CVE Cross Reference 2007
The information on this page may be obsolete. For the current documentation, please log into the mySAINT portal using your customer login and password.
Current CVEs
| CVE Description | SAINT®® Tutorial | SAINT®® Vuln. ID | SANS Top 20 | ||
 |
Multiple heap-based buffer overflows in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allow user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file in which values to loop counters are not properly handled in the (1) WP3TablesGroup::_readContents and (2) WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup functions. NOTE: the integer overflow has been split into CVE-2007-1466. |
libwpd vulnerabilities OpenOffice vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_lib_libwpdver misc_openoffice |
||
|
Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow. |
Oracle vulnerabilities Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_httpserver mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
  |
Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values. |
Oracle vulnerabilities Mozilla Thunderbird vulnerabilities Network Security Services Mozilla vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
database_oracle_httpserver mail_client_thunderbird misc_sslv2stack web_client_firefox web_client_seamonkey |
||
|
Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file. |
VLC vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vlc | ||
|
Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStudio Audio Editor; (6) iMesh; (7) Quikscribe; (8) RMBSoft AudioConvert and SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-it Software Wave MP3 Editor and aBasic Editor; (11) Movavi VideoMessage, DVD to iPod, and others; (12) SoftDiv Software Dexster, iVideoMAX, and others; (13) Sienzo Digital Music Mentor (DMM); (14) MP3 Normalizer; (15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter; (16) Audio Edit Magic; (17) Joshua Video and Audio Converter; (18) Virtual CD; (19) Cheetah CD and DVD Burner; (20) Mystik Media AudioEdit Deluxe, Blaze Media, and others; (21) Power Audio Editor; (22) DanDans Digital Media Full Audio Converter, Music Editing Master, and others; (23) Xrlly Software Text to Speech Makerand Arial Sound Recorder / Audio Converter; (24) Absolute Sound Recorder, Video to Audio Converter, and MP3 Splitter; (25) Easy Ringtone Maker; (26) RecordNRip; (27) McFunSoft iPod Audio Studio, Audio Recorder for Free, and others; (28) MP3 WAV Converter; (29) BearShare 6.0.2.26789; and (30) Oracle Siebel SimBuilder and CRM 7.x. |
NCTsoft vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_nctaudiofile2 | ||
|
Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via unspecified requests to the HTTP service. |
Rumpus vulnerabilities Note: Authentication is required to detect this vulnerability |
ftp_rumpus | ||
|
Heap-based buffer overflow in the SFTP protocol handler for Panic Transmit (Transmit.app) up to 3.5.5 allows remote attackers to execute arbitrary code via a long ftps:// URL. |
Transmit vulnerabilities Note: Authentication is required to detect this vulnerability |
ftp_transmit | ||
|
Format string vulnerability in Apple iChat 3.1.6 allows remote attackers to cause a denial of service (null pointer dereference and application crash) and possibly execute arbitrary code via format string specifiers in an aim:// URI. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_app_ichat | ||
|
Untrusted search path vulnerability in writeconfig in Apple Mac OS X 10.4.8 allows local users to gain privileges via a modified PATH that points to a malicious launchctl program. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa applications attempt to notify the user. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_vmljan07 | ||
|
The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll. |
Visual Studio vulnerabilities Windows updates needed Note: Authentication is required to detect this vulnerability |
misc_vstudiortfmfc win_patch_rtfmfc |
||
|
The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_rtfole | ||
|
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_excel07002 | ||
|
Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_excel07002 | ||
|
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability." |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_excel07002 | ||
|
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_excel07002 | ||
|
Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_excel07002 | ||
|
Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file. |
Outlook and Outlook Express Note: Authentication is required to detect this vulnerability |
mail_client_outlook07003 | ||
|
Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability." |
Outlook and Outlook Express Note: Authentication is required to detect this vulnerability |
mail_client_outlook07003 | ||
|
Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability." |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_office2004macver win_patch_word2000 win_patch_word2003 win_patch_wordview2003 win_patch_wordxp |
||
|
Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_gdi07017 | ||
|
The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception. |
Microsoft Exchange vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_smtp_exchangemime | ||
|
The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes." |
Active Directory vulnerability Note: Authentication is required to detect this vulnerability |
win_patch_activedir | ||
|
The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow. |
Microsoft NET Framework Note: Authentication is recommended to improve the accuracy of this check |
win_dotnet | ||
|
Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability." |
Microsoft NET Framework Note: Authentication is recommended to improve the accuracy of this check |
win_dotnet | ||
|
The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability". |
Microsoft NET Framework Note: Authentication is recommended to improve the accuracy of this check |
win_dotnet | ||
|
Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding." |
Adobe Acrobat vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_acrobat misc_acroread |
||
|
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)." |
Adobe Acrobat vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_acrobat misc_acroread web_client_firefox web_client_seamonkey |
||
|
Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. |
Adobe Acrobat vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_acrobat misc_acroread |
||
|
CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. |
Adobe Acrobat vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_acrobat misc_acroread |
||
|
Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue." |
Adobe Acrobat vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_acrobat misc_acroread |
||
|
Format string vulnerability in Apple iPhoto 6.0.5 (316), and other versions before 6.0.6, allows remote user-assisted attackers to execute arbitrary code via a crafted photocast with format string specifiers in the title of an RSS iPhoto feed. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_app_iphoto | ||
|
Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104. |
CA Message Queuing Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_cam | ||
|
The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers "corrupt stack memory." |
VMware vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vmware_acever misc_vmware_serverver misc_vmwareplayerver misc_vmwarewkstnver |
||
|
Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients. |
VMware vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vmware_acever misc_vmware_serverver misc_vmwareplayerver misc_vmwarewkstnver |
||
|
Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow. |
VMware vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vmware_acever misc_vmware_serverver misc_vmwareplayerver misc_vmwarewkstnver |
||
|
Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_wmfasf | ||
|
Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_oleautomation | ||
 |
The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability." |
Windows updates needed Note: Authentication is recommended to improve the accuracy of this check |
win_patch_tcpiprce2 | ||
|
Unspecified vulnerability in the Lotus Domino Web Server 6.0, 6.5.x before 6.5.6, and 7.0.x before 7.0.3 allows remote attackers to cause a denial of service (daemon crash) via requests for URLs that reference certain files. |
Lotus Domino HTTP vulnerability |
web_server_lotus_domino | ||
|
Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability." |
Windows updates needed Note: Authentication is recommended to improve the accuracy of this check |
win_patch_tcpiprce2 | ||
|
Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow. |
Flash vulnerabilities MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_flash misc_macosx_version |
||
|
phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message. |
phpMyAdmin vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver | ||
|
Multiple stack-based buffer overflows in the (1) LoadTree and (2) ReadHeader functions in PAISO.DLL 1.7.3.0 (1.7.3 beta) in ConeXware PowerArchiver 2006 9.64.02 allow user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories. |
PowerArchiver vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_powerarchiver | ||
|
Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability." |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_xmlcorever | ||
|
The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_app_preview | ||
|
The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. |
Adobe Acrobat vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_acrobat | ||
|
Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a Terminal Service or Citrix session, which allows remote authenticated users to invoke alternate user profiles. |
Novell Print Services vulnerabilities Note: Authentication is required to detect this vulnerability |
printer_novellclientbypass | ||
|
wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_util_diskmanagementtool | ||
|
Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist. |
Drupal vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal | ||
|
Heap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPEG file with an invalid number of index bytes in the Define Huffman Table (DHT) marker. |
Opera vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_opera9 | ||
|
The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call. |
Opera vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_opera9 | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) filter and (2) system modules. NOTE: some of these details are obtained from third party information. |
Drupal vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal | ||
|
Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function. |
OmniWeb vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_omniweb | ||
|
Unsanity Application Enhancer (APE) 2.0.2 installs with insecure permissions for the (1) ApplicationEnhancer binary and the (2) /Library/Frameworks/ApplicationEnhancer.framework directory, which allows local users to gain privileges by modifying or replacing the binary or library files. |
Application Enhancer vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_util_applicationenhancer | ||
|
SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information. |
Steganography vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_steg_securekit | ||
|
Camouflage 1.2.1 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing certain bytes of the JPEG image with alternate password information. |
Camouflage vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_steg_camouflage | ||
|
The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allows remote attackers to execute arbitrary code via certain data in opnum 0xBF in an RPC request, which is directly executed. |
ARCserve vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_arcservetaperpccode | ||
|
Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allow remote attackers to execute arbitrary code via RPC requests with crafted data for opnums (1) 0x2F and (2) 0x75 in the (a) Message Engine RPC service, or opnum (3) 0xCF in the Tape Engine service. |
ARCserve vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_arcservetaperpccode | ||
|
Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
MediaWiki vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_mediawiki | ||
|
Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4.x allows remote attackers to inject arbitrary web script or HTML via the NS-max-records parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
iPlanet vulnerabilities |
web_server_netscape_iplanetxss | ||
|
Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a DMG disk image, which results in memory corruption. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_core_finder misc_macosx_version |
||
|
The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... during the capabilities exchange." |
Cisco vulnerabilities Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ios | ||
|
Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors. |
phpMyAdmin vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. |
phpMyAdmin vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver | ||
|
Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_office2004macver win_patch_word2003 win_patch_wordxp |
||
|
Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_office2004macver win_patch_word2000 win_patch_wordxp |
||
|
The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_imageacqprivelev | ||
|
The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware." |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_shellprivelev | ||
|
Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message. |
Microsoft Exchange vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_smtp_exchangemime | ||
|
The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_htmlhelprce | ||
|
Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_excel2000 win_patch_excel2003 win_patch_excelview win_patch_excelxp |
||
|
wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability." |
Microsoft Works vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_worksconverterace | ||
|
The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_v5 win_patch_ie_v6 |
||
|
Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_v5 win_patch_ie_v6 |
||
|
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_v5 win_patch_ie_v6 win_patch_ie_v7 |
||
|
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label". |
Microsoft Exchange vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_smtp_exchangemime | ||
|
Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability." |
Microsoft Exchange vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_smtp_exchangemime | ||
|
Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. |
Cross site scripting |
web_prog_php_vpaspshopcustadmin | ||
|
Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tb_id parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in WordPress. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (kernel panic) and possibly execute arbitrary code via a crafted AppleTalk request that triggers a heap-based buffer overflow. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Stack-based buffer overflow in filter\starcalc\scflt.cxx in the StarCalc parser in OpenOffice.org (OOo) Office Suite before 2.2, and 1.x before 1.1.5 Patch, allows user-assisted remote attackers to execute arbitrary code via a document with a long Note. |
OpenOffice vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_openoffice | ||
|
OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document. |
OpenOffice vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_openoffice | ||
|
Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request. |
Zope vulnerabilities |
web_dev_zope | ||
|
Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption. |
Java Plugin vulnerability Note: Authentication is required to detect this vulnerability |
web_client_jre | ||
|
Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF file with a crafted prtdata tag with a length parameter inconsistency, which causes vtable entries to be overwritten. |
OpenOffice vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_openoffice misc_openofficewin |
||
|
squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions. |
Squid vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_proxy_squid | ||
|
The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop. |
Squid vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_proxy_squid | ||
|
Integer underflow in the DecodeGRE function in src/decode.c in Snort 2.6.1.2 allows remote attackers to trigger dereferencing of certain memory locations via crafted GRE packets, which may cause corruption of log files or writing of sensitive information into log files. |
Snort vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_snort | ||
|
VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file. |
VLC vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vlc | ||
|
The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels allows local users to cause a denial of service (kernel panic) and possibly corrupt other filesystems by mounting a crafted UNIX File System (UFS) DMG image that contains a corrupted directory entry (struct direct), related to the ufs_dirbad function. NOTE: a third party states that the FreeBSD issue does not cross privilege boundaries. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to the Change Data Capture and sys.dbms_cdc_subscribe privileges, aka DB02. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Buffer overflow in SYS.DBMS_DRS in Oracle Database 9.2.0.7 and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via the GET_PROPERTY function in SYS.DBMS_DRS, aka DB03. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors related to the Log Miner component and sys.dbms_log_mnr privileges, aka DB04. NOTE: Oracle has not disputed a reliable researcher claim that this is a buffer overflow in the ADD_LOGFILE procedure for the SYS.DBMS_LOGMNR package that allows code execution. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via unspecified vectors involving certain public procedures, aka DB05. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to XMLDB, aka DB06. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that DB06 is for multiple cross-site scripting (XSS) vulnerabilities. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and 10.1.0.5 have unknown impact and attack vectors related to (1) Export and sys.dbms_logrep_util (DB08), and (2) Oracle Streams and sys.dbms_capture_adm_internal privileges (DB09). NOTE: Oracle has not disputed reliable researcher claims that DB08 is for a buffer overflow in the GET_OBJECT_NAME procedure in the DBMS_LOGREP_UTIL package, and DB09 is for buffer overflows in the CREATE_CAPTURE, ALTER_CAPTURE, and ABORT_TABLE_INSTANTIATION procedures in SYS.DBMS_CAPTURE_ADM_INTERNAL. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01. |
Oracle vulnerabilities Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias database_oracle_version |
||
|
Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and 9.0.1.5 have unknown impact and attack vectors related to (1) Advanced Security Option and oklist or okdstry (DB10), (2) Oracle Net Services (DB13), and (3) Recovery Manager and oklist (DB16). |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in Oracle Database client-only 10.1.0.4 has unknown impact and attack vectors related to the Export component and expdp or impdp, aka DB11. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) NLS Runtime and lmsgen (DB12), and (2) Oracle Text and ctxkbtc (DB14). |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka (1) OHS01, (2) OHS02, (3) OHS05, (4) OHS06, and (5) OHS07. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN01. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that OPMN01 is for a buffer overflow in Oracle Notification Service (ONS). |
Oracle vulnerabilities Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias database_oracle_version |
||
|
Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1, and 10.1.3.0; and Collaboration Suite 9.0.4.2 and 10.1.2; have unknown impact and attack vectors related to the Oracle HTTP Server, aka (1) OHS03 and (2) OHS04. |
Oracle vulnerabilities Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias database_oracle_version |
||
|
Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN02. |
Oracle vulnerabilities Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias database_oracle_version |
||
|
Unspecified vulnerability in Oracle Application Server 9.0.4.3 and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to Oracle Containers for J2EE, aka OC4J02. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.3 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2, have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J03 and (2) OC4J04. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 9.0.4.2 and 10.1.2; and E-Business Suite and Applications 11.5.10CU2 has unknown impact and attack vectors related to Oracle Reports Developer, aka REP01. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and 10.1.3.0, and Collaboration Suite 10.1.2, has unknown impact and attack vectors related to Containers for J2EE, aka OC4J07. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to Containers for J2EE, aka OC4J08. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in Oracle Application Server 10.1.4.0 has unknown impact and attack vectors related to Oracle Internet Directory, aka OID01. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a crafted Unix File System (UFS) DMG image, which triggers an invalid pointer dereference. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier allow remote attackers to cause a denial of service (application crash) via a long SITE ADMIN command. |
WFTPD vulnerabilities |
ftp_wftpd | ||
|
Multiple buffer overflows in FileZilla before 2.2.30a allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors related to (1) Options.cpp when storing settings in the registry, and (2) the transfer queue (QueueCtrl.cpp). NOTE: some of these details are obtained from third party information. |
FileZilla client vulnerabilities Note: Authentication is required to detect this vulnerability |
ftp_filezillaclient | ||
|
The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an invalid vnode structure during file removal. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Multiple stack-based buffer overflows in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to execute arbitrary code via unspecified vectors. |
QuickBooks Online Edition vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quickbooksoeax | ||
|
Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control in OfficeScanSetupINI.dll, as used in OfficeScan 7.0 before Build 1344, OfficeScan 7.3 before Build 1241, and Client / Server / Messaging Security 3.0 before Build 1197, allow remote attackers to execute arbitrary code via a crafted HTML document. |
Trend Micro OfficeScan Note: Authentication is required to detect this vulnerability |
misc_av_trendmicro_clientaxbo | ||
|
The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method. |
FLEXnet Connect vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_flexnetactivex | ||
|
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992. |
phpMyAdmin vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver | ||
|
Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) _invitedToDirectChat: in Colloquy 2.1 and earlier allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the channel name of an INVITE request, related to the implementation of AlertSheet and AlertPanel in Apple AppKit. |
Colloquy vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_colloquy | ||
|
The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions (writable by admin group), which allows local admin users to gain root privileges by modifying a program and then performing permissions repair via diskutil. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a crafted .cnt file composed of lines that begin with an integer followed by a space and a long string. |
Microsoft Help Workshop vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_mshelpworkshop | ||
|
Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Mac OS X 10.4.11 and earlier, including 10.4.8, allows local users, and possibly remote attackers, to gain privileges and possibly execute arbitrary code via a registration request with an invalid attr-list field. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Unspecified vulnerability in the FTP server implementation in HP Jetdirect firmware x.20.nn through x.24.nn allows remote attackers to cause a denial of service via unknown vectors. |
Jetdirect vulnerabilities |
printer_jetdirect_ver | ||
|
Untrusted search path vulnerability in Rumpus 5.1 and earlier allows local users to gain privileges via a modified PATH that points to a malicious ipfw program. |
Rumpus vulnerabilities Note: Authentication is required to detect this vulnerability |
ftp_rumpus | ||
|
SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.3.6 and earlier in the 2.x series, allows remote attackers to execute arbitrary SQL commands via the boardids[1] and other boardids[] parameters. |
Woltlab Burning Board vulnerabilities |
web_prog_php_woltlabbblitever web_prog_php_woltlabbbversion |
||
|
Format string vulnerability in the log creation functionality of BitDefender Client Professional Plus 8.02 allows attackers to execute arbitrary code via certain scan job settings. |
Bit Defender vulnerability Note: Authentication is required to detect this vulnerability |
misc_av_bitdefenderpriv | ||
|
Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a help project (.HPJ) file with a long HLP field in the OPTIONS section. |
Microsoft Help Workshop vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_mshelpworkshop | ||
|
Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions. |
Citrix Neighborhood Agent Note: Authentication is required to detect this vulnerability |
misc_citrixppbo | ||
|
Stack-based buffer overflow in magentproc.exe for Hewlett-Packard Mercury LoadRunner Agent 8.0 and 8.1, Performance Center Agent 8.0 and 8.1, and Monitor over Firewall 8.1 allows remote attackers to execute arbitrary code via a packet with a long server_ip_name field to TCP port 54345, which triggers the overflow in mchan.dll. |
HP Mercury LoadRunner vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_mercuryloadrunnerbo | ||
|
Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.1 SP1, Mobile Backup r4.0, Desktop and Business Protection Suite r2, and Desktop Management Suite (DMS) r11.0 and r11.1 allow remote attackers to execute arbitrary code via crafted packets to TCP port (1) 1900 or (2) 2200. |
ARCserve vulnerabilities |
misc_arcservemobile | ||
|
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache. |
MacOSX vulnerabilities Apache Tomcat vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version web_dev_tomcatdt |
||
|
Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage." |
SpamAssassin vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_misc_spamassassin | ||
|
smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop. |
Samba vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
win_samba | ||
|
Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 through 3.0.23d, as used in the winbindd daemon on Solaris, allows attackers to execute arbitrary code via the (1) gethostbyname and (2) getipnodebyname functions. |
Samba vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
win_samba | ||
|
Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping. |
Samba vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
win_samba | ||
|
Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Unspecified vulnerability in the LLT dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_wireshark | ||
|
Unspecified vulnerability in the IEEE 802.11 dissector in Wireshark (formerly Ethereal) 0.10.14 through 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_wireshark | ||
|
Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors, a different issue than CVE-2006-5468. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_wireshark | ||
|
packet-tcp.c in the TCP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.4 allows remote attackers to cause a denial of service (application crash or hang) via fragmented HTTP packets. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_wireshark | ||
|
The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_lib_qdlib | ||
|
Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in (1) SWUTMP or (2) SUCATALOG filenames, or using the (3) application/x-apple.sucatalog+xml MIME type. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_core_softwareupdate | ||
|
The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application crash) via a crafted HTTP 301 response, which results in a NULL pointer dereference. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MPKG package filename. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_util_installer misc_macosx_version |
||
|
crashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite arbitrary files via a symlink attack. |
OpenLDAP vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_openldap | ||
|
WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Memory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x, and 12.x allows remote attackers to cause a denial of service by sending crafted TCP traffic to an IPv4 address on the IOS device. |
Cisco vulnerabilities Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ios | ||
|
Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x allows remote attackers to cause a denial of service or execute arbitrary code via a crafted IP option in the IP header in a (1) ICMP, (2) PIMv2, (3) PGM, or (4) URD packet. |
Cisco vulnerabilities Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ios | ||
|
Cisco IOS allows remote attackers to cause a denial of service (crash) via a crafted IPv6 Type 0 Routing header. |
Cisco vulnerabilities Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ios | ||
|
Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context." |
DNS vulnerabilities MacOSX vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
dns_binddos misc_macosx_version |
||
|
ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability. |
DNS vulnerabilities MacOSX vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
dns_binddos misc_macosx_version |
||
|
Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 before 20071122 allows local users to execute arbitrary commands via unknown vectors. |
KCMS server vulnerabilities |
rpc_kcms | ||
|
Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_office2004macver win_patch_word2000 |
||
|
Cross-site scripting (XSS) vulnerability in memcp.php in XMB U2U Instant Messenger allows remote authenticated users to inject arbitrary web script or HTML via the recipient field. |
XMB vulnerabilities |
web_prog_php_xmb | ||
|
The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478. |
Konqueror vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_konqueror | ||
|
The wp_remote_fopen function in WordPress before 2.1 allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a large file, which triggers a long download session without a timeout constraint. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing files, and in certain configurations causes a brief file excerpt to be published as a blog comment. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949. |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
KarjaSoft Sami HTTP Server 2.0.1 allows remote attackers to cause a denial of service (daemon hang) via a large number of requests for nonexistent objects. |
Sami HTTP Server |
web_server_sami | ||
|
PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content. |
PostgreSQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_pgsql | ||
|
The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server. |
PostgreSQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_pgsql | ||
|
The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
PGP Desktop before 9.5.1 does not validate data objects received over the (1) \pipe\pgpserv named pipe for PGPServ.exe or the (2) \pipe\pgpsdkserv named pipe for PGPsdkServ.exe, which allows remote authenticated users to gain privileges by sending a data object representing an absolute pointer, which causes code execution at the corresponding address. |
PGP Desktop vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_pgpdesktopver | ||
|
Cross-site scripting (XSS) vulnerability in picture.php in Advanced Guestbook 2.4.2 allows remote attackers to inject arbitrary web script or HTML via the picture parameter. |
vulnerable web program |
web_prog_php_advgbpicturephp | ||
|
Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid (1) GB_TBL parameter to (a) lang/codes-english.php or (b) image.php, which reveal the database name; (2) an invalid GB_DB parameter to index.php, coupled with a ../index lang cookie, which reveals the installation path; or (3) a direct request to index.php with no parameters or cookies, which reveals the installation path. |
vulnerable web program |
web_prog_php_advgbpicturephp | ||
|
Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. (dot dot) in a lang cookie, followed by a filename without its .php extension, as demonstrated via a request to index.php. |
vulnerable web program |
web_prog_php_advgbpicturephp | ||
|
The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 does not check for duplicate entries when adding newly discovered available contacts, which allows remote attackers to cause a denial of service (disrupted communication) via a flood of duplicate _presence._tcp mDNS queries. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_app_ichat | ||
|
The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (persistent application crash) via a crafted phsh hash attribute in a TXT key. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_app_ichat | ||
|
Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulletinBoard) 1.2.2 allows remote attackers to send messages to arbitrary users. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
MyBB vulnerabilities |
web_prog_php_mybb | ||
|
The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines." |
Drupal vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal | ||
|
Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions. |
Safari vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_safari | ||
|
Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling certain Apple AppKit functions. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_app_iphoto | ||
|
Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_app_imoviehd misc_macosx_version |
||
|
Format string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSBeginAlertSheet Apple AppKit function. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_core_helpviewer | ||
|
Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP. |
Cisco SIP vulnerability Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_sip | ||
|
Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute arbitrary code on the system via a long input string to the (1) iFTPAddU or (2) iFTPAddH file, or to a (3) edition module. |
WS FTP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
ftp_wsftpver | ||
|
The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than CVE-2006-5872. |
SQLLedger vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_cgi_sqlledger | ||
|
Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_office2000 win_patch_office2002 win_patch_office2003 win_patch_office2004macver |
||
|
A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_speechax | ||
|
The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote attackers to cause a denial of service (persistent application crash) via unspecified vectors, possibly related to CVE-2007-0614. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_app_ichat | ||
|
Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via an image with a crafted ColorSync profile. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
The CUPS service on multiple platforms allows remote attackers to cause a denial of service (service hang) via a "partially-negotiated" SSL connection, which prevents other requests from being accepted. |
