CVE Cross Reference 2006
The information on this page may be obsolete. For the current documentation, please log into the mySAINT portal using your customer login and password.
Current CVEs
| CVE Description | SAINT®® Tutorial | SAINT®® Vuln. ID | SANS Top 20 | ||
 |
Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_officepub | ||
 |
Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation. |
Outlook and Outlook Express Microsoft Exchange vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_client_outlooktnef mail_smtp_exchangetnef |
||
|
Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_mdacrce | ||
|
Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF). |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_pptinfo | ||
|
Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_wmpplugin | ||
|
Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_wmpbmp | ||
|
Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_officepnggif | ||
|
The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box. |
Windows updates needed Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ime win_patch_imeoffice |
||
|
Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_excelrs | ||
|
Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_webfonts | ||
|
Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability." |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_explorercom | ||
|
Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_webclient | ||
|
Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values. |
Outlook and Outlook Express Note: Authentication is required to detect this vulnerability |
mail_client_msoewab | ||
|
Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters. |
http FrontPage Note: Authentication is required to detect this vulnerability |
web_cms_fp_xss | ||
|
An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_wmf | ||
|
Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability." |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_igmp | ||
|
Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_pptrecord | ||
|
Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_daclpe | ||
|
Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 and earlier allow remote attackers to execute arbitrary code via a crafted SWF file. |
Flash vulnerabilities MacOSX vulnerabilities Shockwave vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_flash misc_macosx_version misc_shockwave |
||
|
Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_wmppngbo | ||
|
Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP). |
http IIS access Note: Authentication is recommended to improve the accuracy of this check |
web_server_iis_aspbo | ||
|
Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties. |
Microsoft Exchange vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_smtp_exchangecdoex | ||
|
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_excelrs | ||
|
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_excelrs | ||
|
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_excelrs | ||
|
Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_excelrs | ||
|
Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_indexingxss | ||
|
Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_officepnggif | ||
|
Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_dtcdos | ||
 |
The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary. |
Mailman vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_misc_mailman | ||
|
Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations. |
Sendmail vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_smtp_sendmail | ||
|
Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357. |
phpBB vulnerabilities |
web_prog_php_bbver | ||
|
Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the title of an event, which is not properly filtered by (1) calendar.php and (2) reminder.php. |
vBulletin vulnerabilities |
web_prog_php_vbulletin | ||
|
Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program. |
ImageMagick vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_imagemagick | ||
|
Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long named pipe variable in the host argument to the mysql_connect function. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on Windows, allows remote attackers to cause a denial of service (postmaster exit and no new connections) via a large number of simultaneous connection requests. |
PostgreSQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_pgsql | ||
|
Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 have unknown impact and attack vectors, due to "potential security issues" as identified by SPR numbers (1) GPKS6C9J67 in Agents, (2) JGAN6B6TZ3 and (3) KSPR699NBP in the Router, (4) GPKS5YQGPT in Security, or (5) HSAO6BNL6Y in the Web Server. NOTE: vector 3 is related to an issue in NROUTER in IBM Lotus Notes and Domino Server before 6.5.4 FP1, 6.5.5, and 7.0, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted vCal meeting request sent via SMTP (aka SPR# KSPR699NBP). |
Lotus Domino SMTP vulnerability |
mail_smtp_domino | ||
|
Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (application crash) via multiple vectors, involving (1) a malformed message sent to an "Out Of Office" agent (SPR LPEE6DMQWJ), (2) the compact command (RTIN5U2SAJ), (3) malformed bitmap images (MYAA6FH5HW), (4) the "Delete Attachment" action (YPHG6844LD), (5) parsing certificates from a remote Certificate Table (AELE6DZFJW), and (6) creating a SSL key ring with the Domino Administration client (NSUA4FQPTN). |
Lotus Domino SMTP vulnerability |
mail_smtp_domino | ||
|
Multiple memory leaks in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (memory consumption and crash) via unknown vectors related to (1) unspecified vectors during the SSL handshake (SPR# MKIN67MQVW), (2) the stash file during the SSL handshake (SPR# MKIN693QUT), and possibly other vectors. NOTE: due to insufficient information in the original vendor advisory, it is not clear whether there is an attacker role in other memory leaks that are specified in the advisory. |
Lotus Domino SMTP vulnerability |
mail_smtp_domino | ||
|
Directory traversal vulnerability in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote authenticated users to rename the folders of other users via a .. (dot dot) in the RENAME command. |
Rockliffe vulnerabilities |
mail_web_rockliffe | ||
|
Buffer overflow in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote attackers to have an unknown impact via unknown attack vectors. |
Rockliffe vulnerabilities |
mail_web_rockliffe | ||
|
Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames via user requests to TCP port 106. |
Rockliffe vulnerabilities |
mail_web_rockliffe | ||
|
Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier allows remote attackers to attempt authentication with an unlimited number of user account names and passwords without denying connections, limiting the rate of connections, or locking out an account. |
Rockliffe vulnerabilities |
mail_web_rockliffe | ||
|
Qualcomm Eudora Internet Mail Server (EIMS) before 3.2.8 allows remote attackers to cause a denial of service (crash) via (1) malformed NTLM authentication requests, or a malformed (2) Incoming Mail X or (3) Temporary Mail file. |
Eudora Server vulnerabilities |
mail_smtp_eudora | ||
|
Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username. |
Apache authentication modules Note: Authentication is required to detect this vulnerability |
web_mod_authldap | ||
|
Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files. |
ClamAV vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_clamwinupx | ||
|
webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS. |
SquirrelMail vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_web_squirrel | ||
|
Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer. |
SquirrelMail vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_web_squirrel | ||
|
Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php, (4) inc/functions_upload.php, (5) printthread.php, and (6) usercp.php, and probably related to SQL injection. NOTE: it is likely that this issue subsumes CVE-2005-4602 and CVE-2005-4603. However, since the vendor advisory is vague and additional files are mentioned, is is likely that this contains at least one distinct vulnerability from CVE-2005-4602 and CVE-2005-4603. |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL injection attacks via an attachment name that is not properly handled by inc/functions_upload.php (CVE-2005-4602), and possibly (2) other attacks related to threadmode in usercp.php. |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice. |
MacOSX vulnerabilities OpenSSH vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version shell_ssh_openssh |
||
|
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests. |
Symantec vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_symantec_symscan | ||
|
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications. |
Symantec vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_symantec_symscan | ||
|
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests. |
Symantec vulnerabilities |
misc_av_symantec_symscaninfo | ||
|
GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment. |
Mozilla Thunderbird vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer. |
Cross site scripting |
web_prog_jsp_geronimo | ||
|
Unspecified vulnerability in the Advanced Queuing component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.6, 10.1.0.3 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB01. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in the Change Data Capture component of Oracle Database server 9.2.0.7, 10.1.0.5, and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB02. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the CDC_ALLOCATE_LOCK function of the DBMS_CDC_UTILITY package. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in the Connection Manager component of Oracle Database server 8.1.7.4 and 9.0.1.5 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB03. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Multiple unspecified vulnerabilities in Oracle Database server 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB04 and (2) DB06 in the (a) Data Pump component; (3) DB10 in the (b) Net Listener component; and (4) DB16 in the (c) Oracle Text component. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB06 is SQL injection in the GENERATE_JOB_NAME, GET_WORKERSTATUSLIST1010, GET_PARAMVALUES1010, GET_DUMPFILESET1010, GET_JOBSTATUS1010, ATTACH, and ESTABLISH_REMOTE_CONTEXT functions in DBMS_DATAPUMP. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Multiple unspecified vulnerabilities in Oracle Database server 9.2.0.7 and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB05 in the (a) Data Pump component; (2) DB15 in the (b) Oracle Text component; (3) DB22 in the (c) Streams Apply component; (4) DB23 and (5) DB24 in the (d) Streams Capture component; and (6) DB26 in the (e) Streams Subcomponent. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB05 involves SQL injection in the (f) LONG2VARCHAR, LONG2VCMAX, LONG2VCNT, and LONG2CLOB functions in the DBMS_METADATA_UTIL package; (g) MAKE_FILTER, FETCH_VIEWS_ERROR, FETCH_FILTERS, FETCH_VIEWS, SET_FILTER_COMMON, DO_FILTER_SCRIPT, SET_TABLE_FILTERS, and MAKE_FILTER_TEXT functions in the DBMS_METADATA_INT package; and (h) GET_PREPOST_TABLE_ACT function in the DBMS_METADATA package. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB07 in the Dictionary component and (2) DB14 in the Oracle Label Security component. NOTE: Oracle has not disputed reliable researcher claims that DB07 involves plaintext storage of the TDE wallet password in a trace file by event 10053. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB08. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB09 in the (a) Net Listener component; and (2) DB12 and (3) DB13 in the Network Communications (RPC) component. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB17 in the Oracle Text component and (2) DB18 in the Program Interface Network component. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB17 involves SQL injection in the (a) VALIDATE_STATEMENT and BUILD_DML functions in CTXSYS.DRILOAD; (b) CLEAN_DML function in CTXSYS.DRIDML; (c) GET_ROWID function in CTXSYS.CTX_DOC; (d) BROWSE_WORDS function in CTXSYS.CTX_QUERY; and (e) ODCIINDEXTRUNCATE, ODCIINDEXDROP, and ODCIINDEXDELETE functions in CATINDEXMETHODS. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in the Query Optimizer component of Oracle Database server 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB19. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in the Query Optimizer component of Oracle Database server 9.2.0.6 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB20. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in the Security component of Oracle Database server 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB21. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in the Streams Capture component of Oracle Database server 10.1.0.5 and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB25. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the SET_DIRECTORY_ROOT function in the DBMS_CDC_PUBLISH package. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in the Transparent Data Encryption (TDE) Wallet component of Oracle Database server 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB27. NOTE: Oracle has not disputed a reliable researcher report that TDA stores the master key without encryption, which allows local users to obtain the key via the SGA. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in the Upgrade & Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the DBMS_REGISTRY package in certain parameters to the (1) IS_COMPONENT, (2) GET_COMP_OPTION, (3) DISABLE_DDL_TRIGGERS, (4) SCRIPT_EXISTS, (5) COMP_PATH, (6) GATHER_STATS, (7) NOTHING_SCRIPT, and (8) VALIDATE_COMPONENTS functions. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29. NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a buffer overflow in the (a) DBMS_XMLSCHEMA and (b) DBMS_XMLSCHEMA_INT packages, as exploitable via long arguments to (1) XDB.DBMS_XMLSCHEMA.GENERATESCHEMA or (2) XDB.DBMS_XMLSCHEMA.GENERATESCHEMAS. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in the Portal component of Oracle Application Server 9.0.4.2 and 10.1.2.0 has unspecified impact and attack vectors, as identified by Oracle Vuln# AS01. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 and 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP03. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP04. NOTE: Oracle has not disputed reliable researcher claims that this issue is related to directory traversal that allows reading of portions of arbitrary XML files via the customize parameter. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, and Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) has unspecified impact and attack vectors, as identified by Oracle Vuln# DBC01 in the Protocol Support component. |
Oracle vulnerabilities Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias database_oracle_version |
||
|
Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, Application Server 10.1.2.0.2, and Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) has unspecified impact and attack vectors, as identified by Oracle Vuln# DBC02 in the Reorganize Objects & Convert Tablespace component. |
Oracle vulnerabilities Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias database_oracle_version |
||
|
Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.2 and 10.1.2.0.2, and E-Business Suite and Applications 11.5.10, have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) FORM01 and (2) FORM02 in the Oracle Forms component. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in the Java Net component of Oracle Database Server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.4, and Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, has unspecified impact and attack vectors, as identified by Oracle Vuln# JN01. |
Oracle vulnerabilities Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias database_oracle_version |
||
|
Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, and Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, has unspecified impact and attack vectors, as identified by Oracle Vuln# OHS01. |
Oracle vulnerabilities Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias database_oracle_version |
||
|
Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 10.1.0.5 and Application Server 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# OHS02. |
Oracle vulnerabilities Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias database_oracle_version |
||
|
Multiple unspecified vulnerabilities in the Oracle Reports Developer component of Oracle Application Server 9.0.4.1 and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) REP01 and (2) REP02. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Multiple unspecified vulnerabilities in Oracle Application Server 6.0.8.26(PS17) and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) REP05 and (2) REP06 in the Oracle Reports Developer component. NOTE: Oracle has not disputed reliable researcher claims that REP05 is the same as CVE-2005-2378 and REP06 is the same as CVE-2005-2371, both of which involve directory traversal. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in Oracle Database Server 9.2.0.7, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i), and E-Business Suite and Applications 11.5.10 has unspecified impact and attack vectors, as identified by Oracle Vuln# WF01 in the Oracle Workflow Cartridge component. |
Oracle vulnerabilities Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias database_oracle_version |
||
|
Multiple unspecified vulnerabilities in Oracle Database Server 10.2.0.1, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i), and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) WF02 and (2) WF03 in the Oracle Workflow Cartridge component. |
Oracle vulnerabilities Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias database_oracle_version |
||
|
The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_mozilla web_client_seamonkey |
||
|
The function allocation code (js_NewFunction in jsfun.c) in Firefox 1.5 allows attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that operates on freed objects. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_mozilla web_client_seamonkey |
||
|
Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers. |
GNU tar vulnerabilities MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_compress_tar misc_macosx_version |
||
|
fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006004 | ||
|
Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attackers to cause a denial of service (infinite loop) via "certain malformed links." |
MediaWiki vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_mediawiki | ||
|
Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations. |
RealPlayer vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_realplayer | ||
|
Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname). |
Gallery vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion | ||
|
Buffer overflow in multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allows remote attackers to execute arbitrary code via crafted ZIP archives. |
FSecure vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_fsecurebo | ||
|
Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) support in Cisco IOS 12.0 through 12.4 running on various Cisco products, when SGBP is enabled, allows remote attackers on the local network to cause a denial of service (device hang and network traffic loss) via a crafted UDP packet to port 9900. |
Cisco SGBP vulnerability Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_sgbp | ||
|
Cross-site scripting (XSS) vulnerability in WCONSOLE.DLL in Rockliffe MailSite 5.x and 6.1.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string. |
Rockliffe vulnerabilities |
mail_web_rockliffe | ||
|
RockLiffe MailSite HTTP Mail management agent (httpma) 7.0.3.1 allows remote attackers to cause a denial of service (CPU consumption and crash) via a malformed query string containing special characters such as "|". |
Rockliffe vulnerabilities |
mail_web_rockliffe | ||
|
Directory traversal vulnerability in Intervations FileCOPA FTP Server 1.01 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the (1) STOR and (2) RETR commands. |
FileCOPA FTP vulnerabilities |
ftp_filecopa | ||
|
Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via a signature containing a JavaScript URI in the SRC attribute of an IMG element, in which the URI uses SGML numeric character references without trailing semicolons, as demonstrated by "javascript". |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection." |
SquirrelMail vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_web_squirrel | ||
|
Apple Mac OS X 10.4.5 and allows local users to cause a denial of service (crash) via an undocumented system call. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Canon RAW image. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006004 | ||
|
OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006004 | ||
|
Unspecified vulnerability in Mac OS X before 10.4.6, when running on an Intel-based computer, allows attackers with physical access to bypass the firmware password and log on in Single User Mode via unspecified vectors. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid parameters. |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
Multiple SQL injection vulnerabilities in index.php in NewsPHP allow remote attackers to execute arbitrary SQL commands via the (1) discuss, (2) tim, (3) id, (4) last, and (5) limit parameter. |
SQL injection |
web_prog_sql_newsphp | ||
|
Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows attackers to bypass the PLSQLExclusion list and access excluded packages and procedures, aka Vuln# PLSQL01. |
Oracle PLSQL vulnerabilities Note: Authentication is required to detect this vulnerability |
database_oracle_plsqlgate | ||
|
Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for "<" and ">" characters. |
phpBB vulnerabilities |
web_prog_php_bbver | ||
|
Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to (1) admin/admin_users.php and (2) modcp.php. |
phpBB vulnerabilities |
web_prog_php_bbver | ||
|
Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote attackers to execute arbitrary code via a long USER command, which triggers the overflow when the log is viewed. |
Sami FTP Server vulnerabilities |
ftp_sami | ||
|
Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO Mail @Solomon 4.00 allow remote attackers to execute arbitrary code via a long username to the (1) AUTH PLAIN or (2) AUTH LOGIN SMTP commands, which is not properly handled by (a) EPSTRS.EXE or (b) SPA-RS.EXE; (3) a long username in the APOP POP3 command, which is not properly handled by (c) EPSTPOP4S.EXE or (d) SPA-POP3S.EXE; (4) a long IMAP DELETE command, which is not properly handled by (e) EPSTIMAP4S.EXE or (f) SPA-IMAP4S.EXE. |
Epost vulnerabilities |
mail_imap_epost mail_pop_epost mail_smtp_epost |
||
|
Multiple directory traversal vulnerabilities in (1) EPSTIMAP4S.EXE and (2) SPA-IMAP4S.EXE in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allow remote attackers to (a) list arbitrary directories or cause a denial of service via the LIST command; or create arbitrary files via the (b) APPEND, (c) COPY, or (d) RENAME commands. |
Epost vulnerabilities |
mail_imap_epost | ||
|
Early termination vulnerability in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allows remote attackers to cause a denial of service (infinite loop) by sending an APPEND command and disconnecting before the expected amount of data is sent. |
Epost vulnerabilities |
mail_imap_epost | ||
|
phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the database. |
phpBB vulnerabilities |
web_prog_php_bbver | ||
|
CommuniGate Pro Core Server before 5.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via LDAP messages with negative BER lengths, and possibly other vectors, as demonstrated by the ProtoVer LDAP test suite. |
CommuniGate vulnerabilities |
misc_communigateldap | ||
|
Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field). |
Winamp vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_winamp | ||
|
Cisco VPN 3000 series concentrators running software 4.7.0 through 4.7.2.A allow remote attackers to cause a denial of service (device reload or user disconnect) via a crafted HTTP packet. |
Cisco VPN vulnerabilities Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_vpn | ||
|
The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S before 12.2(18)S11, and certain other releases before 25 January 2006 does not perform Authentication, Authorization, and Accounting (AAA) command authorization checks, which may allow local users to execute IOS EXEC commands that were prohibited via the AAA configuration, aka Bug ID CSCeh73049. |
Cisco vulnerabilities Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ios | ||
|
Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts. |
Netscape Navigator vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_netscape | ||
|
IMAP service in MailEnable Professional Edition before 1.72 allows remote attackers to cause a denial of service (service crash) via unspecified vectors involving the EXAMINE command. |
MailEnable vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_imap_mailenable | ||
|
Unspecified vulnerability in MailEnable Enterprise Edition before 1.2 allows remote attackers to cause a denial of service (CPU utilization) by viewing "formatted quoted-printable emails" via webmail. |
MailEnable vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_imap_mailenableent | ||
|
SQL injection vulnerability in global.php in MyBB before 1.03 allows remote attackers to execute arbitrary SQL commands via the templatelist variable. |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
Cross-site scripting (XSS) vulnerability in ashnews.php in Derek Ashauer ashNews 0.83 allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
Cross site scripting |
web_prog_php_ashnewsxss | ||
|
BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, allows remote attackers to gain privileged access via a "Kashpureff-style DNS cache corruption" attack. |
DNS vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
dns_bindver | ||
|
Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via a crafted message to TCP port 4105. |
CA Message Queuing Note: Authentication is recommended to improve the accuracy of this check |
misc_cam | ||
|
Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via spoofed CAM control messages. |
CA Message Queuing Note: Authentication is recommended to improve the accuracy of this check |
misc_cam | ||
|
Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial of service (client crash) via an AIM message containing the Mac encoded Rich Text Format (RTF) escape sequences (1) \'d1, (2) \'d2, (3) \'d3, (4) \'d4, and (5) \'d5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
Trillian vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_trillian | ||
|
SQL injection vulnerability in showflat.php in Groupee (formerly known as Infopop) UBB.threads 6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Number parameter. |
UBB threads vulnerabilities |
web_prog_php_ubb | ||
|
PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to gain additional privileges via "knowledge of the backend protocol" using a crafted SET ROLE to other database users, a different vulnerability than CVE-2006-0678. |
PostgreSQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_pgsql | ||
|
Format string vulnerability in the SMTP server for McAfee WebShield 4.5 MR2 and earlier allows remote attackers to execute arbitrary code via format strings in the domain name portion of a destination address, which are not properly handled when a bounce message is constructed. |
WebShield vulnerabilities |
mail_smtp_webshield | ||
 |
IBM Lotus Domino Server 7.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted packet to the LDAP port (389/TCP). |
Lotus Domino LDAP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_ldapdomino | ||
|
Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2, when storing forwarded credentials, allows attackers to overwrite arbitrary files and change file ownership via unknown vectors. |
Heimdal telnetd vulnerability |
shell_r_heimdal | ||
|
Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file. |
Gallery vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion | ||
|
Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 allows remote attackers to inject arbitrary web script or HTML via the (1) shout_name field in shoutbox_panel.php and the (2) comments field in comments_include.php. |
Cross site scripting |
web_prog_php_fusionxss | ||
|
Directory traversal vulnerability in compose.pl in @Mail 4.3 and earlier for Windows allows remote attackers to upload arbitrary files to arbitrary locations via a .. (dot dot) in the unique parameter. |
AtMail vulnerabilities |
mail_web_atmail | ||
|
Unspecified vulnerability in Java Web Start after 1.0.1_02, as used in J2SE 5.0 Update 5 and earlier, allows remote attackers to obtain privileges via unspecified vectors involving untrusted applications. |
Java Web Start Note: Authentication is required to detect this vulnerability |
misc_javawebstart | ||
|
Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.1_16 and 1.4.x through 1.4.2_08 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "first issue." |
Java Plugin vulnerability Note: Authentication is required to detect this vulnerability |
web_client_javaplugin | ||
|
Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 4 and earlier, SDK and JRE 1.4.x through 1.4.2_09 allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "second and third issues." |
Java Plugin vulnerability Note: Authentication is required to detect this vulnerability |
web_client_javaplugin | ||
|
Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and earlier allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fourth issue." |
Java Plugin vulnerability Note: Authentication is required to detect this vulnerability |
web_client_javaplugin | ||
|
Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 5 and earlier allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fifth, sixth, and seventh issues." |
Java Plugin vulnerability Note: Authentication is required to detect this vulnerability |
web_client_javaplugin | ||
|
The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts. |
phpBB vulnerabilities |
web_prog_php_bbver | ||
|
SQL injection vulnerability in moderation.php in MyBB (aka MyBulletinBoard) 1.0.3 allows remote authenticated users, with certain privileges for moderating and merging posts, to execute arbitrary SQL commands via the posts parameter. |
MyBB vulnerabilities SQL injection |
web_prog_php_mybb web_prog_sql_mybb |
||
|
Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka MyBulletinBoard) 1.0.2 allows remote attackers with knowledge of the table prefix to inject arbitrary web script or HTML via a URL encoded value of the keywords parameter, as demonstrated by %3Cscript%3E. |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
Trend Micro ServerProtect 5.58, and possibly InterScan Messaging Security Suite and InterScan Web Security Suite, have a default configuration setting of "Do not scan compressed files when Extracted file count exceeds 500 files," which may be too low in certain circumstances, which allows remote attackers to bypass anti-virus checks by sending compressed archives containing many small files. NOTE: since this is related to a configuration setting that has an operational impact that might vary depending on the environment, and the product is claimed to report a message when the compressed file exceeds specified limits, perhaps this should not be included in CVE. |
Trend Micro vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_trendmicrosprotect | ||
|
Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2.1, and 2.2 allow remote attackers to include arbitrary files via the (1) getdate and possibly other parameters used in the replace_files function in search.php and (2) $file variable as used in the parse function in functions/template.php. |
PHP injection |
web_prog_php_icalendar | ||
|
Directory traversal vulnerability in HP Systems Insight Manager 4.2 through 5.0 SP3 for Windows allows remote attackers to access arbitrary files via unspecified vectors, a different vulnerability than CVE-2005-2006. |
HP Systems Insight Manager |
web_tool_simnamazu | ||
|
Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client 6.5.4 allows remote attackers to inject arbitrary web script or HTML via email with attached html files, which are directly rendered in the browser. |
Lotus Domino HTTP vulnerability |
web_server_lotus_domino | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject; (2) an encoded javascript URI, as demonstrated using "java script:"; or (3) when the Domino Web Access ActiveX control is not installed, via an email attachment filename. |
Lotus Domino HTTP vulnerability |
web_server_lotus_domino | ||
|
Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public. |
Mantis vulnerabilities |
web_prog_php_mantis | ||
|
Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public. |
Mantis vulnerabilities |
web_prog_php_mantis | ||
|
Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 to 7.8 allows remote attackers to inject arbitrary web script or HTML via the pagetitle parameter. |
Cross site scripting |
web_prog_php_nukexssheader | ||
|
telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows remote unauthenticated attackers to cause a denial of service (server crash) via unknown vectors that trigger a null dereference. |
Heimdal telnetd vulnerability |
shell_telnet_heimdal | ||
|
PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before 8.0.7, and 8.1.x before 8.1.3, when compiled with Asserts enabled, allows local users to cause a denial of service (server crash) via a crafted SET SESSION AUTHORIZATION command, a different vulnerability than CVE-2006-0553. |
PostgreSQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_pgsql | ||
|
Cross-site scripting (XSS) vulnerability in search.php in QWikiWiki 1.5, and possibly 1.5.1 and other versions, allows remote attackers to inject arbitrary web script or HTML via the query parameter. |
Cross site scripting |
web_prog_php_qwikixss | ||
|
Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command. |
SSH AttachmateWRQ vulnerabilities SSH Tectia vulnerabilities |
shell_ssh_fsecure shell_ssh_tectia shell_ssh_wrq |
||
|
Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476. |
Winamp vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_winamp | ||
|
IBM Tivoli Directory Server 6.0 allows remote attackers to cause a denial of service (crash) via a crafted LDAP request, as demonstrated by test 2532 in the ProtoVer Sample LDAP test suite. |
Tivoli LDAP vulnerabilities |
misc_ldaptivoli | ||
|
Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file. |
Winamp vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_winamp | ||
|
Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via "an invalid and non-sensical ordering of table-related tags" that results in a negative array index. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_mozilla web_client_seamonkey |
||
|
nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors involving a "particular sequence of HTML tags" that leads to memory corruption. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_mozilla |
||
|
Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_jsstack | ||
|
LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP interpreter only for ".php" names. |
Lighttpd vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_lighttpd_version | ||
|
Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in "advanced details". NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
Rockliffe MailSite 7.0 and earlier allows remote attackers to cause a denial of service by sending crafted LDAP packets to port 389/TCP, as demonstrated by the ProtoVer LDAP testsuite. |
