to TCP port 8080. |
Plug and Play Web FTP Server |
ftp_plugandplay | ||
|
Directory traversal vulnerability in (1) Openfile.aspx and (2) Html.aspx in HTTP Commander 4.0 allows remote attackers to view arbitrary files via a .. (dot dot) in the file parameter. |
http cgi access |
web_prog_asp_httpcommanderaspx | ||
|
Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before SP3a allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) AUTH command to the POP3 server or (2) AUTHENTICATE command to the IMAP server. |
MERCUR vulnerabilities |
mail_smtp_mercurauth | ||
|
Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote attackers to execute arbitrary code via a long GET request. |
Internet Anywhere vulnerabilities |
mail_web_iawebmail | ||
|
Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 through 6.8.5 allows remote attackers to execute arbitrary code via a long From parameter to Form2Raw.cgi. |
MDaemon vulnerabilities |
mail_web_mdaemonversion | ||
|
The checklogin function in omail.pl for omail webmail 0.98.4 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) password, (2) domainname, or (3) username. |
oMail Webmail vulnerability |
mail_web_omail | ||
|
Crob FTP Server 2.60.1 allows remote authenticated users to cause a denial of service (crash) by renaming a file to the "con" MS-DOS device name. |
Crob FTP vulnerabilities |
ftp_crob | ||
|
Format string vulnerability in Crob FTP Server 2.60.1 allows remote attackers to cause a denial of service (crash) via "%s" or "%n" sequences in (1) the username during login, or other FTP commands such as (2) dir. |
Crob FTP vulnerabilities |
ftp_crob | ||
|
Crob FTP Server 3.5.1 allows remote authenticated users to cause a denial of service (crash) via a dir command with a large number of "." characters followed by a "/*" string. |
Crob FTP vulnerabilities |
ftp_crob | ||
|
Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session parameter to a long value, or providing long parameters to the (2) NUMTOYMINTERVAL, (3) NUMTODSINTERVAL or (4) FROM_TZ functions. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows remote attackers to cause a denial of service (crash) via a POST request without a Content-Type header. |
Monkey HTTP Daemon |
web_server_monkey | ||
|
Cross-site scripting (XSS) vulnerability in search.asp for MaxWebPortal 1.30 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the Search parameter. |
MaxWebPortal vulnerabilities |
web_prog_asp_maxwebportal | ||
|
MaxWebPortal 1.30 allows remote attackers to perform unauthorized actions by modifying hidden form fields, such as the (1) news, (2) lock, or (3) allmem fields in the 'start new topic' HTML page. |
MaxWebPortal vulnerabilities |
web_prog_asp_maxwebportal | ||
|
The default installation of MaxWebPortal 1.30 stores the portal database under the web document root with insecure access control, which allows remote attackers to obtain sensitive information via a direct request to database/db2000.mdb. |
MaxWebPortal vulnerabilities |
web_prog_asp_maxwebportal | ||
|
SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter. |
SQL injection |
web_prog_sql_phpbbsearch | ||
|
Cross-site scripting (XSS) vulnerability in the tep_href_link function in html_output.php for osCommerce before 2.2-MS3 allows remote attackers to inject arbitrary web script or HTML via the osCsid parameter. |
Cross site scripting |
web_prog_php_oscommerce | ||
|
PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. NOTE: this issue might be exploitable only during installation, or if the administrator has not run a security script after installation. |
PHP injection |
web_prog_php_gallery | ||
|
PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter in (1) shownews.php, (2) search.php, or (3) comments.php. |
PHP injection |
web_prog_php_cutenews | ||
|
index2.php in Mambo 4.0.12 allows remote attackers to gain administrator access via a URL request where session_id is set to the MD5 hash of a session cookie. |
Mambo vulnerabilities |
web_cms_mambo | ||
|
Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote attackers to execute arbitrary code via (1) a long URL content type in CGI::readFile, (2) a long path in diskusage, and (3) a long fname in flist. |
http potential problems |
web_prog_cgi_webshell | ||
|
H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) mode and (2) zipfile parameters in a URL request. |
http potential problems |
web_prog_cgi_webshell | ||
|
PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows remote attackers to execute arbitrary PHP code viaa URL in the prefix parameter to (1) dbase.php, (2) config.php, or (3) common.load.php. |
PHP injection |
web_prog_php_bookmark | ||
|
Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to execute arbitrary PHP code via (1) head.php, (2) apb_common.php, or (3) apb_view_class.php by modifying the APB_SETTINGS parameter to reference a URL on a remote web server that contains the code. |
PHP injection |
web_prog_php_apb | ||
|
add_bookmark.php in Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to add arbitrary bookmarks as other users using a modified auth_user_id parameter. |
PHP injection |
web_prog_php_apb | ||
|
Cross-site scripting vulnerability (XSS) in AN HTTP 1.41e allows remote attackers to execute arbitrary web script or HTML as other users via a URL containing the script. |
Cross site scripting |
web_server_css | ||
|
Sambar Server before 6.0 beta 6 allows remote attackers to obtain sensitive information via direct requests to the default scripts (1) environ.pl and (2) testcgi.exe. |
Sambar vulnerabilities |
web_prog_cgi_sambar | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server before 6.0 beta 6 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) isapi/testisa.dll, (2) testcgi.exe, (3) environ.pl, (4) the query parameter to samples/search.dll, (5) the price parameter to mortgage.pl, (6) the query string in dumpenv.pl, (7) the query string to dumpenv.pl, and (8) the E-Mail field of the guestbook script (book.pl). |
Sambar vulnerabilities |
web_prog_cgi_sambar | ||
|
PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 allows remote attackers to include and execute arbitrary remote files via a URL in the pathtoashnews parameter to (1) ashnews.php and (2) ashheadlines.php. |
PHP injection |
web_prog_php_ashnews | ||
|
EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information via a direct request. |
http cgi access |
web_prog_file_eipc | ||
|
SQL injection vulnerability in auth.php in Land Down Under (LDU) v601 and earlier allows remote attackers to execute arbitrary SQL commands. |
SQL injection |
web_prog_sql_lduauth | ||