MacOSX vulnerabilities CUPS vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version printer_cupsversion |
||
|
Unspecified vulnerability in diskimages-helper in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted compressed disk image that triggers memory corruption. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted AppleSingleEncoding disk image. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Unspecified vulnerability in the authentication feature for DirectoryService (DS Plug-Ins) for Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote authenticated LDAP users to modify the root password and gain privileges via unknown vectors. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently limit access to certain controls, which allows local users to gain privileges by using HID device events to read keystrokes from the console. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Buffer overflow in the AirPortDriver module for AirPort in Apple Mac OS X 10.3.9 through 10.4.9, when running on hardware with the original AirPort wireless card, allows local users to execute arbitrary code by "sending malformed control commands." |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust relationships that were based on the original keys. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Unspecified vulnerability in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 creates files insecurely while initializing a USB printer, which allows local users to create or overwrite arbitrary files. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment before executing commands, which allows local users to gain privileges by setting unspecified environment variables. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Server Manager (servermgrd) in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently validate authentication credentials, which allows remote attackers to bypass authentication and modify system configuration. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Stack-based buffer overflow in the Apple-specific Samba module (SMB File Server) in Apple Mac OS X 10.4 through 10.4.8 allows context-dependent attackers to execute arbitrary code via a long ACL. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Unspecified vulnerability in the CoreServices daemon in CarbonCore in Apple Mac OS X 10.4 through 10.4.9 allows local users to gain privileges via unspecified vectors involving "obtaining a send right to [the] Mach task port." |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Unspecified vulnerability in ImageIO in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RAW image that triggers memory corruption. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
fsck, as used by the AirPort Disk feature of the AirPort Extreme Base Station with 802.11n before Firmware Update 7.1, and by Apple Mac OS X 10.3.9 through 10.4.9, does not properly enforce password protection of a USB hard drive, which allows context-dependent attackers to list arbitrary directories or execute arbitrary code, resulting from memory corruption. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving crafted web pages that trigger certain error conditions that are not properly reported in certain circumstances, resulting in accessing deallocated memory. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Integer overflow in the RPC library in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via crafted requests to portmap. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
The Login Window in Apple Mac OS X 10.3.9 through 10.4.9 does not properly check certain environment variables, which allows local users to gain privileges via unspecified vectors. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not display the screen saver authentication dialog in certain circumstances when waking from sleep, even though the "require a password to wake the computer from sleep" option is enabled, which allows local users to bypass authentication controls. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the software update window beneath the loginwindow authentication dialog in certain circumstances related to running scheduled tasks, which allows local users to bypass authentication controls. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Alias Manager in Apple Mac OS X 10.3.9 and 10.4.9 does not display files with the same name in mounted disk images that have the same name, which might allow user-assisted attackers to trick a user into executing malicious files. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 through 10.4.9, when Internet Sharing is enabled, allows remote attackers to execute arbitrary code via malformed RTSP packets. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier allows subdomain cookies to be accessed by the parent domain, which allows remote attackers to obtain sensitive information. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
URLMount in Apple Mac OS X 10.3.9 through 10.4.9 passes the username and password credentials for mounting filesystems on SMB servers as command line arguments to the mount_sub command, which may allow local users to obtain sensitive information by listing the process. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
SMB in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when executing commands, which allows local users to gain privileges by setting unspecified environment variables. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference". |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when mounting a WebDAV filesystem, which allows local users to gain privileges by setting unspecified environment variables. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allows remote attackers to execute arbitrary code via multiple trackID values in a SETUP RTSP request. |
Darwin vulnerabilities |
web_server_darwin | ||
|
Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request. |
Darwin vulnerabilities |
web_server_darwin | ||
|
Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 allows remote user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted PDF file. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might delete filesystems that have been mounted in /tmp, which might allow local users to cause a denial of service, related to the find command. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted Sample Table Sample Descriptor (STSD) atom size in a QuickTime movie. |
Darwin vulnerabilities |
web_server_quicktime | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information. |
Yahoo Messenger vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_yahoomsgrver | ||
|
Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456. |
ImageMagick vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_imagemagick | ||
|
The Linux kernel 2.6.13 and other versions before 2.6.20.1 allows remote attackers to cause a denial of service (oops) via a crafted NFSACL 2 ACCESS request that triggers a free of an incorrect pointer. |
Linux Kernel vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_linuxkernel | ||
|
Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine. |
Apache module vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_mod_jkver | ||
|
Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via certain vectors. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when the target page is reloaded from the cache. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 allows remote attackers to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot property with a large, transparent, custom cursor. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox | ||
|
Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox | ||
|
The RPC Server service (catirpc.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 SP2 and earlier allows remote attackers to cause a denial of service (service crash) via a crafted TADDR2UADDR that triggers a null pointer dereference in catirpc.dll, possibly related to null credentials or verifier fields. |
ARCserve vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_arcserveportmapper | ||
|
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page. |
http Cold Fusion Note: Authentication is recommended to improve the accuracy of this check |
web_prog_cfm_errpagexss web_prog_cfm_mx |
||
|
Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable. |
Trend Micro vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_trendmicro_upx | ||
|
Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_word2000 win_patch_wordxp |
||
|
Capital Request Forms stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for inc/common_db.inc. |
Administration File Access |
web_prog_file_caprequest | ||
|
Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account. |
Solaris telnet vulnerabilities |
pass_solaristelnetbypass | ||
|
Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command. |
TFTP file access |
ftp_tftptrav | ||
|
Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor. |
ClamAV vulnerabilities MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_clamwinupx misc_macosx_version |
||
|
Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message. |
ClamAV vulnerabilities MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_clamwinupx misc_macosx_version |
||
|
PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885). NOTE: as of 20070411, vector (3) might involve the imap_mail_compose function (CVE-2007-1825). |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash). |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets. |
Cisco vulnerabilities Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ios | ||
|
The ATOMIC.TCP signature engine in the Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service (IPS crash and traffic loss) via unspecified manipulations that are not properly handled by the regular expression feature, as demonstrated using the 3123.0 (Netbus Pro Traffic) signature. |
Cisco vulnerabilities Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ios | ||
|
Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to execute arbitrary code via a torrent file with a crafted announce header. |
uTorrent vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_p2p_utorrent | ||
|
Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_visio2002 win_patch_visio2003 |
||
|
Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability." |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_visio2002 win_patch_visio2003 |
||
|
Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability." |
Microsoft Content Management Server Note: Authentication is required to detect this vulnerability |
web_cms_ms07018 | ||
|
Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability." |
Microsoft Content Management Server Note: Authentication is required to detect this vulnerability |
web_cms_ms07018 | ||
|
Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability." |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_capicom | ||
|
Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_v5 win_patch_ie_v6 win_patch_ie_v7 |
||
|
Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_v5 | ||
|
Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the "Uninitialized Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_v5 win_patch_ie_v6 |
||
|
Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and 7 on Windows Vista allows remote attackers to execute arbitrary code via certain property methods that may trigger memory corruption, aka "Property Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_v5 win_patch_ie_v6 win_patch_ie_v7 |
||
|
Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_v7 | ||
|
Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_v7 | ||
|
Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components." |
Microsoft Virtual PC Note: Authentication is required to detect this vulnerability |
win_patch_virtualpcpe win_patch_virtualserverpe |
||
|
Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. |
AtMail vulnerabilities |
mail_web_atmail | ||
|
The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable Professional 2.35 and earlier allows remote attackers to cause a denial of service (application crash) via certain base64-encoded data following an AUTHENTICATE NTLM command to the imap port (143/tcp), which results in an out-of-bounds read. |
MailEnable vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_imap_mailenable mail_imap_mailenableent mail_pop_mailenable mail_pop_mailenableent |
||
|
The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882. |
Kerberos detected Note: Authentication is required to detect this vulnerability |
misc_kerberospkg | ||
|
Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers. |
Kerberos detected MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_kerberospkg misc_macosx_version |
||
|
IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores HTTPPassword hashes from names.nsf in a manner accessible through Readviewentries and OpenDocument requests to the defaultview view, a different vector than CVE-2005-2428. |
Lotus Domino HTTP vulnerability |
web_server_lotus_htmlsource | ||
|
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values. |
MacOSX vulnerabilities PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version web_prog_php_version |
||
|
Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote attackers to execute arbitrary code via format specifiers in the categories of a crafted shared memo. |
GNOME Evolution vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_evolution | ||
|
Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption. |
X11 vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_x11 | ||
|
Mozilla Firefox might allow remote attackers to conduct spoofing and phishing attacks by writing to an about:blank tab and overlaying the location bar. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox | ||
|
Heap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length value to the remote administration port (9191/tcp). |
CA eTrust Intrusion Detection vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_etrustiddos | ||
|
Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation. |
iTunes vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_itunes | ||
|
Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file. |
DB2 vulnerabilities |
database_db2ver | ||
|
The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests. |
JBoss Application Server |
web_dev_jbossjmxconsoleaccess | ||
|
Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer. |
MediaWiki vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_mediawiki | ||
|
Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.9.x before 1.9.0rc2, and 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rs parameter. NOTE: this issue might be a duplicate of CVE-2007-0177. |
MediaWiki vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_mediawiki | ||
|
The memory management in VMware Workstation before 5.5.4 allows attackers to cause a denial of service (Windows virtual machine crash) by triggering certain general protection faults (GPF). |
VMware vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vmwareplayerver misc_vmwarewkstnver |
||
|
Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll. |
Trend Micro vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_av_trendmicro_sprotectcmon | ||
|
Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression. NOTE: this is a different issue than CVE-2006-3502 and CVE-2006-3503. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method. |
VeriSign ActiveX vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_verisignax | ||
|
Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox | ||
|
Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the "under" parameter in Advanced Search with the proper signature. |
Google Desktop vulnerabilities Note: Authentication is required to detect this vulnerability |
web_tool_googledesktopver | ||
|
Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access." |
DB2 vulnerabilities |
database_db2ver | ||
|
IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow. |
DB2 vulnerabilities |
database_db2ver | ||
|
Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables. |
DB2 vulnerabilities |
database_db2ver | ||
|
IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local users with table SELECT privileges to perform unauthorized UPDATE and DELETE SQL commands via unknown vectors. |
DB2 vulnerabilities |
database_db2ver | ||
|
Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_v5 win_patch_ie_v6 win_patch_ie_v7 |
||
|
Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (NULL dereference and application crash) via JavaScript onUnload handlers that modify the structure of a document. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_v6 win_patch_ie_v7 |
||
|
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle attacks. |
Dropbear vulnerability |
shell_ssh_dropbear | ||
|
The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. |
Opera vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_opera9 | ||
|
Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 allows remote attackers to access arbitrary web pages and reconfigure the product via HTTP requests with the splx_2376_info cookie to the web interface port (14942/tcp). |
Trend Micro vulnerabilities |
misc_av_trendmicro_sprotectauth | ||
|
Multiple buffer overflows in the CentennialIPTransferServer service (XFERWAN.EXE), as used by (1) Centennial Discovery 2006 Feature Pack 1, (2) Numara Asset Manager 8.0, and (3) Symantec Discovery 6.5, allow remote attackers to execute arbitrary code via long strings in a crafted TCP packet. |
Centennial Discovery vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_xferwan | ||
|
Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might overlap CVE-2006-2225, CVE-2006-2226, or CVE-2006-5728. |
XM FTP vulnerabilities |
ftp_xm | ||
|
Unspecified vulnerability in Citrix Presentation Server Client for Windows before 10.0 allows remote web sites to execute arbitrary code via unspecified vectors, related to the implementation of ICA connectivity through proxy servers. |
Citrix Neighborhood Agent Note: Authentication is required to detect this vulnerability |
misc_citrixwficaver | ||
|
Adobe Reader and Acrobat Trial allow remote attackers to read arbitrary files via a file:// URI in a PDF document, as demonstrated with <</URI(file:///C:/)/S/URI>>, a different issue than CVE-2007-0045. |
Adobe Acrobat vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_acrobat misc_acroread |
||
|
Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability." |
Office Web Components vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_owcace | ||
|
Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability." |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_office2004macver win_patch_word2000 win_patch_word2003 win_patch_wordview2003 win_patch_wordxp |
||
|
Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_excel2000 win_patch_excel2003 win_patch_excel2007 win_patch_excelcnv win_patch_excelview win_patch_excelxp win_patch_office2004macver |
||
|
Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages, which trigger memory corruption. |
MS Universal Plug and Play Note: Authentication is required to detect this vulnerability |
win_patch_plugplayxp | ||
|
Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_agenturlparse | ||
|
The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which allows local users to gain privileges by modifying the "zero page" during a race condition before the view is unmapped. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_mupsys3 | ||
|
Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_csrss | ||
|
Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP SP2; and Server 2003 Gold, SP1, and SP2 allows user-assisted remote attackers to cause a denial of service (possibly persistent restart) via a crafted Windows Metafile (WMF) image that causes an invalid dereference of an offset in a kernel structure, a related issue to CVE-2005-4560. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_gdi07017 | ||
|
Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via a crafted Enhanced Metafile (EMF) image format file. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_gdi07017 | ||
|
The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_gdi07017 | ||
|
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_excel2000 win_patch_excel2003 win_patch_excelview win_patch_excelxp win_patch_office2004macver |
||
|
Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_gdi07017 | ||
|
Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding". |
Kerberos detected MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_kerberospkg misc_macosx_version |
||
|
Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based. |
MacOSX vulnerabilities tcpdump vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version misc_tcpdump |
||
|
McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak permissions (0666) for /Library/Application Support/Virex/VShieldExclude.txt, which allows local users to reconfigure Virex to skip scanning of arbitrary files. |
Virex vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_virexver | ||
|
VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 allow local users to change permissions of arbitrary files via a symlink attack on /Library/Application Support/Virex/VShieldExclude.txt, as demonstrated by symlinking to the root crontab file to execute arbitrary commands. |
Virex vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_virexver | ||
|
IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories. |
DB2 vulnerabilities |
database_db2ver | ||
|
Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface (port 8001/tcp), which is not properly handled in the administrator interface when viewing the log file. |
shoutcast vulnerabilities |
misc_shoutcast | ||
|
Buffer overflow in Symantec Mail Security for SMTP 5.0 before Patch 175 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted headers in an e-mail message. NOTE: some information was obtained from third party sources. |
Brightmail AntiSpam vulnerabilities |
mail_smtp_symantecms | ||
|
The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address. |
Cisco CatOS vulnerabilities Cisco vulnerabilities Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_catnam net_cisco_ios |
||
|
Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer. |
SquirrelMail vulnerabilities MacOSX vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_web_squirrel misc_macosx_version |
||
|
GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection. |
GnuPG vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_gnupg misc_gnupgsmime |
||
|
WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php. |
WordPress vulnerabilities |
web_prog_php_wordpresscrack | ||
|
Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and Server 6 allows remote attackers to inject arbitrary web script or HTML via a URL after a # (hash) in the URL path, as demonstrated using en/frameset-7.html, and possibly other unspecified vectors involving templates and (1) whstart.js and (2) whcsh_home.htm in WebHelp, (3) wf_startpage.js and (4) wf_startqs.htm in FlashHelp, or (5) WindowManager.dll in RoboHelp Server 6. |
Zimbra vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_zimbraver | ||
|
Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_seamonkey |
||
|
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388. |
MacOSX vulnerabilities PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version web_prog_php_version |
||
|
SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve." |
vBulletin vulnerabilities |
web_prog_php_vbulletin | ||
|
Stack-based buffer overflow in the IMAP service in MailEnable Enterprise and Professional Editions 2.37 and earlier allows remote authenticated users to execute arbitrary code via a long argument to the APPEND command. NOTE: this is probably different than CVE-2006-6423. |
MailEnable vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_imap_mailenable mail_imap_mailenableent |
||
|
Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference. |
Asterisk vulnerabilities Note: Authentication is required to detect this vulnerability |
net_asterisk | ||
|
ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference. |
Konqueror vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_konqueror | ||
|
The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. NOTE: it could be argued that this vulnerability is caused by a problem in PHP (CVE-2006-1549) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpMyAdmin. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter. |
Serendipity vulnerabilities |
web_prog_php_serendipity | ||
|
The virtual machine process (VMX) in VMware Workstation before 5.5.4 does not properly read state information when moving from the ACPI sleep state to the run state, which allows attackers to cause a denial of service (virtual machine reboot) via unknown vectors. |
VMware vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vmwareplayerver misc_vmwarewkstnver |
||
|
PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI. |
Apache module vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_mod_perlver | ||
|
Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 allows remote attackers to execute arbitrary code via a long username during HTTP Basic authentication. |
Netmail WebAdmin vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_tool_netmailwebadminbo | ||
|
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow. |
MacOSX vulnerabilities X11 vulnerabilities Safari vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version misc_x11 web_client_safari |
||
|
Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow. |
MacOSX vulnerabilities X11 vulnerabilities Safari vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version misc_x11 web_client_safari |
||
|
Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors. |
MacOSX vulnerabilities Apache Tomcat vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version web_dev_tomcatver |
||
|
Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616". |
MacOSX vulnerabilities Apache Tomcat vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version web_dev_tomcatver |
||
|
Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still processed as normal data by some HTTP parsers including PHP 5.2.0, and possibly parsers in Perl, and Python. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies." |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows remote attackers to execute arbitrary code via fragmented IPv6 packets due to "incorrect mbuf handling for ICMP6 packets." NOTE: this was originally reported as a denial of service. |
OpenBSD vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_openbsd_ipv6bo | ||
|
Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command. NOTE: this might be the same issue as CVE-2006-5961. |
Mercury vulnerabilities |
mail_imap_mercury | ||
|
Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
The ovrimos_longreadlen function in the Ovrimos extension for PHP before 4.4.5 allows context-dependent attackers to write to arbitrary memory locations via the result_id and length arguments. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
The ovrimos_close function in the Ovrimos extension for PHP before 4.4.5 can trigger efree of an arbitrary address, which might allow context-dependent attackers to execute arbitrary code. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destroyed twice, a related issue to CVE-2007-1286. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
The frag3 preprocessor in Snort 2.6.1.1, 2.6.1.2, and 2.7.0 beta, when configured for inline use on Linux without the ip_conntrack module loaded, allows remote attackers to cause a denial of service (segmentation fault and application crash) via certain UDP packets produced by send_morefrag_packet and send_overlap_packet. |
Snort vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_snort | ||
|
Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function. |
MySQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version | ||
|
The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC procedure arguments, which result in memory corruption, a different vulnerability than CVE-2006-6076. |
ARCserve vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_arcservetaperpccode | ||
|
The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service (disabled interface) by calling an unspecified RPC function. |
ARCserve vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_arcservetaperpccode | ||
|
The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which causes filter to write a null byte in whitespace that precedes the buffer. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML with a '<' character followed by certain whitespace characters, which passes one filter but is collapsed into a valid tag, as demonstrated using %0b. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories. |
MacOSX vulnerabilities PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version web_prog_php_version |
||
|
The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories. |
MacOSX vulnerabilities PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version web_prog_php_version |
||
|
Integer overflow in the WP6GeneralTextPacket::_readContents function in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file, a different vulnerability than CVE-2007-0002. |
libwpd vulnerabilities OpenOffice vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_lib_libwpdver misc_openoffice |
||
|
Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php. |
Horde vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_horde | ||
|
Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames. |
Horde vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_horde | ||
|
The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operation after array_user_key_compare has been called. |
MacOSX vulnerabilities PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version web_prog_php_version |
||
|
Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ActiveX control (SiteManager.dll) in the ePO management console in McAfee ePolicy Orchestrator (ePO) before 3.6.1 Patch 1 and ProtectionPilot (PRP) before 1.5.0 HotFix allow remote attackers to execute arbitrary code via a long argument to the (1) ExportSiteList and (2) VerifyPackageCatalog functions, and (3) unspecified vectors involving a swprintf function call. |
McAfee ePolicy Orchestrator Note: Authentication is required to detect this vulnerability |
web_tool_epolicysmax | ||
|
Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_v7 | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via (1) the email Subject header in thread.php, (2) the edit_query parameter in search.php, or other unspecified parameters in search.php. NOTE: some of these details are obtained from third party information. |
Horde IMP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_web_imp | ||
|
SQL injection vulnerability in usergroups.php in Woltlab Burning Board (wBB) 2.x allows remote attackers to execute arbitrary SQL commands via the array index of the applicationids array. |
Woltlab Burning Board vulnerabilities |
web_prog_php_woltlabbbversion | ||
|
Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation. |
MacOSX vulnerabilities PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version web_prog_php_version |
||
|
Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL (%00) character to protect against directory traversal attacks, which allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence in the login parameter. |
SQLLedger vulnerabilities |
web_prog_cgi_sqlledgerexec | ||
|
The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products. |
GNOME Evolution vulnerabilities Mozilla Thunderbird vulnerabilities MacOSX vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_evolution mail_client_thunderbird misc_macosx_version web_client_seamonkey |
||
|
The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error. |
Squid vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_proxy_squid | ||
|
The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address. |
Asterisk vulnerabilities Note: Authentication is required to detect this vulnerability |
net_asterisk | ||
|
The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox | ||
|
The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. |
Opera vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_opera9 | ||
|
The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. |
Konqueror vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_konqueror | ||
|
Konqueror 3.5.5 allows remote attackers to cause a denial of service (crash) by using JavaScript to read a child iframe having an ftp:// URI. |
Konqueror vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_konqueror | ||
|
Stack-based buffer overflow in War FTP Daemon 1.65, and possibly earlier, allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors, as demonstrated by warftp_165.tar by Immunity. NOTE: this might be the same issue as CVE-1999-0256, CVE-2000-0131, or CVE-2006-2171, but due to Immunity's lack of details, this cannot be certain. |
WarFTPd server vulnerabilities |
ftp_warftpd | ||
|
Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) unspecified vectors to the (a) calendar and (2) search modules, and an (2) unspecified cookie when the user logs out. |
PHProjekt vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_phprojektver | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Search (only Gecko engine driven Browsers), and (5) Notes modules; the (6) Mail summary page; and unspecified other files. |
PHProjekt vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_phprojektver | ||
|
Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow. |
MERCUR vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
mail_imap_mercur | ||
|
Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command. |
MERCUR vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_imap_mercur | ||
|
The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify internal resources. NOTE: it was later reported that PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 are also affected. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting certain functions in the GD (ext/gd) extension and unspecified other extensions via a userspace error handler, which can be used to destroy and modify internal resources. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation. |
MacOSX vulnerabilities PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version web_prog_php_version |
||
|
Buffer underflow in the header function in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by passing an all-whitespace string to this function, which causes it to write '\0' characters in whitespace that precedes the string. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet. |
Asterisk vulnerabilities Note: Authentication is required to detect this vulnerability |
net_asterisk | ||
|
Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the check_csrftoken function in lib/lib.inc.php in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote attackers to perform unauthorized actions as an arbitrary user via the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Notes, (5) Search, (6) Mail, or (7) Filemanager module; the (9) summary page; or unspecified other files. |
PHProjekt vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_phprojektver | ||
|
Unrestricted file upload vulnerability in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allows remote authenticated users to upload and execute arbitrary PHP code via a file with an executable extension, which is then accessed by the (1) calendar or (2) file management module, or possibly unspecified other files. |
PHProjekt vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_phprojektver | ||
|
PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe). |
Windows Mail vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_windowsmail | ||
|
Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes. |
PCRE vulnerabilities MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_lib_pcrever misc_macosx_version |
||
|
Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code. |
PCRE vulnerabilities MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_lib_pcrever misc_macosx_version |
||
|
Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns. |
PCRE vulnerabilities MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_lib_pcrever misc_macosx_version |