Rockliffe vulnerabilities |
mail_misc_rockliffeldap | ||
|
Multiple directory traversal vulnerabilities in the IMAP service in Macallan Mail Solution before 4.8.05.004 allow remote authenticated users to read e-mails of other users or create, modify, or delete directories via a .. (dot dot) in the argument to the (1) CREATE, (2) SELECT, (3) DELETE, or (4) RENAME commands. |
MacAllan Mail vulnerabilities |
mail_imap_macallan | ||
|
Stack-based buffer overflow in NJStar Chinese and Japanese Word Processor 4.x and 5.x before 5.10 allows user-assisted attackers to execute arbitrary code via font names in NJStar (.njx) documents. |
NJStar vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_njstar | ||
|
Heap-based buffer overflow in WinACE 2.60 allows user-assisted attackers to execute arbitrary code via a large header block in an ARJ archive. |
Winace vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_compress_winace | ||
|
response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files. |
Lighttpd vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_lighttpd_version | ||
|
Multiple unspecified vulnerabilities in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allow remote attackers to bypass authentication or gain "unauthorized network access" via unknown attack vectors. |
Xerox MicroServer vulnerabilities |
web_tool_microsrvver | ||
|
Unspecified vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote attackers to cause a denial of service via a crafted Postscript request. |
Xerox MicroServer vulnerabilities |
web_tool_microsrvver | ||
|
Cross-site scripting vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. |
Xerox MicroServer vulnerabilities |
web_tool_microsrvver | ||
|
Unspecified vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote attackers to "reduce effectiveness of security features" via unknown attack vectors. |
Xerox MicroServer vulnerabilities |
web_tool_microsrvver | ||
|
The scripting engine in Internet Explorer allows remote attackers to cause a denial of service (resource consumption) and possibly execute arbitrary code via a web page that contains a recurrent call to an infinite loop in Javascript or VBscript, which consumes the stack, as demonstrated by resetting the "location" variable within the loop. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_jsstack | ||
|
Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an unspecified denial of service by tricking the user into importing an LDIF file with a long field into the address book, as demonstrated by a long homePhone field. |
Mozilla Thunderbird vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird | ||
|
The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly reassemble certain fragmented packets with IP options, which allows remote attackers to evade detection of certain attacks, possibly related to IP option lengths. |
Snort vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_snort | ||
|
manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519. |
Mantis vulnerabilities |
web_prog_php_mantis | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522. |
Mantis vulnerabilities |
web_prog_php_mantis | ||
|
Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3 allows remote attackers to inject arbitrary web script or HTML via a modified javascript: string in the SRC attribute of an IMG element in an e-mail message, as demonstrated by "java script:." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
AtMail vulnerabilities |
mail_web_atmail | ||
|
Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. NOTE: CVE-2006-1794 has been assigned to the SQL injection vector. |
Mambo vulnerabilities |
web_prog_sql_mambouser | ||
|
The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail. |
Mozilla Thunderbird vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird | ||
|
index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation disabled, allows remote attackers to cause an unspecified denial of service by registering a large number of users. |
Invision Power Board |
web_prog_php_ipbversion | ||
|
Directory traversal vulnerability in SpeedProject Squeez 5.1, as used in (1) ZipStar 5.1 and (2) SpeedCommander 11.01.4450, allows remote attackers to overwrite arbitrary files via unspecified manipulations in a (1) JAR or (2) ZIP archive. |
SpeedProject vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_compress_speedcommander misc_compress_squeez misc_compress_zipstar |
||
|
nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial of service via a crafted NFS mount request, as demonstrated by the ProtoVer NFS test suite. |
FreeBSD nfsd vulnerability |
rpc_nfs_freebsd | ||
|
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query. |
MySQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version | ||
|
Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to view sensitive information via a direct request to multiple PHP scripts that include the full path in error messages, including (1) PEAR/Text/Diff/Renderer/inline.php, (2) PEAR/Text/Diff/Renderer/unified.php, (3) PEAR/Text/Diff3.php, (4) class_db.php, (5) class_db_mysql.php, and (6) class_xml.php in the ips_kernel/ directory; (7) mysql_admin_queries.php, (8) mysql_extra_queries.php, (9) mysql_queries.php, and (10) mysql_subsm_queries.php in the sources/sql directory; (11) sources/acp_loaders/acp_pages_components.php; (12) sources/action_admin/member.php and (13) sources/action_admin/paysubscriptions.php; (14) login.php, (15) messenger.php, (16) moderate.php, (17) paysubscriptions.php, (18) register.php, (19) search.php, (20) topics.php, (21) and usercp.php in the sources/action_public directory; (22) bbcode/class_bbcode.php, (23) bbcode/class_bbcode_legacy.php, (24) editor/class_editor_rte.php, (25) editor/class_editor_std.php, (26) post/class_post.php, (27) post/class_post_edit.php, (28) post/class_post_new.php, (29) and post/class_post_reply.php in the sources/classes directory; (30) sources/components_acp/registration_DEPR.php; (31) sources/handlers/han_paysubscriptions.php; (32) func_usercp.php; (33) search_mysql_ftext.php, and (34) search_mysql_man.php in the sources/lib/ directory; and (35) convert/auth.php.bak, (36) external/auth.php, and (37) ldap/auth.php in the sources/loginauth directory. |
Invision Power Board |
web_prog_php_ipbversion | ||
|
Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to list directory contents via a direct request to multiple directories, including (1) sources/loginauth/convert/, (2) sources/portal_plugins/, (3) cache/skin_cache/cacheid_2/, (4) ips_kernel/PEAR/, (5) ips_kernel/PEAR/Text/, (6) ips_kernel/PEAR/Text/Diff/, (7) ips_kernel/PEAR/Text/Diff/Renderer/, (8) style_images/1/folder_rte_files/, (9) style_images/1/folder_js_skin/, (10) style_images/1/folder_rte_images/, and (11) upgrade/ and its subdirectories. |
Invision Power Board |
web_prog_php_ipbversion | ||
|
SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi. |
Bugzilla vulnerabilities |
web_prog_cgi_bugzilla | ||
|
Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly handle certain characters in the mostfreqthreshold parameter in duplicates.cgi, which allows remote attackers to trigger a SQL error. |
Bugzilla vulnerabilities |
web_prog_cgi_bugzilla | ||
|
Bugzilla 2.16.10 does not properly handle certain characters in the (1) maxpatchsize and (2) maxattachmentsize parameters in attachment.cgi, which allows remote attackers to trigger a SQL error. |
Bugzilla vulnerabilities |
web_prog_cgi_bugzilla | ||
|
Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the user's browser to send the form data to another domain. |
Bugzilla vulnerabilities |
web_prog_cgi_bugzilla | ||
|
Format string vulnerability in the IMAP4rev1 server in Alt-N MDaemon 8.1.1 and possibly 8.1.4 allows remote attackers to cause a denial of service (CPU consumption) by creating and then listing folders whose names contain format string specifiers. |
MDaemon vulnerabilities |
mail_imap_mdaemon | ||
|
The POP3 Server in ArGoSoft Mail Server Pro 1.8 allows remote attackers to obtain sensitive information via the _DUMP command, which reveals the operating system, registered user, and registration code. |
ArGoSoft mail vulnerabilities |
mail_pop_argosoft | ||
|
Directory traversal vulnerability in the IMAP server in ArGoSoft Mail Server Pro 1.8.8.1 allows remote authenticated users to create arbitrary folders via a .. (dot dot) in the RENAME command. |
ArGoSoft mail vulnerabilities |
mail_imap_argosoft | ||
|
Directory traversal vulnerability in Webmail in ArGoSoft Mail Server Pro 1.8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the UIDL parameter. |
ArGoSoft mail vulnerabilities |
mail_web_argosoft | ||
|
SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. NOTE: 1.04 has also been reported to be affected. |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
Directory traversal vulnerability in Lionel Reyero DirectContact 0.3b allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. |
http server read access |
web_server_read | ||
|
SQL injection vulnerability in topics.php in Appalachian State University phpWebSite 0.10.2 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter. |
SQL injection |
web_prog_sql_phpwebsitetopics | ||
|
Craig Morrison Mail Transport System Professional (aka MTS Pro) acts as an open relay when configured to relay all mail through an external SMTP server, which allows remote attackers to relay mail by connecting to the MTS Pro server, then sending a MAIL FROM that specifies a domain that is local to the server. |
SMTP mail relay |
mail_smtp_relay | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in the View Headers (aka viewheaders) functionality in ArGoSoft Mail Server Pro 1.8.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the Subject header, (2) the From header, and (3) certain other unspecified headers. |
ArGoSoft mail vulnerabilities |
mail_web_argosoft | ||
|
Directory traversal vulnerability in e-merge WinAce 2.6 and earlier allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1) zip or (2) tar archive. |
Winace vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_compress_winace | ||
|
Cross-site scripting (XSS) vulnerability in index.php in QwikiWiki 1.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter. |
Cross site scripting |
web_prog_php_qwikixss | ||
|
The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses. |
DNS vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
dns_bindver | ||
|
Stack-based buffer overflow in the volume manager daemon (vmd) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors. |
Veritas NetBackup vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_netbackupvmbo | ||
|
Stack-based buffer overflow in the NetBackup Catalog daemon (bpdbm) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors. |
Veritas NetBackup vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_netbackupvmbo | ||
|
Buffer overflow in the NetBackup Sharepoint Services server daemon (bpspsserver) on NetBackup 6.0 for Windows allows remote attackers to execute arbitrary code via crafted "Request Service" packets to the vnetd service (TCP port 13724). |
Veritas NetBackup vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_netbackupvmbo | ||
|
Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon. NOTE: due to a typo, the original ZDI advisory accidentally referenced CVE-2006-0092. This is the correct identifier. |
Novell GroupWise vulnerabilities |
mail_web_groupwisemessenger | ||
|
Multiple Sophos Anti-Virus products, including Anti-Virus for Windows 5.x before 5.2.1 and 4.x before 4.05, when cabinet file inspection is enabled, allows remote attackers to execute arbitrary code via a CAB file with "invalid folder count values," which leads to heap corruption. |
Sophos Antivirus vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_sophoscab | ||
|
EMC Dantz Retrospect 7 backup client 7.0.107, and other versions before 7.0.109, and 6.5 before 6.5.138 allows remote attackers to cause a denial of service (client termination and loss of backup service) via a malformed packet to TCP port 497, which triggers an assert error. |
EMC Dantz vulnerabilities |
misc_retrospectver | ||
|
Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) sometimes selects a weak cipher instead of an available stronger cipher, which makes it easier for remote attackers to sniff and decrypt an SSL protected session. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_httpserver | ||
|
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) allows a client to force the server to use weak encryption by stating that a weak cipher is required for client compatibility, which might allow remote attackers to decrypt contents of an SSL protected session. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_httpserver | ||
|
Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mb_send_mail function, allows context-dependent attackers to read and create arbitrary files by providing extra -C and -X arguments to sendmail. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mail function, allows remote attackers to read and create arbitrary files via the sendmail -C and -X arguments. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Buffer overflow in the IsComponentInstalled method in Internet Explorer 6.0, when used on Windows 2000 before SP4 or Windows XP before SP1, allows remote attackers to execute arbitrary code via JavaScript that calls IsComponentInstalled with a long first argument. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_icibo | ||
|
The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attackers to obtain access to an IMAP stream data structure and conduct unauthorized IMAP actions. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Eval injection vulnerability in the decode function in rpc_decoder.php for phpRPC 0.7 and earlier, as used by runcms, exoops, and possibly other programs, allows remote attackers to execute arbitrary PHP code via the base64 tag. |
vulnerable web program |
web_prog_php_phprpc | ||
|
Unspecified vulnerability in the Oracle Diagnostics module 2.2 and earlier allows remote attackers to access diagnostics tests via unknown attack vectors. |
Oracle Diagnostics vulnerabilities |
database_oracle_jtf | ||
|
Multiple unspecified vulnerabilities in the Oracle Diagnostics module 2.2 and earlier have unknown impact and attack vectors, related to "permissions." |
Oracle Diagnostics vulnerabilities |
database_oracle_jtf | ||
|
SQL injection vulnerability in the Oracle Diagnostics module 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. |
Oracle Diagnostics vulnerabilities |
database_oracle_jtf | ||
|
Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 allows remote attackers to inject arbitrary web script or HTML via the email field, which is injected in profile.php but not sanitized in sendmsg.php. |
vBulletin vulnerabilities |
web_prog_php_vbulletin | ||
|
Stack-based buffer overflow in Microsoft Visual Studio 6.0 and Microsoft Visual InterDev 6.0 allows user-assisted attackers to execute arbitrary code via a long DataProject field in a (1) Visual Studio Database Project File (.dbp) or (2) Visual Studio Solution (.sln). |
Visual Studio vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vstudiobo | ||
|
Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSERV Lite and HPO, with the web archive interface enabled, allow remote attackers to execute arbitrary code via unknown attack vectors related to the WA CGI. NOTE: technical details will be released after the grace period has ended on 20060603. |
Listserv vulnerabilities |
mail_misc_listserv | ||
|
The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed. |
Mozilla Thunderbird vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird | ||
|
SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to execute arbitrary SQL commands via the forums[] parameter. |
MyBB vulnerabilities SQL injection |
web_prog_php_mybb web_prog_sql_mybb |
||
|
SQL injection vulnerability in index.php, possibly during a showtopic operation, in Invision Power Board (IPB) 2.1.5 allows remote attackers to execute arbitrary SQL commands via the st parameter. |
Invision Power Board |
web_prog_php_ipbversion | ||
|
Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included. |
thttpd vulnerabilities |
web_server_thttpd | ||
|
htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included. |
thttpd vulnerabilities |
web_server_thttpd | ||
|
Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie. |
Apache module vulnerabilities |
web_mod_python | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1.1 and earlier, with register_globals enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) its_url parameter in the documents page and (2) url parameter in the send_write page of (a) index.php; (3) subject, and (4) images parameters to (b) calendar.php; (5) bid, (6) replying_msg, (7) subject, (8) body, and (9) mid parameters to (c) forums.php; (10) subject and (11) message parameters to (d) inbox.php; (12) subject_color and (13) email parameters to (e) lostpassword.php; and the (14) c_name, (15) content_inicial, and (16) cid parameters to (f) mycontents.php. NOTE: the calendar.php/day vector is already subsumed by CVE-2006-0220, and the calendar.php/month, calendar.php/year, and search.php/q parameters for calendar.php are already subsumed by CVE-2004-2511. |
Cross site scripting |
web_prog_php_dcpxss | ||
|
Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the query string to index.php. |
CuteNews vulnerabilities |
web_prog_php_cutenewsver | ||
|
Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR. |
Gallery vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion | ||
|
Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album. |
Gallery vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion | ||
|
Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized. |
Gallery vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion | ||
|
SQL injection vulnerability in show.php in vbzoom 1.11 allow remote attackers to execute arbitrary SQL commands via the MainID parameter. NOTE: the SubjectID vector is already covered by CVE-2005-4729. |
SQL injection |
web_prog_sql_vbzoom | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to (1) comment.php or (2) contact.php. NOTE: the profile.php/UserName vector is already covered by CVE-2005-2441. |
SQL injection |
web_prog_sql_vbzoom | ||
|
Multiple stack-based buffer overflows in the procConnectArgs function in servmgr.cpp in PeerCast before 0.1217 allow remote attackers to execute arbitrary code via an HTTP GET request with a long (1) parameter name or (2) value in a URL, which triggers the overflow in the nextCGIarg function in servhs.cpp. |
Peercast vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_peercast | ||
|
Kerio MailServer before 6.1.3 Patch 1 allows remote attackers to cause a denial of service (application crash) via a crafted IMAP LOGIN command. |
Kerio MailServer vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_imap_kerio | ||
|
Format string vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in the query string argument in an HTTP GET request. |
Easy File Sharing Web Server |
web_server_efswsver | ||
|
Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote attackers to inject arbitrary web script or HTML via the Description field in creating a folder or uploading a file. |
Easy File Sharing Web Server |
web_server_efswsver | ||
|
Absolute path traversal vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote registered users to execute arbitrary code by uploading a malicious file to the Windows startup folder. |
Easy File Sharing Web Server |
web_server_efswsver | ||
|
The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow. |
ncompress vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_compress_ncompress | ||
|
Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files. |
Sendmail vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_smtp_sendmail | ||
|
The WeOnlyDo! SFTP (wodSFTP) ActiveX control is marked as safe for scripting, which allows remote attackers to read and write files in arbitrary locations by accessing the control from a web page. |
wodSFTP vulnerabilities Note: Authentication is required to detect this vulnerability |
ftp_wodsftp | ||
|
Buffer overflow in eBay Enhanced Picture Services (aka EPUImageControl Class) in EUPWALcontrol.dll before 1.0.3.48, as used in Sell Your Item (SYI), Setup & Test eBay Enhanced Picture Services, Picture Manager Enhanced Uploader, and CARad.com Add Vehicle, allows remote attackers to execute arbitrary code via a crafted HTML document. |
eBay vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_ebayeps | ||
|
Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_dtcdos | ||
|
Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_ctr | ||
|
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_ctr | ||
|
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_ctr | ||
|
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-byte character sets (DBCS), aka the "Double Byte Character Parsing Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_ctr | ||
|
Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_ctr | ||
|
Microsoft Internet Explorer 5.01 through 6 does not always correctly identify the domain that is associated with a browser window, which allows remote attackers to obtain sensitive cross-domain information and spoof sites by running script after the user has navigated to another site. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_ctr | ||
|
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_ctr | ||
|
Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing." |
Outlook Web Access Note: Authentication is recommended to improve the accuracy of this check |
mail_web_owaxss | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in QwikiWiki 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) from and (2) help parameters to (a) index.php; (3) action, (4) page, (5) debug, (6) help, (7) username, or (8) password parameters to (b) login.php; the (7) help parameter to (c) pageindex.php; or (8) help parameter to (d) recentchanges.php. |
Cross site scripting |
web_prog_php_qwikixss | ||
|
Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedded Linux devices and on general-purpose operating systems, allows remote attackers to cause a denial of service (connection slot exhaustion) via a large number of connection attempts that exceeds the MAX_UNAUTH_CLIENTS defined value of 30. |
Dropbear vulnerability |
shell_ssh_dropbear | ||
|
Cross-site scripting (XSS) vulnerability in misc.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the percent parameter. NOTE: this issue has been disputed in a followup post, although the original disclosure might be related to reflected XSS. |
Woltlab Burning Board vulnerabilities |
web_prog_php_woltlabbbversion | ||
|
Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php. |
Gallery vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion | ||
|
Directory traversal vulnerability in dwnld.php in GuppY 4.5.11 allows remote attackers to overwrite arbitrary files via a "%2E." (mixed encoding) in the pg parameter. |
GuppY miniPortail vulnerabilities |
web_prog_php_guppy2e | ||
|
CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject headers of outgoing e-mail messages and use Drupal as a spam proxy. |
Drupal vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal | ||
|
Cross-site scripting (XSS) vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. |
Drupal vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal | ||
|
Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when menu.module is used to create a menu item, does not implement access control for the page that is referenced, which might allow remote attackers to access administrator pages. |
Drupal vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal | ||
|
Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the session identifier. |
Drupal vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) card_id, (2) uploaded, (3) card_fontsize, or (4) card_color parameter. NOTE: the card_id vector was later reported to affect vCard 2.9, and the uploaded vector for 2.6. |
Cross site scripting |
web_prog_php_vcard | ||
|
Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_ctr | ||
|
Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote attackers to bypass IP checks via a crafted DNS hostname, possibly a hostname that appears to be an IP address. |
glFTPd vulnerabilities |
ftp_glftpd | ||
|
Stack-based buffer overflow in the IMAP service in Mercur Messaging 5.0 SP3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string to the (1) LOGIN or (2) SELECT command, a different set of attack vectors and possibly a different vulnerability than CVE-2003-1177. |
MERCUR vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
mail_imap_mercur mail_pop_mercur mail_smtp_mercur |
||
|
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter. |
phpMyAdmin vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminsettheme web_prog_php_myadminver |
||
|
Invision Power Board 2.1.4 allows remote attackers to hijack sessions and possibly gain administrative privileges by obtaining the session ID from the s parameter, then replaying it in another request. |
Invision Power Board |
web_prog_php_ipbversion | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in member.php in MyBulletin Board (MyBB) 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) aim, (2) yahoo, (3) msn, or (4) website field. |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be vulnerable. |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages. |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060130 allows remote attackers to steal cookies and probably conduct other activities when the victim is using Internet Explorer. |
Invision Power Board |
web_prog_php_ipbversion | ||
|
Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to (1) arrays of id/stamp pairs and (2) the keys in arrays of key/value pairs in ipsclass.php; (3) the topics variable in usercp.php; and the topicsread cookie in (4) topics.php, (5) search.php, and (6) forums.php. |
Invision Power Board |
web_prog_php_ipbversion | ||
|
publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier does not require authentication for write access to the calendars directory, which allows remote attackers to upload and execute arbitrary PHP scripts via a WebDAV PUT request with a filename containing a .php extension and a trailing null character. |
PHP injection |
web_prog_php_icalendar | ||
|
Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php. |
PHP injection |
web_prog_php_icalendar | ||
|
Cross-site scripting (XSS) vulnerability in index.php in Contrexx CMS 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF). |
Cross site scripting |
web_prog_php_contrexx | ||
|
Unspecified vulnerability in Veritas Backup Exec for Windows Server Remote Agent 9.1 through 10.1, for Netware Servers and Remote Agent 9.1 and 9.2, and Remote Agent for Linux Servers 10.0 and 10.1 allow attackers to cause a denial of service (application crash or unavailability) due to "memory errors." |
Veritas Backup Exec Veritas NetBackup vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_backupexec misc_netbackupvmbo |
||
|
Format string vulnerability in the Job Engine service (bengine.exe) in the Media Server in Veritas Backup Exec 10d (10.1) for Windows Servers rev. 5629, Backup Exec 10.0 for Windows Servers rev. 5520, Backup Exec 10.0 for Windows Servers rev. 5484, and Backup Exec 9.1 for Windows Servers rev. 4691, when the job log mode is Full Detailed (aka Full Details), allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted filename on a machine that is backed up by Backup Exec. |
Veritas Backup Exec Note: Authentication is recommended to improve the accuracy of this check |
misc_backupexec | ||
|
Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name." |
ASP NET vulnerabilities |
web_server_iis_dotnetappfolder | ||
|
Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_excelzero | ||
|
Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability." |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_excelzero | ||
|
Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_xcpthandling | ||
|
Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation." |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_excelzero | ||
|
Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers. |
Outlook and Outlook Express Note: Authentication is required to detect this vulnerability |
mail_client_outlook07003 | ||
|
Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability." |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_excelzero | ||
|
Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_excelzero | ||
|
Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_excelzero | ||
|
The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption. |
Microsoft Office vulnerabilities Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_office2004macver win_patch_officertfrich win_patch_rtfrich |
||
|
Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_jsrce | ||
|
Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_mailslot | ||
|
The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability." |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_mailslot | ||
|
Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_officestrings | ||
|
Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter when a SQL error is generated. |
Woltlab Burning Board vulnerabilities |
web_prog_php_woltlabbbversion | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board 2.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) result_type, (2) search_in, (3) nav, (4) forums, and (5) s parameters in the Search action to index.php; (6) st parameter to index.php with showtopics set to 1; (7) m, (8) y, and (9) d parameters in a calendar action; (10) t parameter in a Print action; (11) MID parameter in a Mail action; (12) HID parameter in a Help action; (13) active parameter in a search action; (14) sort_order, (15) max_results, or (16) sort_key parameter in a Members action. |
Invision Power Board |
web_prog_php_ipbversion | ||
|
The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service ("c2s segfault") by sending a "response stanza before an auth stanza". |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier allow remote attackers to execute arbitrary SQL commands via the sid parameter to (1) friend.php or (2) article.php. |
SQL injection |
web_prog_sql_phpwebsitefriend | ||
|
Buffer overflow in the POP 3 (POP3) service in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 allows remote attackers to execute arbitrary code via unknown vectors before authentication. |
MailEnable vulnerabilities |
mail_pop_mailenable mail_pop_mailenableent mail_pop_mailenablepro |
||
|
Webmail in MailEnable Professional Edition before 1.73 and Enterprise Edition before 1.21 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors involving "incorrectly encoded quoted-printable emails". |
MailEnable vulnerabilities |
mail_web_mailenable | ||
|
Directory traversal vulnerability in inc/functions.inc.php in CuteNews 1.4.1 and possibly other versions, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the archive parameter in an HTTP POST or COOKIE request, which bypasses a sanity check that is only applied to a GET request. |
CuteNews vulnerabilities |
web_prog_php_cutenewsver | ||
|
CuteNews 1.4.1 and possibly other versions allows remote attackers to obtain the installation path via unspecified vectors involving an invalid file path. |
CuteNews vulnerabilities |
web_prog_php_cutenewsver | ||
|
polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to obtain sensitive information via a vote action with an "option[]=null" parameter value, which reveals the path in an error message. |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php. |
gCards vulnerabilities |
web_prog_php_gcards | ||
|
SQL injection vulnerability in loginfunction.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. |
gCards vulnerabilities |
web_prog_php_gcards | ||
|
Cross-site scripting (XSS) vulnerability in index.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang[*][file] parameter, which is injected into an error message. NOTE: this issue might be resultant from CVE-2006-1346. |
gCards vulnerabilities |
web_prog_php_gcards | ||
|
Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct attacks via (3) user_id parameter to users/add_edit_user.asp, (4) bannerid parameter to banner_adds/banner_add_edit.asp, (5) cat_id parameter to categories/add_edit_cat.asp, (6) Content_ID parameter to News/add_edit_news.asp, (7) download_id parameter to downloads/add_edit_download.asp, (8) Poll_ID parameter to poll/add_edit_poll.asp, (9) contactid parameter to contactus/contactus_add_edit.asp, (10) sortby parameter to poll/poll_list.asp, and (11) unspecified inputs to downloads/add_edit_download.asp. |
SQL injection |
web_prog_sql_aspportal | ||
|
Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module. |
RADIUS vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_freeradius | ||
|
avast! Antivirus 4.6.763 and earlier sets "BUILTIN\Everyone" permissions to critical system files in the installation folder, which allows local users to gain privileges or disable protection by modifying those files. |
Avast vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_avast | ||
|
Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_ctr | ||
|
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.5 and earlier before 20060308 allows remote attackers to inject arbitrary web script or HTML via a Private Message (PM) in certain circumstances. |
Invision Power Board |
web_prog_php_ipbversion | ||
|
Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, RealPlayer 8, and RealPlayer Enterprise before 20060322 allows remote attackers to have an unknown impact via a malicious Mimio boardCast (mbc) file. |
RealPlayer vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_realplayer | ||
|
PHP remote file inclusion vulnerability in impex/ImpExData.php in vBulletin ImpEx module 1.74, when register_globals is disabled, allows remote attackers to include arbitrary files via the systempath parameter. |
PHP injection |
web_prog_php_vbulletinimpex | ||
|
The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore access control settings, which allows remote attackers to read restricted areas and access restricted content in TWiki topics. |
TWiki vulnerabilities |
web_prog_cgi_twikiver | ||
|
TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote authenticated users with edit rights to cause a denial of service (infinite recursion leading to CPU and memory consumption) via INCLUDE by URL statements that form a loop, such as a page that includes itself. |
TWiki vulnerabilities |
web_prog_cgi_twikiver | ||
|
Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_ctr | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or (2) certain parameters to the login form. |
Cross site scripting |
web_prog_php_phpadsnew | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the fs parameter to (1) mod.php or (2) mod_print.php. |
Cross site scripting |
web_prog_php_phpcoinxss | ||
|
Stack-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickDraw PICT image format file containing malformed font information. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickDraw PICT image format file with malformed image data. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to cause a denial of service (crash and connection interruption) via a QuickTime movie with a missing track, which triggers a null dereference. |
Darwin vulnerabilities |
web_server_quicktime | ||
|
Buffer overflow in QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via a crafted RTSP request, which is not properly handled during message logging. |
Darwin vulnerabilities |
web_server_quicktime | ||
|