|
Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command. |
MERCUR vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_imap_mercur | ||
|
Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_patch | ||
|
The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_patch | ||
|
Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and earlier allows remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201. |
Samba vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
win_samba | ||
|
Heap-based buffer overflow in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. |
Abyss web server |
web_server_abyss | ||
|
CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to inject arbitrary HTTP headers and possibly conduct HTTP Response Splitting attacks via CRLF sequences in the Location header. |
Abyss web server |
web_server_abyss | ||
|
The remote web management interface of Aprelium Technologies Abyss Web Server 1.1.2 and earlier does not log connection attempts to the web management port (9999), which allows remote attackers to mount brute force attacks on the administration console without detection. |
Abyss web server |
web_server_abyss | ||
|
Aprelium Technologies Abyss Web Server 1.1.2, and possibly other versions before 1.1.4, allows remote attackers to cause a denial of service (crash) via an HTTP GET message with empty (1) Connection or (2) Range fields. |
Abyss web server |
web_server_abyss | ||
|
Buffer overflow in ISMail 1.4.3 and earlier allow remote attackers to execute arbitrary code via long domain names in (1) MAIL FROM or (2) RCPT TO fields. |
ISMail vulnerabilities |
mail_smtp_ismail | ||
|
ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code. |
PHP injection |
web_prog_php_ipchat | ||
|
AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to obtain sensitive information via an HTTP request to /support/messages, which displays the server's /var/log/messages file. |
http cgi info |
web_prog_file_messages | ||
|
Buffer overflow in Gupta SQLBase 8.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long EXECUTE command. |
SQLBase vulnerabilities |
database_sqlbase | ||
|
Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification). |
Cisco ICMP vulnerability Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_iosicmp | ||
|
PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and 2.3 allows remote attackers to execute arbitrary PHP code via the url_hit parameter, a different vulnerability than CVE-2006-5015. |
PHP injection |
web_prog_php_hit | ||
|
foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function. |
http cgi access |
web_prog_php_exec | ||
|
DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords. |
http cgi access |
web_prog_php_exec | ||
|
DotBr 0.1 allows remote attackers to execute arbitrary shell commands via the cmd parameter to (1) exec.php3 or (2) system.php3. |
http cgi access |
web_prog_php_exec | ||
|
PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the (1) my_header parameter to header.php3 or (2) my_footer parameter to footer.php3. |
PHP injection |
web_prog_php_dforum | ||
|
PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/index.php; (2) 6departamentadmin/index.php, (3) 5terminals/index.php, (4) 4mailinglists/index.php, (5) 3departaments/index.php, and (6) 2groupd/index.php in 2administration/; or (7) the base parameter to include/help.php. |
PHP injection |
web_prog_php_gosa | ||
|
parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages. |
Darwin vulnerabilities |
web_server_darwin web_server_quicktime |
||
|
Directory traversal vulnerability in parse_xml.cg Apple Darwin Streaming Server 4.1.2 and Apple Quicktime Streaming Server 4.1.1 allows remote attackers to read arbitrary files via a ... (triple dot) in the filename parameter. |
Darwin vulnerabilities |
web_server_darwin web_server_quicktime |
||
|
Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID). |
Oracle vulnerabilities Apache ETag vulnerability Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_httpserver web_security_apacheetag |
||
|
guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter. |
http potential problems |
web_prog_cgi_guestbook | ||
|
Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable. |
http potential problems |
web_prog_cgi_guestbook | ||
|
Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file. |
unreal game engine |
misc_unreal | ||
|
Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ttForum allow remote attackers to execute arbitrary PHP code via the (1) template parameter in News.php or (2) installdir parameter in install.php. |
PHP injection |
web_prog_php_ttcms web_prog_php_ttforum |
||
|
Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter. |
http cgi access |
web_prog_cgi_webadmin | ||
|
Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a CREATE command with a long mailbox name. |
MDaemon vulnerabilities |
mail_imap_mdaemon | ||
|
Memory leak in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 allows remote attackers to cause a denial of service (memory exhaustion) via crafted TCP packets. |
HP Openview vulnerabilities |
net_ovnodemgr | ||
|
Unspecified vulnerability in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 allows remote attackers to cause a denial of service (CPU consumption) via a crafted TCP packet. |
HP Openview vulnerabilities |
net_ovnodemgr | ||
|
Directory traversal vulnerability in index.php in Bytehoard 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the infolder parameter. |
http cgi access |
web_prog_php_bytehoard | ||
|
PHP remote file inclusion vulnerability in _functions.php in cpCommerce 0.5f allows remote attackers to execute arbitrary code via the prefix parameter. |
PHP injection |
web_prog_php_cpcommerce | ||
|
sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190. |
OpenSSH vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
shell_ssh_openssh | ||
|
The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE. |
http IIS access Cross site tracing Note: Authentication is recommended to improve the accuracy of this check |
web_server_iis_iis web_server_track |
||
|
The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c in the Linux kernel before 2.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending packets to an interface that has a 0.0.0.0 IP address, a related issue to CVE-2015-8787. |
Linux Kernel vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_linuxkernel | ||
|
curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server. |
curl vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_curlver |
: A dangerous check is available for this vulnerability.