||
|
Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references. |
PCRE vulnerabilities MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_lib_pcrever misc_macosx_version |
||
|
Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow. |
ImageMagick vulnerabilities MacOSX vulnerabilities X11 vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_imagemagick misc_macosx_version misc_x11 |
||
|
Panda Software Antivirus before 20070402 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. |
Panda Antivirus vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_pandazoodos | ||
|
avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. |
Avira Antivir Antivirus vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_avira_packver | ||
|
avast! antivirus before 4.7.981 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. |
Avast vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_avasthomepro | ||
|
Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in LANDesk Management Suite 8.7 allows remote attackers to execute arbitrary code via a crafted packet to port 65535/UDP. |
LANDesk Management Suite vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_landesksuiteoverflow | ||
|
Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server (nimap.exe) in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service via a long username. |
Lotus Domino IMAP vulnerabilities |
mail_imap_domino | ||
|
Stack-based buffer overflow in the createAndJoinConference function in the AudioConf ActiveX control (yacscom.dll) in Yahoo! Messenger before 20070313 allows remote attackers to execute arbitrary code via long (1) socksHostname and (2) hostname properties. |
Yahoo Messenger vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_yahoomsgrver | ||
|
Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog. |
Java Web Console vulnerabilities |
web_tool_javawebconsolever | ||
|
Stack-based buffer overflow in the DoWebMenuAction function in the IncrediMail IMMenuShellExt ActiveX control (ImShExt.dll) allows remote attackers to execute arbitrary code via unspecified vectors. |
IncrediMail vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_incredimailax | ||
|
The Run function in SolidWorks sldimdownload ActiveX control in sldimdownload.dll before 16.0.0.6 allows remote attackers to execute arbitrary commands via the (1) installerpath and (2) applicationarguments arguments. |
SolidWorks vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_solidworksax | ||
|
Buffer overflow in the PhPInfo ActiveX control in PhPCtrl.dll in Callisto PhotoParade Player allows remote attackers to execute arbitrary code via the FileVersionof property. |
Callisto Photo Parade vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_photoparadeax | ||
|
The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet Explorer. NOTE: it could be argued that if an attacker already has control over WINS/DNS, then web traffic could already be intercepted by modifying WINS or DNS records, so this would not cross privilege boundaries and would not be a vulnerability. It has also been reported that DHCP is an alternate attack vector. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_v5 win_patch_ie_v6 win_patch_ie_v7 |
||
|
The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the session_register after unsetting HTTP_SESSION_VARS and _SESSION, which destroys the session data Hashtable. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701 (MOPB-31-2007). |
MacOSX vulnerabilities PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version web_prog_php_version |
||
|
The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be security-relevant in cases when the trailing contents of e-mail messages are important, such as logging information or if the message is expected to be well-formed. |
MacOSX vulnerabilities PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version web_prog_php_version |
||
|
CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a "\r\n\t\n" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long (1) /cgi-bin/ or (2) /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112. |
NaviCOPA vulnerabilities |
web_server_navicopaver | ||
|
Stack-based buffer overflow in Corel WordPerfect Office X3 (13.0.0.565) allows user-assisted remote attackers to execute arbitrary code via a long printer selection (PRS) name in a Wordperfect document. |
WordPerfect vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_wordperfect_prs | ||
|
Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection. |
Opera vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_opera9 | ||
|
Heap-based buffer overflow in the LDAP server in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service (crash) via a long, malformed DN request, which causes only the lower 16 bits of the string length to be used in memory allocation. |
Lotus Domino LDAP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_ldapdominodn | ||
|
Directory traversal vulnerability in the Shared Folders feature for VMware Workstation before 5.5.4, when a folder is shared, allows users on the guest system to write to arbitrary files on the host system via the "Backdoor I/O Port" interface. |
VMware vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vmwarewkstnver | ||
|
The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information. |
ClamAV vulnerabilities MacOSX vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam misc_macosx_version |
||
|
Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_office2000 win_patch_office2002 win_patch_office2003 win_patch_office2004macver win_patch_office2007 |
||
|
Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences. |
Windows DNS vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
dns_rpcmibo | ||
|
Integer underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX.DLL), as used in Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code via compressed content with an invalid buffer size, which triggers a heap-based buffer overflow. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_vmlver | ||
|
Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_v6 | ||
|
Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_v5 win_patch_ie_v6 win_patch_ie_v7 |
||
|
PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability". |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_publisher2007 | ||
|
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability". |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_excel2000 win_patch_excel2003 win_patch_excel2007 win_patch_excelview win_patch_excelxp win_patch_office2004macver |
||
|
Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request. |
ARCserve vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_arcserve191 | ||
|
libdayzero.dll in the Filter Hub Service (filter-hub.exe) in Symantec Mail Security for SMTP before 5.0.1 Patch 181 and Mail Security Appliance before 5.0.0-36 allows remote attackers to cause a denial of service (crash) via a crafted executable attachment in an e-mail, involving the detection of "PE-Shield v0.2" and "ASPack v1.00-1.08.02". |
Brightmail AntiSpam vulnerabilities |
mail_smtp_symantecms | ||
|
Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667. |
ImageMagick vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_imagemagick | ||
|
Stack-based buffer overflow in the SPIDERLib.Loader ActiveX control (Spider90.ocx) 9.1.0.4353 in TestDirector (TD) for Mercury Quality Center 9.0 before Patch 12.1, and 8.2 SP1 before Patch 32, allows remote attackers to execute arbitrary code via a long ProgColor property. |
HP Mercury Quality Center vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_mercuryqcax | ||
|
Buffer overflow in the php_stream_filter_create function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service (application crash) via a php://filter/ URL that has a name ending in the '.' character. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts. |
Oracle vulnerabilities Apache Tomcat vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_httpserver web_dev_tomcatver |
||
|
mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450. |
MacOSX vulnerabilities Apache module vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version web_mod_jkver |
||
|
The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information. |
Apache vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_apache_version | ||
|
cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value. |
MacOSX vulnerabilities Apache vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version web_server_apache_version |
||
|
Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
The management service in IBM Tivoli Provisioning Manager for OS Deployment before 5.1 Fix Pack 2 does not properly handle multipart/form-data in HTTP POST requests, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via crafted POST requests to port 8080/tcp or 443/tcp. |
Tivoli Provisioning Manager vulnerabilities |
misc_tivolipm | ||
|
lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption. |
Lighttpd vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_lighttpd_version | ||
|
lighttpd before 1.4.14 allows attackers to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference. |
Lighttpd vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_lighttpd_version | ||
|
VMware Workstation before 5.5.4, when running a 64-bit Windows guest on a 64-bit host, allows local users to "corrupt the virtual machine's register context" by debugging a local program and stepping into a "syscall instruction." |
VMware vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vmwareplayerver misc_vmwarewkstnver |
||
|
VMware Workstation before 5.5.4 allows attackers to cause a denial of service against the guest OS by causing the virtual machine process (VMX) to store malformed configuration information. |
VMware vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vmwareplayerver misc_vmwarewkstnver |
||
|
The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command. NOTE: this issue might be related to CVE-2007-1112. |
Kaspersky AntiVirus vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_kaspersky_avver | ||
|
Integer overflow in the _NtSetValueKey function in klif.sys in Kaspersky Anti-Virus, Anti-Virus for Workstations, Anti-Virus for File Server 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows context-dependent attackers to execute arbitrary code via a large, unsigned "data size argument," which results in a heap overflow. |
Kaspersky AntiVirus vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_kaspersky_avfsver misc_av_kaspersky_avver misc_av_kaspersky_avworkver |
||
|
Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows local users to gain Ring-0 privileges via unspecified vectors. |
Kaspersky AntiVirus vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_kaspersky_avfsver misc_av_kaspersky_avver misc_av_kaspersky_avworkver |
||
|
PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to read arbitrary memory locations via an interruption that triggers a user space error handler that changes a parameter to an arbitrary pointer, as demonstrated via the iptcembed function, which calls certain convert_to_* functions with its input parameters. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers that arise in the php_formatted_print function because of 64 to 32 bit truncation, and bypass a check for the maximum allowable value; and (2) a width and precision of -1, which make it possible for the php_sprintf_appendstring function to place an internal buffer at an arbitrary memory location. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Integer overflow in the str_replace function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via a single character search string in conjunction with a long replacement string, which overflows a 32 bit length counter. NOTE: this is probably the same issue as CVE-2007-0906.6. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Integer overflow in the str_replace function in PHP 4.4.5 and PHP 5.2.1 allows context-dependent attackers to have an unknown impact via a single character search string in conjunction with a single character replacement string, which causes an "off by one overflow." |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite without this vulnerability. The SQLite developer has argued that this issue could be due to a misuse of the sqlite_decode_binary() API. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Integer signedness error in the _zend_mm_alloc_int function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a call to msg_receive with the largest positive integer value of maxsize. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1, on FreeBSD and possibly other platforms, allows context-dependent attackers to execute arbitrary code via certain maxsize values, as demonstrated by 0xffffffff. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Stack-based buffer overflow in the GetPrivateProfileSectionW function in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) after 2.0.4.4 but before 2.2.1.0 allows remote attackers to execute arbitrary code, related to misinterpretation of the nSize parameter as a byte count instead of a wide character count. |
Akamai Download Manager vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_akamaidmax | ||
|
Stack-based buffer overflow in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) before 2.2.1.0 allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2007-1891. |
Akamai Download Manager vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_akamaidmax | ||
|
xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post." |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address string. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation. |
AOL Instant Messenger Note: Authentication is required to detect this vulnerability |
misc_aol_imver | ||
|
Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_word2000 win_patch_word2003 win_patch_word2007 win_patch_wordview2003 win_patch_wordxp |
||
|
Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_winhlp2 | ||
|
LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a crafted .MAT file that contains a value that is used as an offset, which triggers memory corruption. |
Winamp vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_winamp | ||
|
The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption. |
Winamp vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_winamp | ||
|
(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0. |
SQLLedger vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_cgi_sqlledger | ||
|
Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter. |
CMailServer vulnerability |
mail_web_cmailsignup2 | ||
|
SQL injection vulnerability in ubbthreads.php in Groupee UBB.threads 6.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the C parameter. |
UBB threads vulnerabilities |
web_prog_sql_ubb1 | ||
|
Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927. |
CMailServer vulnerability |
mail_web_cmailsignup1 | ||
|
bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read. |
Zebra Quagga Routing Suite Note: Authentication is recommended to improve the accuracy of this check |
net_quagga | ||
|
Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow. |
ClamAV vulnerabilities MacOSX vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam misc_macosx_version |
||
|
Double free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command. |
bftpd vulnerabilities |
ftp_bftpdver | ||
|
Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet. |
Flash vulnerabilities Konqueror vulnerabilities Opera vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_flash web_client_konqueror web_client_opera9 |
||
|
Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures. |
RADIUS vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_freeradius | ||
|
File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file. |
ClamAV vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam | ||
|
The SNMP implementation in the Cisco Wireless LAN Controller (WLC) before 20070419 uses the default read-only community public, and the default read-write community private, which allows remote attackers to read and modify SNMP variables, aka Bug ID CSCse02384. |
Guessable Read Community Guessable Write Community |
net_snmp_read net_snmp_write |
||
|
Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable. |
bftpd vulnerabilities |
ftp_bftpdver | ||
|
Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination. |
Python vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_python | ||
|
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue occurs because the NTLM SSPI AcceptSecurityContext function grants privileges based on the username provided even though all users are authenticated as Guest, which allows remote attackers to gain privileges. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) Rules Manager and Expression Filter components (DB02) and (2) Oracle Streams (DB06). Note: as of 20070424, Oracle has not disputed reliable claims that DB02 is for a race condition in the RLMGR_TRUNCATE_MAINT trigger in the Rules Manager and Expression Filter components changing the AUTHID of a package from DEFINER to CURRENT_USER after a TRUNCATE call, and DB06 is for SQL injection in the DBMS_APPLY_USER_AGENT.SET_REGISTRATION_HANDLER procedure, which is later passed to the DBMS_APPLY_ADM_INTERNAL.ALTER_APPLY procedure, aka "Oracle Streams". |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB03 occurs because RDBMS uses a NULL Discretionary Access Control List (DACL) for the Oracle process and certain shared memory sections, which allows local users to inject threads and execute arbitrary code via the OpenProcess, OpenThread, and SetThreadContext functions (DB03). |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitrary SQL commands via unknown vectors, aka DB04. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB04 is actually for multiple vulnerabilities. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in the Authentication component for Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and attack vectors, aka DB05. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue allows remote authenticated users to bypass the AUTH_ALTER_SESSION security policies via a logon trigger ("AFTER LOGON ON DATABASE" trigger directive), a related issue to CVE-2006-0547. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
SQL injection vulnerability in the Upgrade/Downgrade component (DBMS_UPGRADE_INTERNAL) for Oracle Database 10.1.0.5 allows remote authenticated users to execute arbitrary SQL commands via unknown vectors, aka DB07. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB07 is actually for multiple issues. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors, related to (1) Change Data Capture (CDC), aka DB08, and (2) Oracle Instant Client, aka DB11. NOTE: as of 20070424, oracle has not disputed reliable claims that these issues are buffer overflows using a long CHANGE_TABLE_NAME parameter to the DBMS_CDC_IPUBLISH.CHGTAB_CACHE procedure (DB08) and Oracle Instant Client genezi utility (DB11). |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors, aka DB09. NOTE: as of 20070424, oracle has not disputed reliable claims that this issue involves multiple SQL injection vulnerabilities in the DBMS_CDC_PUBLISH with remote authenticated vectors involving the "java classes in CDC.jar." |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors, aka DB10. NOTE: as of 20070424, Oracle has not disputed claims that these are buffer overflows in kkzi.o for the SYS.DBMS_SNAP_INTERNAL package using the (1) SNAP_OWNER or (2) SNAP_NAME parameters. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in the Oracle Text component in Oracle Database 9.0.1.5+ and 9.2.0.5 has unknown impact and attack vectors, aka DB12. NOTE: as of 20070424, Oracle has not disputed reliable claims that this involves a buffer overflow in the ctxsrv server daemon. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in the Upgrade/Downgrade component of Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors, aka DB13. NOTE: as of 20070424, Oracle has not disputed reliable claims that this is a buffer overflow involving the "mig utility." |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary HTML or web script via the EXPTYPE parameter, aka SES01. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
The Oracle Discoverer servlet in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to shut down an Oracle TNS Listener via a TNS STOP command in a request that uses the database/TNS alias, aka AS01. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in the COREid Access component in Oracle Application Server 7.0.4.4 has unknown impact and attack vectors, aka AS02. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in the Wireless component in Oracle Application Server 9.0.4.3 has unknown impact and attack vectors, aka AS03. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.3 up to 10.1.3.2.0, 10.1.2 up to 10.1.2.2.0, and 9.0.4.3 has unknown impact and attack vectors, aka AS04. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.4.1.0 has unknown impact and remote attack vectors, aka AS05. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in the Agent component in Oracle Enterprise Manager 9.2.0.8 has unknown impact and remote attack vectors, aka EM01. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in Workflow Cartridge, as used in Oracle Database Server 9.2.0.1, 10.1.0.2, and 10.2.0.1; Application Server 9.0.4.3 and 10.1.2.0.2; Collaboration Suite 10.1.2; and E-Business Suite; has unknown impact and remote authenticated attack vectors, aka OWF01. |
Oracle vulnerabilities Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias database_oracle_version |
||
|
Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express 6.1.0 before Fix Pack 2, as used in Tivoli Universal Agent, Windows OS Monitoring agent, and Enterprise Portal Server, allows remote attackers to execute arbitrary code by sending a long string to a certain TCP port. |
Tivoli Monitoring Express vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_tivolimonitoringexp | ||
|
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings." |
PostgreSQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_pgsql | ||
|
Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785. |
ARCserve vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_arcserve240 | ||
|
Buffer overflow in the On-Access Scanner in McAfee VirusScan Enterprise before 8.0i Patch 12 allows user-assisted remote attackers to execute arbitrary code via a long filename containing multi-byte (Unicode) characters. |
McAfee VirusScan vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_mcafeevsonaccess | ||
|
Cross-site scripting (XSS) vulnerability in atmail.php in @Mail 5.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter. |
AtMail vulnerabilities |
mail_web_atmail | ||
|
The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd. |
ProFTPD vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
ftp_proftp | ||
|
Stack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request. |
Novell GroupWise vulnerabilities |
mail_web_groupwiseauthbo mail_web_groupwisever |
||
|
The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Engine (SRE) in Check Point ZoneAlarm before 5.0.156.0 allows local users to execute arbitrary code via certain IOCTL lrp parameter addresses. |
ZoneAlarm vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_firewall_za_srescan | ||
|
Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file. |
Winamp vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_winamp | ||
|
Stack-based buffer overflow in eXtremail 2.1.1 and earlier allows remote attackers to execute arbitrary code via a long DNS response. NOTE: this might be related to CVE-2006-6926. |
eXtremail vulnerabilities |
mail_imap_extremail | ||
|
eXtremail 2.1.1 and earlier does not verify the ID field (aka transaction id) in DNS responses, which makes it easier for remote attackers to conduct DNS spoofing. |
eXtremail vulnerabilities |
mail_imap_extremail | ||
|
Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build 108, Pro 8.1 Build 99, and Photo Editor 4.0 Build 195 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information. |
ACDSee vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_acdseexpm | ||
|
SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action. |
MyBB vulnerabilities |
web_prog_sql_mybbday | ||
|
The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 uses an incorrect IObjectsafety implementation, which allows remote attackers to execute arbitrary code by requesting the HelpString property, involving a crafted DLL file argument to the TypeLibInfoFromFile function, which overwrites the HelpStringDll property to call the DLLGetDocumentation function in another DLL file, aka "ActiveX Object Vulnerability." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_v5 win_patch_ie_v6 win_patch_ie_v7 |
||
|
Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_kodakimg | ||
|
Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_schannel | ||
|
Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_win32api | ||
|
Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 on Windows Vista allows remote attackers to overwrite arbitrary files via unspecified vectors, aka the "Arbitrary File Rewrite Vulnerability." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_v5 win_patch_ie_v6 win_patch_ie_v7 |
||
|
Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_v5 win_patch_ie_v6 win_patch_ie_v7 |
||
|
Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow. |
Microsoft Office vulnerabilities Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_office2007xmlcorever win_patch_officexmlcorever win_patch_xmlcorever |
||
|
Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow. |
Microsoft Office vulnerabilities Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_office2004macver win_patch_oleautomation |
||
|
A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability." |
Outlook and Outlook Express Windows Mail vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_oe mail_client_windowsmail |
||
|
The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability." |
Outlook and Outlook Express Windows Mail vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_oe mail_client_windowsmail |
||
|
rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak. |
Windows updates needed Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
win_patch_rpcauthdos | ||
|
Microsoft Windows Vista uses insecure default permissions for unspecified "local user information data stores" in the registry and the file system, which allows local users to obtain sensitive information such as administrative passwords, aka "Permissive User Information Store ACLs Information Disclosure Vulnerability." |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_vistaid | ||
|
Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_gdiplus2 | ||
|
The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), does not properly validate digital signatures of downloaded software, which makes it easier for remote attackers to spoof a download. |
Lenovo vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_lenovoax | ||
|
Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the query_addsoa function. |
DNS vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
dns_bindver | ||
|
The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483. |
OpenSSH vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
shell_ssh_openssh | ||
|
Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator CS3, and GoLive 9 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) BMP, (2) DIB, or (3) RLE file. |
Adobe Photoshop vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_adobe_photoshopbmp | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function. |
phpMyAdmin vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Phorum before 5.1.22 allow remote attackers to inject arbitrary web script or HTML via the (1) group_id parameter in the groups module or (2) the smiley_id parameter in the smileys modsettings module. |
Phorum vulnerabilities |
web_prog_php_phorumver | ||
|
include/controlcenter/users.php in Phorum before 5.1.22 allows remote authenticated moderators to gain privileges via a modified (1) user_ids POST parameter or (2) userdata array. |
Phorum vulnerabilities |
web_prog_php_phorumver | ||
|
admin.php in Phorum before 5.1.22 allows remote attackers to obtain the full path via the module[] parameter. |
Phorum vulnerabilities |
web_prog_php_phorumver | ||
|
Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file with malformed record headers. |
RealPlayer vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_reallinux misc_realplayercategory_macver misc_realplayercategory_rmffheap |
||
|
Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM (.ra or .ram) file with a large size value in the RA header. |
RealPlayer vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_reallinux misc_realplayercategory_macver misc_realplayercategory_rmffheap |
||
|
The BitTorrent implementation in Opera 9.2 allows remote attackers to cause a denial of service (CPU consumption and application crash) via a malformed torrent file. NOTE: the original disclosure refers to this as a memory leak, but it is not certain. |
Opera vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_opera9 | ||
|
The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution. |
VERITAS Storage vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vsfss | ||
|
CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple Quicktime 7.1.5 and other versions before 7.2 allows remote attackers to execute arbitrary code via a crafted H.264 MOV file. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Integer overflow in the FlipFileTypeAtom_BtoN function in Apple Quicktime 7.1.5, and other versions before 7.2, allows remote attackers to execute arbitrary code via a crafted M4V (MP4) file. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
MiniShare 1.5.4, and possibly earlier, allows remote attackers to cause a denial of service (application crash) via a flood of requests for new connections. |
MiniShare vulnerability |
web_server_minishare | ||
|
Multiple format string vulnerabilities in FileZilla before 2.2.32 allow remote attackers to execute arbitrary code via format string specifiers in (1) FTP server responses or (2) data sent by an FTP server. NOTE: some of these details are obtained from third party information. |
FileZilla client vulnerabilities Note: Authentication is required to detect this vulnerability |
ftp_filezillaclient | ||
|
Cross-site request forgery (CSRF) vulnerability in include/admin/banlist.php in Phorum before 5.1.22 allows remote attackers to perform unauthorized banlist deletions as an administrator via the delete parameter. |
Phorum vulnerabilities |
web_prog_php_phorumver | ||
|
Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via (1) a modified recipients parameter name in (a) pm.php; (2) the curr parameter to the (b) badwords (aka censorlist) or (c) banlist module in admin.php; or (3) the "Edit groups / Add group" field in the (d) groups module in admin.php. |
Phorum vulnerabilities |
web_prog_php_phorumver | ||
|
Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files. |
Invision Power Board |
web_prog_php_ipbversion | ||
|
Buffer overflow in Adobe Photoshop CS2 and CS3, Photoshop Elements 5.0, Illustrator CS3, and GoLive 9 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file. |
Adobe Photoshop vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_adobe_photoshop | ||
|
Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page. |
Safari vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_safari | ||
|
Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via a crafted movie file that triggers memory corruption. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
The design of QuickTime for Java in Apple Quicktime before 7.2 allows remote attackers to bypass certain security controls and write to process memory via Java applets, possibly leading to arbitrary code execution. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Unspecified vulnerability in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a crafted image description atom in a movie file, related to "memory corruption." |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
The JDirect support in QuickTime for Java in Apple Quicktime before 7.2 exposes certain dangerous interfaces, which allows remote attackers to execute arbitrary code via crafted Java applets. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
QuickTime for Java in Apple Quicktime before 7.2 does not properly check permissions, which allows remote attackers to disable security controls and execute arbitrary code via crafted Java applets. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks. |
Safari vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_safari | ||
|
WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects. |
Safari vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_safari | ||
|
CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
QuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information (screen content) via crafted Java applets. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 does not properly validate ftp: URIs, which allows remote attackers to trigger the transmission of arbitrary FTP commands to arbitrary FTP servers. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Integer underflow in Preview in PDFKit on Apple Mac OS X 10.4.10 allows remote attackers to execute arbitrary code via a crafted PDF file. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Quartz Composer on Apple Mac OS X 10.4.10 does not initialize a certain object pointer, which might allow user-assisted remote attackers to execute arbitrary code via a crafted Quartz Composer file. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows file sharing is enabled, does not enforce disk quotas after dropping privileges, which allows remote authenticated users to use disk space in excess of quota. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly recognize an unchecked "Enable Java" setting, which allows remote attackers to execute Java applets via a crafted web page. |
MacOSX vulnerabilities Safari vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version web_client_safari |
||
|
Cross-domain vulnerability in WebCore on Apple Mac OS X 10.3.9 and 10.4.10 allows remote attackers to obtain sensitive information via a popup window, which is able to read the current URL of the parent window. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of certain global objects when a new URL is visited in the same window, which allows remote attackers to conduct cross-site scripting (XSS) attacks. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
MyServer before 0.8.8 allows remote attackers to cause a denial of service via unspecified vectors. |
MyServer vulnerabilities |
web_server_myserver | ||
|
Heap-based buffer overflow in the Rendezvous / Extensible Messaging and Presence Protocol (XMPP) component (plugins\rendezvous.dll) for Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to execute arbitrary code via a message that triggers the overflow from expansion that occurs during encoding. |
Trillian vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_trillian | ||
|
Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files. |
Java Web Start Java Plugin vulnerability Note: Authentication is required to detect this vulnerability |
misc_javawebstart web_client_jre |
||
|
Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to cause a denial of service (device hang) and read data from a COM or LPT device via a DOS device name with an arbitrary extension. |
Resin vulnerabilities |
web_dev_resin | ||
|
Directory traversal vulnerability in Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to read certain files via a .. (dot dot) in a URI containing a "\web-inf" sequence. |
Resin vulnerabilities |
web_dev_resin | ||
|
Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to obtain the system path via certain URLs associated with (1) deploying web applications or (2) displaying .xtp files. |
Resin vulnerabilities |
web_dev_resin | ||
|
The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup. |
Kerberos detected MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability unless dangerous checks are enabled |