Integer overflow in Apple QuickTime Player before 7.1 allows remote attackers to execute arbitrary code via a crafted JPEG image. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted QuickTime movie (.MOV). |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime movie (.MOV), as demonstrated via a large size for a udta Atom. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime Flash (SWF) file. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime H.264 (M4V) video format file. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a H.264 (M4V) video format file with a certain modified size value. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickTime MPEG4 (M4P) video format file. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickTime AVI video format file. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (STSZ) atom with a "malformed" sample_size_table value. |
iTunes vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_itunes | ||
|
Unspecified vulnerability in Apple File Protocol (AFP) server in Apple Mac OS X 10.4 up to 10.4.6 includes the names of restricted files and folders within search results, which might allow remote attackers to obtain sensitive information. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.6 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers to cause a denial of service (crash) via an invalid LDAP request that triggers an assert error. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a syslog call in the logging facility, as demonstrated by using a crafted plist file. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 allows remote attackers to determine names of unauthorized files and folders via unknown vectors related to the search results. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006004 | ||
|
Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006004 | ||
|
Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote attackers to include arbitrary files and execute commands by (1) injecting code into local log files via GET commands, then (2) accessing that log via a .. (dot dot) sequence and a trailing null (%00) byte in the skin2 COOKIE parameter. |
PHP injection |
web_prog_php_webalbum | ||
|
PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents. |
MacOSX vulnerabilities PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_patch_secupd2006007 web_prog_php_version |
||
|
Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer. |
Horde vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_horde | ||
|
Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.5.8 and 1.4.15 allows remote attackers to inject arbitrary web script or HTML via crafted encoded links. |
MediaWiki vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_mediawiki | ||
|
Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the error parameter to include.php, possibly due to a problem in login/login.php. |
Cross site scripting |
web_prog_php_kiterrorxss | ||
|
The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read. |
MySQL vulnerabilities MacOSX vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_handshake database_mysql_version misc_macosx_version |
||
|
sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message. |
MySQL vulnerabilities MacOSX vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version misc_macosx_version |
||
|
Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary code via crafted COM_TABLE_DUMP packets with invalid length values. |
MySQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version | ||
|
Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a "&" instead of a "*" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue. |
X11 vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_x11 | ||
|
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll; (2) an Excel .xlw document, which triggers an access violation in excel.exe; (3) a Word document, which triggers an access violation in mso.dll in winword.exe; and (4) a PowerPoint document, which triggers an access violation in powerpnt.txt. NOTE: after the initial disclosure, this issue was demonstrated by triggering an integer overflow using an inconsistent size for a Unicode "Sheet Name" string. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_officestrings | ||
|
PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a reliable third party that some later versions are also affected. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
SQL injection vulnerability in functions/final_functions.php in VSNS Lemon 3.2.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. |
VSNS Lemon vulnerabilities |
web_prog_php_vsnslemon | ||
|
Cross-site scripting (XSS) vulnerability in VSNS Lemon 3.2.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter while adding a comment. |
VSNS Lemon vulnerabilities |
web_prog_php_vsnslemon | ||
|
VSNS Lemon 3.2.0 allows remote attackers to bypass authentication and access password-protected articles by setting the vsns[topic_id] cookie to the targeted topic. |
VSNS Lemon vulnerabilities |
web_prog_php_vsnslemon | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters. |
Mantis vulnerabilities |
web_prog_php_mantisxss | ||
|
Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_winhlp | ||
|
Multiple directory traversal vulnerabilities in document/rqmkhtml.php in Claroline 1.7.4 and earlier allow remote attackers to use ".." (dot dot) sequences to (1) read arbitrary files via the file parameter in a rqEditHtml command to document/rqmkhtml.php or (2) execute arbitrary code via the includePath parameter to learnPath/include/scormExport.inc.php. |
Claroline vulnerabilities |
web_prog_php_clarolinexss2 | ||
|
Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via ".." sequences in the file parameter in a rqEditHtml command. |
Claroline vulnerabilities |
web_prog_php_clarolinexss2 | ||
|
PHP remote file inclusion vulnerability in learnPath/include/scormExport.inc.php in Claroline 1.7.4 and earlier allows remote attackers to execute arbitrary PHP code via the includePath parameter. |
Claroline vulnerabilities |
web_prog_php_clarolinexss2 | ||
|
Cross-site scripting (XSS) vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the cur_password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
phpBB vulnerabilities |
web_prog_php_bbver | ||
|
The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code. |
ClamAV vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_clamwinupx | ||
|
ClamAV vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam | |||
|
Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly. |
ClamAV vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_clamwinupx | ||
|
ClamAV vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam | |||
|
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode email tag, as demonstrated using the onmousemove event. |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_xcpthandling | ||
|
Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the (1) actionID and (2) pageID parameters. NOTE: due to an error during reservation, this identifier was inadvertently associated with multiple issues. Other CVE identifiers have been assigned to handle other problems that are covered by the same disclosure. |
Adobe Server vulnerabilities |
misc_adoberdrext | ||
|
The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an "invalid memory access." |
ClamAV vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam misc_av_clamwinupx |
||
|
Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and earlier and (b) tabbed_viewer 1.29 (1) allow user-assisted remote attackers to execute arbitrary code via a malicious server that sends a long string to a client that connects on TCP port 5900, which triggers an overflow in Log::ReallyPrint; and (2) allow remote attackers to cause a denial of service (server crash) via a long HTTP GET request to TCP port 5800, which triggers an overflow in VNCLog::ReallyPrint. |
VNC detected Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_vncbo | ||
|
Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225. |
http server read access |
web_server_read | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes directory. |
phpMyAdmin vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver | ||
|
Unspecified vulnerability in GlobalSCAPE Secure FTP Server before 3.1.4 Build 01.10.2006 allows attackers to cause a denial of service (application crash) via a "custom command" with a long argument. |
GlobalSCAPE Secure FTP |
ftp_globalscape | ||
|
Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. |
Gallery vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion | ||
|
Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument. |
Mailman vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_misc_mailman | ||
|
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. NOTE: the email vector is already covered by CVE-2006-1625, although it might stem from the same core issue. |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka MyBulletinBoard) 1.10, when configured to permit new threads by unregistered users, allows remote attackers to inject arbitrary web script or HTML via the username. |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
Magus Perde Clever Copy 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to view the database username and password via a direct request for connect.inc. |
Administration File Access |
web_prog_file_clevercopy | ||
|
digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation. |
Cyrus SASL vulnerabilities MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_cyrussasl misc_macosx_patch_secupd2006006 misc_macosx_version |
||
|
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_mozilla |
||
|
Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes certain windows to become translucent due to an interaction between XUL content windows and the history mechanism, which might allow user-assisted remote attackers to trick users into executing arbitrary code. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with "Print Preview". |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_mozilla web_client_seamonkey |
||
|
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_mozilla web_client_seamonkey |
||
|
Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_mozilla web_client_seamonkey |
||
|
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_mozilla |
||
|
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the window.controllers array. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_mozilla |
||
|
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain." |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_mozilla |
||
|
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal function. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_mozilla |
||
|
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra privileges. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_mozilla |
||
|
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the executable to be saved when the user clicks the "Save image as..." option. NOTE: this attack is made easier due to a GUI truncation issue that prevents the user from seeing the malicious extension when there is extra whitespace in the filename. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_mozilla |
||
|
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_mozilla |
||
|
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (2) -moz-grid-group display styles. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_mozilla |
||
|
The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain Cascading Style Sheets (CSS) that causes an out-of-bounds array write and buffer overflow. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_mozilla |
||
|
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_mozilla |
||
|
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection". |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_mozilla |
||
|
The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory and cause memory corruption. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_mozilla |
||
|
Cross-site scripting (XSS) vulnerability in allgemein_transfer.php in SWSoft Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the jahr parameter. |
Cross site scripting |
web_prog_php_confixxxss | ||
|
SQL injection vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to execute arbitrary SQL commands via the contentid parameter, possibly involving content/news.php. |
SQL injection |
web_prog_sql_phpkitinclude | ||
|
PHP remote file inclusion vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the s parameter. |
Simplog vulnerabilities |
web_prog_php_simplog | ||
|
Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php. |
Simplog vulnerabilities |
web_prog_php_simplog | ||
|
Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) blogid parameter in (a) index.php and (b) archive.php, the (2) m and (3) y parameters in archive.php, and the (4) sql parameter in (c) server.php. |
Simplog vulnerabilities |
web_prog_php_simplog | ||
|
Cross-site scripting (XSS) vulnerability in login.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the btag parameter. |
Simplog vulnerabilities |
web_prog_php_simplog | ||
|
Adobe Document Server for Reader Extensions 6.0 allows remote authenticated users to inject arbitrary web script via a leading (1) ftp or (2) http URI in the ReaderURL variable in the "Update Download Site" section of ads-readerext. NOTE: it is not clear whether the vendor advisory addresses this issue. In addition, since the issue requires administrative privileges to exploit, it is not clear whether this crosses security boundaries. |
Adobe Server vulnerabilities |
misc_adoberdrext | ||
|
Cross-site scripting (XSS) vulnerability in Adobe Document Server for Reader Extensions 6.0 allows remote attackers to inject arbitrary web script or HTML via (1) the actionID parameter in ads-readerext and (2) the op parameter in AlterCast. NOTE: it is not clear whether the vendor advisory addresses this issue. |
Adobe Server vulnerabilities |
misc_adoberdrext | ||
|
Adobe Document Server for Reader Extensions 6.0 includes a user's session (jsession) ID in the HTTP Referer header, which allows remote attackers to gain access to PDF files that are being processed within that session. |
Adobe Server vulnerabilities |
misc_adoberdrext | ||
|
Adobe Document Server for Reader Extensions 6.0, during log on, provides different error messages depending on whether the user ID is valid or invalid, which allows remote attackers to more easily identify valid user IDs via brute force attacks. |
Adobe Server vulnerabilities |
misc_adoberdrext | ||
|
A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_mozilla |
||
|
censtore.cgi in Censtore 7.3.002 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter. |
vulnerable web program |
web_prog_cgi_censtore | ||
|
Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to inject arbitrary web script or HTML via the sql_query parameter. |
phpMyAdmin vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver | ||
|
SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter. |
phpMyAdmin vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver | ||
|
phpWebFTP 3.2 and earlier stores script.js under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. |
phpWebFTP vulnerabilities |
web_prog_php_webftp | ||
|
Directory traversal vulnerability in index.php in phpWebFTP 3.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter. |
phpWebFTP vulnerabilities |
web_prog_php_webftp | ||
|
Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hub_dir parameter, as demonstrated by including access_log. NOTE: in some cases, arbitrary remote file inclusion could be performed under PHP 5 using an SMB share argument such as "\\systemname\sharename". |
vulnerable web program |
web_prog_php_websitetrav | ||
|
Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem makes the attack easier with shorter strings. |
Opera vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_opera | ||
|
Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Multiple unspecified vulnerabilities in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and other versions have unknown impact and attack vectors in the (1) Advanced Replication component, as identified by Vuln# DB01, and (2) Oracle Spatial component, as identified by Vuln# DB10. NOTE: details are unavailable from Oracle, but as of 20060421, they have not publicly disputed a claim by a reliable independent researcher that states that DB01 is an unknown issue in the DBMS_REPUTIL package, and DB10 is SQL injection in the INSERT_CATALOG, UPDATE_CATALOG, and DELETE_CATALOG functions of the SDO_CATALOG package. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in Oracle Database Server 9.2.0.6 has unknown impact and attack vectors in the Advanced Replication component, aka Vuln# DB02. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Buffer overflow in the Advanced Replication component in Oracle Database Server 10.1.0.4 allows database users to execute arbitrary code via the VERIFY_LOG procedure of the DBMS_SNAPSHOT_UTL package, aka Vuln# DB03. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in Oracle Database Server 8.1.7.4 and 9.0.1.5 has unknown impact and attack vectors in the Dictionary component, aka Vuln# DB04. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors in the Export component, aka Vuln# DB05. NOTE: details are unavailable from Oracle, but as of 20060427, they have not publicly commented on whether DB05 is the same issue as CVE-2006-2081. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
SQL injection vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.5 allows remote attackers to execute arbitrary SQL commands via the DELETE_FROM_TABLE function in the DBMS_LOGMNR_SESSION (Log Miner) package, aka Vuln# DB06. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in Oracle Database Server 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors in the Oracle Enterprise Manager Intelligent Agent component, aka Vuln# DB07. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in Oracle Database Server 9.2.0.7, 10.1.0.4, and 10.2.0.1 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB08. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB09. NOTE: Oracle has not disputed reliable claims that this issue is SQL injection in MDSYS.PRVT_IDX using the (1) EXECUTE_INSERT, (2) EXECUTE_DELETE, (3) EXECUTE_UPDATE, (4) EXECUTE UPDATE, and (5) CRT_DUMMY functions. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in Oracle Database Server 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB11. NOTE: Oracle has not disputed reliable researcher claims that this issue is SQL injection in MDSYS.SDO_LRS_TRIG_INS. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.4 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB12. NOTE: details are unavailable from Oracle, but as of 20060421, they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the (1) GEN_RID_RANGE_BY_AREA and (2) GEN_RID_RANGE functions in the MDSYS.SDO_PRIDX package. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.7 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB13. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Cross-site scripting (XSS) vulnerability in the search action handler in index.php in Nils Asmussen (aka SCRIPTSOLUTION) Boardsolution 1.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the "Search for" item (keyword parameter). |
Cross site scripting |
web_prog_php_boardsolution | ||
|
Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 ($theme[fontcolor3] variable) and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clarify whether this issue is static code injection, eval injection, or another type of vulnerability. |
phpBB vulnerabilities |
web_prog_php_bbver | ||
|
config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
Serendipity vulnerabilities |
web_prog_php_serendipity | ||
|
Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 allows remote attackers to inject arbitrary web script or HTML via the attachment content disposition in an HTML attachment. |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks. |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
nettools.php in PHP Net Tools 2.7.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter. |
vulnerable web program |
web_prog_php_nettools | ||
|
Directory traversal vulnerability in the editnews module (inc/editnews.mdu) in index.php in CuteNews 1.4.1 allows remote attackers to read or modify files via the source parameter in the (1) editnews or (2) doeditnews action. NOTE: this can also produce resultant XSS when the target file does not exist. |
CuteNews vulnerabilities |
web_prog_php_cutenewsver | ||
|
The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data. |
Ruby vulnerabilities Note: Authentication is required to detect this vulnerability |
web_dev_ruby | ||
|
Off-by-one error in the OID printing routine in Ethereal 0.10.x up to 0.10.14 has unknown impact and remote attack vectors. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_ethereal | ||
|
Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (large or infinite loops) viarafted packets to the (1) UMA and (2) BER dissectors. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_ethereal | ||
|
Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) ALCAP dissector, (2) Network Instruments file code, or (3) NetXray/Windows Sniffer file code. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_ethereal | ||
|
Buffer overflow in Ethereal 0.9.15 up to 0.10.14 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the COPS dissector. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_ethereal | ||
|
Buffer overflow in Ethereal 0.8.5 up to 0.10.14 allows remote attackers to execute arbitrary code via the telnet dissector. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_ethereal | ||
|
Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) multiple vectors in H.248, and the (2) X.509if, (3) SRVLOC, (4) H.245, (5) AIM, and (6) general packet dissectors; and (7) the statistics counter. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_ethereal | ||
|
Multiple unspecified vulnerabilities in Ethereal 0.8.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via the (1) Sniffer capture or (2) SMB PIPE dissector. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_ethereal | ||
|
Multiple unspecified vulnerabilities in Ethereal 0.9.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) an invalid display filter, or the (2) GSM SMS, (3) ASN.1-based, (4) DCERPC NT, (5) PER, (6) RPC, (7) DCERPC, and (8) ASN.1 dissectors. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_ethereal | ||
|
Unspecified vulnerability in Ethereal 0.10.4 up to 0.10.14 allows remote attackers to cause a denial of service (abort) via the SNDCP dissector. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_ethereal | ||
|
Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page." |
Mozilla vulnerabilities Netscape Navigator vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_netscape web_client_seamonkey |
||
|
SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter. |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers. |
ClamAV vulnerabilities MacOSX vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam misc_av_clamwinupx misc_macosx_version |
||
|
Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396. |
MacOSX vulnerabilities PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_patch_secupd2006007 web_prog_php_version |
||
|
The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. NOTE: the possibility of code execution was originally theorized, but Microsoft has stated that this issue is non-exploitable. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_object | ||
|
Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox | ||
|
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. |
Apache module vulnerabilities |
web_mod_dav | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php. |
Cross site scripting |
web_prog_php_ldapadminxss | ||
|
Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c. |
libtiff vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_tiff | ||
|
Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image. |
libtiff vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_tiff | ||
|
Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield methods in cleanup functions." |
libtiff vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_tiff | ||
|
Cross-site scripting (XSS) vulnerability in imagelist.php in Jeremy Ashcraft Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the imagedir parameter. NOTE: this issue might be resultant from directory traversal. |
Simplog vulnerabilities |
web_prog_sql_simplog | ||
|
Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter in (a) preview.php; the (2) cid, (3) pid, and (4) eid parameters in (b) archive.php; and the (5) pid parameter in (c) comments.php. |
Simplog vulnerabilities |
web_prog_sql_simplog | ||
|
Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter. |
phpMyAdmin vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver | ||
|
Multiple SQL injection vulnerabilities in the osTicket module in Help Center Live before 2.1.0 allow remote attackers to execute arbitrary SQL commands via unknown vectors. |
Help Center Live vulnerabilities |
web_prog_php_hclver | ||
|
Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that allows SQL injection attacks in the (1) ColdFusion, (2) PHP mySQL, (3) ASP, (4) ASP.NET, and (5) JSP server models. |
Dreamweaver vulnerabilities Note: Authentication is required to detect this vulnerability |
web_cms_dw | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Edwin van Wijk phpWebFTP 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) port, (2) server, and (3) user parameters. NOTE: it is possible that the affected version is actually 3.2. |
phpWebFTP vulnerabilities |
web_prog_php_webftp | ||
|
SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters. |
Invision Power Board |
web_prog_php_ipbversion | ||
|
The recursor in PowerDNS before 3.0.1 allows remote attackers to cause a denial of service (application crash) via malformed EDNS0 packets. |
PowerDNS vulnerabilities |
dns_power | ||
|
Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and 8.x before 8.11.6 allow remote attackers to cause a denial of service via crafted DNS responses messages that cause (1) a buffer over-read or (2) infinite recursion, which can trigger a segmentation fault or invalid memory access, as demonstrated by the OUSPG PROTOS DNS test suite. |
DeleGate DNS vulnerabilities |
dns_delegate | ||
|
Unspecified vulnerability in ISC BIND allows remote attackers to cause a denial of service via a crafted DNS message with a "broken" TSIG, as demonstrated by the OUSPG PROTOS DNS test suite. |
DNS vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
dns_bindtsig | ||
|
Integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow. |
rsyncd vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_rsyncdver | ||
|
Multiple buffer overflows in (1) CxAce60.dll and (2) CxAce60u.dll in SpeedProject Squeez 5.10 Build 4460, and SpeedCommander 10.52 Build 4450 and 11.01 Build 4450, allow user-assisted remote attackers to execute arbitrary code via an ACE archive that contains a file with a long filename. |
SpeedProject vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_compress_speedcommanderbo misc_compress_squeez |
||
|
Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attackers to cause a denial of service (memory consumption) via a NASL script that calls split with an invalid sep parameter. NOTE: a design goal of the NASL language is to facilitate sharing of security tests by guaranteeing that a script "can not do anything nasty." This issue is appropriate for CVE only if Nessus users have an expectation that a split statement will not use excessive memory. |
Nessus vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_nessusgui | ||
|
Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_object | ||
|
SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM). |
Invision Power Board |
web_prog_php_ipbversion | ||
|
SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2) setid, (3) expand, (4) title, or (5) sid2 parameters to (b) admin/templates.php. |
MyBB vulnerabilities SQL injection |
web_prog_php_mybb web_prog_sql_mybb |
||
|
A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability." |
Outlook and Outlook Express Windows Mail vulnerabilities Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_oe mail_client_windowsmail win_patch_ie_object |
||
|
Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, allows remote attackers to use the FTP printing interface as a proxy ("FTP bounce") by using arbitrary PORT arguments to connect to systems for which access would be otherwise restricted. |
Fuji Xerox Printing Systems vulnerabilities |
printer_fxpsbypass | ||
|
The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not properly perform authentication for HTTP requests, which allows remote attackers to modify system configuration via crafted requests, including changing the administrator password or causing a denial of service to the print server. |
Fuji Xerox Printing Systems vulnerabilities |
printer_fxpsbypass | ||
|
The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read. |
libtiff vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_tiff | ||
|
Multiple buffer overflows in client.c in CGI:IRC (CGIIRC) before 0.5.8 might allow remote attackers to execute arbitrary code via (1) cookies or (2) the query string. |
CGI IRC vulnerabilities |
web_prog_cgi_irc | ||
|
Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header. |
Nagios vulnerabilities |
web_tool_nagios | ||
|
Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers to execute arbitrary code via Unicode in the RNTO command, as demonstrated by the Infigo FTPStress Fuzzer. |
ArGoSoft FTP vulnerabilities |
ftp_argosoft | ||
|
Buffer overflow in WDM.exe in WarFTPD allows remote attackers to execute arbitrary code via unspecified arguments, as demonstrated by the Infigo FTPStress Fuzzer. |
WarFTPd server vulnerabilities |
ftp_warftpd | ||
|
Buffer overflow in Gene6 FTP Server 3.1.0 allows remote authenticated attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to (1) MKD or (2) XMKD, as demonstrated by the Infigo FTPStress Fuzzer. |
Gene6 FTP server vulnerabilities |
ftp_gene6 | ||
|
Buffer overflow in FileZilla FTP Server 2.2.22 allows remote authenticated attackers to cause a denial of service and possibly execute arbitrary code via a long (1) PORT or (2) PASS followed by the MLSD command, or (2) the remote server interface, as demonstrated by the Infigo FTPStress Fuzzer. |
FileZilla server vulnerabilities |
ftp_filezilla | ||
|
Buffer overflow in Golden FTP Server Pro 2.70 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long argument to the (1) NLST or (2) APPE commands, as demonstrated by the Infigo FTPStress Fuzzer. |
Golden FTP vulnerabilities |
ftp_golden | ||
|
Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call. |
libtiff vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_tiff | ||
|
Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php. |
Horde vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_horde | ||
|
OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user. |
OpenOffice vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_openoffice | ||
|
Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka StarOffice) up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents. |
OpenOffice vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_openoffice | ||
|
Buffer overflow in KarjaSoft Sami FTP Server 2.0.2 and earlier allows remote attackers to execute arbitrary code via a long (1) USER or (2) PASS command. |
Sami FTP Server vulnerabilities |
ftp_sami | ||
|
Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_xcpthandling | ||
|
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE. |
Zebra Quagga Routing Suite Note: Authentication is recommended to improve the accuracy of this check |
net_quagga | ||
|
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets. |
Zebra Quagga Routing Suite Note: Authentication is recommended to improve the accuracy of this check |
net_quagga | ||
|
Buffer overflow in XM Easy Personal FTP Server 4.3 and earlier allows remote attackers to execute arbitrary code, probably via a USER command with a long username. |
XM FTP vulnerabilities |
ftp_xm | ||
|
Buffer overflow in XM Easy Personal FTP Server 4.2 and 5.0.1 allows remote authenticated users to cause a denial of service via a long argument to the PORT command. |
XM FTP vulnerabilities |
ftp_xm | ||
|
The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter. |
vulnerable web program |
web_prog_cgi_awstatsmigrate | ||
|
Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted BMP file that triggers the overflow in the ReadBMP function. NOTE: this issue was originally included as item 3 in CVE-2006-1983, but it has been given a separate identifier because it is a distinct issue. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Buffer overflow in filecpnt.exe in FileCOPA 1.01 allows remote attackers to cause a denial of service (application crash) via a username with a large number of newline characters. |
FileCOPA FTP vulnerabilities |
ftp_filecopa | ||
|
SQL injection vulnerability in shopcurrency.asp in VP-ASP 6.00 allows remote attackers to execute arbitrary SQL commands via the cid parameter. |
SQL injection |
web_prog_sql_vpasp3 | ||
|
bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to cause a denial of service (CPU consumption) via a certain sh ip bgp command entered in the telnet interface. |
Zebra Quagga Routing Suite Note: Authentication is recommended to improve the accuracy of this check |
net_quagga | ||
|
PHP remote file inclusion vulnerability in authldap.php in Dokeos 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter. |
Claroline vulnerabilities |
web_prog_php_dokeosver | ||
|
Multiple PHP remote file inclusion vulnerabilities in claro_init_global.inc.php in Dokeos 1.6.3 and earlier, and Dokeos community release 2.0.3, allow remote attackers to execute arbitrary PHP code via a URL in the (1) rootSys and (2) clarolineRepositorySys parameters, and possibly the (3) lang_path, (4) extAuthSource, (5) thisAuthSource, (6) main_configuration_file_path, (7) phpDigIncCn, and (8) drs parameters to (a) testheaderpage.php and (b) resourcelinker.inc.php. |
Claroline vulnerabilities |
web_prog_php_dokeosver | ||
|
BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to cause a denial of service (hang) via a request for a .cfm file whose name contains an MS-DOS device name such as (1) con, (2) aux, (3) com1, and (4) com2. |
Cross site scripting |
web_server_css | ||
|
Cross-site scripting (XSS) vulnerability in BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to inject arbitrary web script or HTML via the filename in a request to a (1) .cfm or (2) .cfml file, which reflects the result in the default error page. |
Cross site scripting |
web_server_css | ||
|
PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL Injection." |
PostgreSQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_pgsql | ||
|
PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "\" (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of "Encoding-Based SQL Injection." NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem. |
PostgreSQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_pgsql | ||
|
Multiple integer overflows in the DPRPC library (DPRPCNLM.NLM) NDPS/iPrint module in Novell Distributed Print Services in Novell NetWare 6.5 SP3, SP4, and SP5 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the ndps_xdr_array function. |
Novell Print Services vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
printer_netware | ||
|
PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata. |
SQL injection |
web_prog_sql_phpfusion | ||
|
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.1 allow remote attackers to execute arbitrary SQL commands via the e-mail address when registering for a forum that requires e-mail verification, which is not properly handled in (1) usercp.php and (2) member.php. |
MyBB vulnerabilities SQL injection |
web_prog_php_mybb web_prog_sql_mybb |
||
|
SQL injection vulnerability in showthread.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. |
MyBB vulnerabilities SQL injection |
web_prog_php_mybb web_prog_sql_mybb |
||
|
Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp. |
WhatsUp Gold vulnerabilities |
web_tool_whatsupsource | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via unknown vectors in (1) NmConsole/Tools.asp and (2) NmConsole/DeviceSelection.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
WhatsUp Gold vulnerabilities |
web_tool_whatsupsource | ||
|
NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to redirect users to other websites via the (1) sCancelURL and possibly (2) sRedirectUrl parameters. |
WhatsUp Gold vulnerabilities |
web_tool_whatsupsource | ||
|
NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium generates different error messages in a way that allows remote attackers to enumerate valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
WhatsUp Gold vulnerabilities |
web_tool_whatsupsource | ||
|
Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium allows remote attackers to obtain full path information via 404 error messages. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
WhatsUp Gold vulnerabilities |
web_tool_whatsupsource | ||
|
NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter. |
WhatsUp Gold vulnerabilities |
web_tool_whatsupsource | ||
|
Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp. |
WhatsUp Gold vulnerabilities |
web_tool_whatsupsource | ||
|
Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message. |
http Cold Fusion |
web_prog_cfm_requiredxss | ||
|
RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password. |
VNC detected |
misc_realvncpwbypass | ||
|
Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability." |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_rasman | ||
|
Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability." |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_rasman | ||
|
Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_dhcpclient | ||
|
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability." |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_smbinvalidhandle | ||
|
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability." |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_smbinvalidhandle | ||
|
Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_art | ||
|
Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing. |
Windows updates needed Note: Authentication is recommended to improve the accuracy of this check |
win_patch_tcpiprce | ||
|
Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability." |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_rpcmutauth | ||
|
Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka "HTML Decoding Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_xcpthandling | ||
|
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_xcpthandling | ||
|
Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_xcpthandling | ||
|
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_xcpthandling | ||
|
Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file. |
Outlook and Outlook Express Note: Authentication is required to detect this vulnerability |
mail_client_oecontact | ||
|
Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_excel06059 | ||
|
Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_excelzero | ||
|
Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_officestrings | ||
|
Buffer overflow in EMC Retrospect Client 5.1 through 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet to port 497. |
EMC Dantz vulnerabilities |
misc_retrospectver | ||
|
Buffer overflow in FileZilla before 2.2.23 allows remote attackers to execute arbitrary commands via unknown attack vectors. |
FileZilla client vulnerabilities Note: Authentication is required to detect this vulnerability |
ftp_filezillaclient | ||
|
Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string. |
wodSSHServer vulnerabilities |
shell_ssh_wod | ||
|
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031. |
phpMyAdmin vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver | ||
|
Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts. |
phpMyAdmin vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver | ||
|
Cross-site scripting (XSS) vulnerability in ftplogin/index.php in Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the login parameter. |
Cross site scripting |
web_prog_php_confixxxss | ||
|
Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory. |
Java Plugin vulnerability Note: Authentication is required to detect this vulnerability |
web_client_javaplugin | ||
|
Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function. |
ImageMagick vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_imagemagick | ||
|
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username. |
SpamAssassin vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_misc_spamassassin mail_misc_spamd |
||
|
Lotus Notes email client vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_notesalt | |||
|
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and earlier allows remote authenticated users to execute arbitrary SQL commands via the srch_where parameter. |
SQL injection |
web_prog_sql_phpfusion | ||
|
Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162. |
Nagios vulnerabilities |
web_tool_nagios | ||
|
Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_wordtags | ||
|
Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors. |
Novell eDirectory HTTP |
web_tool_edirectorybo | ||
|
Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command. |
Cyrus imap version |
mail_pop_cyruspopsub | ||
|
mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index.php, as demonstrated by injecting PHP sequences into a log file. |
PHP injection |
web_prog_php_xoops2 | ||
|
SQL injection vulnerability in settings.asp in Zixforum 1.12 allows remote attackers to execute arbitrary SQL commands via the layid parameter to (1) login.asp and (2) main.asp. |
SQL injection |
web_prog_sql_zixforum | ||
|
The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
PHP remote file inclusion vulnerability in addpost_newpoll.php in UBB.threads 6.4 through 6.5.2 and 6.5.1.1 (trial) allows remote attackers to execute arbitrary PHP code via a URL in the thispath parameter. |
UBB threads vulnerabilities |
web_prog_php_ubb | ||
|
SQL injection vulnerability in links.php in 4R Linklist 1.0 RC2 and earlier, a module for Woltlab Burning Board, allows remote attackers to execute arbitrary SQL commands via the cat parameter. |
Woltlab Burning Board vulnerabilities |
web_prog_php_woltlabbbversion | ||
|
Unspecified vulnerability in HP OpenView Storage Data Protector 5.1 and 5.5 allows remote attackers to execute arbitrary code via unknown vectors. |
HP Openview vulnerabilities |
net_ovsdpver | ||
|
PHP remote file inclusion vulnerability in nucleus/libs/PLUGINADMIN.php in Nucleus 3.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[DIR_LIBS] parameter. |
Nucleus vulnerabilities |
web_prog_php_nucleusver | ||
|
SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. NOTE: it is not clear from the original report how this attack can succeed, since the demonstration URL uses a variable that is overwritten with static data in the extracted source code. |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character. |
MediaWiki vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_mediawiki | ||
|
Stack-based buffer overflow in Symantec Antivirus 10.1 and Client Security 3.1 allows remote attackers to execute arbitrary code via unknown attack vectors. |
Symantec vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_symantec_rtss | ||
|
Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows remote attackers to execute arbitrary code via a long A0001 argument that begins with a '"' (double quote). |
MDaemon vulnerabilities |
mail_imap_mdaemon | ||
|
Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE. |
libtiff vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_tiff | ||
|
Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
PHP remote file inclusion vulnerability in ubbt.inc.php in UBBThreads 5.x and 6.x allows remote attackers to execute arbitrary PHP code via a URL in the (1) thispath or (2) configdir parameters. |
UBB threads vulnerabilities |
web_prog_php_ubb | ||
|
PHP remote file inclusion vulnerability in Basic Analysis and Security Engine (BASE) 1.2.4 and earlier, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BASE_path parameter to (1) base_qry_common.php, (2) base_stat_common.php, and (3) includes/base_include.inc.php. |
PHP injection |
web_prog_php_baseqry | ||
|
Unspecified "information leakage" vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to access arbitrary images, including dynamically generated images, via unknown vectors. |
peer to peer file sharing |
misc_p2p_amule | ||
|
Multiple unspecified vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to read arbitrary image, HTML, or PHP files via unknown vectors, probably related to directory traversal. |
peer to peer file sharing |
misc_p2p_amule | ||
|
vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR']. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) database.pgsql.inc, and (c) database.mysqli.inc. |
Drupal vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal | ||
|
Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory. |
Drupal vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal | ||
|
SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input. |
MySQL vulnerabilities MacOSX vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version misc_macosx_version |
||
|
Stack-based buffer overflow in st.c in slurpd for OpenLDAP before 2.3.22 might allow attackers to execute arbitrary code via a long hostname. |
OpenLDAP vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_openldap | ||
|
Cross-site scripting (XSS) vulnerability in index.php in UBBThreads 5.x and earlier allows remote attackers to inject arbitrary web script or HTML via the debug parameter, as demonstrated by stealing MD5 hashes of passwords. |
UBB threads vulnerabilities |
web_prog_php_ubb | ||
|
Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file. |
Outlook and Outlook Express Note: Authentication is required to detect this vulnerability |
mail_client_oemhtmlparse | ||
|
The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through 2.4.4 allows remote attackers to bypass "uricontent" rules via a carriage return (\r) after the URL and before the HTTP declaration. |
Snort vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_snort | ||
|
Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to execute arbitrary code by using the nsISelectionPrivate interface of the Selection object to add a SelectionListener and create notifications that are executed in a privileged context. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a VCard that contains invalid base64 characters. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Safari vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_safari web_client_seamonkey |
||
|
The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is used for downloading software from a remote web site, so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox | ||
|
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into (1) performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or (2) selecting "Show only this frame" on a frame whose SRC attribute contains a Javascript URL. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Double free vulnerability in the getRawDER function for nsIX509Cert in Firefox allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via certain Javascript code. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used. |
GNOME Evolution vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_evolution | ||
|
SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) 2.3.4 allows remote attackers to execute arbitrary SQL commands via the sid parameter. |
Woltlab Burning Board vulnerabilities |
web_prog_php_woltlabbbversion | ||
|
The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command. |
Apache James vulnerabilities |
mail_smtp_apachejames | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in Belchior Foundry vCard 2.9 allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) toprated.php and (2) newcards.php. NOTE: the card_id vector is already covered by CVE-2006-1230. |
Cross site scripting |
web_prog_php_vcardtoprated | ||
|
Global variable overwrite vulnerability in PHP-Nuke allows remote attackers to conduct remote PHP file inclusion attacks via a modified phpbb_root_path parameter to the admin scripts (1) index.php, (2) admin_ug_auth.php, (3) admin_board.php, (4) admin_disallow.php, (5) admin_forumauth.php, (6) admin_groups.php, (7) admin_ranks.php, (8) admin_styles.php, (9) admin_user_ban.php, (10) admin_words.php, (11) admin_avatar.php, (12) admin_db_utilities.php, (13) admin_forum_prune.php, (14) admin_forums.php, (15) admin_mass_email.php, (16) admin_smilies.php, (17) admin_ug_auth.php, and (18) admin_users.php, which overwrites $phpbb_root_path when the import_request_variables function is executed after $phpbb_root_path has been initialized to a static value. |
PHP injection |
web_prog_php_nukeadmin | ||
|
Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent (TRA) before 5.4, and Hawk before 4.6.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the HTTP administrative interface. |
Rendezvous vulnerabilities |
web_tool_rendezvous | ||
|
Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743. |
Drupal vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal | ||
|
Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename. |
Drupal vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal | ||
|
Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable. |
Drupal vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal | ||
|
Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors. NOTE: By default, the connections are only allowed from the local host. |
FSecure vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_fsecureconsole | ||
|
PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable |
SquirrelMail vulnerabilities MacOSX vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_web_squirrel misc_macosx_version |
||
|
Cross-site scripting (XSS) vulnerability in index.php in dotProject 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, which are not properly handled when the client is using Internet Explorer. |
dotProject vulnerabilities |
web_prog_php_dotprojectver | ||
|
Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the includePath cookie to (1) auth/extauth/drivers/mambo.inc.php or (2) auth/extauth/drivers/postnuke.inc.php. |
PHP injection |
web_prog_php_clarolinemambo web_prog_php_clarolinepn |
||
|
Unspecified vulnerability in the CHM unpacker in avast! before 4.7.844 has unknown impact and remote attack vectors. |
Avast vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_avast | ||
|
Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the UserName parameter in (1) validatelogin.asp or (2) adminlogin.asp. |
SQL injection |
web_prog_sql_mynewsletter | ||
|
Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form. |
Mozilla vulnerabilities Netscape Navigator vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_netscape web_client_seamonkey |
||
|
The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check. NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable. |
Asterisk vulnerabilities Note: Authentication is required to detect this vulnerability |
net_asterisk | ||
|
The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords. |
DLink Access Point |
net_dlinkcfg | ||
|
The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier. |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
Directory traversal vulnerability in the IMAP server in WinGate 6.1.2.1094 and 6.1.3.1096, and possibly other versions before 6.1.4 Build 1099, allows remote authenticated users to read email of other users, or perform unauthorized operations on directories, via the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY, (6) APPEND, and (7) LIST commands. |
WinGate mail vulnerabilities |
mail_imap_wingate | ||
|
Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request. |
WinGate proxy vulnerability |
web_proxy_wingatever | ||
|
SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux kernel 2.6.17 before 2.6.17.3 and 2.6.16 before 2.6.16.23 allows remote attackers to cause a denial of service (crash) via a packet without any chunks, which causes a variable to contain an invalid value that is later used to dereference a pointer. |
Linux SCTP vulnerability |
misc_linuxsctp | ||
|
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. |
MacOSX vulnerabilities OpenSSL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_patch_secupd2006007 misc_openssl |
||
|
OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification. |
MacOSX vulnerabilities OpenSSL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_patch_secupd2006007 misc_openssl |
||
|
Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers". |
Mailman vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_misc_mailman | ||
|
Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the do parameter. |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the %strCookieURL%.GROUP parameter in a cookie. |
MaxWebPortal vulnerabilities |
web_prog_asp_snitzver | ||
|
Stack-based buffer overflow in CesarFTP 0.99g and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MKD command. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
CesarFTP vulnerabilities |
ftp_cesar | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ. |
shoutcast vulnerabilities |
misc_shoutcast | ||
|
The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet. |
Flash vulnerabilities Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_flash win_patch_excelsfo |
||
|
Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI. |
WinSCP vulnerabilities Note: Authentication is required to detect this vulnerability |
shell_ssh_winscp | ||
|
Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities. NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name(). |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Unspecified vulnerability in the session extension functionality in PHP before 5.1.3 has unknown impact and attack vectors related to heap corruption. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Multiple SQL injection vulnerabilities in VBZooM 1.11 allow remote attackers to execute arbitrary SQL commands via the (1) sobjectID or (2) MAINID parameters to (a) show.php or (3) MainID parameter to (b) subject.php. |
SQL injection |
web_prog_sql_vbzoom | ||
|
Multiple SQL injection vulnerabilities in VBZooM 1.02 allow remote attackers to execute arbitrary SQL commands via the (1) QuranID, (2) ShowByQuranID, or (3) Action parameters to meaning.php. |
SQL injection |
web_prog_sql_vbzoommeaning | ||
|
SQL injection vulnerability in language.php in VBZooM 1.01 allows remote attackers to execute arbitrary SQL commands via the Action parameter. |
SQL injection |
web_prog_sql_vbzoomlanguage | ||
|
Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_excelzero | ||
|
Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allows remote attackers to cause a denial of service (application crash) via a long MGRLVLLS message inside of an EXCSAT message when establishing a connection. |
DB2 vulnerabilities |
database_db2ver | ||
|
Multiple unspecified vulnerabilities in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allow remote attackers to cause a denial of service (application crash) via a (1) "long column list" in the (a) REPLACE INTO and (b) INSERT INTO portions of the LOAD command or a (2) large number of values in an IN clause, possibly related to a buffer overflow. |
DB2 vulnerabilities |
database_db2ver | ||
|
IBM DB2 Universal Database (UDB) before 8.2 FixPak 12 allows remote attackers to cause a denial of service (application crash) by sending "incorrect information ... regarding the package name/creator," which leads to a "memory overwrite." |
DB2 vulnerabilities |
database_db2ver | ||
|
mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function. |
MySQL vulnerabilities MacOSX vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version misc_macosx_version |
||
|
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion. |
Kerberos detected Note: Authentication is required to detect this vulnerability |
misc_kerberospkg | ||
|
The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues. |
Kerberos detected Note: Authentication is required to detect this vulnerability |
misc_kerberospkg | ||
|
Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka "Hyperlink COM Object Buffer Overflow Vulnerability." NOTE: this is a different issue than CVE-2006-3059. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_hyperlink2 | ||
|
Multiple unspecified vulnerabilities in Adobe Acrobat Reader (acroread) before 7.0.8 have unknown impact and unknown vectors. |
Adobe Acrobat vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_acroread | ||
|
Multiple SQL injection vulnerabilities in Calendarix Basic 0.7.20060401 and earlier, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) cal_event.php and (2) cal_popup.php. |
SQL injection |
web_prog_sql_calendarix | ||
|
Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error, (2) SSL, and (3) Ok parameters. |
Cisco Secure ACS vulnerabilities |
web_tool_acsxss | ||
|
Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via simultaneous XPCOM events, which causes a timer object to be deleted in a way that triggers memory corruption. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw, (3) Impress, (4) Math, or (5) Writer, aka "File Format / Buffer Overflow Vulnerability." |
OpenOffice vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_openoffice | ||
|
The peel_netstring function in cl_netstring.c in the heartbeat subsystem in High-Availability Linux before 1.2.5, and 2.0 before 2.0.7, allows remote attackers to cause a denial of service (crash) via the length parameter in a heartbeat message. |
Heartbeat vulnerability Note: Authentication is recommended to improve the accuracy of this check |
misc_heartbeat | ||
|
The supersede_lease function in memory.c in ISC DHCP (dhcpd) server 2.0pl5 allows remote attackers to cause a denial of service (application crash) via a DHCPDISCOVER packet with a 32 byte client-identifier, which causes the packet to be interpreted as a corrupt uid and causes the server to exit with "corrupt lease uid." |
dhcpd vulnerabilities Note: Authentication is required to detect this vulnerability unless dangerous checks are enabled |
misc_dhcpcif misc_dhcpver |
||
|
Buffer overflow in the HTTP header parsing in Streamripper before 1.61.26 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted HTTP headers. |
Streamripper vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_streamripper | ||
|
Buffer overflow in GraceNote CDDBControl ActiveX Control, as used by multiple products that use Gracenote CDDB, allows remote attackers to execute arbitrary code via a long option string. |
GraceNote CDDB vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_gracenotecddb | ||
|
Multiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 allow remote attackers to execute arbitrary PHP code via a URL the DIR_LIBS parameter in (1) path/action.php, and to files in path/nucleus including (2) media.php, (3) /xmlrpc/server.php, and (4) /xmlrpc/api_metaweblog.inc.php. NOTE: this is a similar vulnerability to CVE-2006-2583. NOTE: this issue has been disputed by third parties, who state that the DIR_LIBS parameter is defined in an include file before being used |
Nucleus vulnerabilities |
web_prog_php_nucleusver | ||
|
SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote attackers to execute arbitrary SQL commands via the MainID parameter. |
VBZooM vulnerabilities |
web_prog_php_vbzoomver | ||
|
Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix 3.2) allows remote authenticated attackers to gain host admin privileges, list all resellers, or change resellers' passwords via unspecified vectors. NOTE: due to the lack of precise details, it is not clear whether this is related to a previously disclosed issue such as CVE-2005-1788. |
Hosting Controller vulnerabilities Note: Authentication is required to detect this vulnerability |
web_prog_asp_hcver | ||
|
Cross-site scripting (XSS) vulnerability in topic.php in phpMyForum 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. |
phpMyForum vulnerabilities |
web_prog_php_myforum | ||
|
Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter. |
SquirrelMail vulnerabilities MacOSX vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_web_squirrel misc_macosx_version |
||
|
Directory traversal vulnerability in index.php in singapore 0.10.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the (1) gallery and (2) template parameter. |
vulnerable web program |
web_prog_php_singapore | ||
|
Cross-site scripting (XSS) vulnerability in index.php in singapore 0.10.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the template parameter. |
vulnerable web program |
web_prog_php_singapore | ||
|
index.php in singapore 0.10.0 and earlier allows remote attackers to obtain the installation path via an invalid template parameter, which reveals the path in an error message. |
vulnerable web program |
web_prog_php_singapore | ||
|
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a POST that contains hexadecimal-encoded HTML. |
Invision Power Board |
web_prog_php_ipbversion | ||
|
Integer overflow in Opera 8.54 and earlier allows remote attackers to execute arbitrary code via a JPEG image with large height and width values, which causes less memory to be allocated than intended. |
Opera vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_opera | ||
|
Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exchange before 4.3.20 allows remote attackers to bypass the "text analysis", possibly bypassing SPAM and other filters, by sending an e-mail specifying a non-existent or unrecognized character set. |
MAILsweeper vulnerabilities |
mail_smtp_sweeper | ||
|
Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exchange before 4.3.20 allows remote attackers to cause a denial of service via (1) non-ASCII characters in a reverse DNS lookup result from a Received header, which leads to a Receiver service stop, and (2) unspecified vectors involving malformed messages, which causes "unpredictable behavior" that prevents the Security service from processing more messages. |
MAILsweeper vulnerabilities |
mail_smtp_sweeper | ||
|
SQL injection vulnerability in profile.php in Woltlab Burning Board (WBB) 2.1.6 allows remote attackers to execute arbitrary SQL commands via the userid parameter. |
Woltlab Burning Board vulnerabilities |
web_prog_php_woltlabbbversion | ||
|
SQL injection vulnerability in thread.php in Woltlab Burning Board (WBB) 2.2.2 allows remote attackers to execute arbitrary SQL commands via the threadid parameter. |
Woltlab Burning Board vulnerabilities |
web_prog_php_woltlabbbversion | ||
|
SQL injection vulnerability in studienplatztausch.php in Woltlab Burning Board (WBB) 2.2.1 allows remote attackers to execute arbitrary SQL commands via the sid parameter. |
Woltlab Burning Board vulnerabilities |
web_prog_php_woltlabbbversion | ||
|
Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers to execute arbitrary code via a crafted .mid (MIDI) file. |
Winamp vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_winamp | ||
|
SQL injection vulnerability in message.php in VBZooM 1.11 and earlier allows remote attackers to execute arbitrary SQL commands via the UserID parameter. |
VBZooM vulnerabilities |
web_prog_php_vbzoomver | ||
|
Cross-site scripting (XSS) vulnerability in classes/ui.class.php in dotProject 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter. |
dotProject vulnerabilities |
web_prog_php_dotprojectver | ||
|
SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter. |
MyBB vulnerabilities SQL injection |
web_prog_php_mybb web_prog_sql_mybb |
||
|
Multiple SQL injection vulnerabilities in Anthill 0.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order parameter in buglist.php and the (2) bug parameter in query.php. |
Anthill vulnerabilities |
web_prog_php_anthill | ||
|
SQL injection vulnerability in newthread.php in Woltlab Burning Board (WBB) 2.0 RC2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter. |
Woltlab Burning Board vulnerabilities |
web_prog_php_woltlabbbversion | ||
|
SQL injection vulnerability in showmods.php in Woltlab Burning Board (WBB) 1.2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter. |
Woltlab Burning Board vulnerabilities |
web_prog_php_woltlabbbversion | ||
|
SQL injection vulnerability in report.php in Woltlab Burning Board (WBB) 2.3.1 allows remote attackers to execute arbitrary SQL commands via the postid parameter. |
Woltlab Burning Board vulnerabilities |
web_prog_php_woltlabbbversion | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.7.7 allow remote attackers to inject arbitrary HTML or web script via unspecified attack vectors, possibly including (1) calendar/myagenda.php, (2) document/document.php, (3) phpbb/newtopic.php, (4) tracking/userLog.php, and (5) wiki/page.php. |
Claroline vulnerabilities |
web_prog_php_clarolinexss3 | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment). |
Cross site scripting |
web_prog_php_e107xsssearch | ||
|
Cross-site scripting (XSS) vulnerability in Trend Micro Control Manager (TMCM) 3.5 allows remote attackers to inject arbitrary web script or HTML via the username field on the login page, which is not properly sanitized before being displayed in the error log. |
Trend Micro vulnerabilities |
misc_av_trendmicro_cmver | ||
|
Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the web root, such as the image directory. |
Webmin vulnerabilities |
web_tool_webmindirtrav | ||
|
SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlier allows remote attackers to execute SQL commands via a double-encoded user parameter in a viewprofile action. |
SQL injection |
web_prog_sql_yabbdouble | ||
|
Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 11.0 allows remote attackers to execute arbitrary code via (1) a long User-Agent HTTP header in the RTSP service and (2) unspecified vectors involving the "parsing of HTTP URL schemes". |
RealServer vulnerabilities |
misc_helixdnaserver | ||
|
The SMTP service of MailEnable Standard 1.92 and earlier, Professional 2.0 and earlier, and Enterprise 2.0 and earlier before the MESMTPC hotfix, allows remote attackers to cause a denial of service (application crash) via a HELO command with a null byte in the argument, possibly triggering a length inconsistency or a missing argument. |
MailEnable vulnerabilities |
mail_smtp_mailenable mail_smtp_mailenableent mail_smtp_mailenablepro |
||
|
Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_06aug | ||
|
Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka "Folder GUID Code Execution Vulnerability." NOTE: directory traversal sequences were used in the original exploit, although their role is not clear. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_folderguid | ||
|
Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie. |
Flash vulnerabilities MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_flash misc_macosx_patch_secupd2006006 misc_macosx_version |
||
|
Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution in the pub directory. |
TWiki vulnerabilities |
web_prog_cgi_twikiver | ||
|
Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a direct request to secure/ConfigureReleaseNote.jspa, which are not sanitized before being returned in an error page. |
Atlassian JIRA vulnerabilities |
web_prog_jsp_jira | ||
|
secure/ConfigureReleaseNote.jspa in Atlassian JIRA 3.6.2-#156 allows remote attackers to obtain sensitive information via unspecified manipulations of the projectId parameter, which displays the installation path and other system information in an error message. |
Atlassian JIRA vulnerabilities |
web_prog_jsp_jira | ||
|
Opera 9 allows remote attackers to cause a denial of service (crash) via a crafted web page that triggers an out-of-bounds memory access, related to an iframe and JavaScript that accesses certain style sheets properties. |
Opera vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_opera9 | ||
|
Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) in Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code by repeatedly setting the Image field of an Internet.HHCtrl.1 object to certain values, possibly related to improper escaping and long strings. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_htmlhelpstring | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the (1) words, (2) id, (3) cat_id, and (4) tim parameters, which are not sanitized before being returned in an error page. NOTE: it is possible that some of these vectors are resultant from an SQL injection issue. |
SQL injection |
web_prog_sql_newsphp2 | ||
|
Multiple SQL injection vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the (1) words, (2) id, (3) topmenuitem, and (4) cat_id parameters in (a) index.php; and the (5) category parameter in (b) inc/rss_feed.php. |
SQL injection |
web_prog_sql_newsphp2 | ||
|
Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence and a trailing null (%00) byte in the lng parameter, which will display a different error message if the file exists. |
phpSysInfo vulnerabilities |
web_prog_php_sysinfover | ||
|
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter. |
phpMyAdmin vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver | ||
|
index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an invalid paged parameter, which displays the information in an SQL error message. NOTE: this issue has been disputed by a third party who states that the issue does not leak any target-specific information. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as those in the (1) wp-admin, (2) wp-content, and (3) wp-includes directories, possibly due to uninitialized variables. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274. |
Webmin vulnerabilities Note: Authentication is required to detect this vulnerability |
web_tool_webmindirtrav2 web_tool_webminpkg |
||
|
PHP remote file inclusion vulnerability in top.php in SiteBuilder-FX 3.5 allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter. |
PHP injection |
web_prog_php_sitebuildertop | ||
|
The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests. |
MacOSX vulnerabilities Samba vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_patch_secupd2006007 win_samba |
||
|
Cross-site request forgery (CSRF) vulnerability in editpost.php in MyBulletinBoard (MyBB) before 1.1.5 allows remote attackers to perform unauthorized actions as a logged in user and delete arbitrary forum posts via a bbcode IMG tag with a modified delete parameter in a deletepost action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters. |
PatchLink vulnerabilities |
web_prog_asp_patchlinkauth | ||
|
Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components. |
PatchLink vulnerabilities |
web_prog_asp_patchlinkauth | ||
|
SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter. |
PatchLink vulnerabilities |
web_prog_sql_checkprofile | ||
|
Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_excel06059 | ||
|
Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_office06062 | ||
|
PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ppt06058 | ||
|
Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true". |
ASP NET vulnerabilities Note: Authentication is required to detect this vulnerability |
web_server_iis_dotnetautopostback | ||
|
Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll "uses a file containing a malformed function," aka "Hyperlink Object Function Vulnerability." |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_hyperlink2 | ||
|
Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314. |
Windows updates needed |
win_patch_servserv | ||
|
Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability." |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_dnsres | ||
|
Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_dnsres | ||
|
Unspecified vulnerability in Pragmatic General Multicast (PGM) in Microsoft Windows XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted multicast message. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_pgm | ||
|
Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability." |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_exception | ||
|
Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer." |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_mupsys2 | ||
|
Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_agentacf | ||
|
Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_orun2 | ||
|
Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability." |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_officeppt | ||
|
Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_06aug | ||
|
Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_06aug | ||
|
Buffer overflow in Adobe Acrobat 6.0 to 6.0.4 allows remote attackers to execute arbitrary code via unknown vectors in a document that triggers the overflow when it is distilled to PDF. |
Adobe Acrobat vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_acrobat | ||
|
The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771. |
Norton vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_nortonnavopts | ||
|
Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files. |
Zope vulnerabilities |
web_dev_zope | ||
|
Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c. |
MacOSX vulnerabilities libtiff vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006004 misc_tiff |
||
|
Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size (TiffScanLineSize). |
libtiff vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_tiff | ||
|
Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors. |
MacOSX vulnerabilities libtiff vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006004 misc_tiff |
||
|
Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors involving decoding large RLE images. |
MacOSX vulnerabilities libtiff vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006004 misc_tiff |
||
|
The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large td_nstrips value, which triggers an infinite loop. |
libtiff vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_tiff | ||
|
TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic operations". |
libtiff vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_tiff | ||
|
Unspecified vulnerability in the custom tag support for the TIFF library (libtiff) before 3.8.2 allows remote attackers to cause a denial of service (instability or crash) and execute arbitrary code via unknown vectors. |
MacOSX vulnerabilities libtiff vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006004 misc_tiff |
||
|
Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PCF file, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861. |
MacOSX vulnerabilities X11 vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version misc_x11 |
||
|
Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted print call to display the error message. |
MySQL vulnerabilities MacOSX vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version misc_macosx_version |
||
|
AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys in a world-readable file, which allows local users to obtain the keys and access files and folders of other users. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006004 | ||
|
AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause denial of service (crash) via an invalid AFP request that triggers an unchecked error condition. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006004 | ||
|
Unspecified vulnerability in the "compression state handling" in Bom for Apple Mac OS X 10.3.9 and 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Zip archive. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006004 | ||
|
Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to execute arbitrary code via a crafted BOOTP request. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006004 | ||
|
The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users to obtain sensitive information via unspecified dynamic linker options that affect the use of standard error (stderr) by privileged applications. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006004 | ||
|
The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users to execute arbitrary code via an "improperly handled condition" that leads to use of "dangerous paths," probably related to an untrusted search path vulnerability. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006004 | ||
|
Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Radiance image. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006004 | ||
|
Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image that triggers a memory allocation failure that is not properly handled. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006004 | ||
|
Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed GIF image. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006004 | ||
|
The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006004 | ||
|
WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML document that causes WebKit to access an object that has already been deallocated. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006004 | ||
|
Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate attackers to execute arbitrary code by injecting crafted frames into a wireless network. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_airport | ||
|
Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically proximate attackers to cause a denial of service (crash), gain privileges, and execute arbitrary code via a crafted frame that is not properly handled during scan cache updates. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_airport | ||
|
Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow physically proximate attackers to cause a denial of service (crash) or execute arbitrary code in third-party wireless software that uses the API via crafted frames. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_airport | ||
|
Buffer overflow in SIPfoundry sipXtapi released before 20060324 allows remote attackers to execute arbitrary code via a long CSeq field value in an INVITE message. |
sipXtapi vulnerabilities |
misc_sipxtapi | ||
|
includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates the authentication credentials from parameters, which allows remote attackers to obtain privileges and upload arbitrary files via modified (1) pass and (2) session parameters, and (3) pass and (4) userlevel indices of the (a) Pivot_Vars[] or (b) Users[] array parameters. |
Cross site scripting |
web_prog_php_pivotxss | ||
|
PHP file inclusion vulnerability in includes/edit_new.php in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a FTP URL or full file path in the Paths[extensions_path] parameter. |
Cross site scripting |
web_prog_php_pivotxss | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) fg, (2) line1, (3) line2, (4) bg, (5) c1, (6) c2, (7) c3, and (8) c4 parameters in (a) includes/blogroll.php; (9) name and (10) js_name parameters in (b) includes/editor/edit_menu.php; and, even if register_globals is not enabled, the (11) h and (12) w parameters in (c) includes/photo.php. |
Cross site scripting |
web_prog_php_pivotxss | ||
|
Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing "/content". |
shoutcast vulnerabilities |
misc_shoutcast | ||
|
Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.7 allows remote attackers to read arbitrary files via unspecified vectors that are a "slight variation" of CVE-2006-3534. |
shoutcast vulnerabilities |
misc_shoutcast | ||
|
Check Point Zone Labs ZoneAlarm Internet Security Suite 6.5.722.000, 6.1.737.000, and possibly other versions do not properly validate RegSaveKey, RegRestoreKey, and RegDeleteKey function calls, which allows local users to cause a denial of service (system crash) via a certain combination of these function calls with an HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VETFDDNT\Enum argument. |
ZoneAlarm vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_firewall_za_issver | ||
|
EMC VMware Player allows user-assisted attackers to cause a denial of service (unrecoverable application failure) via a long value of the ide1:0.fileName parameter in the .vmx file of a virtual machine. NOTE: third parties have disputed this issue, saying that write access to the .vmx file enables other ways of stopping the virtual machine, so no privilege boundaries are crossed |
VMware vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vmwareplayerver | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen). |
Horde vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_horde | ||
|
services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server. |
Horde vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_horde | ||
|
Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to execute arbitrary commands via a malformed .swf file that results in "multiple improper memory access" errors. |
Flash vulnerabilities MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_flash misc_macosx_patch_secupd2006006 misc_macosx_version |
||
|
Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to cause a denial of service (browser crash) via a malformed, compressed .swf file, a different issue than CVE-2006-3587. |
Flash vulnerabilities MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_flash misc_macosx_patch_secupd2006006 misc_macosx_version |
||
|
mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_officeppt | ||
|
The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190. |
Cisco web interface access |
net_cisco_priv15 | ||
|
Directory traversal vulnerability in pm.php in Phorum 5 allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[template] parameter, as demonstrated by injecting PHP sequences into a log file, which is then included by pm.php. |
PHP injection |
web_prog_php_phorumxss | ||
|
Cross-site scripting (XSS) vulnerability in Phorum 5.1.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
PHP injection |
web_prog_php_phorumxss | ||
|
Multiple PHP remote file inclusion vulnerabilities in Phorum 5.1.14, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via unspecified vectors related to an uninitialized variable. |
PHP injection |
web_prog_php_phorumxss | ||
|
Directory traversal vulnerability in Framework Service component in McAfee ePolicy Orchestrator agent 3.5.0.x and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the directory and filename in a PropsResponse (PackageType) request. |
McAfee ePolicy Orchestrator |
web_tool_epolicy | ||
|
Unspecified vulnerability in the GSM BSSMAP dissector in Wireshark (aka Ethereal) 0.10.11 to 0.99.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_wireshark | ||
|
Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_wireshark | ||
|
Unspecified vulnerability in the MOUNT dissector in Wireshark (aka Ethereal) 0.9.4 to 0.99.0 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_wireshark | ||
|
Multiple off-by-one errors in Wireshark (aka Ethereal) 0.9.7 to 0.99.0 have unknown impact and remote attack vectors via the (1) NCP NMAS and (2) NDPS dissectors. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_wireshark | ||
|
Unspecified vulnerability in the SSH dissector in Wireshark (aka Ethereal) 0.9.10 to 0.99.0 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_wireshark | ||
|
Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the NFS dissector. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_wireshark | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
Mailman vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_misc_mailman | ||
|
Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_06aug | ||
|
Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka "COM Object Instantiation Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_06aug | ||
|
Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnerability." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_06aug | ||
|
Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_06aug | ||
|
Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability." |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_mmc | ||
|
Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_word06060 | ||
|
Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception." |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_exception | ||
|
Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents. |
Microsoft VBA vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_vbadocprop | ||
|
Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_office06062 | ||
|
Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_word06060 | ||
|
Cross-site scripting (XSS) vulnerability in Index.PHP in CuteNews 1.4.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
CuteNews vulnerabilities |
web_prog_php_cutenewsver | ||
|
Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year, (2) pluginmode or (3) month parameters. |
vulnerable web program |
web_prog_cgi_awstatspath | ||
|
Multiple SQL injection vulnerabilities in VBZooM 1.11 and earlier allow remote attackers to execute arbitrary SQL commands via the UserID parameter to (1) ignore-pm.php, (2) sendmail.php, (3) reply.php or (4) sub-join.php. |
VBZooM vulnerabilities |
web_prog_php_vbzoomver | ||
|
Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations". |
Ruby vulnerabilities Note: Authentication is required to detect this vulnerability |
web_dev_ruby | ||
|
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB01 for Change Data Capture (CDC) component and (2) DB03 for Data Pump Metadata API. NOTE: as of 20060719, Oracle has not disputed a claim by a reliable researcher that DB01 is related to multiple SQL injection vulnerabilities in SYS.DBMS_CDC_IMPDP using the (a) IMPORT_CHANGE_SET, (b) IMPORT_CHANGE_TABLE, (c) IMPORT_CHANGE_COLUMN, (d) IMPORT_SUBSCRIBER, (e) IMPORT_SUBSCRIBED_TABLE, (f) IMPORT_SUBSCRIBED_COLUMN, (g) VALIDATE_IMPORT, (h) VALIDATE_CHANGE_SET, (i) VALIDATE_CHANGE_TABLE, and (j) VALIDATE_SUBSCRIPTION procedures, and that DB03 is for SQL injection in the MAIN procedure for SYS.KUPW$WORKER. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5 and 9.2.0.6 has unknown impact and attack vectors, aka Oracle Vuln# DB02. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Multiple unspecified vulnerabilities in Oracle Database 9.2.0.6 and 10.1.0.4 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 for Web Distributed Authoring and Versioning (DAV) and (2) DB23 for XMLDB. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in the Dictionary component in Oracle Database 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors, aka Oracle Vuln# DB05. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB06 in Export; (2) DB08, (3) DB09, (4) DB10, (5) DB11, (6) DB12, (7) DB13, (8) DB14, and (9) DBC01 for OCI; (10) DB16 for Query Rewrite/Summary Mgmt; (11) DB17, (12) DB18, (13) DB19, (14) DBC02, (15) DBC03, and (16) DBC04 for RPC; and (17) DB20 for Semantic Analysis. NOTE: as of 20060719, Oracle has not disputed third party claims that DB06 is related to "SQL injection" using DBMS_EXPORT_EXTENSION with a modified ODCIIndexGetMetadata routine and a call to GET_DOMAIN_INDEX_METADATA, in which case DB06 might be CVE-2006-2081. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in InterMedia for Oracle Database 9.0.1.5, 9.2.0.6, and 10.1.0.4 has unknown impact and attack vectors, aka oracle Vuln# DB07. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in the Oracle ODBC Driver for Oracle Database 10.1.0.4 has unknown impact and attack vectors, aka Oracle Vuln# 10.1.0.4. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB21 for Statistics and (2) DB22 for Upgrade & Downgrade. NOTE: as of 20060719, Oracle has not disputed a claim by a reliable researcher that DB21 is for a local SQL injection vulnerability in SYS.DBMS_STATS, and that DB22 is for SQL injection in SYS.DBMS_UPGRADE. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3 has unknown impact and attack vectors, aka Oracle Vuln# AS01. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3 and 9.0.3.1 has unknown impact and attack vectors, aka Oracle Vuln# AS02. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, 9.0.4.2, 10.1.2.0.2, and 10.1.2.1 has unknown impact and attack vectors, aka Oracle Vuln# AS03. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# AS04. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, 9.0.4.2, and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# (1) AS05 and (2) AS08. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, and 9.0.4.1 has unknown impact and attack vectors, aka Oracle Vuln# AS06. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in OC4J for Oracle Application Server 9.0.4.2 and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# AS07. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in OC4J for Oracle Application Server 10.1.3.0 has unknown impact and attack vectors, aka Oracle Vuln# AS09. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in OC4J for Oracle Application Server 10.1.2.0.2 and 10.1.2.1 has unknown impact and attack vectors, aka Oracle Vuln# AS10. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Buffer overflow in FileCOPA FTP Server before 1.01 released on 18th July 2006, allows remote authenticated attackers to execute arbitrary code via a long argument to the LIST command. |
FileCOPA FTP vulnerabilities |
ftp_filecopa | ||
|
Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_setslice | ||
|
jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name. |
JBoss Application Server |
web_dev_jbossjmxconsole | ||
|
Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. |
MacOSX vulnerabilities OpenSSL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_patch_secupd2006007 misc_openssl |
||
|
Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character metrics (StartCharMetrics), which leads to a heap-based buffer overflow. |
X11 vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_x11 | ||
|
Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted (1) CMap and (2) CIDFont font data with modified item counts in the (a) begincodespacerange, (b) cidrange, and (c) notdefrange sections. |
X11 vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_x11 | ||
|
Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images. |
ImageMagick vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_imagemagick | ||
|
Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows. |
ImageMagick vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_imagemagick | ||
|
Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message. |
GnuPG vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_gnupg | ||
|
Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules. |
MacOSX vulnerabilities Apache vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version web_server_apache_version |
||
|
inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php. |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related has unspecified impact and attack vectors related to "user group manipulation." |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using "javascript". |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
Integer underflow in filecpnt.exe in FileCOPA FTP Server 1.01 before 2006-07-21 allow remote authenticated users to execute arbitrary code via a long argument to the (1) CWD, (2) DELE, (3) MDTM, and (4) MKD commands, which triggers a stack-based buffer overflow. |
FileCOPA FTP vulnerabilities |
ftp_filecopa | ||
|
SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER['HTTP_CLIENT_IP'] variable), as utilized by index.php. |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to e-mail messages with alternate name users when the (1) "Save As Draft" option is used or (2) a "," (comma) is inside the "phrase" portion of an address, which can cause the e-mail to be sent to users that were deleted from the To, CC, and BCC fields, which allows remote attackers to obtain the list of original recipients. |
Lotus Notes email client vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_notesalt | ||
|
Symantec pcAnywhere 12.5 uses weak default permissions for the "Symantec\pcAnywhere\Hosts" folder, which allows local users to gain privileges by inserting a superuser .cif (aka caller or CallerID) file into the folder, and then using a pcAnywhere client to login as a local administrator. |
pcAnywhere vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_pcanywherever | ||
|
Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin. |
pcAnywhere vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_pcanywherever | ||
|
Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka caller or CallerID) files, which allows local users to generate a custom .cif file and modify the superuser flag. |
pcAnywhere vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_pcanywherever | ||
|
Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not properly clear a JavaScript reference to a frame or window, which leaves a pointer to a deleted object that allows remote attackers to execute arbitrary native code. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to hijack native DOM methods from objects in another domain and conduct cross-site scripting (XSS) attacks using DOM methods of the top-level object. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used during the creation of a new Function object. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) via a VCard attachment with a malformed base64 field, which copies more data than expected due to an integer underflow. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_seamonkey |
||
|
The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments." |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the constructor. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote Proxy AutoConfig (PAC) servers to execute code with elevated privileges via a PAC script that sets the FindProxyForURL function to an eval method on a privileged object. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows scripts with the UniversalBrowserRead privilege to gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data by reading into a privileged context. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapper(window).Function construct. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Javascript that leads to memory corruption, including (1) nsListControlFrame::FireMenuItemActiveEvent, (2) buffer overflows in the string class in out-of-memory conditions, (3) table row and column groups, (4) "anonymous box selectors outside of UA stylesheets," (5) stale references to "removed nodes," and (6) running the crypto.generateCRMFRequest callback on deleted context. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time window on startup. |
Heartbeat vulnerability Note: Authentication is recommended to improve the accuracy of this check |
misc_heartbeat | ||
|
Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with "TYPEOF". |
TWiki vulnerabilities |
web_prog_cgi_twikiver | ||
|
Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do. |
Apache Tomcat vulnerabilities |
web_dev_tomcatdirlist | ||
|
Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 beta 6 allows remote attackers to execute arbitrary code via a long filename in a LHA archive. |
WinRAR vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_compress_winrarlha | ||
|
Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 and 10.00 before 10.00.TC3, when running on Windows, allows remote attackers to execute arbitrary code via a long username. |
INFORMIX vulnerabilities Note: Authentication is required to detect this vulnerability |
database_informix_idsver | ||
|
The ifx_load_internal function in IBM Informix Dynamic Server (IDS) allows remote authenticated users to execute arbitrary C code via the DllMain or _init function in a library, aka "C code UDR." |
INFORMIX vulnerabilities Note: Authentication is required to detect this vulnerability |
database_informix_idsver | ||
|
IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows local users to cause a denial of service (crash) via unspecified vectors. |
INFORMIX vulnerabilities Note: Authentication is required to detect this vulnerability |
database_informix_idsver | ||
|
Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before 9.40.TC6 and 10.00 before 10.00.TC3 allow remote authenticated users to execute arbitrary code via (1) the getname function, as used by (a) _sq_remview, (b) _sq_remproc, (c) _sq_remperms, (d) _sq_distfetch, and (e) _sq_dcatalog; and the (2) SET DEBUG FILE, (3) IFX_FILE_TO_FILE, (4) FILETOCLOB, (5) LOTOFILE, and (6) DBINFO functions (product defect IDs 171649, 171367, 171387, 171391, 171906, 172179). |
INFORMIX vulnerabilities Note: Authentication is required to detect this vulnerability |
database_informix_idsver | ||
|
IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772). |
INFORMIX vulnerabilities Note: Authentication is required to detect this vulnerability |
database_informix_idsver | ||
|
IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases. |
INFORMIX vulnerabilities Note: Authentication is required to detect this vulnerability |
database_informix_idsver | ||
|
Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through 9.40.xC7 and 10.00.TC1 through 10.00.xC3 allows attackers to execute arbitrary code via the SQLIDEBUG environment variable (envariable). |
INFORMIX vulnerabilities Note: Authentication is required to detect this vulnerability |
database_informix_idsver | ||
|
Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_office06062 | ||
|
Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_excel06059 | ||
|
Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_office06062 | ||
|
Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_longurl | ||
|
Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_longurl | ||
|
Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_excel06059 | ||
|
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ppt06058 | ||
|
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_office2000 win_patch_office2002 win_patch_office2003 win_patch_office2004macver win_patch_ppt06058 |
||
|
Buffer overflow in AOL You've Got Pictures (YGP) Screensaver ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors. |
AOL vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_aol_ygpactivexbo | ||
|
Buffer overflow in AOL You've Got Pictures (YGP) Pic Downloader YGPPDownload ActiveX control (AOL.PicDownloadCtrl.1, YGPPicDownload.dll), as used in America Online 9.0 Security Edition, allows remote attackers to execute arbitrary code via a long argument to the SetAlbumName method. |
AOL vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_aol_ygpactivexbo | ||
|
The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used by RSA BSAFE, multiple Cisco products, and other products, allows remote attackers to cause a denial of service via malformed ASN.1 objects. |
Cisco crypto vulnerability Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_crypto | ||
|
Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that this is due to a design weakness of the IKE version 1 protocol, in which case other vendors and implementations would also be affected. |
Cisco vulnerabilities Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ios | ||
|
PHP remote file inclusion vulnerability in OSI Codes PHP Live! 3.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the css_path parameter in (1) help.php and (2) setup/header.php. |
PHP injection |
web_prog_php_phplive | ||
|
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file. |
Apache vulnerabilities |
web_server_expectxss | ||
|
Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script or HTML via the message body. |
OpenCms vulnerabilities |
web_prog_jsp_opencmsver | ||
|
Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter. |
OpenCms vulnerabilities |
web_prog_jsp_opencmsver | ||
|
system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before 6.2.2 does not restrict access to administrator functions, which allows remote authenticated users to (1) send broadcast messages to all users (/workplace/broadcast), (2) list all users (/accounts/users), (3) add webusers (/accounts/webusers/new), (4) upload database import and export files (/database/importhttp), (5) upload arbitrary program modules (/modules/modules_import), and (6) read the log file (/workplace/logfileview) by setting the appropriate value for the path parameter in a direct request to admin-main.jsp. |
OpenCms vulnerabilities |
web_prog_jsp_opencmsver | ||
|
system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp. |
OpenCms vulnerabilities |
web_prog_jsp_opencmsver | ||
|
The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research; the vulnerability is not associated with a mailslot. |
Windows updates needed Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
win_patch_srvsys | ||
|
WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006006 misc_macosx_version |
||
|
Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action. |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf. |
McAfee Security Center vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_mcafeesubmgr | ||
|
Cross-site scripting (XSS) vulnerability in cgi-bin/admin in 3Com OfficeConnect Secure Router with firmware 1.04-168 allows remote attackers to inject arbitrary web script or HTML via the tk parameter. |
OfficeConnect vulnerabilities |
net_ocrxss | ||
|
Unspecified vulnerability in CA eTrust Antivirus WebScan allows remote attackers to execute arbitrary code due to "improper bounds checking when processing certain user input." |
CA eTrust AntiVirus WebScan vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_cawebscanver | ||
|
Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 allows remote attackers to install arbitrary files. |
CA eTrust AntiVirus WebScan vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_cawebscanver | ||
|
Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 has unknown impact and remote attackers related to "improper processing of outdated WebScan components." |
CA eTrust AntiVirus WebScan vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_cawebscanver | ||
|
The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator. |
http Cold Fusion Note: Authentication is recommended to improve the accuracy of this check |
web_prog_cfm_mx | ||
|
Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: portions of these details are obtained from third party information. |
Drupal vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal | ||
|
Multiple directory traversal vulnerabilities in Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allow remote attackers to read and overwrite certain files via directory traversal sequences in (1) DATABLOB-GET and (2) DATABLOB-SAVE requests. |
Brightmail AntiSpam vulnerabilities |
mail_misc_brightasdt | ||
|
Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allows remote attackers to cause a denial of service (application freeze) "by sending invalid posts". |
Brightmail AntiSpam vulnerabilities |
mail_misc_brightasdt | ||
|
Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values. |
ClamAV vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam misc_av_clamwinupx |
||
|
Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users. |
SquirrelMail vulnerabilities MacOSX vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_web_squirrel misc_macosx_version |
||
|
scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy's role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-2006-3389 and CVE-2006-3390, although it is likely that 2.0.4 addresses an unspecified issue related to "Anyone can register" functionality (user registration for guests). |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy. |
MySQL vulnerabilities MacOSX vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version misc_macosx_version |
||
|
Cross-site scripting (XSS) vulnerability in archive.php in Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyw parameter when performing a search. NOTE: some details are obtained from third party information. |
Simplog vulnerabilities |
web_prog_sql_simplogcid | ||
|
pm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, allows remote attackers to bypass authentication by providing an arbitrary username in the membercookie cookie parameter. |
DeluxeBB vulnerabilities |
web_prog_php_deluxebbver | ||
|
Cross-site scripting (XSS) vulnerability in newpost.php in DeluxeBB 1.08, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the subject parameter (aka the topic title field). |
DeluxeBB vulnerabilities |
web_prog_php_deluxebbver | ||
|
DeluxeBB 1.08, and possibly earlier, uses cookies that include the MD5 hash of a password, which allows remote attackers to gain privileges by sniffing or cross-site scripting (XSS) and conduct password guessing attacks. |
DeluxeBB vulnerabilities |
web_prog_php_deluxebbver | ||
|
BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned. |
DNS vulnerabilities MacOSX vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
dns_bindsig misc_macosx_version |
||
|
BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty. |
DNS vulnerabilities MacOSX vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
dns_bindsig misc_macosx_version |
||
|
Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems. |
Apache vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_apache_version | ||
|
Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112. |
Ruby on Rails vulnerabilities Note: Authentication is required to detect this vulnerability |
web_dev_rubyonrails | ||
|
Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service (application hang) or "data loss," a different vulnerability than CVE-2006-4111. |
Ruby on Rails vulnerabilities Note: Authentication is required to detect this vulnerability |
web_dev_rubyonrails | ||
|
Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec for Netware Server Remote Agent for Windows Server 9.1 and 9.2 (all builds), Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 (builds 10.1.325.6301, 10.1.326.1401, 10.1.326.2501, 10.1.326.3301, and 10.1.327.401), and Backup Exec for Windows Server and Remote Agent 9.1 (build 9.1.4691), 10.0 (builds 10.0.5484 and 10.0.5520), and 10.1 (build 10.1.5629) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RPC message. |
Veritas Backup Exec Note: Authentication is recommended to improve the accuracy of this check |
misc_backupexec | ||
|
Directory traversal vulnerability in IPCheck Server Monitor before 5.3.3.639/640 allows remote attackers to read arbitrary files via modified .. (dot dot) sequences in the URL, including (1) "..%2f" (encoded "/" slash), "..../" (multiple dot), and "..%255c../" (double-encoded "\" backslash). |
http server read access |
web_server_read | ||
|
Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow. |
ImageMagick vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_imagemagick | ||
|
Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c. |
Apache module vulnerabilities |
web_mod_tcl | ||
|
Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended. |
Novell eDirectory |
misc_edirectory881 | ||
|
Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors. |
RADIUS vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_gnuradius | ||
|
Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when less memory is allocated than expected. |
ClamAV vulnerabilities MacOSX vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam misc_av_clamwinupx misc_macosx_patch_secupd2006007 |
||
|
Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_directxtarga | ||
|
Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php. |
XMB vulnerabilities |
web_prog_php_xmb | ||
|
Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption. NOTE: it is not certain whether the issue is in Internet Explorer or the individual DLL files. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_com | ||
|
Unspecified vulnerability in the backup agent and Cell Manager in HP OpenView Storage Data Protector 5.1 and 5.5 before 20060810 allows remote attackers to execute arbitrary code on an agent via unspecified vectors related to authentication and input validation. |
HP Openview vulnerabilities |
net_ovsdpver | ||
|
The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_com | ||
|