misc_kadmindmemcrpt misc_kerberospkg misc_macosx_version |
||
|
Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value. |
Kerberos detected MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability unless dangerous checks are enabled |
misc_kadmindmemcrpt misc_kerberospkg misc_macosx_version |
||
|
Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user. |
Samba vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
win_samba | ||
|
The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names). |
MacOSX vulnerabilities Xerox MicroServer vulnerabilities Samba vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version web_tool_xerox_workcentrever win_samba |
||
|
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management. |
MacOSX vulnerabilities Xerox MicroServer vulnerabilities Samba vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version web_tool_xerox_workcentrever win_samba |
||
|
Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence. |
MacOSX vulnerabilities Apache Tomcat vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version web_dev_tomcatver |
||
|
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors. |
MacOSX vulnerabilities Apache Tomcat vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version web_dev_tomcatver |
||
|
ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions and other products, allows local users to cause a denial of service (system crash) by sending malformed data to the vsdatant device driver, which causes an invalid memory access. |
ZoneAlarm vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_firewall_za_prover | ||
|
Multiple heap-based buffer overflows in the IRC component in Cerulean Studios Trillian Pro before 3.1.5.1 allow remote attackers to corrupt memory and possibly execute arbitrary code via (1) a URL with a long UTF-8 string, which triggers the overflow when the user highlights it, or (2) a font HTML tag with a face attribute containing a long UTF-8 string. |
Trillian vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_trillian | ||
|
Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker. |
Trillian vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_trillian | ||
|
PHP remote file inclusion vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter. |
PHP injection |
web_prog_php_wordtube | ||
|
libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file. NOTE: some of these details are obtained from third party information. |
Winamp vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_winamp | ||
|
Stack-based buffer overflow in InterVations MailCOPA 8.01 20070323 allows user-assisted remote attackers to execute arbitrary code via a long command line argument, as demonstrated by a long string in the subject field in a mailto URI. NOTE: some of these details are obtained from third party information. |
MailCOPA vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_mailcopa | ||
|
Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2 Build 1174 allow remote attackers to execute arbitrary code via crafted data to (1) TCP port 5168, which triggers an overflow in the CAgRpcClient::CreateBinding function in the AgRpcCln.dll library in SpntSvc.exe; or (2) TCP port 3628, which triggers an overflow in EarthAgent.exe. NOTE: both issues are reachable via TmRpcSrv.dll. |
Trend Micro vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_av_trendmicro_sprotectearth | ||
|
CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 post-SP6 20070522, allows remote attackers to obtain credentials via a man-in-the-middle attack. |
Novell GroupWise vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_groupwise_clientver | ||
|
Stack-based buffer overflow in the inoweb Console Server in CA Anti-Virus for the Enterprise r8, Threat Manager r8, Anti-Spyware for the Enterprise r8, and Protection Suites r3 allows remote attackers to execute arbitrary code via a long (1) username or (2) password. |
CA eTrust ITM vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_av_caetrustitm | ||
|
CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0. |
CA eTrust ITM vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_av_caetrustitm | ||
|
Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to (1) cart.php or (2) index.php. |
CubeCart vulnerabilities |
web_prog_php_cubecartver | ||
|
MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, which allows remote authenticated administrators to have an unknown impact via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
Mambo vulnerabilities |
web_cms_mambo | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_sharepointelev | ||
|
Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a denial of service via (2) an invalid LANG parameter or (2) a long packet that generates a "MemTree overflow." |
DB2 vulnerabilities |
database_db2ver | ||
|
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. |
MySQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version | ||
|
Buffer overflow in the IsOldAppInstalled function in the McSubMgr.McSubMgr Subscription Manager ActiveX control (MCSUBMGR.DLL) in McAfee SecurityCenter before 6.0.25 and 7.x before 7.2.147 allows remote attackers to execute arbitrary code via a crafted argument. |
McAfee Security Center vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_mcafeesubmgr | ||
|
The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that involves access to a VTY device and overflows a buffer, aka bug ID CSCek55259. |
Cisco FTP vulnerability |
net_cisco_ftp | ||
|
The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote authenticated users to cause a denial of service (IOS reload) via unspecified vectors involving transferring files (aka bug ID CSCse29244). |
Cisco FTP vulnerability |
net_cisco_ftp | ||
|
Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element. |
SquirrelMail vulnerabilities MacOSX vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_web_squirrel misc_macosx_version |
||
|
Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1) usrmgr/userList.asp or (2) usrmgr/userStatusList.asp. |
Nokia Intellisync Mobile Suite vulnerabilities |
web_prog_asp_mobilesuitedos | ||
|
usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to modify user account details and cause a denial of service (account deactivation) via the userid parameter in an update action. |
Nokia Intellisync Mobile Suite vulnerabilities |
web_prog_asp_mobilesuitedos | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files. |
Nokia Intellisync Mobile Suite vulnerabilities |
web_prog_asp_mobilesuitexss | ||
|
Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login credentials for the most recent login within process memory, which allows local administrators to obtain the credentials by reading process memory, a different vulnerability than CVE-2006-3785. |
pcAnywhere vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_pcanywherever | ||
|
The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file. |
ClamAV vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam | ||
|
Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a format string vulnerability that allows remote code execution. |
SurgeMail vulnerabilities |
mail_web_surge | ||
|
Stack-based buffer overflow in the Hewlett-Packard (HP) Magview ActiveX control in hpqvwocx.dll 1.0.0.309 allows remote attackers to cause a denial of service (application crash) and possibly have other impact via a long argument to the DeleteProfile method. |
Photosmart AllinOne vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_hpphotosmart | ||
|
Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of service (application crash) via a long hostname in an HREF attribute in an A element, which triggers an out-of-bounds memory access. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox | ||
|
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. |
MySQL vulnerabilities MacOSX vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version misc_macosx_version |
||
|
The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges. |
MySQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version | ||
|
MySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement. |
MySQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version | ||
|
Cross-site scripting (XSS) vulnerability in the WebMail system in Stalker CommuniGate Pro 5.1.8 and earlier, when using Microsoft Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via crafted STYLE tags. |
CommuniGate WebMail vulnerabilities |
mail_web_communigate | ||
|
The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-dependent attackers to decrypt certain data more easily because of the guessable encryption keys. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. |
ZoneAlarm vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_firewall_za_prover | ||
|
The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow. |
MacOSX vulnerabilities OpenOffice vulnerabilities Safari vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version misc_openoffice web_client_safari |
||
|
The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243. |
OpenSSH vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
shell_ssh_openssh | ||
|
Stack-based buffer overflow in Eudora 7.1 allows user-assisted, remote SMTP servers to execute arbitrary code via a long SMTP reply. NOTE: the user must click through a warning about a possible buffer overflow exploit to trigger this issue. |
Eudora vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_eudora | ||
|
(1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and rwxdr.dll) in CA BrightStor Backup 11.5.2.0 SP2 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted RPC packet. |
ARCserve vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_arcservecaloggerd | ||
|
Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow. |
Java Plugin vulnerability Note: Authentication is required to detect this vulnerability |
web_client_jre web_dev_jdk |
||
|
The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty. |
Java Plugin vulnerability Note: Authentication is required to detect this vulnerability |
web_client_jre web_dev_jdk |
||
|
Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal. |
Kerberos detected MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability unless dangerous checks are enabled |
misc_kadmindmemcrpt misc_kerberospkg misc_macosx_version |
||
|
Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same issue as CVE-2007-2274. |
Opera vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_opera9 | ||
|
Cisco IOS 12.4 and earlier, when using the crypto packages and SSL support is enabled, allows remote attackers to cause a denial of service via a malformed (1) ClientHello, (2) ChangeCipherSpec, or (3) Finished message during an SSL session. |
Cisco SSL vulnerability Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ssl | ||
|
SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in ReadMsg.php in @Mail 5.02 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) links and (2) images. |
AtMail vulnerabilities |
mail_web_atmail | ||
|
The 802.11 network stack in net80211/ieee80211_input.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system hang) via a crafted length field in nested 802.3 Ethernet frames in Fast Frame packets, which results in a NULL pointer dereference. |
MadWifi vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_wireless_madwifi | ||
|
The ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system crash) via crafted beacon interval information when scanning for access points, which triggers a divide-by-zero error. |
MadWifi vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_wireless_madwifi | ||
|
Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ieee80211_ioctl_setwmmparams functions in net80211/ieee80211_wireless.c in MadWifi before 0.9.3.1 allows local users to cause a denial of service (system crash), possibly obtain kernel memory contents, and possibly execute arbitrary code via a large negative array index value. |
MadWifi vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_wireless_madwifi | ||
|
Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation. |
Emacs vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_editors_emacs_version | ||
|
Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow. |
OpenOffice vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_openofficewin | ||
|
Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events. |
Safari vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_safari | ||
|
PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus Managed Client before 4.7.700 allows user-assisted remote attackers to execute arbitrary code via a crafted CAB archive, resulting from an "integer cast around". |
Avast vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_avastmanagedclient misc_av_avastserver |
||
|
Heap-based buffer overflow in the SIS unpacker in avast! Anti-Virus Managed Client before 4.7.700 allows user-assisted remote attackers to execute arbitrary code via a crafted SIS archive, resulting from an "integer cast around." |
Avast vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_avastmanagedclient misc_av_avastserver |
||
|
Multiple stack-based buffer overflows in ESET NOD32 Antivirus before 2.70.37.0 allow remote attackers to execute arbitrary code during (1) delete/disinfect or (2) rename operations via a crafted directory name. |
NOD32 vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_nodmain | ||
|
Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote attackers to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory, related to missing sanitization of the $option variable and possibly cookie modification. |
CubeCart vulnerabilities |
web_prog_php_cubecartver | ||
|
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file. |
CA Antivirus engine vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_cacab | ||
|
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file. |
CA Antivirus engine vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_cacab | ||
|
Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter. |
phpPgAdmin vulnerabilities Note: Authentication is required to detect this vulnerability |
web_prog_php_pgadminver | ||
|
Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4, and possibly earlier versions, allows remote attackers to cause a denial of service (persistent temporary CPU consumption) via a large number of characters in a submitted form. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox | ||
|
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a site, which is executed in the context of that site. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other attacks. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as root in unusual configurations using vpopmail or virtual users, allows local users to cause a denial of service (corrupt arbitrary files) via a symlink attack on a file that is used by spamd. |
SpamAssassin vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_misc_spamassassin | ||
|
The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service by causing certain invalid states that trigger a NULL pointer dereference. |
Linux SCTP vulnerability |
misc_linuxsctpunk | ||
|
Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation. |
Sun ONE Web Proxy Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
web_proxy_sunone | ||
|
Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field. |
Microsoft VBA vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_vbadocpropmult | ||
|
SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter. |
Claroline vulnerabilities |
web_prog_php_dokeosver | ||
|
SQL injection vulnerability in category.php in cpCommerce 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id_category parameter. |
SQL injection |
web_prog_sql_cpcommerce | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the img parameter to main/inc/lib/fckeditor/editor/plugins/ImageManager/editor.php and other unspecified vectors. |
Claroline vulnerabilities |
web_prog_php_dokeosver | ||
|
SQL injection vulnerability in main/auth/my_progress.php in Dokeos 1.8.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the course parameter. |
Claroline vulnerabilities |
web_prog_php_dokeosver | ||
|
Multiple buffer overflows in acgm.dll in the Corel / Micrografx ActiveCGM Browser ActiveX control before 7.1.4.19 allow remote attackers to execute arbitrary code via unspecified vectors. |
ActiveCGM vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_activecgm | ||
|
The launch method in the LocalExec ActiveX control (LocalExec.ocx) in Novell exteNd Director 4.1 and Portal Services allows remote attackers to execute arbitrary commands. |
Novell exteNd vulnerabilities Note: Authentication is required to detect this vulnerability |
web_dev_extendax | ||
|
The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache. |
DNS vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
dns_bindver | ||
|
ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning. |
DNS vulnerabilities MacOSX vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
dns_bindver misc_macosx_version |
||
|
Format string vulnerability in the IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), allows remote attackers to execute arbitrary code via format string specifiers in unknown data. |
Lenovo vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_lenovoax | ||
|
The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), exposes unsafe methods to arbitrary web domains, which allows remote attackers to download arbitrary code onto a client system and execute this code. |
Lenovo vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_lenovoax | ||
|
The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926. |
DNS vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
dns_bindver | ||
|
Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions. |
MSN Messenger vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_msnmessengerver | ||
|
Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command. |
Vim vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_editors_vim_helptags | ||
|
Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2 through SP4 for Windows allow remote attackers to execute arbitrary code via certain long arguments to the (1) RpcAddPrinterDriver, (2) RpcGetPrinterDriverDirectory, and other unspecified RPC requests, aka Novell bug 300870, a different vulnerability than CVE-2006-5854. |
Novell Print Services vulnerabilities Note: Authentication is required to detect this vulnerability |
printer_novellclient2 | ||
|
Multiple unspecified "input validation error" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA. |
Symantec vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_symantec_navcomuiax | ||
|
SQL injection vulnerability in manufacturer.php in cpCommerce before 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id_manufacturer parameter. |
SQL injection |
web_prog_sql_cpcommerce | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources. |
Invision Power Board |
web_prog_php_ipbversion | ||
|
The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and earlier allows remote attackers to cause a denial of service (application crash) via NTFS reserved words in filenames in URLs. |
FSecure vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_fsecurepmsdos | ||
|
Buffer overflow in the LHA decompression component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335. |
FSecure vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_fsecurelzhac | ||
|
Cross-site scripting (XSS) vulnerability in register.php in cpCommerce 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter (Full Name field). |
SQL injection |
web_prog_sql_cpcommerce | ||
|
SQL injection vulnerability in getnewsitem.php in gCards 1.46 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter. |
gCards vulnerabilities |
web_prog_sql_gcardsgetnewsitem | ||
|
The file parsing engine in Avira Antivir Antivirus before 7.04.00.24 allows remote attackers to cause a denial of service (application crash) via a crafted UPX compressed file, which triggers a divide-by-zero error. |
Avira Antivir Antivirus vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_avira_engver | ||
|
Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed TAR archive. |
Avira Antivir Antivirus vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_avira_packver | ||
|
Buffer overflow in the file parsing engine in Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to execute arbitrary code via a crafted LZH archive file, resulting from an "integer cast around." |
Avira Antivir Antivirus vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_avira_packver | ||
|
PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398. |
AppWeb vulnerabilities |
web_server_appweb | ||
|
Format string vulnerability in the MprLogToFile::logEvent function in Mbedthis AppWeb 2.0.5-4, when the build supports logging but the configuration disables logging, allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in the HTTP scheme, as demonstrated by a "GET %n://localhost:80/" request. |
AppWeb vulnerabilities |
web_server_appweb | ||
|
The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens Computers ServerView before 4.50.09 allows remote attackers to execute arbitrary commands via shell metacharacters in the Servername subparameter of the ParameterList parameter. |
vulnerable web program |
web_prog_cgi_serverview | ||
|
Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export. |
Symantec vulnerabilities |
misc_av_symantec_repserv | ||
|
Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks. |
Symantec vulnerabilities |
misc_av_symantec_repserv | ||
|
unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors. |
ClamAV vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam | ||
|
libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files. |
ClamAV vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam | ||
|
Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular expressions. |
ClamAV vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam | ||
|
Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_v5 win_patch_ie_v6 win_patch_ie_v7 |
||
|
The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040. |
Active Directory vulnerability Note: Authentication is required to detect this vulnerability |
win_patch_activedirdos | ||
|
Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_excel2003 win_patch_excelxp win_patch_office2004macver |
||
|
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability". |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_excel2000 win_patch_excel2003 win_patch_excelcnv win_patch_excelview win_patch_excelxp win_patch_office2004macver |
||
|
Unspecified vulnerability in Windows Vista Contacts Gadget in Windows Vista allows user-assisted remote attackers to execute arbitrary code via crafted contact information that is not properly handled when it is imported. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_gadgetsrce | ||
|
Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlines Gadget (aka Sidebar RSS Feeds Gadget) in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are not properly removed and are rendered in the local zone. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_gadgetsrce | ||
|
Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_gdi07046 | ||
|
Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that is not properly handled during decompression, aka "Windows Media Player Code Execution Vulnerability Decompressing Skins." |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_wmpskinrce | ||
|
Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files." |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_wsunixsetuid | ||
|
Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player Code Execution Vulnerability Parsing Skins." |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_wmpskinrce | ||
|
The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability." |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_teredofwbypass | ||
|
Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_msmq2 | ||
|
Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_agentver | ||
|
Unspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption, aka "ActiveX Object Memory Corruption Vulnerability." |
Visual Studio vulnerabilities Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_pdwizardax win_patch_ie_v5 win_patch_ie_v6 win_patch_ie_v7 |
||
|
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.2 running on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
HP SMH vulnerabilities |
web_tool_hpsmh | ||
|
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on Windows allows remote attackers to read arbitrary files via ..%5C (dot dot encoded backslash) sequences in a resource:// URI. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox | ||
|
Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox | ||
|
Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to read files in the local Firefox installation directory via a resource:// URI. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox | ||
|
Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the "promiscuous IFRAME access bug," a related issue to CVE-2006-4568. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the "bait & switch vulnerability" or "Race Condition Cross-Domain Information Disclosure Vulnerability." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_v5 win_patch_ie_v6 win_patch_ie_v7 |
||
|
Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, allows attackers to "disable the authentication system" and bypass authentication via unknown vectors. |
Symantec vulnerabilities |
misc_av_symantec_repserv | ||
|
The SNMPc Server (crserv.exe) process in Castle Rock Computing SNMPc before 7.0.19 allows remote attackers to cause a denial of service (crash) via a crafted packet to port 165/TCP. |
SNMPc Network Manager vulnerability Note: Authentication is required to detect this vulnerability unless dangerous checks are enabled |
net_snmp_snmpc_msdos net_snmp_snmpc_msver |
||
|
The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file. |
X Font Server vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_xfsver | ||
|
The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys. |
OpenSSL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_openssl | ||
|
The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR. |
ClamAV vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam | ||
|
unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow. |
ClamAV vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam | ||
|
SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
Visual truncation vulnerability in Opera 9.21 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after 34 characters, as demonstrated by a phishing attack using HTTP Basic Authentication. |
Opera vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_opera9 | ||
|
Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication. |
Konqueror vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_konqueror | ||
|
Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information. |
Yahoo Messenger vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_yahoomsgrwebcamviewer | ||
|
Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method. |
Yahoo Messenger vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_yahoomsgrwebcamviewer | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained from third party information. |
Webmin vulnerabilities Note: Authentication is required to detect this vulnerability |
web_tool_webminpkg | ||
|
Buffer overflow in Qualcomm Eudora 7.1.0.9 allows user-assisted, remote IMAP servers to execute arbitrary code via a long FLAGS response to a SELECT INBOX command. |
Eudora vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_eudora | ||
|
Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01) request to port 3050/tcp, related to "an InterBase version of gds32.dll." |
Firebird vulnerabilities |
database_firebirdconnect | ||
|
Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi. |
Safari vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_safari | ||
|
Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI. |
Safari vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_safari | ||
|
Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a denial of service or execute arbitrary code, possibly involving memory corruption, and a different issue from CVE-2007-3185 and CVE-2007-3186. NOTE: as of 20070612, the original disclosure has no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. |
Safari vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_safari | ||
|
CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 allows remote attackers to obtain administrative access via requests to (1) register.pl or (2) profile.pl that write CRLF sequences to a .vars file. NOTE: this can be leveraged to execute arbitrary code. |
YaBB vulnerabilities |
web_prog_cgi_yabbver | ||
|
Multiple buffer overflows in the LGServer component of CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.1 allow remote attackers to execute arbitrary code via crafted arguments to the (1) rxsAddNewUser, (2) rxsSetUserInfo, (3) rxsRenameUser, (4) rxsSetMessageLogSettings, (5) rxsExportData, (6) rxsSetServerOptions, (7) rxsRenameFile, (8) rxsACIManageSend, (9) rxsExportUser, (10) rxsImportUser, (11) rxsMoveUserData, (12) rxsUseLicenseIni, (13) rxsLicGetSiteId, (14) rxsGetLogFileNames, (15) rxsGetBackupLog, (16) rxsBackupComplete, (17) rxsSetDataProtectionSecurityData, (18) rxsSetDefaultConfigName, (19) rxsGetMessageLogSettings, (20) rxsHWDiskGetTotal, (21) rxsHWDiskGetFree, (22) rxsGetSubDirs, (23) rxsGetServerDBPathName, (24) rxsSetServerOptions, (25) rxsDeleteFile, (26) rxsACIManageSend, (27) rxcReadBackupSetList, (28) rxcWriteConfigInfo, (29) rxcSetAssetManagement, (30) rxcWriteFileListForRestore, (31) rxcReadSaveSetProfile, (32) rxcInitSaveSetProfile, (33) rxcAddSaveSetNextAppList, (34) rxcAddSaveSetNextFilesPathList, (35) rxcAddNextBackupSetIncWildCard, (36) rxcGetRevisions, (37) rxrAddMovedUser, (38) rxrSetClientVersion, or (39) rxsSetDataGrowthScheduleAndFilter commands. |
ARCserve vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_arcservecategory_lgserverauthuo | ||
|
Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Board) 2.2.0 through 2.2.2 allows remote attackers to modify another user's profile data, such as an AIM screen name or Yahoo! identity. |
Invision Power Board |
web_prog_php_ipbversion | ||
|
Cross-site scripting (XSS) vulnerability in dotProject before 2.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-2851 and CVE-2006-3240. |
dotProject vulnerabilities |
web_prog_php_dotprojectver | ||
|
Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values. |
Ruby on Rails vulnerabilities Note: Authentication is required to detect this vulnerability |
web_dev_rubyonrails | ||
|
The IBM TotalStorage DS400 with firmware 4.15 uses a blank password for the (1) root, (2) user, (3) manager, (4) administrator, and (5) operator accounts, which allows remote attackers to gain login access via certain Linux daemons, including a telnet daemon on a nonstandard port, tcp/6000. |
guessed account password |
pass_none | ||
|
Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. NOTE: this can be leveraged for PHP code execution in an administrative session. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
Cross-site scripting (XSS) vulnerability in 404.php in the Vistered-Little theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI) that accesses index.php. NOTE: this can be leveraged for PHP code execution in an administrative session. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
Cross-site scripting (XSS) vulnerability in blogroll.php in the cordobo-green-park theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
HP System Management Homepage (SMH) before 2.1.9 for Linux, when used with Novell eDirectory, assigns the eDirectory members to the root group, which allows remote authenticated eDirectory users to gain privileges. |
HP SMH vulnerabilities |
web_tool_hpsmh | ||
|
The TFTP implementation in IBM Tivoli Provisioning Manager for OS Deployment 5.1 before Fix Pack 3 allows remote attackers to cause a denial of service (rembo.exe crash and multiple service outage) via a read (RRQ) request with an invalid blksize (blocksize), which triggers a divide-by-zero error. |
Tivoli Provisioning Manager vulnerabilities |
misc_tivolipm | ||
|
Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause a denial of service (application crash) via JavaScript that sets the document.location variable, as demonstrated by an empty value of document.location. |
Safari vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_safari | ||
|
PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1. |
PostgreSQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_pgsql | ||
|
Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX object allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the DeleteRecordSourceIfUnused method. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_office2003 | ||
|
corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows remote attackers to cause a denial of service (crash) via certain forms that trigger errors related to History, possibly involving multiple form fields with the same name. |
Safari vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_safari | ||
|
Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox | ||
|
Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unspecified vector to the tidy_repair_string function. NOTE: this might only be an issue in environments where vsnprintf is implemented as a wrapper for vsprintf. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Directory traversal vulnerability in Yet another Bulletin Board (YaBB) 2.1 and earlier allows remote authenticated users to execute arbitrary Perl code via a .. (dot dot) in the userlanguage profile setting, which sets the userlanguage key of the member hash, and is propagated to the language variable in (1) HelpCentre.pl and (2) ICQPager.pl, (3) the use_lang variable in Subs.pl, and the actlang variable in (4) Post.pl and (5) InstantMessage.pl; as demonstrated by pointing userlanguage to the English folder, modifying English/HelpCentre.lng file to contain Perl statements, and then invoking the help action in YaBB.pl. |
YaBB vulnerabilities |
web_prog_cgi_yabbver | ||
|
The CallCode ActiveX control in caller.dll 3.0 before 20070713, and 3.0 SP1 before 3.0.5.81, in CA (formerly Computer Associates) eTrust Intrusion Detection allows remote attackers to load arbitrary DLLs on a client system, and execute code from these DLLs, via unspecified "scriptable functions." |
CA eTrust Intrusion Detection vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_caetrustcaller | ||
|
Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments. |
Apache vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_apache_version | ||
|
Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer." |
Apache vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_apache_version | ||
|
Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1.6.0 allows remote attackers to execute arbitrary code via a message sent through the MSN protocol, or possibly other protocols, with a crafted UTF-8 string, which triggers improper memory allocation for word wrapping when a window width is used as a buffer size, a different vulnerability than CVE-2007-2478. |
Trillian vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_trillian | ||
|
Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicast packets. |
VLC vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vlc | ||
|
Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors. |
Ingres vulnerabilities Note: Authentication is required to detect this vulnerability |
database_ingres_commservbo | ||
|
Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input. |
Ingres vulnerabilities Note: Authentication is required to detect this vulnerability |
database_ingres_commservbo | ||
|
wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file. |
Ingres vulnerabilities Note: Authentication is required to detect this vulnerability |
database_ingres_commservbo | ||
|
Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions. |
Ingres vulnerabilities Note: Authentication is required to detect this vulnerability |
database_ingres_commservbo | ||
|
AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application hang) via a flood of spoofed SIP INVITE requests. |
AOL Instant Messenger Note: Authentication is required to detect this vulnerability |