Stack-based buffer overflow in the IBM Access Support eGatherer ActiveX control before 3.20.0284.0 allows remote attackers to execute arbitrary code via a long filename parameter to the RunEgatherer method. |
IBM Access Support vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_ibmas | ||
|
MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. |
MySQL vulnerabilities MacOSX vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version misc_macosx_version |
||
|
MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE. |
MySQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version | ||
|
PHP remote file inclusion vulnerability in classes/query.class.php in dotProject 2.0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter. |
dotProject vulnerabilities |
web_prog_php_dotprojectver | ||
|
SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value. |
SQLLedger vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_cgi_sqlledger | ||
|
Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allow remote attackers to execute arbitrary code via a malformed TCP DNS query that prevents Recursor from properly calculating the TCP DNS query length. |
PowerDNS vulnerabilities |
dns_power | ||
|
PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a denial of service (resource exhaustion and application crash) via a CNAME record with a zero TTL, which triggers an infinite loop. |
PowerDNS vulnerabilities |
dns_power | ||
|
Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Netscape Navigator vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_netscape web_client_seamonkey |
||
|
Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen. |
Horde IMP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_web_imp | ||
|
index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS. |
Horde vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_horde | ||
|
IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process, or (2) sending crafted SQLJRA packet, which results in a null dereference. |
DB2 vulnerabilities |
database_db2ver | ||
|
Absolute path traversal vulnerability in the get functionality in Anti-Spam SMTP Proxy (ASSP) allows remote authenticated users to read arbitrary files via (1) C:\ (Windows drive letter), (2) UNC, and possibly other types of paths in the file parameter. |
vulnerable web program |
web_prog_cgi_assp | ||
|
Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirmed.php. |
CubeCart vulnerabilities |
web_prog_php_cubecartver | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file, (2) x, and (3) y parameters in (a) admin/filemanager/preview.php; and the (4) email parameter in (b) admin/login.php. |
CubeCart vulnerabilities |
web_prog_php_cubecartver | ||
|
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_directxax | ||
|
Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client. |
MaxDB WebTools vulnerabilities |
web_tool_maxdbver | ||
|
Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FTP response, when attempting to connect with a username and password via the FTP URI. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_mozilla |
||
|
Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors. |
Cisco VPN vulnerabilities Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_vpn | ||
|
Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under "Program Files" or its subdirectories. |
SSH Tectia vulnerabilities |
shell_ssh_tectia | ||
|
Cross-site scripting (XSS) vulnerability in attachment.php in WoltLab Burning Board (WBB) 2.3.5 allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript. |
Woltlab Burning Board vulnerabilities |
web_prog_php_woltlabbbversion | ||
|
Buffer overflow in WFTPD Server 3.23 allows remote attackers to execute arbitrary code via long SIZE commands. |
WFTPD vulnerabilities |
ftp_wftpd | ||
|
Unspecified vulnerability in the SCSI dissector in Wireshark (formerly Ethereal) 0.99.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_wireshark | ||
|
Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark (formerly Ethereal) 0.99.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_wireshark | ||
|
Unspecified vulnerability in the DHCP dissector in Wireshark (formerly Ethereal) 0.10.13 through 0.99.2, when run on Windows, allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a bug in Glib. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_wireshark | ||
|
The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows remote attackers to cause a denial of service (resource consumption) via malformed packets that cause the Q.2391 dissector to use excessive memory. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_ethereal net_wireshark |
||
|
Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference. |
gzip vulnerabilities MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_compress_gzip misc_macosx_patch_secupd2006007 |
||
|
Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that triggers an out-of-bounds write, aka a "stack modification vulnerability." |
gzip vulnerabilities MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_compress_gzip misc_macosx_patch_secupd2006007 |
||
|
Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index. |
gzip vulnerabilities MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_compress_gzip misc_macosx_patch_secupd2006007 |
||
|
Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive. |
gzip vulnerabilities MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_compress_gzip misc_macosx_patch_secupd2006007 |
||
|
unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive. |
gzip vulnerabilities MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_compress_gzip misc_macosx_patch_secupd2006007 |
||
|
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. |
DNS vulnerabilities MacOSX vulnerabilities OpenSSL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
dns_bindrsa misc_macosx_patch_secupd2006007 misc_openssl |
||
|
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. |
MacOSX vulnerabilities OpenSSL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_patch_secupd2006007 misc_openssl |
||
|
Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response. |
Asterisk vulnerabilities Note: Authentication is required to detect this vulnerability |
net_asterisk | ||
|
Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable. |
Asterisk vulnerabilities Note: Authentication is required to detect this vulnerability |
net_asterisk | ||
|
Multiple heap-based buffer overflows in the POP3 server in Alt-N Technologies MDaemon before 9.0.6 allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via long strings that contain '@' characters in the (1) USER and (2) APOP commands. |
MDaemon vulnerabilities |
mail_pop_mdaemon | ||
|
Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated domain administrators to change a global administrator's password and gain privileges via the userlist.wdm file. |
AltN WebAdmin vulnerabilities |
mail_web_mdaemonwebadminver | ||
|
Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated global administrators to read arbitrary files via a .. (dot dot) in the file parameter to (1) logfile_view.wdm and (2) configfile_view.wdm. |
AltN WebAdmin vulnerabilities |
mail_web_mdaemonwebadminver | ||
|
Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure allows remote attackers to execute arbitrary code via a long string located after an '@' character and before a ':' character. |
IMail vulnerabilities |
mail_smtp_imail | ||
|
MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects. |
MySQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version | ||
|
Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Multiple buffer overflows in Apple QuickTime before 7.1.3 allow user-assisted remote attackers to execute arbitrary code via a crafted QuickTime movie. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via the COLOR_64 chunk in a FLIC (FLC) movie. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted SGI image. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie, a different issue than CVE-2006-4381. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the "Allow user to administer this computer" checkbox in System Preferences for a user, does not remove the user's account from the appserveradm or appserverusr groups, which still allows the user to manage WebObjects applications. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file, which triggers an exception that leads to an operation on an uninitialized object. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trusted sites by using encryption without authentication, which can cause the lock icon in Safari to be displayed even when the site's identity cannot be trusted. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006006 misc_macosx_version |
||
|
Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 allows remote attackers to execute arbitrary code via a malformed JPEG2000 image. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child's thread context and task address space in a way that causes the child to call a parent-controlled function. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
A logic error in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, allows network accounts without GUIds to bypass service access controls and log into the system using loginwindow via unknown vectors. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows context-dependent attackers to cause a denial of service ("memory corruption" and crash) via a crafted PICT image that is not properly handled by a certain "unsupported QuickDraw operation." |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006006 misc_macosx_version |
||
|
The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier does not securely create log files, which allows local users to create and modify arbitrary files via unspecified vectors, possibly relating to a symlink attack. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006007 | ||
|
Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 through 10.4.7 prevents Kerberos tickets from being destroyed if a user does not successfully log on to a network account from the login window, which might allow later users to gain access to the original user's Kerberos tickets. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Multiple buffer overflows in the Apple Type Services (ATS) server in Mac OS X 10.4 through 10.4.8 allow local users to execute arbitrary code via crafted service requests. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006007 | ||
|
User interface inconsistency in Workgroup Manager in Apple Mac OS X 10.4 through 10.4.7 appears to allow administrators to change the authentication type from crypt to ShadowHash passwords for accounts in a NetInfo parent, when such an operation is not actually supported, which could result in less secure password management than intended. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Stack-based buffer overflow in the Apple Type Services (ATS) server in Mac OS 10.4.8 and earlier allow user-assisted attackers to execute arbitrary code via crafted font files. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006007 | ||
|
Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006007 | ||
|
Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary code by browsing directories containing crafted .DS_Store files. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006007 | ||
|
The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enumerate valid usernames. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006007 | ||
|
The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006007 | ||
|
Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and 10.3.x up to 10.3.9, when PPPoE is enabled, allows remote attackers to execute arbitrary code via unspecified vectors. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006007 | ||
|
The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006007 | ||
|
The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification. NOTE: this issue may be similar to CVE-2006-2940. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006007 | ||
|
The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006007 | ||
|
The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists (CRL), which allows remote attackers to access systems by using revoked certificates. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006007 | ||
|
The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x through 10.4.8 does not properly clean the environment when executing commands, which allows local users to gain privileges via unspecified vectors. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006007 | ||
|
WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 allows remote attackers to execute arbitrary code via a crafted HTML file, which accesses previously deallocated objects. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006007 | ||
|
Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected." |
Sendmail vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_smtp_sendmail | ||
|
Eval injection vulnerability in Tagger LE allows remote attackers to execute arbitrary PHP code via the query string in (1) tags.php, (2) sign.php, and (3) admin/index.php. |
vulnerable web program |
web_prog_php_tagger | ||
|
Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_directanim | ||
|
X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit. |
X11 vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_x11 | ||
|
Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer. |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request. |
phpBB vulnerabilities |
web_prog_php_bbver | ||
|
Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in phpGroupWare 0.9.16.010 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the GLOBALS[phpgw_info][user][preferences][common][country] parameter. |
phpGroupWare vulnerabilities |
web_prog_php_groupware | ||
|
Joomla! before 1.0.11 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to have an unspecified impact. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Joomla!. |
Joomla vulnerabilities |
web_prog_php_joomlaver | ||
|
Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow attackers to have an unknown impact via unspecified vectors involving the (1) mosMail, (2) JosIsValidEmail, and (3) josSpoofValue functions; (4) the lack of inclusion of globals.php in administrator/index.php; (5) the Admin User Manager; and (6) the poll module. |
Joomla vulnerabilities |
web_prog_php_joomlaver | ||
|
Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows remote attackers to perform "remote execution," related to "Injection Flaws." |
Joomla vulnerabilities |
web_prog_php_joomlaver | ||
|
Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is defined, which allows attackers to have an unknown impact, possibly resulting in PHP remote file inclusion. |
Joomla vulnerabilities |
web_prog_php_joomlaver | ||
|
The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified vectors. |
Joomla vulnerabilities |
web_prog_php_joomlaver | ||
|
Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow attackers to bypass user authentication via unknown vectors involving the (1) do_pdf command and the (2) emailform com_content task. |
Joomla vulnerabilities |
web_prog_php_joomlaver | ||
|
Unspecified vulnerability in com_content in Joomla! before 1.0.11, when $mosConfig_hideEmail is set, allows attackers to perform the emailform and emailsend tasks. |
Joomla vulnerabilities |
web_prog_php_joomlaver | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.11 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) Admin Module Manager, (2) Admin Help, and (3) Search. |
Joomla vulnerabilities |
web_prog_php_joomlaver | ||
|
Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors. |
Joomla vulnerabilities |
web_prog_php_joomlaver | ||
|
Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5) content submissions when frontpage is selected; (6) the mosPageNav constructor; (7) saveOrder functions; (8) the absence of "exploit blocking rules" in htaccess; and (9) the ACL. |
Joomla vulnerabilities |
web_prog_php_joomlaver | ||
|
The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. NOTE: the error_log function is covered by CVE-2006-3011, and the imap_open function is covered by CVE-2006-1017. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Integer overflow in memory allocation routines in PHP before 5.1.6, when running on a 64-bit system, allows context-dependent attackers to bypass the memory_limit restriction. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Integer overflow in the evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request. |
Novell eDirectory |
misc_edirectory881 | ||
|
The evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request containing a value that is larger than the number of objects transmitted, which triggers an invalid free of unallocated memory. |
Novell eDirectory |
misc_edirectory881 | ||
|
Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted HTTP POST request to TCP port 8300 with a modified val parameter, which triggers a null dereference related to "zero-size strings in blowfish routines." |
Novell GroupWise vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
mail_web_groupwisemessengerzerosize | ||
|
Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a denial of service (crash) in the Tomcat server via a long TREE parameter in an HTTP POST, which triggers a NULL pointer dereference. |
Novell iManager vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
web_server_novell_treedos | ||
|
Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a DNS request with a self-referencing compressed name pointer, which triggers an infinite loop. |
WinGate proxy vulnerability |
web_proxy_wingatever | ||
|
ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 FTF2, does not properly handle NCP fragments with a negative length, which allows remote attackers to cause a denial of service (daemon crash) when the heap is written to a log file. |
Novell eDirectory Note: Authentication is required to detect this vulnerability |
misc_edirectoryncpdos | ||
|
Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array. |
CubeCart vulnerabilities |
web_prog_php_cubecartver | ||
|
SQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the searchArray[] parameter. |
CubeCart vulnerabilities |
web_prog_php_cubecartver | ||
|
includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file inclusion attacks. |
CubeCart vulnerabilities |
web_prog_php_cubecartver | ||
|
Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_word06060 | ||
|
RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly 3.6 and earlier, allows local users to cause a denial of service (crash) via a NULL third argument to the NtOpenSection API function. NOTE: it was later reported that 3.6.cqn is also affected. |
BlackIce vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_blackicever | ||
|
Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs. |
Webmin vulnerabilities Note: Authentication is required to detect this vulnerability |
web_tool_webmin00 web_tool_webminpkg |
||
|
Lyris ListManager 8.95 allows remote authenticated users, who have administrative privileges for at least one list on the server, to add new administrators to any list via a modified MEMBERS_.List_ parameter. |
Lyris vulnerabilities |
mail_misc_listmanagerver | ||
|
Lyris ListManager 8.95 allows remote authenticated users to obtain sensitive information by attempting to add a user with a ' (single quote) character in the name, which reveals the details of the underlying SQL query, possibly because of a forced SQL error or SQL injection. |
Lyris vulnerabilities |
mail_misc_listmanagerver | ||
|
Buffer overflow in the Retro64 / Miniclip CR64Loader ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors involving an HTML document that references the CLSID of the control. |
Retro64 vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_cr64loader | ||
|
Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a "minimal quantifier." |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set ("[\\"), which leads to a buffer over-read. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other attacks. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox | ||
|
Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "Load Images" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_seamonkey |
||
|
Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors, some of which involve JavaScript, and possibly large images or plugin data. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger an assertion error related to unexpected length values. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_ethereal net_wireshark |
||
|
Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpAtm) 1.21 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the include_location parameter in (1) confirm.php or (2) login.php. NOTE: the include_location parameter to index.php is already covered by CVE-2005-1681. |
phpATM vulnerabilities |
web_prog_php_atmver | ||
|
slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN). |
OpenLDAP vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_openldap | ||
|
Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory. |
vulnerable web program |
web_prog_php_tikiwikiupload | ||
|
SQL injection vulnerability in ReplyNew.asp in ZIXForum 1.12 allows remote attackers to execute arbitrary SQL commands via the RepId parameter. |
SQL injection |
web_prog_sql_zixforumreplynew | ||
|
SMTP service in MailEnable Standard, Professional, and Enterprise before ME-10014 (20060904) allows remote attackers to cause a denial of service via an SPF lookup for a domain with a large number of records, which triggers a null pointer exception. |
MailEnable vulnerabilities |
mail_smtp_mailenable mail_smtp_mailenableent mail_smtp_mailenablepro |
||
|
The useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running with MDaemon 9.0.6, and possibly earlier versions, allows remote authenticated domain administrators to gain privileges and obtain access to the system mail queue by modifying the mailbox of the MDaemon user account to use the mailbox of another account. |
AltN WebAdmin vulnerabilities |
mail_web_mdaemonwebadminver | ||
|
CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI. |
Mailman vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_misc_mailman | ||
|
PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Heap-based buffer overflow in alwil avast! Anti-virus Engine before 4.7.869 allows remote attackers to execute arbitrary code via a crafted LHA file that contains extended headers with file and directory names whose concatenation triggers the overflow. |
Avast vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_avast | ||
|
Cross-site scripting (XSS) vulnerability in index.php in VBZooM allows remote attackers to inject arbitrary web script or HTML via the UserID parameter, a different vector than CVE-2006-1133 and CVE-2005-2441. |
VBZooM vulnerabilities |
web_prog_php_vbzoomver | ||
|
Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors. |
Flash vulnerabilities MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_flash misc_macosx_patch_secupd2006006 misc_macosx_version |
||
|
Directory traversal vulnerability in Redirect.bat in IBM Director before 5.10 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the file parameter. |
IBM Director vulnerabilities |
web_tool_ibmdirectordt | ||
|
Multiple unspecified vulnerabilities in IBM Director before 5.10 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving (1) malformed WMI CIM server requests and (2) malformed packets. |
IBM Director vulnerabilities |
web_tool_ibmdirectordt | ||
|
IBM Director before 5.10 allows remote attackers to obtain sensitive information from HTTP headers via HTTP TRACE. |
IBM Director vulnerabilities |
web_tool_ibmdirectordt | ||
|
The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458. |
Zope vulnerabilities |
web_dev_zope | ||
|
The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains. |
Microsoft Office vulnerabilities Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_officexmlcore win_patch_xmlcore |
||
|
Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page. |
Microsoft Office vulnerabilities Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_officexmlcore win_patch_xmlcore |
||
|
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_directanim | ||
|
Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability." |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_netwaredrv | ||
|
Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability." |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_netwaredrv | ||
|
Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_workstationrce | ||
|
Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability." |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_objpack | ||
|
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ppt06058 | ||
|
Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability." |
Office Web Components vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_owcace | ||
|
Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability." |
Windows updates needed Note: Authentication is recommended to improve the accuracy of this check |
win_patch_srvsys | ||
|
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_v5 win_patch_ie_v6 win_patch_ie_v7 |
||
|
Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_wmpasx | ||
|
Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability." |
Visual Studio vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vstudioax | ||
|
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded space, as demonstrated using "java& #115;cript," a different vulnerability than CVE-2006-3761. |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF]). |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ColdFusion MX 7 and 7.01 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors involving a crafted command. |
http Cold Fusion Note: Authentication is recommended to improve the accuracy of this check |
web_prog_cfm_mx | ||
|
Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security restrictions and call components (CFC) within a sandbox from CFML templates that are located outside of the sandbox. |
http Cold Fusion Note: Authentication is recommended to improve the accuracy of this check |
web_prog_cfm_mx | ||
|
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 through 7.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a ColdFusion error page. |
http Cold Fusion Note: Authentication is recommended to improve the accuracy of this check |
web_prog_cfm_mx | ||
|
Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash). |
SQLLedger vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_cgi_sqlledger | ||
|
WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive information via a direct request for (1) 404.php, (2) akismet.php, (3) archive.php, (4) archives.php, (5) attachment.php, (6) blogger.php, (7) comments.php, (8) comments-popup.php, (9) dotclear.php, (10) footer.php, (11) functions.php, (12) header.php, (13) hello.php, (14) wp-content/themes/default/index.php, (15) links.php, (16) livejournal.php, (17) mt.php, (18) page.php, (19) rss.php, (20) searchform.php, (21) search.php, (22) sidebar.php, (23) single.php, (24) textpattern.php, (25) upgrade-functions.php, (26) upgrade-schema.php, or (27) wp-db-backup.php, which reveal the path in various error messages. NOTE: another researcher has disputed the details of this report, stating that version 2.0.5 does not exist. NOTE: the admin-footer.php, admin-functions.php, default-filters.php, edit-form-advanced.php, edit-link-form.php, edit-page-form.php, kses.php, locale.php, rss-functions.php, template-loader.php, and wp-db.php vectors are already covered by CVE-2006-0986. The edit-form-comment.php, vars.php, and wp-settings.php vectors are already covered by CVE-2005-4463. The menu-header.php vector is already covered by CVE-2005-2110. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpATM) 1.20 allow remote attackers to execute arbitrary PHP code via the include_location parameter in (1) activate.php, (2) configure.php, (3) fileop.php, (4) getimg.php, (5) ipblocked.php, (6) register.php, (7) showrecent.php, (8) showtophits.php, (9) usrmanag.php, (10) viewer_bottom.php, (11) viewer_content.php, and (12) viewer_top.php. NOTE: The login.php and confirm.php vectors are already covered by CVE-2006-4594. |
phpATM vulnerabilities |
web_prog_php_atmver | ||
|
phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00. |
phpBB vulnerabilities |
web_prog_php_bbver | ||
|
Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_directanim | ||
|
SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history. |
SQLLedger vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_cgi_sqlledger | ||
|
epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in Wireshark (formerly Ethereal) 0.9.8 through 0.99.3 allows remote attackers to cause a denial of service (memory consumption and crash) via an encoded XOT packet that produces a zero length value when it is decoded. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_ethereal net_wireshark |
||
|
Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c). |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Heap-based buffer overflow in Opera 9.0 and 9.01 allows remote attackers to execute arbitrary code via a long URL in a tag (long link address). |
Opera vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_opera9 | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in David Czarnecki Blojsom 2.31 allow remote attackers to inject arbitrary web script or HTML via the (1) blog-category-description, (2) blog-entry-title, (3) rss-enclosure-url, (4) technorati-tagsi, or (5) blog-category-name parameter in a blog post. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter. |
Claroline vulnerabilities |
web_prog_php_clarolinever web_prog_php_dokeosver |
||
|
Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands. |
WS FTP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
ftp_wsftpver | ||
|
Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_vml | ||
|
The NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 does not properly check for chained commands, which allows remote attackers to execute arbitrary commands by appending malicious commands to valid commands. |
Veritas NetBackup vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_netbackupbpcd | ||
|
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector. |
MacOSX vulnerabilities OpenSSH vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version shell_ssh_openssh |
||
|
packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL. |
OpenSSH vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
shell_ssh_openssh | ||
|
The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB. |
Symantec vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_symantec_naveng | ||
|
Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allows remote attackers to gain read-write access via a hard-coded cable-docsis community string and read or modify arbitrary SNMP variables. |
Cisco IOS SNMP access |
net_snmp_ios | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.20.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving (1) taarchives.cgi, (2) ttaAuthentication.jsp, (3) ttalicense.cgi, (4) ttawlogin.cgi, (5) ttawebtop.cgi, (6) ttaabout.cgi, or (7) test-cgi. NOTE: This information is based upon a vague initial disclosure. Details will be updated as they become available. |
Sun Secure Global Desktop vulnerabilities |
web_prog_cgi_tarantella | ||
|
Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.3 allows remote attackers to obtain sensitive information, including hostnames, versions, and settings details, via unspecified vectors, possibly involving (1) taarchives.cgi, (2) ttaAuthentication.jsp, (3) ttalicense.cgi, (4) ttawlogin.cgi, (5) ttawebtop.cgi, (6) ttaabout.cgi, or (7) test-cgi. NOTE: This information is based upon a vague initial disclosure. Details will be updated as they become available. |
Sun Secure Global Desktop vulnerabilities |
web_prog_cgi_tarantella | ||
|
Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message. |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter. |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts. |
Python vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_python | ||
|
Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote authenticated attack vectors via the (1) XCRC, (2) XMD5, and (3) XSHA1 commands. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue. |
WS FTP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
ftp_wsftpver | ||
|
Unspecified vulnerability in the log analyzer in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, prevents certain sensitive information from being displayed in the (1) Files and (2) Summary tabs. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue. |
WS FTP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
ftp_wsftpver | ||
|
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. |
MacOSX vulnerabilities OpenSSH vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version shell_ssh_openssh |
||
|
Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort." |
MacOSX vulnerabilities OpenSSH vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version shell_ssh_openssh |
||
|
Cross-site scripting (XSS) vulnerability in Elog 2.6.1 allows remote attackers to inject arbitrary web script or HTML by editing log entries in HTML mode. |
ELOG vulnerabilities |
web_server_elog | ||
|
SQL injection vulnerability in global.php in Jelsoft vBulletin 2.x allows remote attackers to execute arbitrary SQL commands via the templatesused parameter. |
vBulletin vulnerabilities |
web_prog_sql_vbulletin | ||
|
Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter in admin/forgot_pass.php, (2) the order_id parameter in view_order.php, (3) the view_doc parameter in view_doc.php, and (4) the order_id parameter in admin/print_order.php. |
CubeCart vulnerabilities |
web_prog_sql_cubecartforgot | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to inject arbitrary web script or HTML via the order_id parameter in (1) admin/print_order.php and (2) view_order.php; the (3) site_url and (4) la_search_home parameters and (5) certain language parameters in admin/nav.php; the (6) image parameter in admin/image.php; the (7) site_name, (8) la_adm_header, (9) charset, and (10) certain other parameters in admin/header.inc.php; the (12) la_pow_by parameter in footer.inc.php; and the (13) site_name parameter and (14) certain other parameters in header.inc.php. |
CubeCart vulnerabilities |
web_prog_sql_cubecartforgot | ||
|
Devellion CubeCart 2.0.x allows remote attackers to obtain sensitive information via a direct request for (1) link_navi.php or (2) spotlight.php, which reveals the path in various error messages. NOTE: the information.php, language.php, list_docs.php, popular_prod.php, sale.php, check_sum.php, and cat_navi.php vectors are already covered by CVE-2005-0607. |
CubeCart vulnerabilities |
web_prog_sql_cubecartforgot | ||
|
Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote attackers to execute arbitrary code via a long HTTP GET request. |
NaviCOPA vulnerabilities |
web_server_navicopaver | ||
|
Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. NOTE: the PHP unset function vector is covered by CVE-2006-3017. |
phpMyAdmin vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver | ||
|
phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files. |
phpMyAdmin vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver | ||
|
Multiple PHP remote file inclusion vulnerabilities in Albrecht Guenther PHProjekt 5.1.x before 5.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lib_path or (2) lang_path parameter in unspecified files, related to code changes intended to fix inclusion, a different vulnerability than CVE-2002-0451, CVE-2006-4204, and CVE-2006-4609. |
PHProjekt vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_phprojektver | ||
|
PHP remote file inclusion vulnerability in index.php in John Himmelman (aka DaRk2k1) PowerPortal 1.3a allows remote attackers to execute arbitrary PHP code via a URL in the file_name[] parameter. |
PowerPortal vulnerabilities |
web_prog_php_powerportalrfi | ||
|
Multiple PHP remote file inclusion vulnerabilities in ubbt.inc.php in Groupee UBB.threads 6.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[thispath] or (2) GLOBALS[configdir] parameter. |
UBB threads vulnerabilities |
web_prog_php_ubb | ||
|
Multiple direct static code injection vulnerabilities in Groupee UBB.threads 6.5.1.1 allow remote attackers to (1) inject PHP code via a theme[] array parameter to admin/doedittheme.php, which is injected into includes/theme.inc.php; (2) inject PHP code via a config[] array parameter to admin/doeditconfig.php, and then execute the code via includes/config.inc.php; and inject a reference to PHP code via a URL in the config[path] parameter, and then execute the code via (3) dorateuser.php, (4) calendar.php, and unspecified other scripts. |
UBB threads vulnerabilities |
web_prog_php_ubb | ||
|
Groupee UBB.threads 6.5.1.1 allows remote attackers to obtain sensitive information via a direct request for cron/php/subscriptions.php, which reveals the path in an error message. |
UBB threads vulnerabilities |
web_prog_php_ubb | ||
|
Stack-based buffer overflow in CA BrightStor ARCserve Backup R11.5 client and server allows remote attackers to execute arbitrary code via long messages to the CheyenneDS Mailslot. |
ARCserve vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_arcservehostname | ||
|
Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service. |
ARCserve vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_arcservehostname | ||
|
PHP remote file inclusion vulnerability in cp/sig.php in DeluxeBB 1.09 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the templatefolder parameter. |
DeluxeBB vulnerabilities |
web_prog_php_deluxebbver | ||
|
Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header. |
McAfee ePolicy Orchestrator Note: Authentication is required to detect this vulnerability unless dangerous checks are enabled |
web_tool_epolicyver web_tool_mcafeehttpheader web_tool_protectionpilotver |
||
|
Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the "Management Console's Remote Client Install name search". |
Trend Micro OfficeScan Note: Authentication is required to detect this vulnerability |
misc_av_trendmicro_atxconsole | ||
|
Buffer overflow in NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to execute arbitrary code via "the signature field of NTLM Type 1 messages". |
MailEnable vulnerabilities |
mail_smtp_mailenableent mail_smtp_mailenablepro |
||
|
The NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to (1) execute arbitrary code via unspecified vectors involving crafted base64 encoded NTLM Type 3 messages, or (2) cause a denial of service via crafted base64 encoded NTLM Type 1 messages, which trigger a buffer over-read. |
MailEnable vulnerabilities |
mail_smtp_mailenableent mail_smtp_mailenablepro |
||
|
Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. (dot dot) sequences, and then unlinking the resulting symlink. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 before build 7245 allows remote attackers to execute arbitrary code via unspecified "unsafe methods." |
WinZip vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_compress_winzip | ||
|
Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage Forums" link in the Admin control panel. |
Invision Power Board |
web_prog_php_ipbversion | ||
|
Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin. |
Invision Power Board |
web_prog_php_ipbversion | ||
|
Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the dir parameter in (1) index.php and (2) forum/index.php, when the viewimage command in the gallery module is used. |
SQL injection |
web_prog_sql_invisiongalleryalbum | ||
|
SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used. |
SQL injection |
web_prog_sql_invisiongalleryalbum | ||
|
Directory traversal vulnerability in IronWebMail before 6.1.1 HotFix-17 allows remote attackers to read arbitrary files via a GET request to the IM_FILE identifier with double-url-encoded "../" sequences ("%252e%252e/"). |
IronMail vulnerabilities |
mail_web_ironwebmail | ||
|
Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users. |
X11 vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_x11 | ||
|
Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and Forefront Security, allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file. |
Microsoft Malware Protection Engine vulnerabilities Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_mpe_antigenexchange win_patch_mpe_antigensmtp win_patch_mpe_forefrontexchange win_patch_mpe_forefrontsharepoint win_patch_mpe_onecarever win_patch_mpe_windefenderver win_patch_mpepdf |
||
|
Integer underflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted UDP packet, which causes stack corruption. |
McAfee ePolicy Orchestrator |
web_tool_mcafeecmaver | ||
|
Stack-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted ping packet. |
McAfee ePolicy Orchestrator |
web_tool_mcafeecmaver | ||
|
Heap-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 through 3.6.0.453 allows remote attackers to execute arbitrary code via a crafted packet. |
McAfee ePolicy Orchestrator |
web_tool_mcafeecmaver | ||
|
Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 allows remote attackers to cause a denial of service (CMA Framework service crash) and possibly execute arbitrary code via unspecified vectors. |
McAfee ePolicy Orchestrator |
web_tool_mcafeecmaver | ||
|
Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic. |
Snort vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_snort | ||
|
Cisco 2700 Series Wireless Location Appliances before 2.1.34.0 have a default administrator username "root" and password "password," which allows remote attackers to obtain administrative privileges, aka Bug ID CSCsb92893. |
guessed account password |
pass_guessed | ||
|
The ESS/ Network Controller and MicroServer Web Server components of Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265 and 275 allow remote attackers to bypass authentication and execute arbitrary code via "WebUI command injection on TCP/IP hostname." |
Xerox MicroServer vulnerabilities |
web_tool_microsrvver | ||
|
Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to "read an invalid memory location." |
ClamAV vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam misc_av_clamwinupx |
||
|
Unspecified vulnerability in IBM WebSphere Application Server before 6.1.0.2 has unspecified impact and attack vectors, related to a "possible security exposure," aka PK29360. |
WebSphere vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_dev_webspherever | ||
|
The Web Services Notification (WSN) security component of IBM WebSphere Application Server before 6.1.0.2 allows attackers to obtain unspecified access without supplying a username and password, aka PK28374. |
WebSphere vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_dev_webspherever | ||
|
CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used. |
Flash vulnerabilities MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_flash misc_macosx_version |
||
|
Unspecified vulnerability in xdb.dbms_xdbz in the XMLDB component for Oracle Database 9.2.0.6 and 10.1.0.4 has unknown impact and remote authenticated attack vectors, aka Vuln# DB01. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB01 is for PL/SQL injection in the ENABLE_HIERARCHY_INTERNAL procedure. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in Oracle Spatial component in Oracle Database 10.2.0.2 has unknown impact and remote authenticated attack vectors related to "create session" privileges, aka Vuln# DB02. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB02 is for SQL injection in the SDO_DROP_USER_BEFORE package using a Trigger for a DROP USER statement in an anonymous PL/SQL block. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unknown impact and remote authenticated attack vectors related to mdsys.md2, aka Vuln# DB03. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB03 is related to one or more of (1) a buffer overflow in the (a) RELATE function or (2) SQL injection in the (b) TESSELATE_FIXED and (c) TESSELATE function. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to (1) Vuln# DB04 and sys.dbms_cdc_impdp in the (a) Change Data Capture (CDC) component; (2) Vuln# DB07, (3) DB08, and (4) DB16 in sys.dbms_cdc_isubscribe in CDC; and (5) mdsys.sdo_geor_int in the (b) Oracle Spatial component, aka DB12. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that these issues are related to SQL injection in the BUMP_SEQUENCE function (DB04), CREATE_SUBSCRIPTION (DB07), EXTEND_WINDOW_LIST (DB08), SUBSCRIBE (DB16), and COMPRESSDATA (DB12). |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Multiple unspecified vulnerabilities in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and have unknown impact and remote authenticated attack vectors related to (1) sys.dbms_cdc_ipublish (Vuln# DB05) and (2) sys.dbms_cdc_isubscribe (DB06). NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB05 is for SQL injection in CREATE_CHANGE_TABLE and CHANGE_TABLE_TRIGGER, and DB06 is for PL/SQL injection in the PREPARE_UNBOUNDED_VIEW procedure. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 has unknown impact and remote authenticated attack vectors, aka Vuln# DB09. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in the Core RDBMS component in Oracle Database 10.1.0.5 has unknown impact and remote authenticated attack vectors related to sys.dbms_sqltune, aka Vuln# DB10. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB10 is for SQL injection in DROP_SQLSET, DELETE_SQLSET, SELECT_SQLSET, and I_SET_TUNING_PARAMETER. NOTE: some of these vectors might be in DBMS_SQLTUNE_INTERNAL. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and remote authenticated attack vectors related to mdsys.sdo_geom, aka Vuln# DB11. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB11 is related to "length checking" in the RELATE function before MD2.RELATE is called. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 have unknown impact and remote authenticated attack vectors related to (1) mdsys.sdo_lrs, aka Vuln# DB13, and (2) Vuln# DB17. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB13 is related to bypassing input validation for SQL injection related to convert_to_lrs_layer and dbms_assert, and DB17 is related to SQL injection in the trigger in the SDO_DROP_USER package. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Multiple unspecified vulnerabilities in XMLDB component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.2 have unknown impact and remote authenticated attack vectors, aka (1) Vuln# DB14 and (2) DB15 related to xdb.dbms_xdbz. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB14 is for SQL injection in the PITRIG_DROP and PITRIG_DROPMETADATA functions in XDB_PITRIG_PKG, and DB15 is for SQL injection in DISABLE_HIERARCHY_INTERNAL in DBMS_XDBZ. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.6, and 10.1.0.3 has unknown impact and remote authenticated attack vectors related to mdsys.sdo_tune, aka Vuln# DB18. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB18 might be related to SQL injection in the EXTENT_OF function. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in Database Scheduler component in Oracle Database 10.1.0.3 has unknown impact and remote authenticated attack vectors related to sys.dbms_scheduler, aka Vuln# DB19. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Multiple unspecified vulnerabilities in Oracle Spatial component in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 have unknown impact and remote authenticated attack vectors related to (1) mdsys.sdo_3gl, aka Vuln# DB20, and (2) mdsys.sdo_cs, aka DB21. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB20 is a buffer overflow in GEOM_OPERATION, and DB21 is related to a buffer overflow and SQL injection in TRANSFORM_LAYER. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in Oracle Spatial component in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and remote authenticated attack vectors related to mdsys.sdo_geom, aka Vuln# DB22. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB22 is related to "length checking" in the RELATE function before MD2.RELATE is called. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, as used in Oracle Collaboration Suite 9.0.4.2 and Oracle E-Business Suite and Applications 11.5.10CU2, has unknown impact and remote attack vectors related to htdigest, aka Vuln# OHS02. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle Collaboration Suite 9.0.4.2 has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln# OHS04. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in Oracle HTTP Server component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, and Oracle Collaboration Suite 9.0.4.2 and 10.1.2, has unknown impact and remote attack vectors related to the Mod_rewrite Module, aka Vuln# OHS01. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and 10.1.0.5, Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0, racle Collaboration Suite 9.0.4.2 and 10.1.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote attack vectors, aka Vuln# OHS06. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in Oracle Single Sign-On component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.1.0, Collaboration Suite 9.0.4.2 and 10.1.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote attack vectors, aka Vuln# SSO01. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in Oracle Containers for J2EE component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.1.0, and Collaboration Suite 9.0.4.2 and 10.1.2, has unknown impact and remote attack vectors, aka Vuln# OC4J02. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in Oracle HTTP Server component in Oracle Application Server 10.1.2.0.1, 10.1.2.0.2, and 10.1.2.1.0 has unknown impact and remote attack vectors related to the PHP Module, aka Vuln# OHS03. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in Oracle Forms component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2 has unknown impact and remote attack vectors, aka Vuln# FORM01. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Multiple unspecified vulnerabilities in Oracle Reports Developer component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and Oracle E-Business Suite and Applications 11.5.10CU2, have unknown impact and remote attack vectors, aka Vuln# (1) REP01 and (2) REP02. NOTE: as of 20061027, Oracle has not disputed reports from a reliable researcher that these issues are related to (a) showenv and (b) parsequery for REP01, and (c) cellwrapper and (d) delimiter for REP02. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in Oracle Forms component in Oracle Application Server 9.0.4.2 has unknown impact and remote attack vectors, aka Vuln# FORM03. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in Oracle Containers for J2EE in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.1, and Oracle Collaboration Suite 9.0.4.2 and 10.1.2, has unknown impact and remote attack vectors, aka Vuln# OC4J03. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in Oracle Containers for J2EE component in Oracle Application Server 10.1.3.0.0 has unknown impact and remote attack vectors, aka Vuln# OC4J04. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in Oracle Single Sign-On component in Oracle Application Server 10.1.2.0.1 and Collaboration Suite 10.1.2 has unknown impact and remote attack vectors, aka Vuln# SSO02. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in Oracle Containers for J2EE component in Oracle Application Server 9.0.4.1 and 10.1.2.0.2, and Collaboration Suite 10.1.2, has unknown impact and remote authenticated attack vectors, aka Vuln# OC4J05. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in Oracle Forms in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and E-Business Suite and Applications 11.5.10CU2, has unknown impact and remote attack vectors, aka Vuln# FORM02. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
SQL injection vulnerability in comments.php in Simplog 0.9.3.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter. |
Simplog vulnerabilities |
web_prog_sql_simplogcid | ||
|
McAfee Network Agent (mcnasvc.exe) 1.0.178.0, as used by multiple McAfee products possibly including Internet Security Suite, Personal Firewall Plus, and VirusScan, allows remote attackers to cause a denial of service (agent crash) via a long packet, possibly because of an invalid string position field value. NOTE: some of these details are obtained from third party information. |
McAfee Security Center vulnerabilities |
misc_av_mcafeenados | ||
|
Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow. |
Asterisk vulnerabilities |
net_asteriskskinny | ||
|
Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary. |
Asterisk vulnerabilities Note: Authentication is required to detect this vulnerability |
net_asterisk | ||
|
Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. |
ImageMagick vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_imagemagick | ||
|
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_mozilla web_client_seamonkey |
||
|
Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_mozilla web_client_seamonkey |
||
|
Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) via unspecified vectors. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_mozilla web_client_seamonkey |
||
|
Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions. |
MacOSX vulnerabilities PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_patch_secupd2006007 web_prog_php_version |
||
|
The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID. |
MacOSX vulnerabilities Ruby vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version web_dev_ruby |
||
|
Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via unspecified vectors. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_ethereal net_wireshark |
||
|
Unspecified vulnerability in the WBXML dissector in Wireshark (formerly Ethereal) 0.10.11 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger a null dereference. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_ethereal net_wireshark |
||
|
Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed. |
Drupal vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal | ||
|
Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors. |
Drupal vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal | ||
|
Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissions to be redirected, which allows remote attackers to obtain arbitrary form information via a crafted URL. |
Drupal vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal | ||
|
Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overflow in the BuildRedirectURL function; or vectors related to a username containing a . (dot) character in the (2) SMTP, (3) POP, (4) IMAP, (5) HTTP, or (6) Networked Messaging Application Protocol (NMAP) Netmail services. |
Novell eDirectory HTTP |
web_tool_edirectoryredir | ||
|
The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote attackers to cause an unspecified denial of service via a certain "NCP Fragment." |
Novell eDirectory |
misc_edirectory881 | ||
|
SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 and earlier, and other products, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents Tectia from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339. |
SSH Tectia vulnerabilities |
shell_ssh_tectia | ||
|
Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System Messaging Server 6.0 through 6.2 and iPlanet Messaging Server 5.2 allows remote attackers to execute arbitrary Javascript via crafted messages. |
Sun ONE Messaging Server vulnerabilities Sun Java System Messaging Server vulnerabilities |
mail_smtp_iplanet mail_smtp_sjsms |
||
|
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page. |
Serendipity vulnerabilities |
web_prog_php_serendipity | ||
|
Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the downloadFileDirectory property, a different vulnerability than CVE-2006-5502. |
AOL vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_aol_ygpactivexbo2 | ||
|
Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the AddPictureNoAlbum method, a different vulnerability than CVE-2006-5501. |
AOL vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_aol_ygpactivexbo2 | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scripts/dosetmytheme and the (2) template parameter to scripts2/editzonetemplate. |
Cross site scripting |
web_prog_cgi_cpanelxss2 | ||
|
Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getpage parameter. |
Network Device web interface |
net_webcm | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allow remote attackers to inject arbitrary web script or HTML via the (1) upnp:settings/state or (2) upnp:settings/connection parameters. |
Network Device web interface |
net_webcm | ||
|
backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization." |
PostgreSQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_pgsql | ||
|
backend/parser/parse_coerce.c in PostgreSQL 7.4.1 through 7.4.14, 8.0.x before 8.0.9, and 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via a coercion of an unknown element to ANYARRAY. |
PostgreSQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_pgsql | ||
|
backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) related to duration logging of V3-protocol Execute messages for (1) COMMIT and (2) ROLLBACK SQL statements. |
PostgreSQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_pgsql | ||
|
The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_adodbmemcrpt | ||
|
Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) ultravox-max-msg header to the Ultravox protocol handler or (2) unspecified Lyrics3 tags. |
Winamp vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_winamp | ||
|
FtpXQ Server 3.0.1 allows remote attackers to cause a denial of service (CPU exhaustion) via a long MKD command. |
FtpXQ vulnerabilities |
ftp_ftpxq | ||
|
FtpXQ Server 3.0.1 installs with two default testing accounts, which allows remote attackers to read or write arbitrary files via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
FtpXQ vulnerabilities |
ftp_ftpxq | ||
|
Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_brgrammar | ||
|
Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5578. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_06dec | ||
|
Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5577. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_06dec | ||
|
Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using JavaScript to cause certain errors simultaneously, which results in the access of previously freed memory, aka "Script Error Handling Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_06dec | ||
|
Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via certain DHTML script functions, such as normalize, and "incorrectly created elements" that trigger memory corruption, aka "DHTML Script Function Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_06dec | ||
|
Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability." |
Windows SNMP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
net_snmp_windows | ||
|
The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS. |
TFTP file access |
ftp_tftpwritems | ||
|
The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability." |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_csrssmanifest | ||
|
The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability." |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_gdi07017 | ||
|
Directory traversal vulnerability in the SSL server in AEP Smartgate 4.3b allows remote attackers to download arbitrary files via ..\ (dot dot backslash) sequences in an HTTP GET request. |
http server read access |
web_server_read | ||
|
Directory traversal vulnerability in /cgi-bin/webcm in INCA IM-204 allows remote attackers to read arbitrary files via a "/./." (modified dot dot) sequences in the getpage parameter. |
Network Device web interface |
net_webcm | ||
|
Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference. |
Windows updates needed Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
win_patch_natdnsdos | ||
|
Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when "Enabled scanning of archives" is set, allows remote attackers to cause a denial of service (infinite loop) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero. |
Sophos Antivirus vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_sophossit | ||
|
Heap-based buffer overflow in Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when archive scanning is enabled, allows remote attackers to trigger a denial of service (memory corruption) via a CHM file with an LZX decompression header that specifies a Window_size of 0. |
Sophos Antivirus vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_sophossit | ||
|
Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a malformed CHM file with a large name length in the CHM chunk header, aka "CHM name length memory consumption vulnerability." |
Sophos Antivirus vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_sophossit | ||
|
The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar. |
AOL ICQ vulnerability Note: Authentication is required to detect this vulnerability |
misc_aol_icqphone | ||
|
Cross-site scripting (XSS) vulnerability in the errorHTML function in the index script in Sun Java System Messenger Express 6 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers a new CVE was assigned. |
Sun Java System Messenger Express vulnerabilities |
mail_web_sjsme | ||
|
Cross-site scripting (XSS) vulnerability in nquser.php in VIRtech Netquery allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. |
Cross site scripting |
web_prog_php_netqueryxss | ||
|
Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted UFS filesystem that causes invalid or large size parameters to be provided to the kmem_alloc function. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006008 | ||
|
Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
The Airport driver for certain Orinoco based Airport cards in Darwin kernel 8.8.0 in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via an 802.11 probe response frame without any valid information element (IE) fields after the header, which triggers a heap-based buffer overflow. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006007 | ||
|
Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) Web Server 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) author, (2) content, or (3) title parameters when posting a forum thread. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
Easy File Sharing Web Server |
web_server_efswsver | ||
|
Easy File Sharing (EFS) Web Server 4.0, when running on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of a HTTP GET request, which accesses the alternate data stream. |
Easy File Sharing Web Server |
web_server_efswsver | ||
|
Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data. |
phpMyAdmin vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver | ||
|
Unspecified vulnerability in the LDAP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via a crafted LDAP packet. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_ethereal net_wireshark |
||
|
Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_ie_xmlsetrequestheader | ||
|
Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary code via the XML.prototype.hasOwnProperty JavaScript function. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger memory corruption. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_mozilla web_client_seamonkey |
||
|
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified. |
Oracle vulnerabilities Apache vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_httpserver web_server_apache_version |
||
|
The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_gdi07017 | ||
|
OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure. |
OpenLDAP vulnerabilities Note: Authentication is required to detect this vulnerability unless dangerous checks are enabled |
misc_openldap misc_openldapbinddos |
||
|
radexecd.exe in HP OpenView Client Configuraton Manager (CCM) does not require authentication before executing commands in the installation directory, which allows remote attackers to cause a denial of service (reboot) by calling radbootw.exe or create arbitrary files by calling radcrecv. |
HP OpenView Radia |
misc_radiacmdexec | ||
|
War FTP Daemon (WarFTPd) 1.82.00-RC11 allows remote authenticated users to cause a denial of service via a large number of "%s" format strings in (1) CWD, (2) CDUP, (3) DELE, (4) NLST, (5) LIST, (6) SIZE, and possibly other commands. NOTE: it is possible that vector 1 is an off-by-one variant or incomplete fix of CVE-2005-0312. |
WarFTPd server vulnerabilities |
ftp_warftpd | ||
|
Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) an entry with an attachment whose name contains format string specifiers (el_submit function), and possibly other vectors in the (2) receive_config, (3) show_rss_feed, (4) show_elog_list, (5) show_logbook_node, and (6) server_loop functions. |
ELOG vulnerabilities |
web_server_elog | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the filename for downloading, which is not quoted in an error message by the send_file_direct function, and (2) the Type or Category values in a New entry, which is not properly handled in an error message by the submit_elog function. |
ELOG vulnerabilities |
web_server_elog | ||
|
The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks that trigger an out-of-bounds read. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist. |
OpenSSH vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
shell_ssh_openssh | ||
|
Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlist.php in XOOPS 1.0 allows remote attackers to inject arbitrary web script or HTML via the newdownloadshowdays parameter. |
Cross site scripting |
web_prog_php_xoops4 | ||
|
Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit." |
ProFTPD vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
ftp_proftp | ||
|
Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before 6.5.5 FP2 and 7.x before 7.0.2 allow local users to gain privileges and execute arbitrary code via unspecified vectors. |
Lotus Domino SMTP vulnerability |
mail_smtp_domino | ||
|
Verity Ultraseek before 5.7 allows remote attackers to use the server as a proxy for web attacks and host scanning via a direct request to the highlight/index.html script. |
Ultraseek vulnerabilities |
web_tool_ultraseek | ||
|
Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption. |
Citrix MetaFrame IMA vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_citriximabo | ||
|
Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long CONNECT_OPTIONS request, a different issue than CVE-2006-6222. |
Veritas NetBackup vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_netbackupbpcd | ||
|
Buffer overflow in Texas Imperial Software WFTPD Pro Server 3.23.1.1 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via crafted APPE commands that contain "/" (slash) or "\" (backslash) characters. |
WFTPD vulnerabilities |
ftp_wftpd | ||
|
The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file. |
Lotus NotesRPC vulnerability |
misc_notesrpc | ||
|
The fpathconf syscall function in bsd/kern/kern_descrip.c in the Darwin kernel (XNU) 8.8.1 in Apple Mac OS X allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a file descriptor with an unrecognized file type. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Multiple buffer overflows in the Spooler service (nwspool.dll) in Novell Netware Client 4.91 through 4.91 SP2 allow remote attackers to execute arbitrary code via a long argument to the (1) EnumPrinters and (2) OpenPrinter functions. |
Novell Print Services vulnerabilities Note: Authentication is required to detect this vulnerability |
printer_novellclient | ||
|
Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in (1) the language field at logon that begins with a 0x18 byte, (2) two unspecified parameters to the SmExecuteWdsfSession function, and (3) the contact field in an open registration message. |
Tivoli Storage Manager Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_tivoliadsm | ||
|
Stack-based buffer overflow in the Adobe Download Manager before 2.2 allows remote attackers to execute arbitrary code via a long section name in the dm.ini file, which is populated via an AOM file. |
Adobe Download Manager vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_adobedm | ||
|
Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering. |
Adobe Acrobat vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_acrobat misc_acroread |
||
|
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm. |
http Cold Fusion Note: Authentication is recommended to improve the accuracy of this check |
web_prog_cfm_mx | ||
|
Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors. |
JRun vulnerabilities Note: Authentication is required to detect this vulnerability |
web_dev_jrun_xss | ||
|
The Independent Management Architecture (IMA) service (ImaSrv.exe) in Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to cause a denial of service (service exit) via a crafted packet that causes the service to access an unmapped memory address and triggers an unhandled exception. |
Citrix MetaFrame IMA vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_citriximabo | ||
|
fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image. |
ImageMagick vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_imagemagick | ||
|
Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records. |
OpenOffice vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_openoffice | ||
|
login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program. |
SQLLedger vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_cgi_sqlledger | ||
|
Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference. |
ClamAV vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam | ||
|
Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver 3.50.21.10, as used in Cisco Linksys WPC300N Wireless-N Notebook Adapter before 4.100.15.5 and other products, allows remote attackers to execute arbitrary code via an 802.11 response frame containing a long SSID field. |
Broadcom wireless vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_wireless_broadcom | ||
|
Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_directanim | ||
|
Buffer overflow in Mercury Mail Transport System 4.01b for Windows has unknown impact and attack vectors, as originally reported in a GLEG VulnDisco pack. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The original researcher is reliable. |
Mercury vulnerabilities |
mail_imap_mercury | ||
|
Verity Ultraseek before 5.7 allows remote attackers to obtain sensitive information via direct requests with (1) a null ("%00") terminated url parameter to help/urlstatusgo.html; or missing parameters to (2) help/header.html, (3) help/footer.html, (4) spell.html, (5) coreforma.html, (6) daterange.html, (7) hits.html, (8) hitsnavbottom.html, (9) indexform.html, (10) indexforma.html, (11) languages.html, (12) nohits.html, (13) onehit1.html, (14) onehit2.html, (15) query.html, (16) queryform0.html, (17) queryform0a.html, (18) queryform1.html, (19) queryform1a.html, (20) queryform2.html, (21) queryform2a.html, (22) quicklinks.html, (23) relatedtopics.html, (24) signin.html, (25) subtopics.html, (26) thesaurus.html, (27) topics.html, (28) hitspagebar.html, (29) highlight/highlight.html, (30) highlight/highlight_one.html, and (31) highlight/topnav.html, which leaks the installation path in the resulting error message. |
Ultraseek vulnerabilities |
web_tool_ultraseek | ||
|
Absolute path traversal vulnerability in admin/logfile.txt in Verity Ultraseek before 5.6.2 allows remote attackers to read arbitrary files via the name variable. |
Ultraseek vulnerabilities |
web_tool_ultraseek | ||
|
Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vulnerability than CVE-2006-6456. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_office2004macver win_patch_word2000 win_patch_word2003 win_patch_wordfkp win_patch_wordxp |
||
|
wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11.1.3, and Helix DNA Server 11.0 and 11.1, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a DESCRIBE request that contains an invalid LoadTestPassword field. |