misc_aol_imver | ||
|
Cross-site scripting (XSS) vulnerability in the cgi-bin/post.mscgi sample page in MyServer 0.8.9 allows remote attackers to inject arbitrary web script or HTML via the body content. |
MyServer vulnerabilities |
web_server_myserver | ||
|
MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions, which allows remote attackers to obtain sensitive information (script source code) via a modified extension, as demonstrated by post.mscgI. |
MyServer vulnerabilities |
web_server_myserver | ||
|
Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long value in the title HTML tag, which triggers the overflow when the user adds the page as a bookmark. |
Safari vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_safari | ||
|
The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess. |
MacOSX vulnerabilities PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version web_prog_php_version |
||
|
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks. |
MacOSX vulnerabilities Apache Tomcat vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version web_dev_tomcatver |
||
|
Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages. |
MacOSX vulnerabilities Apache Tomcat vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version web_dev_tomcatver |
||
|
Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages. |
Apache Tomcat vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_dev_tomcatver | ||
|
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. |
MacOSX vulnerabilities Apache Tomcat vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version web_dev_tomcatver |
||
|
Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action. |
Apache Tomcat vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_dev_tomcatver | ||
|
Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_wireshark | ||
|
Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on certain systems, allows remote attackers to cause a denial of service (crash) via crafted iSeries capture files that trigger a SIGTRAP. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_ethereal net_wireshark |
||
|
Wireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_wireshark | ||
|
Wireshark before 0.99.6 allows remote attackers to cause a denial of service via malformed (1) SSL or (2) MMS packets that trigger an infinite loop. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_wireshark | ||
|
Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_wireshark | ||
|
The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as distributed in NCTAudioEditor and NCTAudioStudio 2.7, allows remote attackers to overwrite arbitrary files via the CreateFile method. |
NCTsoft vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_nctwmafile2 | ||
|
Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value. |
RealPlayer vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_reallinux misc_realplayer misc_realplayercategory_macver misc_realplayercategory_rmffheap |
||
|
AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application crash) via a malformed header value in a SIP INVITE message, a different vulnerability than CVE-2007-3350. |
AOL Instant Messenger Note: Authentication is required to detect this vulnerability |
misc_aol_imver | ||
|
Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to execute arbitrary code via long crafted requests, as demonstrated using a long session cookie to unspecified CGI programs that use this library. |
Trend Micro OfficeScan Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_av_trendmicro_mcbo | ||
|
cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to "stored decrypted user logon information." |
Trend Micro OfficeScan Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_av_trendmicro_mcbo | ||
|
Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative. |
Flash vulnerabilities MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_flash misc_macosx_version |
||
|
Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file. |
Flash vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_flash | ||
|
Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate. |
VLC vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vlc | ||
|
input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that causes an uninitialized i_nb_resamplers variable to be used. |
VLC vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vlc | ||
|
Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. |
Safari vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_safari | ||
|
Absolute path traversal in a certain ActiveX control in hpqxml.dll 2.0.0.133 in Hewlett-Packard (HP) Photo Digital Imaging allows remote attackers to create or overwrite arbitrary files via the argument to the saveXMLAsFile method. |
HP Photo Digital Imaging vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_hpphotodiax | ||
|
Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_excel2000 win_patch_excel2003 win_patch_excelxp |
||
|
A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method, a different product than CVE-2007-3400. |
NCTsoft vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_nctwavchunks2 | ||
|
The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
Java Plugin vulnerability Note: Authentication is required to detect this vulnerability |
web_client_jre | ||
|
Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file. |
Java Web Start Note: Authentication is required to detect this vulnerability |
misc_javawebstart | ||
|
Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers 10.0, 10d, and 11d allows remote attackers to cause a denial of service (process exit) and possibly execute arbitrary code via crafted ncacn_ip_tcp requests. |
Veritas Backup Exec Note: Authentication is required to detect this vulnerability |
misc_backupexecver | ||
|
Buffer overflow in the IMAP service in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.3, allows remote authenticated users to execute arbitrary code via a long mailbox name. |
Lotus Domino IMAP vulnerabilities |
mail_imap_domino | ||
|
The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, a different vector than CVE-2007-3482. |
Safari vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_safari | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) index.php, (2) demo/claroline170/index.php, and possibly other scripts. |
Claroline vulnerabilities |
web_prog_php_clarolinever | ||
|
Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus Vulnerability Scanner before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
Nessus vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_nessusgui | ||
|
Cross-site scripting (XSS) vulnerability in Rapid Install Web Server in Oracle Application Server 11i allows remote attackers to inject arbitrary web script or HTML via a URL to the "Secondary Login Page", as demonstrated using (1) pls/ and (2) pls/MSBEP004/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
Oracle Rapid Install |
database_oracle_rapidxss | ||
|
Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FUSION_QUERY constant. |
PHP Fusion vulnerabilities |
web_prog_php_fusionver | ||
|
Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 before SP2 allows remote attackers to execute arbitrary code via a long size value in a create request to port 3050/tcp. |
Interbase detected Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
database_interbasebo | ||
|
Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX control in FrontEnd\SapGui\kwedit.dll in the EnjoySAP SAP GUI allows remote attackers to execute arbitrary code via a long argument to the PrepareToPostHTML function. |
SAP EnjoySAP vulnerabilities Note: Authentication is required to detect this vulnerability |
web_tool_enjoysap | ||
|
Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX control in the EnjoySAP SAP GUI, on systems using ASCII versions, allows remote attackers to execute arbitrary code via a long first argument to the LaunchGui function. |
SAP EnjoySAP vulnerabilities Note: Authentication is required to detect this vulnerability |
web_tool_enjoysap | ||
|
Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to cause a denial of service (process crash) via unspecified vectors. |
SAP EnjoySAP vulnerabilities Note: Authentication is required to detect this vulnerability |
web_tool_enjoysap | ||
|
Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to create certain files via unspecified vectors. |
SAP EnjoySAP vulnerabilities Note: Authentication is required to detect this vulnerability |
web_tool_enjoysap | ||
|
Cross-site scripting (XSS) vulnerability in ADM:GETLOGFILE in SAP Internet Graphics Service (IGS) allows remote attackers to inject arbitrary web script or HTML via the PARAMS parameter. |
SAP IGS vulnerabilities |
web_tool_sap_igsxss | ||
|
Stack-based buffer overflow in the NetWorker Remote Exec Service (nsrexecd.exe) in EMC Software NetWorker 7.x.x allows remote attackers to execute arbitrary code via a (1) poll or (2) kill request with a "long invalid subcmd." |
Legato NetWorker vulnerabilities Note: Authentication is required to detect this vulnerability unless dangerous checks are enabled |
rpc_legatocategory_remoteexecbo rpc_legatocategory_version |
||
|
Unspecified vulnerability in DomainPOP in Alt-N Technologies MDaemon before 9.61 allows remote attackers to cause a denial of service (crash) via malformed messages. |
MDaemon vulnerabilities |
mail_pop_mdaemonver | ||
|
The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname. |
Citrix Neighborhood Agent Note: Authentication is required to detect this vulnerability |
misc_citrixwficaver | ||
|
Absolute path traversal vulnerability in the Chilkat Software Chilkat Zip ActiveX control in ChilkatZip2.dll 12.4.2.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveLastError method and probably the (2) WriteExe method. |
IBM Rational AppScan vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_ibmappscanver | ||
|
WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via (1) the _wp_http_referer parameter to wp-pass.php, related to the wp_get_referer function in wp-includes/functions.php; and possibly other vectors related to (2) wp-includes/pluggable.php and (3) the wp_nonce_ays function in wp-includes/functions.php. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
Absolute path traversal vulnerability in a certain ActiveX control in hpqvwocx.dll 2.1.0.556 in Hewlett-Packard (HP) Digital Imaging allows remote attackers to create or overwrite arbitrary files via the second argument to the SaveToFile method. |
HP Photo Digital Imaging vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_hpphotodiax2 | ||
|
Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file. |
Java Web Start Java Plugin vulnerability Note: Authentication is required to detect this vulnerability |
misc_javawebstart web_client_jre |
||
|
Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data." |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_ffie web_client_firefox |
||
|
Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ActiveX control (kavwebscan.dll) in Kaspersky Online Scanner before 5.0.98 allow remote attackers to execute arbitrary code via format string specifiers in "various string formatting functions," which trigger heap-based buffer overflows. |
Kaspersky AntiVirus vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_kaspersky_ovsax | ||
|
IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. NOTE: this might be the same issue as CVE-2008-0698. |
DB2 vulnerabilities |
database_db2ver | ||
|
The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests. |
Java Plugin vulnerability Note: Authentication is required to detect this vulnerability |
web_client_jre web_dev_jdk |
||
|
The Java XML Digital Signature implementation in Sun JDK and JRE 6 before Update 2 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715. |
Java Plugin vulnerability Note: Authentication is required to detect this vulnerability |
web_client_jre | ||
|
Multiple unspecified vulnerabilities in the SVG parsing engine in Apple Safari 3 Beta for Windows have unspecified remote attack vectors and impact. NOTE: this issue contains no actionable information, but it was released by a reliable researcher. |
Safari vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_safari | ||
|
The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference. |
ClamAV vulnerabilities MacOSX vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam misc_av_clamwinupx misc_macosx_version |
||
|
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that activate after the context has changed. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document." |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 allow remote attackers to execute arbitrary code via a crafted XPCNativeWrapper. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing "look-alike characters" (homographs) and possibly perform phishing attacks. |
MacOSX vulnerabilities Safari vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version web_client_safari |
||
|
Stack-based buffer overflow in bookmark handling in Apple Safari 3 Beta before Update 3.0.3 on Windows allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a bookmark with a long title. |
Safari vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_safari | ||
|
Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 contains an unsafe interface that is exposed by JDirect, which allows remote attackers to free arbitrary memory and thereby execute arbitrary code. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not properly check the bounds of heap read and write operations, which allows remote attackers to execute arbitrary code via a crafted applet. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not restrict object instantiation and manipulation to valid heap addresses, which allows remote attackers to execute arbitrary code via a crafted applet. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in iChat on Apple Mac OS X 10.3.9 and 10.4.10 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary code by creating the port before launching the setuid program, then writing to the address space of the setuid process. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via crafted Sample Table Sample Descriptor (STSD) atoms in a movie file. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file. |
iTunes vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_itunes | ||
|
Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to obtain sensitive information via a crafted web page that identifies the URL of the parent window, even when the parent window is in a different domain. |
MacOSX vulnerabilities Safari vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version web_client_safari |
||
|
Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks. |
MacOSX vulnerabilities Safari vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version web_client_safari |
||
|
Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags. |
MacOSX vulnerabilities Safari vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version web_client_safari |
||
|
Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame. |
Asterisk vulnerabilities Note: Authentication is required to detect this vulnerability |
net_asterisk | ||
|
The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable. |
Asterisk vulnerabilities Note: Authentication is required to detect this vulnerability |
net_asterisk | ||
|
The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an "overly large memcpy." |
Asterisk vulnerabilities Note: Authentication is required to detect this vulnerability |
net_asterisk | ||
|
MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol. |
MySQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version | ||
|
MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure. |
MySQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version | ||
|
MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table. |
MySQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version | ||
|
Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value. |
MacOSX vulnerabilities tcpdump vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version misc_tcpdump |
||
|
The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207. |
MacOSX vulnerabilities PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version web_prog_php_version |
||
|
The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
SQL injection vulnerability in includes/search.php in paFileDB 3.6 allows remote attackers to execute arbitrary SQL commands via the categories[] parameter in a search action to index.php, a different vector than CVE-2005-2000. |
SQL injection |
web_prog_sql_pafiledb2 | ||
|
Opera 9.21 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. |
Opera vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_opera9 | ||
|
konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. |
Konqueror vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_konqueror | ||
|
The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows remote attackers to cause a denial of service (daemon crash) by sending a crafted packet containing a long string to port 5151/udp. |
WS FTP vulnerabilities Note: Authentication is required to detect this vulnerability unless dangerous checks are enabled |
ftp_wsftplogdos ftp_wsftplogver |
||
|
Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor Enterprise Backup, allow remote attackers to execute arbitrary code by sending certain data to unspecified RPC procedures. |
CA Alert vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_caalert | ||
|
Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_docopen win_patch_ie_v5 win_patch_ie_v6 win_patch_ie_v7 |
||
|
Multiple stack-based buffer overflows in (a) InterActual Player 2.60.12.0717 and (b) Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via a (1) long FailURL attribute in the IAMCE ActiveX Control (IAMCE.dll) or a (2) long URLCode attribute in the IAKey ActiveX Control (IAKey.dll). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
InterActual Player vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_interactualplayer | ||
|
Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in AIM.DLL in Cerulean Studios Trillian allows remote attackers to execute arbitrary code via a malformed aim: URI, as demonstrated by a long URI beginning with the aim:///#1111111/ substring. |
Trillian vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_trillian | ||
|
The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios Trillian allows remote attackers to create files with arbitrary contents via certain aim: URIs, as demonstrated by a URI that begins with the "aim: &c:\" substring and contains a full pathname in the ini field. NOTE: this can be leveraged for code execution by writing to a Startup folder. |
Trillian vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_trillian | ||
|
Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler." |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read. |
MacOSX vulnerabilities Apache module vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version web_mod_proxyver |
||
|
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to have unknown impact via (1) DBMS_JAVA_TEST in the JavaVM component (DB01), (2) Oracle Text component (DB09), and (3) MDSYS.SDO_GEOR_INT in the Spatial component (DB15). NOTE: a reliable researcher claims that DB01 is SQL injection in DBMS_PRVTAQIS. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is for a buffer overflow. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to have an unknown impact via (1) SYS.DBMS_DRS in the DataGuard component (DB03), (2) SYS.DBMS_STANDARD in the PL/SQL component (DB10), (3) MDSYS.RTREE_IDX in the Spatial component (DB16), and (4) SQL Compiler (DB17). NOTE: a reliable researcher claims that DB17 is for using Views to perform unauthorized insert, update, or delete actions. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in the Oracle Data Mining component for Oracle Database 10g Release 2 10.2.0.2 and 10.2.0.3, 10g 10.1.0.5, and Oracle9i Database Release 2 9.2.0.7, 9.2.0.8, and 9.2.0.8DV has unknown impact and remote authenticated attack vectors related to DMSYS.DMP_SYS, aka DB04. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 allow remote authenticated users to have an unknown impact via (a) the Oracle Text component, including (1) unspecified vectors (DB05), (2) CTXSYS.DRVXMD (DB06), (3) CTXSYS.DRI_MOVE_CTXSYS (DB07), (4) CTXSYS.DRVXMD (DB08), and (b) JavaVM (DB14). |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 allow remote authenticated users to have an unknown impact via (1) EXFSYS.DBMS_RLMGR_UTL in Rules Manager (DB11) and (2) Program Interface (DB13). |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in the Oracle Internet Directory component for Oracle Database 9.2.0.8 and 9.2.0.8DV; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 10.1.2 has unknown impact and remote attack vectors, aka OID01. |
Oracle vulnerabilities Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias database_oracle_version |
||
|
Unspecified vulnerability in Oracle Jdeveloper in Oracle Application Server 10.1.2.2 and Collaboration Suite 10.1.2 allows context-dependent attackers to have an unknown impact via custom applications that use JBO.KEY, aka JDEV01. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in Oracle Application Server 9.0.4.3 and 10.1.2.0.2 allows remote attackers to have an unknown impact via Oracle Single Sign On, aka AS01. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in Oracle JDeveloper for Application Server 10.1.2.2 and 10.1.3.1, and Collaboration Suite 10.1.2, allows context-dependent attackers to have an unknown impact via custom applications that use JBO.SERVER, aka JDEV02. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Multiple stack-based buffer overflows in the Shared Trace Service (OVTrace) service for HP OpenView Operations A.07.50 for Windows, and possibly earlier versions, allow remote attackers to execute arbitrary code via certain crafted requests. |
HP Openview vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
net_openview_ovtracesbo | ||
|
Directory traversal vulnerability in the tftp/mftp daemon in the PXE server component (pxemtftp.exe) in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows remote attackers to read arbitrary files via unspecified vectors. |
Altiris vulnerabilities |
misc_av_symantec_altirisver | ||
|
arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file. |
CA Antivirus engine vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_cachmrar | ||
|
Stack-based buffer overflow in SMB in Apple Mac OS X 10.4.11 allows local users to execute arbitrary code via (1) a long workgroup (-W) option to mount_smbfs or (2) an unspecified manipulation of the command line to smbutil. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption. |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_excel2000 win_patch_excel2003 win_patch_excelview win_patch_excelxp win_patch_office2004macver |
||
|
Unspecified vulnerability in Windows Vista Weather Gadgets in Windows Vista allows remote attackers to execute arbitrary code via crafted HTML attributes. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_gadgetsrce | ||
|
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to spoof the URL address bar and other "trust UI" components via unspecified vectors, a different issue than CVE-2007-1091 and CVE-2007-3826. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_v5 win_patch_ie_v6 win_patch_ie_v7 |
||
|
Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via unspecified vectors involving memory corruption from an unhandled error. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_v5 win_patch_ie_v6 win_patch_ie_v7 |
||
|
Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted (1) WAV or (2) AVI file. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_directxrce | ||
|
The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers. |
Internet Explorer vulnerabilities Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_ie_v7 win_patch_shell32 |
||
|
Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption. |
Outlook and Outlook Express Windows Mail vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_oe mail_client_windowsmail |
||
|
The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors. |
Windows DNS vulnerabilities Note: Authentication is required to detect this vulnerability |
dns_entropyspoof | ||
|
Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability." |
Microsoft Office vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_office2004macver win_patch_word2000 win_patch_wordxp |
||
|
Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_directxrce | ||
|
Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_v5 win_patch_ie_v6 win_patch_ie_v7 |
||
|
Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_v6 win_patch_ie_v7 |
||
|
Unspecified vulnerability in Kaspersky Anti-Virus for Check Point FireWall-1 before Critical Fix 1 (5.5.161.0) might allow attackers to cause a denial of service (kernel hang) via unspecified vectors. NOTE: it is not clear whether there is an attacker role. |
Kaspersky AntiVirus vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_kaspersky_avcpf | ||
|
Multiple heap-based buffer overflows in (1) clsscheduler.exe (aka scheduler client) and (2) srvscheduler.exe (aka scheduler server) in BakBone NetVault Reporter 3.5 before Update4 allow remote attackers to execute arbitrary code via long filename arguments in HTTP requests. |
NetVault vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_netvaultrepsched | ||
|
Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to certain localhost services running on the machine that loaded the applet. |
Java Plugin vulnerability Note: Authentication is required to detect this vulnerability |
web_client_jre web_dev_jdk |
||
|
Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command. |
IMail vulnerabilities |
mail_smtp_imail | ||
|
Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving an "overwritten destructor." |
IMail vulnerabilities |
mail_smtp_imail | ||
|
Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to "subscribe." |
IMail vulnerabilities |
mail_smtp_imail | ||
|
Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address in an address book entry. NOTE: this might overlap CVE-2007-3638. |
Yahoo Messenger vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_yahoomsgrver | ||
|
Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted remote attackers to execute arbitrary code via a crafted header in a torrent file, which leaves a dangling pointer to an invalid object. |
Opera vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_opera9 | ||
|
Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier. |
MacOSX vulnerabilities Safari vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version web_client_safari |
||
|
mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded strings, and (4) trailing whitespace in the Auth-Digest header. |
Lighttpd vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_lighttpd_version | ||
|
request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service (daemon crash) by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault. |
Lighttpd vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_lighttpd_version | ||
|
connections.c in lighttpd before 1.4.16 might accept more connections than the configured maximum, which allows remote attackers to cause a denial of service (failed assertion) via a large number of connection attempts. |
Lighttpd vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_lighttpd_version | ||
|
mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings. |
Lighttpd vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_lighttpd_version | ||
|
lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the (1) mod_scgi, (2) mod_fastcgi, and (3) mod_webdav modules. |
Lighttpd vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_lighttpd_version | ||
|
Multiple unspecified vulnerabilities in IBM WebSphere Application Server (WAS) before Fix Pack 21 (6.0.2.21) have unknown impact and attack vectors, aka (1) PK33799, or (2) a "Potential security exposure" in the Samples component (PK40213). |
WebSphere vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_dev_webspherever | ||
|
Buffer overflow in Panda Antivirus before 20070720 allows remote attackers to execute arbitrary code via a crafted EXE file, resulting from an "Integer Cast Around." |
Panda Antivirus vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_pandasig | ||
|
Race condition in ESET NOD32 Antivirus before 2.2289 allows remote attackers to execute arbitrary code via a crafted CAB file, which triggers heap corruption. |
NOD32 vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_nod | ||
|
Integer overflow in ESET NOD32 Antivirus before 2.2289 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted ASPACK packed file, which triggers an infinite loop. |
NOD32 vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_nod | ||
|
ESET NOD32 Antivirus before 2.2289 allows remote attackers to cause a denial of service via a crafted (1) ASPACK or (2) FSG packed file, which triggers a divide-by-zero error. |
NOD32 vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_nod | ||
|
Unspecified vulnerability in the attachment filter in Kerio MailServer before 6.4.1 has unknown impact and remote attack vectors. |
Kerio MailServer vulnerabilities |
mail_smtp_kerio | ||
|
Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message. |
Kerberos detected MacOSX vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_kadmindrpcsecgss misc_kerberospkg misc_macosx_version |
||
|
The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer. |
Kerberos detected Note: Authentication is required to detect this vulnerability |
misc_kerberospkg | ||
|
PHP remote file inclusion vulnerability in admin/business_inc/saveserver.php in SWSoft Confixx Pro 2.0.12 through 3.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the thisdir parameter. |
PHP injection |
web_prog_php_saveserver | ||
|
The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete arbitrary files via a .. (dot dot) in the argument to the deleteReport method, probably related to the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll. |
Nessus vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_nessusax | ||
|
Stack-based buffer overflow in the YDPCTL.YDPControl.1 (aka Yahoo! Installer Plugin for Widgets) ActiveX control before 2007.7.13.3 (20070620) in YDPCTL.dll in Yahoo! Widgets before 4.0.5 allows remote attackers to execute arbitrary code via a long argument to the GetComponentVersion method. NOTE: some of these details are obtained from third party information. |
Yahoo Widget vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_yahoowidgetax | ||
|
Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox | ||
|
file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files. |
vulnerable web program |
web_prog_cgi_secreporter | ||
|
The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL negotiation. |
CUPS vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
printer_cupsversion | ||
|
Absolute path traversal vulnerability in a certain ActiveX control in vielib.dll 2.2.5.42958 in EMC VMware 6.0.0 allows remote attackers to execute arbitrary local programs via a full pathname in the first argument to the StartProcess method. |
VMware vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vmwarevielib | ||
|
Absolute path traversal vulnerability in a certain ActiveX control in IntraProcessLogging.dll 5.5.3.42958 in EMC VMware allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SetLogFileName method. |
VMware vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vmware_acever misc_vmware_serverver misc_vmwareplayerver misc_vmwarewkstnver |
||
|
Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument to the saveNessusRC method, which writes text specified by the addsetConfig method, possibly related to the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll. NOTE: this can be leveraged for code execution by writing to a Startup folder. |
Nessus vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_nessusax | ||
|
The SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete arbitrary files via unspecified vectors involving the deleteNessusRC method, probably a directory traversal vulnerability. |
Nessus vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_nessusax | ||
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to (1) delete comments, (2) delete content revisions, and (3) disable menu items as privileged users, related to improper use of HTTP GET and the Forms API. |
Drupal vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.2, and 4.7.x before 4.7.7, (1) allow remote attackers to inject arbitrary web script or HTML via "some server variables," including PHP_SELF; and (2) allow remote authenticated administrators to inject arbitrary web script or HTML via custom content type names. |
Drupal vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal | ||
|
Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function. |
rsyncd vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_rsyncdver | ||
|
Directory traversal vulnerability in index.php in iFoto 1.0.1 and earlier allows remote attackers to list arbitrary directories, and possibly download arbitrary photos, via a .. (dot dot) in the dir parameter. |
vulnerable web program |
web_prog_php_ifoto | ||
|
SQL injection vulnerability in editpost.php in phpMyForum before 4.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information. |
phpMyForum vulnerabilities |
web_prog_php_myforum | ||
|
Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive. |
GNU tar vulnerabilities MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_compress_tar misc_macosx_version |
||
|
The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attribute is not defined. |
MacOSX vulnerabilities Samba vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version win_samba |
||
|
Cross-site scripting (XSS) vulnerability in the Temporary Uploads editing functionality (wp-admin/includes/upload.php) in WordPress 2.2.1, allows remote attackers to inject arbitrary web script or HTML via the style parameter to wp-admin/upload.php. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the Options Database Table in the Admin Panel, accessed through options.php; or (2) the opml_url parameter to link-import.php. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
SQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the page_options parameter to (1) options-general.php, (2) options-writing.php, (3) options-reading.php, (4) options-discussion.php, (5) options-privacy.php, (6) options-permalink.php, (7) options-misc.php, and possibly other unspecified components. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
Absolute path traversal vulnerability in a certain ActiveX control in vielib.dll in EMC VMware 6.0.0 allows remote attackers to execute arbitrary local programs via a full pathname in the first two arguments to the (1) CreateProcess or (2) CreateProcessEx method. |
VMware vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vmware_acever misc_vmware_serverver misc_vmwareplayerver misc_vmwarevielib misc_vmwarewkstnver |
||
|
Memory leak in TIBCO Rendezvous (RV) daemon (rvd) 7.5.2, 7.5.3 and 7.5.4 allows remote attackers to cause a denial of service (memory consumption) via a packet with a length field of zero, a different vulnerability than CVE-2006-2830. |
Rendezvous vulnerabilities |
web_tool_rendezvous | ||
|
index.html in the HTTP administration interface in certain daemons in TIBCO Rendezvous (RV) 7.5.2 allows remote attackers to obtain sensitive information, such as a user name and IP addresses, via a direct request. |
Rendezvous vulnerabilities |
web_tool_rendezvous | ||
|
The default configuration of TIBCO Rendezvous (RV) 7.5.2 clients, when -no-multicast is omitted, uses a multicast group as the destination for a network message, which might make it easier for remote attackers to capture message contents by sniffing the network. |
Rendezvous vulnerabilities |
web_tool_rendezvous | ||
|
rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted, might allow remote attackers to cause a denial of service (network instability) via a subject name with a leading (1) '*' (asterisk) or (2) '>' (greater than) wildcard character. |
Rendezvous vulnerabilities |
web_tool_rendezvous | ||
|
TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or integrity of inter-daemon communication, which allows remote attackers to capture and spoof traffic. |
Rendezvous vulnerabilities |
web_tool_rendezvous | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in Open Webmail (OWM) 2.52 20060831 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchtype, (2) longpage, and (3) page parameters to (a) openwebmail-main.pl; the (4) prefs_caller, (5) userfirsttime, (6) page, (7) sort, (8) folder, and (9) message_id parameters to (b) openwebmail-prefs.pl; the (10) compose_caller, (11) msgdatetype, (12) keyword, (13) searchtype, (14) folder, (15) page, and (16) sort parameters to (c) openwebmail-send.pl; the (17) folder, (18) page, and (19) sort parameters to (d) openwebmail-folder.pl; the (20) searchtype, (21) page, (22) filesort, (23) singlepage, (24) showhidden, (25) showthumbnail, and (26) message_id parameters to (e) openwebmail-webdisk.pl; the (27) folder parameter to (f) openwebmail-advsearch.pl; and the (28) abookcollapse, (29) abooksearchtype, (30) abooksort, (31) abooklongpage, (32) abookpage, (33) message_id, (34) searchtype, (35) msgdatetype, (36) sort, (37) page, (38) rootxowmuid, and (39) listviewmode parameters to (g) openwebmail-abook.pl, different vectors than CVE-2005-2863, CVE-2006-2190, CVE-2006-3229, and CVE-2006-3233. |
Cross site scripting |
web_prog_cgi_openwebmailxss | ||
|
vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before 7.0.362 allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in a METHOD_NEITHER (1) IOCTL 0x8400000F or (2) IOCTL 0x84000013 request, which can be used to overwrite arbitrary memory locations. |
ZoneAlarm vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_firewall_za_vsdatant | ||
|
Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allow remote attackers to execute arbitrary code via certain RPC requests to certain TCP ports that are processed by the (1) RPCFN_ENG_NewManualScan, (2) RPCFN_ENG_TimedNewManualScan, and (3) RPCFN_SetComputerName functions in (a) StRpcSrv.dll; the (4) RPCFN_CMON_SetSvcImpersonateUser and (5) RPCFN_OldCMON_SetSvcImpersonateUser functions in (b) Stcommon.dll; the (6) RPCFN_ENG_TakeActionOnAFile and (7) RPCFN_ENG_AddTaskExportLogItem functions in (c) Eng50.dll; the (8) NTF_SetPagerNotifyConfig function in (d) Notification.dll; or the (9) RPCFN_CopyAUSrc function in the (e) ServerProtect Agent service. |
Trend Micro vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_av_trendmicro_sprotectnotification | ||
|
Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as used by the ServerProtect service (SpntSvc.exe), in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a certain integer field in a request packet to TCP port 5168, which triggers a heap-based buffer overflow. |
Trend Micro vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_av_trendmicro_sprotectnotification | ||
|
Directory traversal vulnerability in Motorola Timbuktu Pro before 8.6.5 for Windows allows remote attackers to create or delete arbitrary files via a .. (dot dot) in a Send request, probably related to the (1) Send and (2) Exchange services. |
Timbuktu vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_timbuktulogin | ||
|
Multiple buffer overflows in Motorola Timbuktu Pro before 8.6.5 for Windows allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via (1) a long user name and (2) certain malformed requests; and (3) allow remote Timbuktu servers to have an unknown impact via a malformed HELLO response, related to the Scanner component and possibly related to a malformed computer name. |
Timbuktu vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_timbuktulogin | ||
|
Buffer overflow in the TagAttributeListCopy function in nnotes.dll in IBM Lotus Notes before 7.0.3 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML email, related to duplicate RTF conversion when the recipient operates on this email. |
Lotus Notes email client vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_notesmw mail_client_noteswpd |
||
|
KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property. |
Konqueror vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_konqueror | ||
|
Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion. |
Konqueror vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_konqueror | ||
|
Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows remote attackers to cause a denial of service (failed assertion and application crash) via certain malformed HTML, as demonstrated by a document containing TEXTAREA, BUTTON, BR, BDO, PRE, FRAMESET, and A tags. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
Konqueror vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_konqueror | ||
|
Buffer overflow in ldcconn in Hewlett-Packard (HP) Controller for Cisco Local Director on HP-UX 11.11i allows remote attackers to execute arbitrary code via a long string to TCP port 17781. |
HP Controller for Cisco Local Director |
net_ldcconn | ||
|
Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's filesystem via unknown vectors. |
Cisco vulnerabilities Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ssh | ||
|
Stack-based buffer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted IOCTL request that adds an AppleTalk zone to a routing table. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Integer signedness error in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message with a negative value, which satisfies a signed comparison during mbuf allocation but is later interpreted as an unsigned value, which triggers a heap-based buffer overflow. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk Session Protocol (ASP) message on an AppleTalk socket, which triggers a heap-based buffer overflow. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain root privileges via a symlink attack on certain files. |
DB2 vulnerabilities |
database_db2ver | ||
|
Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary files via a .. (dot dot) in an unspecified environment variable, which is appended to "/tmp/" and used as a log file. NOTE: this issue might be related to symlink following. |
DB2 vulnerabilities |
database_db2ver | ||
|
Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to create arbitrary files via (1) unspecified vectors where an attacker's umask is honored, (2) /etc/ld.so.preload, (3) certain "cron data file locations", and other unspecified vectors possibly involving the (4) OSSEMEMDBG or (5) TRC_LOG_FILE environment variable in db2licd (db2licm). |
DB2 vulnerabilities |
database_db2ver | ||
|
IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary directories and execute arbitrary code via a "crafted localized message file" that enables a format string attack, possibly involving the (1) OSSEMEMDBG or (2) TRC_LOG_FILE environment variable in db2licd (db2licm). |
DB2 vulnerabilities |
database_db2ver | ||
|
Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain privileges via certain vectors related to (1) DB2 instance or FMP startup on Linux and Solaris; (2) exec of executables while running as root on non-Windows systems, as demonstrated by AIX; and unspecified vectors involving (3) db2licm and (4) db2pd. |
DB2 vulnerabilities |
database_db2ver | ||
|
Stack-based buffer overflow in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows attackers to execute arbitrary code via a long DASPROF and possibly other environment variables, which are copied into the buildDasPaths buffer. |
DB2 vulnerabilities |
database_db2ver | ||
|
Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12.3, including some versions before 12.3(15) and 12.3(14)T, allows remote attackers to obtain sensitive information (partial packet contents) or cause a denial of service (router or component crash) via crafted IPv6 packets with a Type 0 routing header. |
Cisco vulnerabilities Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ios | ||
|
Buffer overflow in the Next Hop Resolution Protocol (NHRP) functionality in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (restart) and execute arbitrary code via a crafted NHRP packet. |
Cisco vulnerabilities Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ios | ||
|
Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service via (1) a malformed MGCP packet, which causes a device hang, aka CSCsf08998; a malformed H.323 packet, which causes a device crash, as identified by (2) CSCsi60004 with Proxy Unregistration and (3) CSCsg70474; and a malformed Real-time Transport Protocol (RTP) packet, which causes a device crash, as identified by (4) CSCse68138, related to VOIP RTP Lib, and (5) CSCse05642, related to I/O memory corruption. |
Cisco SIP vulnerability Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_sip | ||
|
Multiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote attackers to cause a denial of service (device crash) via a malformed SIP packet, aka (1) CSCsf11855, (2) CSCeb21064, (3) CSCse40276, (4) CSCse68355, (5) CSCsf30058, (6) CSCsb24007, and (7) CSCsc60249. |
Cisco SIP vulnerability Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_sip | ||
|
Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device crash) via (1) "abnormal" MGCP messages, aka CSCsd81407; and (2) a large facsimile packet, aka CSCej20505. |
Cisco SIP vulnerability Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_sip | ||
|
Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102. |
Cisco SIP vulnerability Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_sip | ||
|
Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80749. |
Cisco SIP vulnerability Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_sip | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.10.3 allow remote attackers to inject arbitrary web script or HTML via the (1) unlim_num_rows, (2) sql_query, or (3) pos parameter to (a) tbl_export.php; the (4) session_max_rows or (5) pos parameter to (b) sql.php; the (6) username parameter to (c) server_privileges.php; or the (7) sql_query parameter to (d) main.php. NOTE: vector 5 might be a regression or incomplete fix for CVE-2006-6942.7. |
phpMyAdmin vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver | ||
|
ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then uses timing discrepancies from the SecurityErrorEvent error to determine whether a port is open or not. NOTE: 9.0.115.0 introduces support for a workaround, but does not fix the vulnerability. |
Flash vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_flash | ||
|
Format string vulnerability in the SMTP server component in Qbik WinGate 5.x and 6.x before 6.2.2 allows remote attackers to cause a denial of service (service crash) via format string specifiers in certain unexpected commands, which trigger a crash during error logging. |
WinGate mail vulnerabilities |
mail_smtp_wingate | ||
|
Buffer overflow in the Live Picture Corporation DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) ActiveX control in DXTLIPI.DLL 6.0.2.827, as packaged in Microsoft DirectX Media 6.0 SDK, allows remote attackers to execute arbitrary code via a long SourceUrl property value. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_directxtlipi | ||
|
Stack-based buffer overflow in IrfanView 3.99 and 4.00 allows user-assisted remote attackers to execute arbitrary code via a crafted palette (.pal) file. |
IrfanView vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_irfanviewver | ||
|
Multiple input validation errors in ACD ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 build 195 allow user-assisted remote attackers to execute arbitrary code via a long section string in (1) a PSP image to the ID_PSP.apl plug-in or (2) an LHA archive to the AM_LHA.apl plug-in, resulting in a heap-based buffer overflow. |
ACDSee vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_acdseepsp | ||
|
Buffer overflow in IMail Client 9.22, as shipped with IPSwitch IMail Server 2006.22, allows remote attackers to execute arbitrary code via a long boundary parameter in a multipart MIME e-mail message. |
IMail vulnerabilities |
mail_smtp_imailver | ||
|
The Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allows remote attackers to cause a denial of service (NULL dereference and service crash) via a crafted packet to port 5633/tcp. |
Veritas Backup Exec Note: Authentication is required to detect this vulnerability |
misc_backupexecver | ||
|
Multiple integer overflows in the Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allow remote attackers to cause a denial of service (CPU and memory consumption) via a crafted packet to port 5633/tcp, which triggers an infinite loop. |
Veritas Backup Exec Note: Authentication is required to detect this vulnerability |
misc_backupexecver | ||
|
Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow. |
MacOSX vulnerabilities CUPS vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version printer_cupsversion |
||
|
Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file. |
CUPS vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
printer_cupsversion | ||
|
Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof the contents of the status bar via a link to a data: URI containing an encoded URL. NOTE: the severity of this issue has been disputed by a reliable third party, since the intended functionality of the status bar allows it to be modified. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox | ||
|
Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an invalid pointer." |
Opera vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_opera9 | ||
|
Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long argument to the SEARCH command. NOTE: this might overlap CVE-2007-4372. |
SurgeMail vulnerabilities |
mail_imap_surge | ||
|
Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 (6.8.378) allows local users to gain local System privileges via the Log File Viewer. |
Altiris vulnerabilities |
misc_av_symantec_altirisver | ||
|
Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself. |
Java Plugin vulnerability Note: Authentication is required to detect this vulnerability |
web_client_jre web_dev_jdk |
||
|
Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger 8.1.0.413 allows remote attackers to cause a denial of service (application crash) via a certain length field in JPEG2000 data, as demonstrated by sending an "invite to view my webcam" request, and then injecting a DLL into the attacker's peer Yahoo! Messenger application when this request is accepted. |
Yahoo Messenger vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_yahoomsgrkdu | ||
|
Winamp 5.35 allows remote attackers to cause a denial of service (program stack overflow and application crash) via an M3U file that recursively includes itself. |
Winamp vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_winamp | ||
|
Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the "Start Before Logon" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box. |
Cisco VPN Client vulnerabilities Note: Authentication is required to detect this vulnerability |
net_cisco_vpnclientver | ||
|
Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe. |
Cisco VPN Client vulnerabilities Note: Authentication is required to detect this vulnerability |
net_cisco_vpnclientver | ||
|
IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 does not properly revoke privileges on methods, which allows remote authenticated users to execute a method after revocation until the routine auth cache is flushed. |
DB2 vulnerabilities |
database_db2ver | ||
|
IBM DB2 UDB 8 before Fixpak 15 does not properly check authorization, which allows remote authenticated users with a certain SELECT privilege to have an unknown impact via unspecified vectors. NOTE: this issue is probably related to CVE-2007-1089, but this is uncertain due to lack of details. |
DB2 vulnerabilities |
database_db2ver | ||
|
Stack-based buffer overflow in the AUTH_LIST_GROUPS_FOR_AUTHID function in IBM DB2 UDB 9.1 before Fixpak 3 allows attackers to cause a denial of service and possibly execute arbitrary code via a long argument. |
DB2 vulnerabilities |
database_db2ver | ||
|
Stack-based buffer overflow in the MercuryS SMTP server in Mercury Mail Transport System, possibly 4.51 and earlier, allows remote attackers to execute arbitrary code via a long AUTH CRAM-MD5 string. NOTE: this might overlap CVE-2006-5961. |
Mercury vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
mail_smtp_mercury mail_smtp_mercurycrammd5bo |
||
|
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection. |
MacOSX vulnerabilities Apache vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version web_server_apache_version |
||
|
Multiple stack-based buffer overflows in Electronic Arts (EA) SnoopyCtrl ActiveX control (NPSnpy.dll) allow remote attackers to execute arbitrary code via unspecified methods and parameters. |
Electronic Arts vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_easnoopyax | ||
|
Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified "initialization parameters." NOTE: it was later reported that 1.1.8.3 through 1.1.8.25, and probably 1.1.5.x and 1.1.7.x, are affected. |
Oracle JInitiator vulnerabilities Note: Authentication is required to detect this vulnerability |
database_oracle_jinitiatorax | ||
|
Multiple stack-based buffer overflows in the Earth Resource Mapping NCSView ActiveX control before 3.4.0.242 in NCSView.dll, as distributed in ER Mapper ECW JPEG 2000 Plug-in before 8.1, allow remote attackers to execute arbitrary code via unspecified vectors. |
Earth Resource Mapper vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_ermax | ||
|
Multiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (1) httpGETToFile, (2) httpPOSTFromFile, and possibly other methods, probably involving path traversal vulnerabilities in exposed dangerous methods. NOTE: this can be leveraged for code execution by writing to a Startup folder. |
QuickBooks Online Edition vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quickbooksoeax | ||
|
Multiple buffer overflows in the Broderbund Expressit 3DGreetings Player ActiveX control could allow remote attackers to execute arbitrary code via unspecified vectors. |
Broderbund 3DGreeting vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_3dgreetingsax | ||
|
Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1. |
Lotus Domino HTTP vulnerability Note: Authentication is required to detect this vulnerability |
web_client_dominowebaccessax | ||
|
Stack-based buffer overflow in EAI WebViewer3D ActiveX control (webviewer3d.dll) in SAP AG SAPgui before 7.10 Patch Level 9 allows remote attackers to execute arbitrary code via a long argument to the SaveViewToSessionFile method. |
SAP GUI vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_sapguiwebviewer3dax | ||
|
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack." |
GNU tar vulnerabilities VMWare ESX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_compress_tar misc_esxbuild |
||
|
Buffer overflow in the IUAComFormX ActiveX control in uacomx.ocx 2.0.1 in the eCentrex VOIP Client module allows remote attackers to execute arbitrary code via a long Username argument to the ReInit method. |
eCentrex vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_ecentrexvoipax | ||
|
Multiple buffer overflows in EarthAgent.exe in Trend Micro ServerProtect 5.58 for Windows before Security Patch 4 allow remote attackers to have an unknown impact via certain RPC function calls to (1) RPCFN_EVENTBACK_DoHotFix or (2) CMD_CHANGE_AGENT_REGISTER_INFO. |
Trend Micro vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_av_trendmicro_sprotectnotification | ||
|
Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows authenticated users with administrative privileges on a guest operating system to corrupt memory and possibly execute arbitrary code on the host operating system via unspecified vectors. |
VMware vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vmware_acever misc_vmware_serverver misc_vmwareplayerver misc_vmwarewkstnver |
||
|
Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows users with login access to a guest operating system to cause a denial of service (guest outage and host process crash or hang) via unspecified vectors. |
VMware vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vmware_acever misc_vmware_serverver misc_vmwareplayerver misc_vmwarewkstnver |
||
|
ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information. |
ClamAV vulnerabilities MacOSX vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam misc_av_clamwinupx misc_macosx_version |
||
|
Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted filename that is not properly handled by the print function in SavMain.exe. |
Sophos Antivirus vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_sophosavver | ||
|
Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. NOTE: some of these details are obtained from third party information. |
Yahoo Messenger vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_yahoomsgrver | ||
|
The Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation 5.0 for Windows allows remote attackers to cause a denial of service (daemon crash or hang) via malformed packets. |
VERITAS Storage vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vsfssw2k3 | ||
|
Buffer overflow in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure in Oracle 10g R2 allows remote authenticated users to execute arbitrary code via a long (1) OWNER or (2) NAME argument. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows remote attackers to inject arbitrary web script or HTML via arguments to a valid command, which is not properly handled when it is displayed by the view log option in the administration interface. NOTE: this can be leveraged to create a new admin account. |
WS FTP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
ftp_wsftpver | ||
|
clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail." |
ClamAV vulnerabilities MacOSX vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam misc_av_clamwinupx misc_macosx_version |
||
|
Heap-based buffer overflow in the RTSP service in Helix DNA Server before 11.1.4 allows remote attackers to execute arbitrary code via an RSTP command containing multiple Require headers. |
RealServer vulnerabilities |
misc_helixdnaserver misc_helixrtspmultirequire misc_helixserver |
||
|
sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Multiple buffer overflows in the login mechanism in sidvault in Alpha Centauri Software SIDVault LDAP Server before 2.0f allow remote attackers to execute arbitrary code via crafted LDAP packets, as demonstrated by a long dc entry in an LDAP bind. |
SIDVault vulnerabilities |
misc_ldapcategory_sidvaultver | ||
|
The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet. |
VMWare ESX vulnerabilities |
misc_esxbuild | ||
|
Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow. |
MacOSX vulnerabilities X Font Server vulnerabilities Note: Authentication is required to detect this vulnerability unless dangerous checks are enabled |
misc_macosx_version misc_xfs misc_xfshandlersio misc_xfsver |
||
|
Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests. |
MacOSX vulnerabilities Samba vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version win_samba |
||
|
HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods." |
OpenOffice vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_openoffice | ||
|
Buffer overflow in the nvUnifiedControl.AUnifiedControl.1 ActiveX control in nvUnifiedControl.dll 1.1.45.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allows remote attackers to execute arbitrary code via a long second argument to the SetText method. |
ACTi vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_actiax | ||
|
Multiple absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control in nvUtility.dll 1.0.14.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allow remote attackers to (1) create or overwrite arbitrary files via a full pathname in the first argument to the SaveXMLFile method or (2) delete arbitrary files via a full pathname in the argument to the DeleteXMLFile method. |
ACTi vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_actiax | ||
|
Multiple buffer overflows in php_iisfunc.dll in the iisfunc extension for PHP 5.2.0 and earlier allow context-dependent attackers to execute arbitrary code, probably during Unicode conversion, as demonstrated by a long string in the first argument to the iis_getservicestate function, related to the ServiceId argument to the (1) fnStartService, (2) fnGetServiceState, (3) fnStopService, and possibly other functions. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 and 2, for Windows allows remote attackers to execute arbitrary code via a crafted playlist (PLS) file. |
RealPlayer vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_realplayercategory_rmffheap | ||
|
Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1, as used in Winamp before 5.5 and other products, allow user-assisted remote attackers to execute arbitrary code via a malformed FLAC file that triggers improper memory allocation, resulting in a heap-based buffer overflow. |
FLAC vulnerabilities Winamp vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_lib_flacver misc_winamp |
||
|
Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests. |
CA Alert vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_caalert2 | ||
|
Cisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass authentication and obtain a terminal session, a different vulnerability than CVE-1999-0293 and CVE-2005-2105. |
Cisco VTY vulnerability |
net_cisco_vtyauth | ||
|
Unspecified vulnerability in Adobe Connect Enterprise Server 6 allows remote attackers to read certain pages that are restricted to the administrator via unknown vectors. |
Adobe Connect Enterprise Server vulnerabilities |
misc_adobe_connectentserver | ||
|
The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer overflow. NOTE: this is due to an incomplete fix for CVE-2007-2872. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405. |
Firebird vulnerabilities Note: Authentication is required to detect this vulnerability |
database_firebird_ver | ||
|
Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to cause a denial of service (daemon crash) via an XNET session that makes multiple simultaneous requests to register events, aka CORE-1403. |
Firebird vulnerabilities Note: Authentication is required to detect this vulnerability |
database_firebird_ver | ||
|
Unspecified vulnerability in the server in Firebird before 2.0.2, when a Superserver/TCP/IP environment is configured, allows remote attackers to cause a denial of service (CPU and memory consumption) via "large network packets with garbage", aka CORE-1397. |
Firebird vulnerabilities Note: Authentication is required to detect this vulnerability |
database_firebird_ver | ||
|
Unspecified vulnerability in the Services API in Firebird before 2.0.2 allows remote attackers to cause a denial of service, aka CORE-1149. |
Firebird vulnerabilities Note: Authentication is required to detect this vulnerability |
database_firebird_ver | ||
|
Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determine the existence of arbitrary files, and possibly obtain other "file access," via unknown vectors, aka CORE-1312. |
Firebird vulnerabilities Note: Authentication is required to detect this vulnerability |
database_firebird_ver | ||
|
The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148. |
Firebird vulnerabilities Note: Authentication is required to detect this vulnerability |
database_firebird_ver | ||
|
Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be applied to HTTPS pages from the same domain. |
MacOSX vulnerabilities Safari vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version web_client_safari |
||
|
Stack-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid UncompressedQuickTimeData opcode length in a PICT image. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5045. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
An "integer arithmetic" error in Apple QuickTime 7.2 allows remote attackers to execute arbitrary code via a crafted movie file containing a movie atom with a large size value, which triggers a stack-based buffer overflow. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid color table size when parsing the color table atom (CTAB) in a movie file, related to the CTAB RGB values. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows remote FTP servers to force clients to connect to other hosts via crafted responses to FTP PASV commands. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack. |
MacOSX vulnerabilities Safari vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version web_client_safari |
||
|
Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted directory hierarchy. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted text content that triggers an access of an uninitialized object pointer. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to bypass the chroot mechanism via a relative path when changing the current working directory. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Integer overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a large num_sels argument to the i386_set_ldt system call. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state." |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Integer signedness error in the ttioctl function in bsd/kern/tty.c in the xnu kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service (system shutdown) or gain privileges via a crafted TIOCSETD ioctl request. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Double free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via crafted IPV6 packets. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Double free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab. |
MacOSX vulnerabilities Safari vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version web_client_safari |
||
|
The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields." |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via file:// URLs. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory corruption. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame. |
MacOSX vulnerabilities Safari vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version web_client_safari |
||
|
The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incoming connections, even when "Block incoming connections" has been set for its associated executable, which might allow remote attackers or local root processes to bypass intended access restrictions. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
The Application Firewall in Apple Mac OS X 10.5 does not apply changed settings to processes that are started by launchd until the processes are restarted, which might allow attackers to bypass intended access restrictions. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows remote attackers to execute arbitrary code via a crafted QTL file. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Multiple unspecified vulnerabilities in the Flash media handler in Apple QuickTime before 7.3.1 allow remote attackers to execute arbitrary code or have other unspecified impacts via a crafted QuickTime movie. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via the URL handler. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Unspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via an image with a crafted ColorSync profile, which triggers memory corruption. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the SCRIPT_FILENAME variable, aka a "header overflow." |
Lighttpd vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_lighttpd_version | ||
|
Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap. |
X11 vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_x11 | ||
|
Stack-based buffer overflow in the TMregChange function in TMReg.dll in Trend Micro ServerProtect before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 5005. |
Trend Micro vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_av_trendmicro_sprotecttmregchange | ||
|
The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack. |
Kerberos detected MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_kerberospkg misc_macosx_version |
||
|
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted. |
MacOSX vulnerabilities OpenSSH vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version shell_ssh_openssh |
||
|
Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences. |
PCRE vulnerabilities MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_lib_pcrever misc_macosx_version |
||
|
Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code. |
PCRE vulnerabilities MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_lib_pcrever misc_macosx_version |
||
|
Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized. |
Adobe Acrobat vulnerabilities Flash vulnerabilities PCRE vulnerabilities MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_acrobat misc_acroread misc_flash misc_lib_pcrever misc_macosx_version |
||
|
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number. |
PostgreSQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_pgsql | ||
|
libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames. |
OpenOffice vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_openoffice | ||
|
Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information. |
OpenOffice vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_openoffice | ||
|
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression. |
PostgreSQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_pgsql | ||
|
Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a Visual Basic project (vbp) file containing a long Reference line, related to VBP_Open and OLE. NOTE: there are limited usage scenarios under which this would be a vulnerability. |
Visual Studio vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vb6vbpbo | ||
|
PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a "*[1]e" value. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
The virus detection engine in Sophos Anti-Virus before 2.49.0 does not properly process malformed (1) CAB, (2) LZH, and (3) RAR files with modified headers, which might allow remote attackers to bypass malware detection. |
Sophos Antivirus vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_sophosengver | ||
|
Stack-based buffer overflow in certain ActiveX controls in (1) FPOLE.OCX 6.0.8450.0 and (2) Foxtlib.ocx, as used in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library; and Internet Explorer 5.01, 6 SP1 and SP2, and 7; allows remote attackers to execute arbitrary code via a long first argument to the FoxDoCmd function. |
Visual Studio vulnerabilities Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_fpoleax win_patch_ie_v5 win_patch_ie_v6 win_patch_ie_v7 |
||
|
Multiple heap-based buffer overflows in GlobalLink 2.7.0.8 allow remote attackers to execute arbitrary code via (1) a long eighth argument to the SetInfo method in a certain ActiveX control in glItemCom.dll or (2) a long second argument to the SetClientInfo method in a certain ActiveX control in glitemflat.dll. |
GlobalLink vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_glitemflatax | ||
|
Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions before Beta Update 3.0.4, allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact by setting document.location.hash to a long string. NOTE: the crash might actually occur in the alert method. |
Safari vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_safari | ||
|
Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method. |
Microsoft SQL Server Note: Authentication is required to detect this vulnerability |
database_mssql_dmoax | ||
|
Multiple buffer overflows in the BaoFeng2 storm ActiveX control in Mps.dll allow remote attackers to have an unknown impact via a long (1) URL, (2) backImage, or (3) titleImage property value; (4) a long first argument to the advancedOpen method; a long argument to the (5) isDVDPath or (6) rawParse method; or (7) a .smpl file with a long path attribute in an item element in a PlayList. |
BaoFeng Storm Vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_baofengstormax | ||
|
Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled. |
Zebra Quagga Routing Suite Note: Authentication is recommended to improve the accuracy of this check |
net_quagga | ||
|
PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
SimpNews 2.41.03 allows remote attackers to obtain sensitive information via (1) an invalid lang parameter to admin/index.php; or a direct request to (2) admin/dbg_infos.php, (3) admin/heading.php, or (4) evsearch.php; which reveals the path in various error messages. |