RealServer vulnerabilities |
misc_helixdnaserver misc_helixserver |
||
|
Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the LoadFile method in an AcroPDF ActiveX control. |
Adobe Acrobat vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_acrobat misc_acroread |
||
|
Multiple cross-site scripting (XSS) vulnerabilities in admincp/index.php in Jelsoft vBulletin 3.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the prefs parameter in a buildnavprefs action or (2) the navprefs parameter in a savenavprefs action. |
vBulletin vulnerabilities |
web_prog_php_vbulletin | ||
|
Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for NetGear MA521 PCMCIA adapter allows remote attackers to execute arbitrary code via (1) beacon or (2) probe 802.11 frame responses with an long supported rates information element. NOTE: this issue was reported as a "memory corruption" error, but the associated exploit code suggests that it is a buffer overflow. |
NetGear wireless vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_wireless_netgear | ||
|
com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via a malformed DMG image that triggers memory corruption. NOTE: the severity of this issue has been disputed by a third party, who states that the impact is limited to a denial of service (kernel panic) due to a vm_fault call with a non-aligned address. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a malformed UDTO HFS+ disk image, such as with "bad sectors," which triggers memory corruption. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to execute arbitrary code via certain RPC requests to TCP port 6502. |
ARCserve vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_arcservetape | ||
|
The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password. |
Mozilla vulnerabilities Netscape Navigator vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_netscape web_client_seamonkey |
||
|
GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216. |
GNU tar vulnerabilities MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_compress_tar misc_macosx_version |
||
|
Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data structures. |
X11 vulnerabilities X Font Server vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_x11 misc_xfs |
||
|
Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures. |
X11 vulnerabilities X Font Server vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_x11 misc_xfs |
||
|
Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures. |
X11 vulnerabilities X Font Server vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_x11 misc_xfs |
||
|
Heap-based buffer overflow in the wireless driver (WG311ND5.SYS) 2.3.1.10 for NetGear WG311v1 wireless adapter allows remote attackers to execute arbitrary code via an 802.11 management frame with a long SSID. |
NetGear wireless vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_wireless_netgearwg311 | ||
|
Apple Mac OS X kernel allows local users to cause a denial of service via a process that uses kevent to register a queue and an event, then fork a child process that uses kevent to register an event for the same queue as the parent. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Integer overflow in the fatfile_getarch2 in Apple Mac OS X allows local users to cause a denial of service and possibly execute arbitrary code via a crafted Mach-O Universal program that triggers memory corruption. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Apple Mac OS X AppleTalk allows local users to cause a denial of service (kernel panic) by calling the AIOCREGLOCALZN ioctl command with a crafted data structure on an AppleTalk socket. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file. |
Visual Studio vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vstudiorpt | ||
|
Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_wmpasx | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter." |
SquirrelMail vulnerabilities MacOSX vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_web_squirrel misc_macosx_version |
||
|
The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. |
Kerberos detected MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_kerberospkg misc_macosx_version |
||
|
The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers. |
Kerberos detected Note: Authentication is required to detect this vulnerability |
misc_kerberospkg | ||
|
Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt. |
GnuPG vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_gnupg misc_gnupgsmime |
||
|
Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815. |
ProFTPD vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
ftp_proftp | ||
|
ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability |
ProFTPD vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
ftp_proftp | ||
|
Buffer overflow in the shared_region_make_private_np function in vm/vm_unix.c in Mac OS X 10.4.6 and earlier allows local users to execute arbitrary code via (1) a small range count, which causes insufficient memory allocation, or (2) a large number of ranges in the shared_region_make_private_np_args parameter. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Directory traversal vulnerability in lib/FBView.php in Horde Kronolith H3 before 2.0.7 and 2.1.x before 2.1.4 allows remote attackers to include arbitrary files and execute PHP code via a .. (dot dot) sequence in the view parameter. |
Horde application vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_hordekrono | ||
|
Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1087 allows remote attackers to execute arbitrary code via unknown attack vectors. |
Trend Micro OfficeScan Note: Authentication is required to detect this vulnerability |
misc_av_trendmicro_wizard | ||
|
Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\CgiRemoteInstall.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1089 allows remote attackers to execute arbitrary code via unknown attack vectors. |
Trend Micro OfficeScan Note: Authentication is required to detect this vulnerability |
misc_av_trendmicro_wizard | ||
|
Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long mode field (aka transporting mode) in a (1) GET or (2) PUT command. |
3CServer vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
ftp_3cservertftp | ||
|
Heap-based buffer overflow in Borland idsql32.dll 5.1.0.4, as used by RevilloC MailServer; 5.2.0.2 as used by Borland Developer Studio 2006; and possibly other versions allows remote attackers to execute arbitrary code via a long SQL statement, related to use of the DbiQExec function. |
BDE vulnerabilities Note: Authentication is required to detect this vulnerability |
database_bde_idsql32 | ||
|
Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart and ASP Plus Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) id2006quant parameter to (a) item_show.asp, or the (2) maingroup or (3) secondgroup parameter to (b) item_list.asp. NOTE: the code_no parameter to Item_Show.asp is covered by CVE-2005-2601. |
SQL injection |
web_prog_sql_itemlist | ||
|
Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long request with a malformed length prefix. |
Veritas NetBackup vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_netbackupbpcd | ||
|
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory. |
GnuPG vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_gnupg misc_gnupgsmime |
||
|
Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the (1) src, (2) setPageMode, (3) setLayoutMode, and (4) setNamedDest methods in an AcroPDF ActiveX control, a different set of vectors than CVE-2006-6027. |
Adobe Acrobat vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_acrobat misc_acroread |
||
|
SQL injection vulnerability in the decode_cookie function in thread.php in Woltlab Burning Board Lite 1.0.2 allows remote attackers to execute arbitrary SQL commands via the threadvisit Cookie parameter. |
Woltlab Burning Board vulnerabilities |
web_prog_php_woltlabbblitever | ||
|
webadmin in MailEnable NetWebAdmin Professional 2.32 and Enterprise 2.32 allows remote attackers to authenticate using an empty password. |
MailEnable vulnerabilities |
mail_web_meadminempty | ||
|
Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and earlier allow remote attackers to read or include arbitrary local files via a .. (dot dot) sequence in the serendipity[charset] parameter in (1) include/lang.inc.php; or to plugins/ scripts (2) serendipity_event_bbcode/serendipity_event_bbcode.php, (3) serendipity_event_browsercompatibility/serendipity_event_browsercompatibility.php, (4) serendipity_event_contentrewrite/serendipity_event_contentrewrite.php, (5) serendipity_event_creativecommons/serendipity_event_creativecommons.php, (6) serendipity_event_emoticate/serendipity_event_emoticate.php, (7) serendipity_event_entryproperties/serendipity_event_entryproperties.php, (8) serendipity_event_karma/serendipity_event_karma.php, (9) serendipity_event_livesearch/serendipity_event_livesearch.php, (10) serendipity_event_mailer/serendipity_event_mailer.php, (11) serendipity_event_nl2br/serendipity_event_nl2br.php, (12) serendipity_event_s9ymarkup/serendipity_event_s9ymarkup.php, (13) serendipity_event_searchhighlight/serendipity_event_searchhighlight.php, (14) serendipity_event_spamblock/serendipity_event_spamblock.php, (15) serendipity_event_spartacus/serendipity_event_spartacus.php, (16) serendipity_event_statistics/serendipity_plugin_statistics.php, (17) serendipity_event_templatechooser/serendipity_event_templatechooser.php, (18) serendipity_event_textile/serendipity_event_textile.php, (19) serendipity_event_textwiki/serendipity_event_textwiki.php, (20) serendipity_event_trackexits/serendipity_event_trackexits.php, (21) serendipity_event_weblogping/serendipity_event_weblogping.php, (22) serendipity_event_xhtmlcleanup/serendipity_event_xhtmlcleanup.php, (23) serendipity_plugin_comments/serendipity_plugin_comments.php, (24) serendipity_plugin_creativecommons/serendipity_plugin_creativecommons.php, (25) serendipity_plugin_entrylinks/serendipity_plugin_entrylinks.php, (26) serendipity_plugin_eventwrapper/serendipity_plugin_eventwrapper.php, (27) serendipity_plugin_history/serendipity_plugin_history.php, (28) serendipity_plugin_recententries/serendipity_plugin_recententries.php, (29) serendipity_plugin_remoterss/serendipity_plugin_remoterss.php, (30) serendipity_plugin_shoutbox/serendipity_plugin_shoutbox.php, and and (31) serendipity_plugin_templatedropdown/serendipity_plugin_templatedropdown.php. |
Serendipity vulnerabilities |
web_prog_php_serendipity | ||
|
SQL injection vulnerability in system/core/profile/profile.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote authenticated users to execute arbitrary SQL commands via a url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif" followed by a double-encoded NULL and ' (apostrophe) (%2500%2527). |
SQL injection |
web_prog_sql_ldupolls | ||
|
HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors. |
Sun ONE Web Proxy Note: Authentication is recommended to improve the accuracy of this check |
web_proxy_sunone | ||
|
Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the wbb_userid parameter to the top-level URI. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in wBB Lite. |
Woltlab Burning Board vulnerabilities |
web_prog_php_woltlabbblitever | ||
|
Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.82 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.30 and 2.0 through 2.33 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a long argument to the (1) EXAMINE or (2) SELECT command. |
MailEnable vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_imap_mailenable mail_imap_mailenableent |
||
|
Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.83 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.40 and 2.0 through 2.33, allows remote authenticated users to cause a denial of service (crash) via a long argument containing * (asterisk) and ? (question mark) characters to the DELETE command, as addressed by the ME-10020 hotfix. |
MailEnable vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_imap_mailenable mail_imap_mailenableent |
||
|
Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management (ZAM) before SP1 IR11 and the Collection client allows remote attackers to execute arbitrary code via crafted packets, which trigger a heap-based buffer overflow. |
Novell ZENworks Asset Management vulnerabilities |
misc_zenworksasset | ||
|
The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467. |
MacOSX vulnerabilities Ruby vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version web_dev_ruby |
||
|
The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to O_EXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump. |
VMWare ESX vulnerabilities |
misc_esxbuild | ||
|
Stack-based buffer overflow in net80211/ieee80211_wireless.c in MadWifi before 0.9.2.1 allows remote attackers to execute arbitrary code via unspecified vectors, related to the encode_ie and giwscan_cb functions. |
MadWifi vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_wireless_madwifi | ||
|
Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a DataSize parameter that is less than the length of the Data buffer. |
Citrix Neighborhood Agent Note: Authentication is required to detect this vulnerability |
misc_citrixwfica | ||
|
Multiple buffer overflows in Sophos Anti-Virus scanning engine before 2.40 allow remote attackers to execute arbitrary code via (1) a SIT archive with a long filename that is not null-terminated, which triggers a heap-based overflow in veex.dll due to improper length calculation, and (2) a CPIO archive, with a long filename that is not null-terminated, which triggers a stack-based overflow in veex.dll. |
Sophos Antivirus vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_sophossit | ||
|
Heap-based buffer overflow in the Mail Management Server (MAILMA.exe) in Eudora WorldMail 3.1.x allows remote attackers to execute arbitrary code via a crafted request containing successive delimiters. |
WorldMail vulnerabilities |
mail_imap_worldmail | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in templates/link_temp.php in PHPNews 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) url, (2) id, (3) subject, (4) username, or (5) time parameter. |
Cross site scripting |
web_prog_php_newslinktemp | ||
|
Buffer overflow in the BrightStor Backup Discovery Service in multiple CA products, including ARCserve Backup r11.5 SP1 and earlier, ARCserve Backup 9.01 up to 11.1, Enterprise Backup 10.5, and CA Server Protection Suite r2, allows remote attackers to execute arbitrary code via unspecified vectors. |
ARCserve vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_arcservedisc | ||
|
PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. |
ClamAV vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam misc_av_clamwinupx |
||
|
Buffer overflow in an ActiveX control in VMWare 5.5.1 allows local users to execute arbitrary code via a long VmdbDb parameter to the Initialize function. |
VMware vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vmwarewkstnver | ||
|
Stack-based buffer overflow in the IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.35, Professional Edition 1.6 through 1.84, and Enterprise Edition 1.1 through 1.41 allows remote attackers to execute arbitrary code via a pre-authentication command followed by a crafted parameter and a long string, as addressed by the ME-10025 hotfix. |
MailEnable vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_imap_mailenable mail_imap_mailenableent |
||
|
Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow; and (2) via crafted arguments to the STOR command to the Network Messaging Application Protocol (NMAP) daemon, resulting in a stack overflow. |
NetMail vulnerabilities |
mail_imap_netmailneg | ||
|
Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command. |
NetMail vulnerabilities |
mail_imap_netmailneg | ||
|
Buffer overflow in the Novell Distributed Print Services (NDPS) Print Provider for Windows component (NDPPNT.DLL) in Novell Client 4.91 has unknown impact and remote attack vectors. |
Novell Print Services vulnerabilities Note: Authentication is required to detect this vulnerability |
printer_novellndppnt | ||
|
Multiple SQL injection vulnerabilities in dagent/downloadreport.asp in Novell ZENworks Patch Management (ZPM) before 6.3.2.700 allow remote attackers to execute arbitrary SQL commands via the (1) agentid and (2) pass parameters. |
Novell ZENworks Patch Management Note: Authentication is required to detect this vulnerability |
misc_zenworkspm | ||
|
Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_office2004macver win_patch_word2000 win_patch_word2003 win_patch_wordfkp win_patch_wordview2003 win_patch_wordxp |
||
|
Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006-6406. |
ClamAV vulnerabilities MacOSX vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam misc_av_clamwinupx misc_macosx_version |
||
|
Adobe ColdFusion MX7 allows remote attackers to obtain sensitive information via a URL request (1) for a non-existent (a) JWS, (b) CFM, (c) CFML, or (d) CFC file, which displays the installation path in the resulting error message; or (2) to /CFIDE/administrator/login.cfm without a host, which can reveal the server's internal IP address in an HREF tag. |
http Cold Fusion Note: Authentication is recommended to improve the accuracy of this check |
web_prog_cfm_mx web_prog_cfm_taglibrary |
||
|
Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using "%00script" in a tag. |
http Cold Fusion Note: Authentication is recommended to improve the accuracy of this check |
web_prog_cfm_mx web_prog_cfm_taglibrary |
||
|
The IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.34, Professional Edition 1.6 through 1.83, and Enterprise Edition 1.1 through 1.40 allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a null pointer dereference, as addressed by the ME-10023 hotfix, and a different issue than CVE-2006-6423. NOTE: some details were obtained from third party information. |
MailEnable vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_imap_mailenable mail_imap_mailenableent |
||
|
Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message. |
SupportSoft vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_supportsofttgax | ||
|
Multiple unspecified vulnerabilities in the layout engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown attack vectors. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by setting the CSS cursor to certain images that cause an incorrect size calculation when converting to a Windows bitmap. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) via unknown vectors. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
Multiple heap-based buffer overflows in Mozilla Thunderbird before 1.5.0.9 and SeaMonkey before 1.0.7 allow remote attackers to execute arbitrary code via (1) external message modies with long Content-Type headers or (2) long RFC2047-encoded (MIME non-ASCII) headers. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_seamonkey |
||
|
The "Feed Preview" feature in Mozilla Firefox 2.0 before 2.0.0.1 sends the URL of the feed when requesting favicon.ico icons, which results in a privacy leak that might allow feed viewing services to determine browsing habits. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox | ||
|
Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass Cross-Site Scripting (XSS) protection via vectors related to a Function.prototype regression error. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox | ||
|
Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders. |
Mantis vulnerabilities |
web_prog_php_mantis | ||
|
Unspecified vulnerability in Kerio MailServer before 6.3.1 allows remote attackers to cause a denial of service (segmentation fault and service stop) via certain long LDAP queries, as demonstrated by vd_kms6.pm. |
Kerio MailServer vulnerabilities |
mail_misc_kerioldap | ||
|
Crob FTP Server 3.6.1 b.263 allows remote attackers to cause a denial of service via a long series of "?A" sequences in the (1) LIST and possibly (2) NLST command. |
Crob FTP vulnerabilities |
ftp_crob | ||
|
Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_office2004macver win_patch_word2000 win_patch_word2003 win_patch_wordfkp win_patch_wordview2003 win_patch_wordxp |
||
|
Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value. |
ProFTPD vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
ftp_proftp | ||
|
FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a malformed argument to the STOR command, which results in a NULL pointer dereference. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command. |
FileZilla server vulnerabilities |
ftp_filezilla | ||
|
FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a wildcard argument to the (1) LIST or (2) NLST commands, which results in a NULL pointer dereference, a different set of vectors than CVE-2006-6564. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command. |
FileZilla server vulnerabilities |
ftp_filezilla | ||
|
Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field. |
Mantis vulnerabilities |
web_prog_php_mantis | ||
|
Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long PASS command. NOTE: it was later reported that 4.70 is also affected. NOTE: the USER vector is already covered by CVE-2005-0634. |
Golden FTP vulnerabilities |
ftp_golden ftp_goldendos |
||
|
The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension. NOTE: it was later reported that 3.0 is also affected. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox | ||
|
Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. NOTE: some details were obtained from third party information. |
Yahoo Messenger vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_yahoomsgrymmapi | ||
|
Stack-based buffer overflow in the POP service in MailEnable Standard 1.98 and earlier; Professional 1.84, and 2.35 and earlier; and Enterprise 1.41, and 2.35 and earlier before ME-10026 allows remote attackers to execute arbitrary code via a long argument to the PASS command. |
MailEnable vulnerabilities |
mail_pop_mailenable mail_pop_mailenableent mail_pop_mailenablepassbo mail_pop_mailenablepro |
||
|
IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial of service via a crafted SQLJRA packet, which causes a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL, a different issue than CVE-2006-4257. |
DB2 vulnerabilities |
database_db2ver | ||
|
Buffer overflow in the glob implementation (glob.c) in libc in NetBSD-current before 20050914, NetBSD 2.* and 3.* before 20061203, and Apple Mac OS X before 2007-004, as used by the FTP daemon and tnftpd, allows remote authenticated users to execute arbitrary code via a long pathname that results from path expansion. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Integer overflow in the (a) OLE2 and (b) CHM parsers for ESET NOD32 Antivirus before 1.1743 allows remote attackers to execute arbitrary code via a crafted (1) .DOC or (2) .CAB file that triggers a heap-based buffer overflow. |
NOD32 vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_nod | ||
|
ESET NOD32 Antivirus before 1.1743 allows remote attackers to cause a denial of service (crash) via a crafted .CHM file that triggers a divide-by-zero error. |
NOD32 vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_nod | ||
|
rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector. |
vulnerable web program |
web_prog_php_typo3rce | ||
|
Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_csrss | ||
|
CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter. |
Oracle Portal vulnerabilities |
database_oracle_portalsplit | ||
|
Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. NOTE: the calendar.jsp vector is covered by CVE-2006-6697. |
Oracle Portal vulnerabilities |
database_oracle_portalsplit | ||
|
Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x before 5.03, allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user, as demonstrated using a settings action in the SRC attribute of an IMG element in an HTML e-mail. |
AtMail vulnerabilities |
mail_web_atmail | ||
|
Cross-site scripting (XSS) vulnerability in Global.pm in @Mail before 4.61 allows remote attackers to inject arbitrary web script or HTML via crafted e-mail messages. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
AtMail vulnerabilities |
mail_web_atmail | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors. |
Oracle Portal vulnerabilities |
database_oracle_portalxss | ||
|
Cross-site scripting (XSS) vulnerability in the Webadmin in @Mail before 4.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "unescaped data in the database." |
AtMail vulnerabilities |
mail_web_atmail | ||
|
The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_workstationtmpdos | ||
|
Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow attackers to develop Java applets that read, write, or execute local files, possibly related to (1) integer overflows in the Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster, and awt_parseColorModel functions; (2) a stack overflow in the Java_sun_awt_image_ImagingLib_lookupByteRaster function; and (3) improper handling of certain negative values in the Java_sun_font_SunLayoutEngine_nativeLayout function. NOTE: some of these details are obtained from third party information. |
Java Plugin vulnerability Note: Authentication is required to detect this vulnerability |
web_client_javaplugin | ||
|
Cross-site scripting (XSS) vulnerability in support/view.php in Support Cards 1 (osTicket) allows remote attackers to inject arbitrary web script or HTML via the e parameter. |
Cross site scripting |
web_prog_php_osticketxsse | ||
|
Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 6 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to "access data in other applets," aka "The second issue." |
Java Plugin vulnerability Note: Authentication is required to detect this vulnerability |
web_client_javaplugin | ||
|
Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 5 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_10 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to "access data in other applets," aka "The first issue." |
Java Plugin vulnerability Note: Authentication is required to detect this vulnerability |
web_client_javaplugin | ||
|
Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges, related to serialization in JRE. |
Java Plugin vulnerability Note: Authentication is required to detect this vulnerability |
web_client_javaplugin | ||
|
Format string vulnerability in XM Easy Personal FTP Server 5.0.1 allows remote attackers to cause a denial of service (application crash) via format string specifiers in a long PORT command. NOTE: this issue might be related to CVE-2006-2226. |
XM FTP vulnerabilities |
ftp_xm | ||
|
Format string vulnerability in XM Easy Personal FTP Server 5.2.1 allows remote attackers to cause a denial of service (application crash) via format string specifiers in the USER command or certain other available or nonexistent commands. NOTE: It was later reported that 5.3.0 is also vulnerable. |
XM FTP vulnerabilities |
ftp_xm | ||
|
Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command. |
NetMail vulnerabilities |
mail_imap_netmailneg | ||
|
The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument. |
NetMail vulnerabilities |
mail_imap_netmailneg | ||
|
The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_csrss | ||
|
SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function. |
vulnerable web program |
web_prog_php_cacticmd | ||
|
Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: some sources have reported this as a vulnerability in the get_file_description function in wp-admin/admin-functions.php. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad Little PHP iCalendar 2.23 rc1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) getdate parameter in (a) day.php, (b) month.php, (c) year.php, (d) week.php, (e) search.php, (f) rss/index.php, (g) print.php, and (h) preferences.php; the (2) cpath parameter in (i) day.php, (j) month.php, (k) year.php, (l) week.php, and (m) search.php; the (3) query parameter in search.php; and possibly the cpath, (4) unset, and (5) set parameters in a setcookie action in preferences.php; different vectors than CVE-2006-3319. NOTE: it was later reported that vectors b, c, and d also affect 2.24. |
Cross site scripting |
web_prog_php_icalendarxss | ||
|
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets." |
phpBB vulnerabilities |
web_prog_php_bbver | ||
|
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter." |
phpBB vulnerabilities |
web_prog_php_bbver | ||
|
Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors. |
phpBB vulnerabilities |
web_prog_php_bbver | ||
|
An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the swURL attribute. |
Shockwave vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_shockwave | ||
|
Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server before SP2 allows remote attackers to execute arbitrary code in the Tape Engine (tapeeng.exe) via a crafted RPC request with (1) opnum 38, which is not properly handled in TAPEUTIL.dll 11.5.3884.0, or (2) opnum 37, which is not properly handled in TAPEENG.dll 11.5.3884.0. |
ARCserve vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_arcservetape | ||
|
Algorithmic complexity vulnerability in Snort before 2.6.1, during predicate evaluation in rule matching for certain rules, allows remote attackers to cause a denial of service (CPU consumption and detection outage) via crafted network traffic, aka a "backtracking attack." |
Snort vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_snort | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php. |
phpMyAdmin vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver | ||
|
PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to (a) scripts/check_lang.php and (b) themes/darkblue_orange/layout.inc.php; and via the (1) lang[], (2) target[], (3) db[], (4) goto[], (5) table[], and (6) tbl_group[] array arguments to (c) index.php, and the (7) back[] argument to (d) sql.php; and an invalid (8) sort_by parameter to (e) server_databases.php and (9) db parameter to (f) db_printview.php. |
phpMyAdmin vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver | ||
|
phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers. |
phpMyAdmin vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver | ||
|
Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the "." and "/" characters, which is not caught by the blacklist filter. |
Opera vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_opera9 | ||
|
Mozilla Firefox 2.0, possibly only when running on Windows, allows remote attackers to bypass the Phishing Protection mechanism by representing an IP address in (1) dotted-hex, (2) dotted-octal, (3) single decimal integer, (4) single hex integer, or (5) single octal integer format, which is not captured by the blacklist filter. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox | ||
|
Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter. |
Invision Power Board |
web_prog_php_ipbversion | ||
|
SQL injection vulnerability in classes/class_session.php in Invision Power Board (IPB) 2.1 up to 2.1.6 allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP parameter. |
Invision Power Board |
web_prog_php_ipbversion | ||
|
SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote attackers to inject arbitrary SQL commands via the catid parameter to include.php when the path parameter is set to faq/faq.php, and other unspecified vectors involving guestbook/print.php. |
SQL injection |
web_prog_sql_phpkitfaq | ||
|
ISS BlackICE PC Protection 3.6 cpj and cpu, and possibly earlier versions, allows local users to bypass the protection scheme by using the ZwDeleteFile API function to delete the critical filelock.txt file, which stores information about protected files. |
BlackIce vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_blackicever | ||
|
Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, allows remote attackers to cause a denial of service (crash) via an HTML e-mail with certain table and frameset tags that trigger a segmentation fault, possibly involving invalid free or delete operations. |
Konqueror vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_konqueror | ||
|
MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a denial of service (system crash) via unspecified vectors that lead to a kernel panic in the ieee80211_input function, related to "packets coming from a 'malicious' WinXP system." |
MadWifi vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_wireless_madwifi | ||
|
MadWifi before 0.9.3 does not properly handle reception of an AUTH frame by an IBSS node, which allows remote attackers to cause a denial of service (system crash) via a certain AUTH frame. |
MadWifi vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_wireless_madwifi | ||
|
ieee80211_input.c in MadWifi before 0.9.3 does not properly process Channel Switch Announcement Information Elements (CSA IEs), which allows remote attackers to cause a denial of service (loss of communication) via a Channel Switch Count less than or equal to one, triggering a channel change. |
MadWifi vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_wireless_madwifi | ||
|
ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets before WPA authentication succeeds, which allows remote attackers to obtain sensitive information (related to network structure), and possibly cause a denial of service (disrupted authentication) and conduct spoofing attacks. |
MadWifi vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_wireless_madwifi | ||
|
Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values. |
Apache Tomcat vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_dev_tomcatver | ||
|
Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1. |
Apache Tomcat vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_dev_tomcatver | ||
|
The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory. |
Apache Tomcat vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_dev_tomcatver | ||
|
The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not properly check access rights for database content, which allows remote attackers to read certain content via unspecified vectors. |
Mambo vulnerabilities |
web_cms_mambo | ||
|
The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service (memory consumption) via a large num value. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or crash) via a regular expression that involves a "malformed POSIX character class", as demonstrated via an invalid character after a [[ sequence. |
PCRE vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_lib_pcrever | ||
|
Perl-Compatible Regular Expression (PCRE) library before 6.7 does not properly calculate the compiled memory allocation for regular expressions that involve a quantified "subpattern containing a named recursion or subroutine reference," which allows context-dependent attackers to cause a denial of service (error or crash). |
PCRE vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_lib_pcrever | ||
|
Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split. |
PCRE vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_lib_pcrever | ||
|
Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split. |
PCRE vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_lib_pcrever | ||
|
Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions. |
PCRE vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_lib_pcrever | ||
|
sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY. |
MySQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version | ||
|
The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences. |
xterm vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_xterm | ||
|
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function. |
MacOSX vulnerabilities PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version web_prog_php_version |
||
|
The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message. |
OpenSSL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_openssl |
: A dangerous check is available for this vulnerability.