SimpNews vulnerabilities |
web_prog_php_simpnewsver | ||
|
SimpNews 2.41.03 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc. |
SimpNews vulnerabilities |
web_prog_php_simpnewsver | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in SimpNews 2.41.03 allow remote attackers to inject arbitrary web script or HTML via the (1) l_username parameter to admin/layout2b.php, and the (2) backurl parameter to comment.php. |
SimpNews vulnerabilities |
web_prog_php_simpnewsver | ||
|
Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
Buffer overflow in the Client Acceptor Daemon (CAD), dsmcad.exe, in certain IBM Tivoli Storage Manager (TSM) clients 5.1 before 5.1.8.1, 5.2 before 5.2.5.2, 5.3 before 5.3.5.3, and 5.4 before 5.4.1.2 allows remote attackers to execute arbitrary code via crafted HTTP headers, aka IC52905. |
Tivoli Storage Manager |
misc_tivolicategory_storagever | ||
|
The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability. |
MacOSX vulnerabilities PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version web_prog_php_version |
||
|
Absolute directory traversal vulnerability in a certain ActiveX control in the VB To VSI Support Library (VBTOVSI.DLL) 1.0.0.0 in Microsoft Visual Studio 6.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveAs method. NOTE: contents can be copied from local files via the Load method. |
Visual Studio vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vsvbtovsiax | ||
|
A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell. |
Visual Studio vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_pdwizardax | ||
|
wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2) page.php with a no_filter field. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters related to "early database escaping" and missing validation of "query string like parameters." |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.1.41.2 and 6.2.32.1, AIM Pro, and AIM Lite does not properly constrain the use of mshtml.dll's web script and HTML functionality for incoming instant messages, which allows remote attackers to place HTML into unexpected contexts or execute arbitrary code, as demonstrated by writing arbitrary HTML to a notification window, and writing contents of arbitrary local image files to this window via IMG SRC. |
AOL Instant Messenger Note: Authentication is required to detect this vulnerability |
misc_aol_imver | ||
|
Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP. NOTE: this is related to an incomplete fix for CVE-2006-3015. |
WinSCP vulnerabilities Note: Authentication is required to detect this vulnerability |
shell_ssh_winscp | ||
|
Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other than iso-8859-1 or utf-8. |
Invision Power Board |
web_prog_php_ipbversion | ||
|
ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are limited usage scenarios under which this would be a vulnerability, but it is being tracked by CVE since the vendor has stated it is security-relevant. |
Invision Power Board |
web_prog_php_ipbversion | ||
|
Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/. |
Invision Power Board |
web_prog_php_ipbversion | ||
|
The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLan RO80211G-AP and other devices, do not prevent stack writes from entering memory locations used for string constants, which allows remote attackers to change the admin password stored in memory via a long username in an HTTP Basic Authentication request. |
Boa web server vulnerabilities |
web_server_boa | ||
|
Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument. |
HP Photo Digital Imaging vulnerabilities Windows updates needed Note: Authentication is required to detect this vulnerability |
misc_hpphotohpqax win_patch_mfcff |
||
|
Multiple buffer overflows in a certain ActiveX control in sparser.dll in Baofeng Storm 2.8 and earlier allow remote attackers to execute arbitrary code via malformed input in an unknown set of arguments or property values, a different DLL than CVE-2007-4816. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
BaoFeng Storm Vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_baofengstormax | ||
|
Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows. |
MacOSX vulnerabilities Python vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version misc_python |
||
|
Multiple absolute path traversal vulnerabilities in the MW6QRCode.QRCode.1 ActiveX control in MW6QRCode.dll in MW6 Technologies QRCode ActiveX 3.0.0.1 and earlier allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveAsBMP or (2) SaveAsWMF method. NOTE: some of these details are obtained from third party information. |
MW6 QRCode vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_qrcodeax | ||
|
ImageMagick before 6.3.5-9 allows context-dependent attackers to cause a denial of service via a crafted image file that triggers (1) an infinite loop in the ReadDCMImage function, related to ReadBlobByte function calls; or (2) an infinite loop in the ReadXCFImage function, related to ReadBlobMSBLong function calls. |
ImageMagick vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_imagemagick | ||
|
Multiple integer overflows in ImageMagick before 6.3.5-9 allow context-dependent attackers to execute arbitrary code via a crafted (1) .dcm, (2) .dib, (3) .xbm, (4) .xcf, or (5) .xwd image file, which triggers a heap-based buffer overflow. |
ImageMagick vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_imagemagick | ||
|
Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\0' character to an out-of-bounds address. |
ImageMagick vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_imagemagick | ||
|
Sign extension error in the ReadDIBImage function in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted width value in an image file, which triggers an integer overflow and a heap-based buffer overflow. |
ImageMagick vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_imagemagick | ||
|
The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption. |
MacOSX vulnerabilities X Font Server vulnerabilities Note: Authentication is required to detect this vulnerability unless dangerous checks are enabled |
misc_macosx_version misc_xfs misc_xfshandlersio misc_xfsver |
||
|
Stack-based buffer overflow in the process_packet function in fbserver.exe in Firebird SQL 2.0.2 allows remote attackers to execute arbitrary code via a long request to TCP port 3050. |
Firebird vulnerabilities Note: Authentication is required to detect this vulnerability |
database_firebird_ver | ||
|
Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. |
OpenSSL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_openssl | ||
|
libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location." |
Gaim vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_gaim | ||
|
libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996. |
Gaim vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_gaim | ||
|
Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
Oracle vulnerabilities MacOSX vulnerabilities Apache module vulnerabilities Apache vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_httpserver misc_macosx_version web_mod_apacheimap web_server_apache_version |
||
|
Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function. |
ARCserve vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_arcservecategory_lgserverauthuo | ||
|
Integer overflow in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to execute arbitrary code via a long username and a certain "useless" password. |
ARCserve vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_arcservecategory_lgserverauthuo | ||
|
Directory traversal vulnerability in rxRPC.dll in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to upload and overwrite arbitrary files via a ..\ (dot dot backslash) sequence in the destination filename argument to sub-function 8 in the rxrReceiveFileFromServer command. |
ARCserve vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_arcservecategory_lgserverauthuo | ||
|
Multiple command handlers in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 do not verify if a peer is authenticated, which allows remote attackers to add and delete users, and start client restores. |
ARCserve vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_arcservecategory_lgserverauthuo | ||
|
Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method. |
Yahoo Messenger vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_yahoomsgrver | ||
|
Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command. NOTE: this issue might overlap with CVE-2004-1211. |
Mercury vulnerabilities |
mail_imap_mercury | ||
|
Buffer overflow in the Sun Java Web Start ActiveX control in Java Runtime Environment (JRE) 1.6.0_X allows remote attackers to have an unknown impact via a long argument to the dnsResolve (isInstalled.dnsResolve) method. |
Java Web Start Note: Authentication is required to detect this vulnerability |
misc_javawebstart | ||
|
Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file, related to the mailto: option and Internet Explorer 7 on Windows XP. NOTE: this information is based upon a vague pre-advisory by a reliable researcher. |
Adobe Acrobat vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_acrobat misc_acroelements misc_acroread |
||
|
Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain privileges via unspecified vectors, possibly involving a malicious "program.exe" file in the C: folder. |
VMware vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vmware_acever misc_vmware_serverver misc_vmwareplayerver misc_vmwarewkstnver |
||
|
EMC VMware Server before 1.0.4 Build 56528 writes passwords in cleartext to unspecified log files, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2005-3620. |
VMware vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vmware_serverver | ||
|
Unspecified vulnerability in EMC VMware ACE before 1.0.3 Build 54075 allows attackers to have an unknown impact via an unspecified manipulation of "images stored in virtual machines downloaded by the user." |
VMware vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vmware_acever | ||
|
Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter containing the Firefox "-chrome" argument. NOTE: this is a related issue to CVE-2006-4965 and the result of an incomplete fix for CVE-2007-3670. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox | ||
|
Cross-site scripting (XSS) vulnerability in the Webmail interface for IceWarp Merak Mail Server before 9.0.0 allows remote attackers to inject arbitrary JavaScript via a javascript: URI in an attribute of an element in an email message body, as demonstrated by the onload attribute in a BODY element. |
IceWarp vulnerabilities |
mail_smtp_merak mail_web_icewarp |
||
|
Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow. |
RealPlayer vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_realplayercategory_rmffheap | ||
|
Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a crafted RM file. |
RealPlayer vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_reallinux misc_realplayercategory_macver misc_realplayercategory_rmffheap |
||
|
Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the user_email parameter. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 allows remote attackers to inject arbitrary web script or HTML via the user_login parameter. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
Stack-based buffer overflow in the AskJeevesToolBar.SettingsPlugin.1 ActiveX control in askBar.dll in IAC Search & Media ask.com Ask Toolbar 4.0.2.53 and earlier allows remote attackers to execute arbitrary code via a long ShortFormat property value. NOTE: some of these details are obtained from third party information. NOTE: the researcher claims that this is the same as CVE-2007-5108, but there is insufficient detail for CVE-2007-5108 to be certain. |
Ask Toolbar vulnerabilities Note: Authentication is required to detect this vulnerability |
web_tool_asktoolbarver | ||
|
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression. |
perl vulnerabilities MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_lang_perl misc_macosx_version |
||
|
The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.5.3.12 and earlier allows remote attackers to execute arbitrary code via unspecified web script or HTML in an instant message, related to AIM's filtering of "specific tags and attributes" and the lack of Local Machine Zone lockdown. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4901. |
AOL Instant Messenger Note: Authentication is required to detect this vulnerability |
misc_aol_imver | ||
|
SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows. |
SimpNews vulnerabilities |
web_prog_php_simpnewsver | ||
|
Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible. |
MacOSX vulnerabilities OpenSSL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version misc_openssl |
||
|
The focus handling for the onkeydown event in Microsoft Internet Explorer 6.0 allows remote attackers to change field focus and copy keystrokes via a certain use of a JavaScript htmlFor attribute, as demonstrated by changing focus from a textarea to a file upload field, a related issue to CVE-2007-3511. |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_v6 | ||
|
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site. |
Ruby vulnerabilities Note: Authentication is required to detect this vulnerability |
web_dev_ruby | ||
|
Stack-based buffer overflow in MAIPM6.dll in Adobe PageMaker 7.0.1 and 7.0.2 on Windows allows user-assisted remote attackers to execute arbitrary code via a long font name in a .PMD file. |
Adobe PageMaker vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_adobe_pagemakerbo | ||
|
Stack-based buffer overflow in the ADM4 ActiveX control in adm4.dll in Altnet Download Manager 4.0.0.6, as used in (1) Kazaa 3.2.7 and (2) Grokster, allows remote attackers to execute arbitrary code via a long argument to the Install method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
Altnet vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_altnetax | ||
|
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack. |
Java Plugin vulnerability Note: Authentication is required to detect this vulnerability |
web_client_jre web_dev_jdk |
||
|
Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted application. |
Java Web Start Java Plugin vulnerability Note: Authentication is required to detect this vulnerability |
misc_javawebstart web_client_jre web_dev_jdk |
||
|
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka "two vulnerabilities." |
Java Web Start Java Plugin vulnerability Note: Authentication is required to detect this vulnerability |
misc_javawebstart web_client_jre web_dev_jdk |
||
|
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka "three vulnerabilities." |
Java Web Start Java Plugin vulnerability Note: Authentication is required to detect this vulnerability |
misc_javawebstart web_client_jre web_dev_jdk |
||
|
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications. |
Java Web Start Java Plugin vulnerability Note: Authentication is required to detect this vulnerability |
misc_javawebstart web_client_jre web_dev_jdk |
||
|
Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen. |
Java Plugin vulnerability Note: Authentication is required to detect this vulnerability |
web_client_jre web_dev_jdk |
||
|
Multiple stack-based buffer overflows in Borland InterBase LI 8.0.0.53 through 8.1.0.253, and WI 5.1.1.680 through 8.1.0.257, allow remote attackers to execute arbitrary code via (1) a long service attach request on TCP port 3050 to the (a) SVC_attach or (b) INET_connect function, (2) a long create request on TCP port 3050 to the (c) isc_create_database or (d) jrd8_create_database function, (3) a long attach request on TCP port 3050 to the (e) isc_attach_database or (f) PWD_db_aliased function, or unspecified vectors involving the (4) jrd8_attach_database or (5) expand_filename2 function. |
Interbase detected Note: Authentication is required to detect this vulnerability |
database_interbasecategory_ver | ||
|
Stack-based buffer overflow in Borland InterBase LI 8.0.0.53 through 8.1.0.253 on Linux, and possibly unspecified versions on Solaris, allows remote attackers to execute arbitrary code via a long attach request on TCP port 3050 to the open_marker_file function. |
Interbase detected Note: Authentication is required to detect this vulnerability |
database_interbasecategory_ver | ||
|
Multiple stack-based buffer overflows in Firebird LI 1.5.3.4870 and 1.5.4.4910, and WI 1.5.3.4870 and 1.5.4.4910, allow remote attackers to execute arbitrary code via (1) a long service attach request on TCP port 3050 to the SVC_attach function or (2) unspecified vectors involving the INET_connect function. |
Firebird vulnerabilities Note: Authentication is required to detect this vulnerability |
database_firebird_ver | ||
|
Multiple stack-based buffer overflows in Firebird LI 2.0.0.12748 and 2.0.1.12855, and WI 2.0.0.12748 and 2.0.1.12855, allow remote attackers to execute arbitrary code via (1) a long attach request on TCP port 3050 to the isc_attach_database function or (2) a long create request on TCP port 3050 to the isc_create_database function. |
Firebird vulnerabilities Note: Authentication is required to detect this vulnerability |
database_firebird_ver | ||
|
c32web.exe in McMurtrey/Whitaker Cart32 before 6.4 allows remote attackers to read arbitrary files via the ImageName parameter in a GetImage action, by appending a NULL byte (%00) sequence followed by an image file extension, as demonstrated by a request for a ".txt%00.gif" file. NOTE: this might be a directory traversal vulnerability. |
Cart32 vulnerabilities |
web_prog_cgi_cart32fileread | ||
|
Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance 3.4.14 allows remote attackers to inject arbitrary web script or HTML via the ie parameter to the /search URI. |
Google Appliance vulnerabilities |
web_prog_cgi_googleapplxssie | ||
|
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232. |
Java Plugin vulnerability Note: Authentication is required to detect this vulnerability |
web_client_jre web_dev_jdk |
||
|
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232. |
Java Plugin vulnerability Note: Authentication is required to detect this vulnerability |
web_client_jre web_dev_jdk |
||
|
The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324. |
Flash vulnerabilities MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_flash misc_macosx_version |
||
|
Insecure method vulnerability in the FPOLE.OCX 6.0.8450.0 ActiveX control in Microsoft Visual FoxPro 6.0 allows remote attackers to execute arbitrary programs by specifying them as an argument to the FoxDoCmd function. |
Visual Studio vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_fpoleax | ||
|
Multiple buffer overflows in (1) the Message Engine and (2) AScore.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors. |
ARCserve vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_arcservecategory_ver | ||
|
Multiple buffer overflows in (1) RPC and (2) rpcx.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors. |
ARCserve vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_arcservecategory_ver | ||
|
Stack-based buffer overflow in the RPC interface for the Message Engine (mediasvr.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a long argument in the 0x10d opnum. |
ARCserve vulnerabilities Note: Authentication is required to detect this vulnerability unless dangerous checks are enabled |
misc_arcservecategory_msgeng misc_arcservecategory_ver |
||
|
The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code by using certain "insecure method calls" to modify the file system and registry, aka "Privileged function exposure." |
ARCserve vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_arcservecategory_ver | ||
|
Unspecified vulnerability in dbasvr in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, has unknown impact and attack vectors related to memory corruption. |
ARCserve vulnerabilities Note: Authentication is required to detect this vulnerability unless dangerous checks are enabled |
misc_arcservecategory_dbasvrbo misc_arcservecategory_ver |
||
|
The cadbd RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to (1) execute arbitrary code via stack-based buffer overflows in unspecified RPC procedures, and (2) trigger memory corruption related to the use of "handle" RPC arguments as pointers. |
ARCserve vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_arcservecategory_ver | ||
|
Queue.dll for the message queuing service (LQserver.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a malformed ONRPC protocol request for operation 0x76, which causes ARCserve Backup to dereference arbitrary pointers. |
ARCserve vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_arcservecategory_ver | ||
|
Multiple unspecified vulnerabilities in (1) mediasvr and (2) caloggerd in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, have unknown impact and attack vectors related to memory corruption. |
ARCserve vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_arcservecategory_ver | ||
|
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385. |
MacOSX vulnerabilities HP Openview vulnerabilities Apache Tomcat vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version net_ovnodemgriver web_dev_tomcatver |
||
|
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing attacks by setting the hidechrome attribute. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_seamonkey |
||
|
Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption or assert errors. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption. |
Mozilla Thunderbird vulnerabilities Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird web_client_firefox web_client_seamonkey |
||
|
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler. |
MacOSX vulnerabilities Apache Tomcat vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version web_dev_tomcatver |
||
|
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_v6 win_patch_ie_v7 |
||
|
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_ie_v6 win_patch_ie_v7 |
||
|
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability." |
Microsoft SQL Server Windows updates needed Internet Explorer vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_mssql_mssql win_patch_gdiplus08052 win_patch_ie_vmlver6 |
||
|
Unspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving "legacy reply paths." |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_mupsys4 | ||
|
Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability." |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_smbv2rce | ||
|
Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_lsass | ||
|
Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU. |
dhcpd vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_dhcpver | ||
|
Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method, which uses XmlSimple (XML::Simple) unsafely, as demonstrated by reading passwords from the Pidgin (Gaim) .purple/accounts.xml file. |
MacOSX vulnerabilities Ruby on Rails vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version web_dev_rubyonrails |
||
|
Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions." |
MacOSX vulnerabilities Ruby on Rails vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version web_dev_rubyonrails |
||
|
Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string. |
phpMyAdmin vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver | ||
|
Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow. |
CUPS vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
printer_cupsversion | ||
|
Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter. |
CUPS vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
printer_cupsversion | ||
|
Stack-based buffer overflow in AldFs32.dll in Adobe PageMaker 7.0.1 and 7.0.2 allows user-assisted remote attackers to execute arbitrary code via a .PMD file with a crafted font structure, a different vulnerability than CVE-2007-5169 and CVE-2007-6432. |
Adobe PageMaker vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_adobe_pagemakerfontbo | ||
|
Heap-based buffer overflow in the activePDF Server service (aka APServer.exe) in activePDF Server 3.8.4 and 3.8.5.14, and possibly other versions before 3.8.6.16, allows remote attackers to execute arbitrary code via a packet with a size field that is less than the actual size of the data. |
activePDF vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_activepdfver | ||
|
Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request. |
MacOSX vulnerabilities Samba vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version win_samba |
||
|
Heap-based buffer overflow in the Shockwave Flash (SWF) frame handling in RealNetworks RealPlayer 10.5 Build 6.0.12.1483 might allow remote attackers to execute arbitrary code via a crafted SWF file. |
RealPlayer vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_reallinux misc_realplayer misc_realplayercategory_macver |
||
|
Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a .ag file with (1) a long ENCODING attribute in a *BEGIN tag, (2) a long token, or (3) the initial *BEGIN tag. |
Lotus Notes email client vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_notesapplix | ||
|
tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function. |
TikiWiki vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_tikiwikiver | ||
|
Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 might allow local users to cause a denial of service to the Virtual Disk Mount Service (vmount2.exe), related to the ConnectPopulatedDiskEx function. |
VMware vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vmware_acever misc_vmware_serverver misc_vmwareplayerver misc_vmwarewkstnver |
||
|
Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial of service (panic) via a beacon frame with a large length value in the extended supported rates (xrates) element, which triggers an assertion error, related to net80211/ieee80211_scan_ap.c and net80211/ieee80211_scan_sta.c. |
MadWifi vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_wireless_madwifi | ||
|
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag. |
MacOSX vulnerabilities Apache Tomcat vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version web_dev_tomcatver |
||
|
Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "Highly Severe" impact and unknown attack vectors. |
Flash vulnerabilities MacOSX vulnerabilities Opera vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_flash misc_macosx_version web_client_opera9 |
||
|
Directory traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to chmod arbitrary files to 0777 via ".." sequences in the lang parameter. |
SiteBar vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_sitebar | ||
|
Static code injection vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the value parameter. |
SiteBar vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_sitebar | ||
|
Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function. |
VMware vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vmwareplayerver misc_vmwarewkstnver |
||
|
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+ and 10.1.0.5 unknown impact and remote attack vectors, related to (1) Import (DB01) and (2) Advanced Queuing (DB25). NOTE: as of 20071108, Oracle has not disputed reliable researcher claims that DB25 is for a buffer overflow in the DBLINK_INFO procedure in the DBMS_AQADM_SYS package. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote attack vectors, related to (1) the Export component (DB02), (2) Oracle Text (DB04), (3) Oracle Text (DB05), (4) Spatial component (DB07), and (5) Advanced Security Option (DB19). |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (CPU consumption) via a crafted type 6 Data packet, aka DB20. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
The GIOP service in TNS Listener in the Oracle Net Services component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (crash) or read potentially sensitive memory via a connect GIOP packet with an invalid data size, which triggers a buffer over-read, aka DB22. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) MARKUP procedures, aka DB03. NOTE: remote unauthenticated attack vectors exist when CTXSYS is used with oracle Application Server. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in the Spatial component in Oracle Database 9.2.0.8 and 9.2.0.8DV has unknown impact and remote attack vectors, aka DB06. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Multiple unspecified vulnerabilities in the Workspace Manager component in Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 have unknown impact and remote attack vectors, aka (1) DB08, (2) DB09, (3) DB10, (4) DB11, (5) DB12, (6) DB13, (7) DB14, (8) DB15, (9) DB16, (10) DB17, and (11) DB18. NOTE: one of these issues is probably CVE-2007-5511, but there are insufficient details to be certain. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package. NOTE: this is probably covered by CVE-2007-5510, but there are insufficient details to be certain. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in the Oracle Database Vault component in Oracle Database 9.2.0.8DV and 10.2.0.3 has unknown impact and remote attack vectors, aka DB21. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
The XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 generates incorrect audit entries in the USERID column in which (1) long usernames are trimmed to 5 characters, or (2) short entries contain any extra characters from usernames in previous entries, aka DB23. |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and attack vectors related to (1) Database Vault component (DB24) and (2) SQL Execution component (DB26). |
Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version | ||
|
Unspecified vulnerability in the Oracle Process Mgmt & Notification component in Oracle Application Server 10.1.3.3 has unknown impact and remote attack vectors, aka AS01. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.0.2 and 10.1.4.1, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS02. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Application Server 10.1.3.2 has unknown impact and remote attack vectors, aka AS03. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS04. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in the Oracle Internet Directory component in Oracle Database 9.2.0.8 and 9.2.0.8DV, and Oracle Application Server 9.0.4.3, 10.1.3.0.0 up to 10.1.3.3.0, and 10.1.2.0.1 up to 10.1.2.2.0, has unknown impact and remote attack vectors, aka AS05. |
Oracle vulnerabilities Oracle Database vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias database_oracle_version |
||
|
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.2, and 10.1.3.3, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS06. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.4.1 has unknown impact and remote attack vectors, aka AS07. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.2, and 10.1.4.0, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS08. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in the Oracle Single Sign-On component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS09 or AS9. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in the Oracle Single Sign-On component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.2, and 10.1.4.0.1; Collaboration Suite 10.1.2; and Enterprise Manager 10.1.2 has unknown impact and remote attack vectors, aka AS10. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.0.2, 10.1.2.2, and 10.1.4.1, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS11. |
Oracle vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias | ||
|
Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors. |
Opera vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_opera9 | ||
|
Unspecified vulnerability in Opera before 9.24, when using an "external" newsgroup or e-mail client, allows remote attackers to execute arbitrary commands via unknown vectors. |
Opera vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_opera9 | ||
|
IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session. |
Lotus Notes email client vulnerabilities Lotus Domino HTTP vulnerability Note: Authentication is required to detect this vulnerability |
mail_client_notesmw mail_client_noteswpd web_server_lotus_domino |
||
|
Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild. |
Macrovision SafeDisc vulnerabilities Note: Authentication is required to detect this vulnerability |
win_patch_macrovisionsafedisc | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other vectors related to (3) REQUEST_URI. |
phpMyAdmin vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver | ||
|
install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified. |
Drupal vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal | ||
|
Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery (CSRF) attack. |
Drupal vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal | ||
|
CRLF injection vulnerability in the drupal_goto function in includes/common.inc Drupal 4.7.x before 4.7.8 and 5.x before 5.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. |
Drupal vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal | ||
|
The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 places the .html extension on a whitelist, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading .html files. |
Drupal vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal | ||
|
The hook_comments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 does not pass publication status, which might allow attackers to bypass access restrictions and trigger e-mail with unpublished comments from some modules, as demonstrated by (1) Organic groups and (2) Subscriptions. |
Drupal vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal | ||
|
Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers to execute arbitrary code via certain playlist names, as demonstrated via the import method to the IERPCtl ActiveX control in ierpplug.dll. |
RealPlayer vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_realplayerax | ||
|
Multiple stack-based buffer overflows in SwiftView Viewer before 8.3.5, as used by SwiftView and SwiftSend, allow remote attackers to execute arbitrary code via unspecified vectors to the (1) svocx.ocx ActiveX control or the (2) npsview.dll plugin for Mozilla and Firefox. |
Swiftview vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_swiftviewax misc_swiftviewnps |
||
|
Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allows remote attackers to execute arbitrary code via a long string in the second argument to the AddRouteEntry method. |
SonicWall vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_sonicwall_launchax | ||
|
Buffer overflow in the ExtractCab function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long first argument, a different vulnerability than CVE-2007-5605, CVE-2007-5606, and CVE-2007-5607. |
HP Instant Support vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_hpinstantsupportax | ||
|
Buffer overflow in the GetFileTime function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long argument, a different vulnerability than CVE-2007-5604, CVE-2007-5606, and CVE-2007-5607. |
HP Instant Support vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_hpinstantsupportax | ||
|
Buffer overflow in the MoveFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long argument, a different vulnerability than CVE-2007-5604, CVE-2007-5605, and CVE-2007-5607. |
HP Instant Support vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_hpinstantsupportax | ||
|
Buffer overflow in the RegistryString function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long first argument, a different vulnerability than CVE-2007-5604, CVE-2007-5605, and CVE-2007-5606. |
HP Instant Support vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_hpinstantsupportax | ||
|
The DownloadFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to force a download of an arbitrary file onto a client machine via a URL in the first argument and a destination filename in the second argument, a different vulnerability than CVE-2008-0952 and CVE-2008-0953. |
HP Instant Support vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_hpinstantsupportax | ||
|
The DeleteSingleFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to delete an arbitrary file via a full pathname in the argument. |
HP Instant Support vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_hpinstantsupportax | ||
|
Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies. |
Jetty vulnerabilities |
web_dev_jetty | ||
|
Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors. |
Jetty vulnerabilities |
web_dev_jetty | ||
|
CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. |
Jetty vulnerabilities |
web_dev_jetty | ||
|
ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x before 5.3.6, on Unix and Linux allows local users to gain privileges via unspecified vectors. |
SSH Tectia vulnerabilities |
shell_ssh_tectia | ||
|
Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1, prevents it from launching, which has unspecified impact, related to untrusted virtual machine images. |
VMware vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vmwareplayerver misc_vmwarewkstnver |
||
|
Unquoted Windows search path vulnerability in the Authorization and other services in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, VMware Server before 1.0.4, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1 might allow local users to gain privileges via malicious programs. |
VMware vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vmware_serverver misc_vmwareplayerver misc_vmwarewkstnver |
||
|
Unspecified vulnerability in VMware Server before 1.0.4 causes user passwords to be recorded in cleartext in server logs, which might allow local users to gain privileges. |
VMware vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vmware_serverver | ||
|
Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts. |
Nagios vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_tool_nagiosver | ||
|
Unspecified vulnerability in the Extensible Authentication Protocol (EAP) implementation in Cisco IOS 12.3 and 12.4 on Cisco Access Points and 1310 Wireless Bridges (Wireless EAP devices), IOS 12.1 and 12.2 on Cisco switches (Wired EAP devices), and CatOS 6.x through 8.x on Cisco switches allows remote attackers to cause a denial of service (device reload) via a crafted EAP Response Identity packet. |
Cisco vulnerabilities Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ios | ||
|
The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control Compatibility Flags, executing programs via a function in compatUI.dll, invoking wscript.shell via wscript.exe, invoking Scripting.FileSystemObject via wshom.ocx, and adding users via a function in shgina.dll, related to the com_load_typelib function. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655. |
Adobe Acrobat vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_acrobat misc_acroread |
||
|
Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified "unsafe method," possibly involving a buffer overflow. |
Macrovision InstallShield vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_installshieldusax | ||
|
The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine. |
Macrovision InstallShield vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_installshieldociax | ||
|
Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this issue might be subsumed by CVE-2008-0655. |
Adobe Acrobat vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_acrobat misc_acroread |
||
|
Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 and earlier allows local users to execute arbitrary code via a malicious Security Provider library in the reader's current working directory. NOTE: this issue might be subsumed by CVE-2008-0655. |
Adobe Acrobat vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_acrobat misc_acroread |
||
|
NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \.\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel memory locations. |
Novell NetWare Client vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_novellclient_nwfilterpe | ||
|
Incomplete blacklist vulnerability in tiki-graph_formula.php in TikiWiki before 1.9.8.2 allows remote attackers to execute arbitrary code by using variable functions and variable variables to write variables whose names match the whitelist, a different vulnerability than CVE-2007-5423. |
TikiWiki vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_tikiwikiver | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to the password reminder page (tiki-remind_password.php), (2) IMG tags in wiki pages, and (3) the local_php parameter to db/tiki-db.php. |
TikiWiki vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_tikiwikiver | ||
|
Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in (1) error_handler_file and (2) local_php parameters to (a) tiki-index.php, or (3) encoded "..%2F" sequences in the imp_language parameter to tiki-imexport_languages.php. |
TikiWiki vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_tikiwikiver | ||
|
The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves. |
Java Plugin vulnerability Note: Authentication is required to detect this vulnerability |
web_client_jre web_dev_jdk |
||
|
Multiple cross-site scripting (XSS) vulnerabilities in SiteBar 3.3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter to integrator.php; (2) the token parameter in a New Password action, (3) the nid_acl parameter in a Folder Properties action, or (4) the uid parameter in a Modify User action to command.php; or (5) the target parameter to index.php, different vectors than CVE-2006-3320. |
SiteBar vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_sitebar | ||
|
Eval injection vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492. |
SiteBar vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_sitebar | ||
|
Absolute path traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to read arbitrary files via an absolute path in the dir parameter, a different vulnerability than CVE-2007-5491. |
SiteBar vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_sitebar | ||
|
Open redirect vulnerability in command.php in SiteBar 3.3.8 allows remote attackers to redirect users to arbitrary web sites via a URL in the forward parameter in a Log In action. |
SiteBar vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_sitebar | ||
|
OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash) via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double free, but the reports are inconsistent. |
MacOSX vulnerabilities OpenLDAP vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version misc_openldap |
||
|
slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from being initialized properly and might allow attackers to cause a denial of service (segmentation fault) via unknown vectors that prevent the array from being null terminated. |
OpenLDAP vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_openldap | ||
|
Stack-based buffer overflow in Sony SonicStage CONNECT Player (CP) 4.3 allows remote attackers to execute arbitrary code via a long file name in an M3U file. |
SonicStage vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_sonicstagever | ||
|
Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted (1) Attribute and (2) Font Description records. |
OpenOffice vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_openoffice | ||
|
Integer overflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an EMF file with a crafted EMR_STRETCHBLT record, which triggers a heap-based buffer overflow. |
OpenOffice vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_openoffice | ||
|
Integer underflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted values that trigger an excessive loop and a stack-based buffer overflow. |
OpenOffice vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_openoffice | ||
|
Multiple stack-based buffer overflows in the AOL AmpX ActiveX control in AmpX.dll 2.6.1.11 in AOL Radio allow remote attackers to execute arbitrary code via long arguments to unspecified methods. |
AOL vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_aol_ampx | ||
|
Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via a PassMessage request containing a large array index. |
X11 vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_x11 | ||
|
The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162. |
MacOSX vulnerabilities Ruby vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version web_dev_ruby |
||
|
Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. |
BitDefender Online Scanner vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_bitdefender_onlineax | ||
|
The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration. |
Emacs vulnerabilities MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_editors_emacs_version misc_macosx_version |
||
|
Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allow remote attackers to execute arbitrary code via a long (1) serverAddress, (2) sessionId, (3) clientIPLower, (4) clientIPHigher, (5) userName, (6) domainName, or (7) dnsSuffix Unicode property value. NOTE: the AddRouteEntry vector is covered by CVE-2007-5603. |
SonicWall vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_sonicwall_launchax | ||
|
Absolute path traversal vulnerability in the WebCacheCleaner ActiveX control 1.3.0.3 in SonicWall SSL-VPN 200 before 2.1, and SSL-VPN 2000/4000 before 2.5, allows remote attackers to delete arbitrary files via a full pathname in the argument to the FileDelete method. |
SonicWall vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_sonicwall_wccax | ||
|
Aclient in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows local users to gain local System privileges via the "Enable key-based authentication to Deployment server" browser option, a different issue than CVE-2007-4380. |
Altiris vulnerabilities |
misc_av_symantec_altirisver | ||
|
Race condition in the CFURLWriteDataAndPropertiesToResource API in Core Foundation in Apple Mac OS X 10.4.11 creates files with insecure permissions, which might allow local users to obtain sensitive information. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow. |
MacOSX vulnerabilities CUPS vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version printer_cupsversion |
||
|
Heap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4.11 allows user-assisted attackers to execute arbitrary code via a directory with a crafted .DS_Store file. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Unspecified vulnerability in IO Storage Family in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (system shutdown) or execute arbitrary code via a disk image with crafted GUID partition maps, which triggers memory corruption. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat HTML files as unsafe content, which allows attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via a crafted HTML file. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has been set up using Account Assistant, can use plaintext authentication even when MD5 Challenge-Response authentication is available, which makes it easier for remote attackers to sniff account activity. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from accessing URLs when the movie file is previewed or if an icon is created, which might allow remote attackers to obtain sensitive information via HREFTrack. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information. |
MacOSX vulnerabilities Safari vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version web_client_safari |
||
|
Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted feed: URL that triggers memory corruption. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 allows local users to execute arbitrary code via unspecified output files, involving an "insecure file operation." |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted .XLS file that triggers memory corruption in the Microsoft Office Spotlight Importer. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet. |
Java Plugin vulnerability Note: Authentication is required to detect this vulnerability |
web_client_jre | ||
|
Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of service (CPU consumption and crash) via an iframe with Javascript that sets the document.location to contain a leading NULL byte (\x00) and a (1) res://, (2) about:config, or (3) file:/// URI. |
Mozilla vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox | ||
|
The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code. |
Kerberos detected MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_kerberospkg misc_macosx_version |
||
|
Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request. |
Kerberos detected Note: Authentication is required to detect this vulnerability |
misc_kerberospkg | ||
|
Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, IBM Lotus Notes before 7.0.3, Symantec Mail Security, and other products, allow remote attackers to execute arbitrary code via a crafted (1) AG file to kpagrdr.dll, (2) AW file to awsr.dll, (3) DLL or (4) EXE file to exesr.dll, (5) DOC file to mwsr.dll, (6) MIF file to mifsr.dll, (7) SAM file to lasr.dll, or (8) RTF file to rtfsr.dll. NOTE: the WPD (wp6sr.dll) vector is covered by CVE-2007-5910. |
Lotus Notes email client vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_noteswpd | ||
|
Stack-based buffer overflow in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, wp6sr.dll in IBM Lotus Notes 8.0 and before 7.0.3, Symantec Mail Security, and other products, allows remote attackers to execute arbitrary code via a crafted WordPerfect (WPD) file. |
Lotus Notes email client vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_noteswpd | ||
|
The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error. |
MySQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version | ||
|
Buffer overflow in OpenBase 10.0.5 and earlier might allow remote authenticated users to execute arbitrary code or cause a denial of service (daemon crash) by creating a stored procedure with a long name and invoking this procedure, which triggers heap corruption. |
OpenBase vulnerabilities Note: Authentication is required to detect this vulnerability |
database_openbase_ver | ||
|
The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability was originally reported for ftpd.c, but this is incorrect. |
Heimdal ftpd vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
ftp_heimdal_ver | ||
|
Stack-based buffer overflow in the SWCtl.SWCtl ActiveX control in Adobe Shockwave allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument to the ShockwaveVersion method. |
Shockwave vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_shockwave | ||
|
The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI. |
Mozilla vulnerabilities Netscape Navigator vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_netscape web_client_seamonkey |
||
|
Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable. |
INFORMIX vulnerabilities Note: Authentication is required to detect this vulnerability |
database_informix_idsver | ||
|
Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.TC3TL and 11.10.TB4TL on Windows allows attackers to cause a denial of service (application crash) via unspecified SQ_ONASSIST requests. |
INFORMIX vulnerabilities Note: Authentication is required to detect this vulnerability |
database_informix_idsver | ||
|
X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists. |
MacOSX vulnerabilities X11 vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version misc_x11 |
||
|
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger memory corruption. |
Mozilla vulnerabilities Netscape Navigator vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_netscape web_client_seamonkey |
||
|
Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent. |
Mozilla vulnerabilities Netscape Navigator vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_firefox web_client_netscape web_client_seamonkey |
||
|
MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file. |
MySQL vulnerabilities MacOSX vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version misc_macosx_version |
||
|
MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges. |
MySQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version | ||
|
Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. |
Kerberos detected MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_kerberospkg misc_macosx_version |
||
|
Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must have privileges to store this key. |
Kerberos detected Note: Authentication is required to detect this vulnerability |
misc_kerberospkg | ||
|
SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter. |
phpMyAdmin vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver | ||
|
Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than CVE-2006-6942. |
phpMyAdmin vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver | ||
|
Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via "short string values" that result in heap corruption. |
Skype vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_skype4com | ||
|
Multiple buffer overflows in ACD products allow user-assisted remote attackers to execute arbitrary code via a long section string in a (1) XBM or (2) XPM file to (a) ID_X.apl or (b) IDE_ACDStd.apl. NOTE: the PSP and LHA vectors are already covered by CVE-2007-4344 and CVE-2007-6007. NOTE: these might be integer overflows rather than buffer overflows. |
ACDSee vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_acdseever | ||
|
Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request. |
MacOSX vulnerabilities Samba vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_macosx_version win_samba win_sambacategory_mailslot |
||
|
Multiple stack-based buffer overflows in the PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, allow remote attackers to execute arbitrary code via a long (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _MonthText3, (12) _MonthText4, (13) _MonthText5, (14) _MonthText6, (15) _MonthText7, (16) _MonthText8, (17) _MonthText9, (18) _MonthText10, or (19) _MonthText11 property value when executing the Save method. NOTE: the vendor states "Authenticated user involvement required," but authentication is not needed to attack a client machine that loads this control. |
Veritas Backup Exec Note: Authentication is required to detect this vulnerability |
misc_backupexeccalendarax | ||
|
The PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, exposes the unsafe Save method, which allows remote attackers to cause a denial of service (browser crash), or create or overwrite arbitrary files, via string values of the (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _MonthText3, (12) _MonthText4, (13) _MonthText5, (14) _MonthText6, (15) _MonthText7, (16) _MonthText8, (17) _MonthText9, (18) _MonthText10, and (19) _MonthText11 properties. NOTE: the vendor states "Authenticated user involvement required," but authentication is not needed to attack a client machine that loads this control. |
Veritas Backup Exec Note: Authentication is required to detect this vulnerability |
misc_backupexeccalendarax | ||
|
IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message. |
Horde IMP vulnerabilities Horde vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
mail_web_imp web_prog_php_horde |
||
|
Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly. |
Flash vulnerabilities MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_flash misc_macosx_version |
||
|
Heap-based buffer overflow in Adobe PageMaker 7.0.1 and 7.0.2 allows user-assisted remote attackers to execute arbitrary code via a .PMD file with a crafted font structure. |
Adobe PageMaker vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_adobe_pagemakerfontbo | ||
|
Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944. |
Windows updates needed Note: Authentication is required to detect this vulnerability |
win_patch_jetver | ||
|
Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. |
ClamAV vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam misc_av_clamwinupx |
||
|
Unspecified vulnerability in VanDyke VShell 3.0.1 allows remote attackers to cause a denial of service via unspecified vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. |
VShell vulnerability |
shell_ssh_vshell | ||
|
SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter. |
Cacti vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_cacti | ||
|
PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in (1) the domain parameter to the dgettext function, the message parameter to the (2) dcgettext or (3) gettext function, the msgid1 parameter to the (4) dngettext or (5) ngettext function, or (6) the classname parameter to the stream_wrapper_register function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution. |
PHP vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version | ||
|
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states. |
PostgreSQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_pgsql | ||
|
The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, which allows remote attackers to conduct session fixation attacks. NOTE: this is due to an incomplete fix for CVE-2007-5380. |
MacOSX vulnerabilities Ruby on Rails vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version web_dev_rubyonrails |
||
|
Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability than CVE-2005-0992. |
phpMyAdmin vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver | ||
|
Ability Mail Server before 2.61 allows remote authenticated users to cause a denial of service (daemon crash) via (1) malformed number list ranges in unspecified IMAP commands, and possibly (2) a blank string in unspecified messages. |
Ability Server mail vulnerabilities |
mail_imap_abilityver | ||
|
Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain "emacs -batch -eval" command line. |
Emacs vulnerabilities MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_editors_emacs_version misc_macosx_version |
||
|
Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. |
Cross site scripting Note: Authentication is recommended to improve the accuracy of this check |
web_prog_cgi_htdigxss | ||
|
Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP dissector. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_wireshark | ||
|
Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_wireshark | ||
|
Integer signedness error in the DNP3 dissector in Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP3 packet. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_wireshark | ||
|
Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) the SSL dissector or (2) the iSeries (OS/400) Communication trace file parser. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_ethereal net_wireshark |
||
|
Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_wireshark | ||
|
The Firebird/Interbase dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite loop or crash) via unknown vectors. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_wireshark | ||
|
Unspecified vulnerability in the HTTP dissector for Wireshark (formerly Ethereal) 0.10.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted chunked messages. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_ethereal net_wireshark |
||
|
The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_ethereal net_wireshark |
||
|
The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_wireshark | ||
|
The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_ethereal net_wireshark |
||
|
Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_ethereal net_wireshark |
||
|
gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions. |
gnump3d vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_gnump3d | ||
|
Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments. |
Asterisk vulnerabilities Note: Authentication is required to detect this vulnerability |
net_asterisk | ||
|
SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors. |
Asterisk vulnerabilities Note: Authentication is required to detect this vulnerability |
net_asterisk | ||
|
Heap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier allows context-dependent attackers to execute arbitrary code via a filename with a certain length, as demonstrated by a remote authenticated user who uses the SCP protocol to send a file to the Cygwin machine, and thereby causes scp.exe on this machine to execute, and then overwrite heap memory with characters from the filename. NOTE: it is also reported that a related issue might exist in 1.5.7 through 1.5.19. |
Cygwin vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_cygwinver | ||
|
Cross-site scripting (XSS) vulnerability in util.php in Calacode @Mail before 5.2 allows remote attackers to inject arbitrary web script or HTML via the func parameter. |
AtMail vulnerabilities |
mail_web_atmail | ||
|
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy. |
MacOSX vulnerabilities rsyncd vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version misc_rsyncdver |
||
|
Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options. |
MacOSX vulnerabilities rsyncd vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version misc_rsyncdver |
||
|
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918. |
MacOSX vulnerabilities Apache vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version web_server_apache_413 |
||
|
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allow remote attackers to execute arbitrary code via unspecified long arguments to (1) ovlogin.exe, (2) OpenView5.exe, (3) snmpviewer.exe, and (4) webappmon.exe, as demonstrated via a long Action parameter to OpenView5.exe. |
HP Openview vulnerabilities |
net_ovcgi | ||
|
The RealNetworks RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll, as shipped with RealPlayer 11, allows remote attackers to cause a denial of service (browser crash) via a certain argument to the GetSourceTransport method. |
RealPlayer vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_realplayercategory_rmocaxdos | ||
|
Stack-based buffer overflow in the Helper class in the yt.ythelper.2 ActiveX control in Yahoo! Toolbar 1.4.1 allows remote attackers to cause a denial of service (browser crash) via a long argument to the c method. |
Yahoo Toolbar vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_yahootbax | ||
|
cp.php in DeluxeBB 1.09 does not verify that the membercookie parameter corresponds to the authenticated member during a profile update, which allows remote authenticated users to change the e-mail addresses of arbitrary accounts via a modified membercookie parameter, a different vector than CVE-2006-4078. NOTE: this can be leveraged for administrative access by requesting password-reset e-mail through a lostpw action to misc.php. |
DeluxeBB vulnerabilities |
web_prog_php_deluxebbver | ||
|
Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release advisories with actionable information. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. However, the organization has stated that this is different than CVE-2007-6166. |
QuickTime vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_quicktime | ||
|
The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects. |
Squid vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_proxy_squid | ||
|
Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors." |
Flash vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_flash | ||
|
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks. |
Flash vulnerabilities MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_flash misc_macosx_version |
||
|
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer. |
Flash vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_flash | ||
|
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks. |
Flash vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_flash | ||
|
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges. |
Flash vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_flash | ||
|
Stack-based buffer overflow in AOL AOLMediaPlaybackControl (AOLMediaPlaybackControl.exe), as used by AmpX ActiveX control (AmpX.dll), might allow remote attackers to execute arbitrary code via the AppendFileToPlayList method. |
AOL vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_aol_ampx | ||
|
Multiple buffer overflows in Adobe Form Designer 5.0 and Form Client 5.0 allow remote attackers to execute arbitrary code via unknown vectors in the (1) Adobe File Dialog Button (FileDlg.dll) and the (2) Adobe Copy to Server Object (SvrCopy.dll) ActiveX controls. |
Adobe Form Designer and Client vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_adobe_afdafcax | ||
|
Buffer overflow in the Microsoft HeartbeatCtl ActiveX control in HRTBEAT.OCX allows remote attackers to execute arbitrary code via the Host argument to an unspecified method. |
MSN Games vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_msncategory_heartbeat | ||
|
Integer overflow in the load_threadstack function in the Mach-O loader (mach_loader.c) in the xnu kernel in Apple Mac OS X 10.4 through 10.5.1 allows local users to cause a denial of service (infinite loop) via a crafted Mach-O binary. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive plugin release vulnerability." |
VLC vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vlc | ||
|
Unspecified vulnerability in avast! 4 Home and Professional Editions before 4.7.1098 allows remote attackers to have an unknown impact via a crafted TAR archive. |
Avast vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_av_avasthomepro | ||
|
The accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 before 10.5.4 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted load balancing packet to UDP port 4112. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Picture MIME-Type URL, and (11) Picture Description Length values in a .FLAC file, which result in a stack-based overflow. NOTE: some of these issues may overlap CVE-2007-4619. |
FLAC vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_lib_flacver | ||
|
Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file. |
FLAC vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_lib_flacver | ||
|
Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file. |
FLAC vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_lib_flacver | ||
|
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named. |
DNS vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
dns_bindver | ||
|
Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request. |
MacOSX vulnerabilities Apache Tomcat vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version web_dev_tomcatver |
||
|
Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x before 4.7.9 and 5.x before 5.4 allow remote attackers to execute arbitrary SQL commands via modules that pass input to the taxonomy_select_nodes function, as demonstrated by the (1) taxonomy_menu, (2) ajaxLoader, and (3) ubrowser contributed modules. |
Drupal vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal | ||
|
MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement. |
MySQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version | ||
|
The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns. |
MySQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version | ||
|
SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character. |
WordPress vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress | ||
|
Multiple unspecified vulnerabilities in Lyris ListManager 8.x before 8.95d, 9.2 before 9.2c, and 9.3 before 9.3b allow remote attackers to (1) gain list administrator privileges or (2) access arbitrary mailing lists via unknown vectors related to modification of client-side information; and (3) allow remote authenticated administrators to modify other account data by creating "new accounts that collide with existing accounts." |
Lyris vulnerabilities |
mail_misc_listmanagerver | ||
|
Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier allows remote attackers to execute arbitrary programs via the first argument to the LaunchApp method. NOTE: only a user-assisted attack is possible on Windows Vista. |
HP Info Center vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_hpicax | ||
|
The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the arguments to the SetRegValue method. |
HP Info Center vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_hpicax | ||
|
The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, allows remote attackers to read arbitrary registry values via the arguments to the GetRegValue method. |
HP Info Center vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_hpicax | ||
|
Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow. |
ClamAV vulnerabilities MacOSX vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam misc_av_clamwinupx misc_macosx_version |
||
|
Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file. |
ClamAV vulnerabilities MacOSX vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam misc_av_clamwinupx misc_macosx_version |
||
|
Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors. |
ClamAV vulnerabilities MacOSX vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam misc_macosx_version |
||
|
The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (DownloadManagerV2.ocx) before 2.2.3.5 allows remote attackers to force the download and execution of arbitrary code via unspecified "undocumented object parameters." |
Akamai Download Manager vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_akamaidmax2 | ||
|
pdftops.pl before 1.20 in alternate pdftops filter allows local users to overwrite arbitrary files via a symlink attack on the pdfin.[PID].tmp temporary file, which is created when pdftops reads a PDF file from stdin, such as when pdftops is invoked by CUPS. |
CUPS vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
printer_cupsversion | ||
|
The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service (failed assertion and system crash) via a crafted signed Mach-O binary that causes the hashes function to return NULL. |
MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version | ||
|
Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
Oracle vulnerabilities MacOSX vulnerabilities Apache vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_httpserver misc_macosx_version web_server_apache_version |
||
|
Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media Player (WMP) 6.4, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6402. |
3ivx vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_3ivxmp4ver | ||
|
Stack-based buffer overflow in mplayerc.exe in Media Player Classic (MPC) 6.4.9, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6401. |
3ivx vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_3ivxmp4ver | ||
|
Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors. |
MacOSX vulnerabilities Apache vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version web_server_apache_version |
||
|
Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL. |
MacOSX vulnerabilities Apache vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version web_server_apache_version |
||
|
The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable. |
Apache vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_apache_version | ||
|
The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. |
MacOSX vulnerabilities X11 vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version misc_x11 |
||
|
The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used as an array index. |
MacOSX vulnerabilities X11 vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version misc_x11 |
||
|
Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension. |
MacOSX vulnerabilities X11 vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version misc_x11 |
||
|
Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username. |
Asterisk vulnerabilities Note: Authentication is required to detect this vulnerability |
net_asterisk | ||
|
Stack-based buffer overflow in AldFs32.dll in Adobe PageMaker 7.0.1 and 7.0.2 allows user-assisted remote attackers to execute arbitrary code via a malformed .PMD file, related to "Key Strings," a different vulnerability than CVE-2007-5169 and CVE-2007-5394. |
Adobe PageMaker vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_adobe_pagemakerkeybo | ||
|
Stack-based buffer overflow in Novell GroupWise before 6.5.7, when HTML preview of e-mail is enabled, allows user-assisted remote attackers to execute arbitrary code via a long SRC attribute in an IMG element when forwarding or replying to a crafted e-mail. |
Novell GroupWise vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_groupwise_clientver | ||
|
Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, 2006, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted document, as actively exploited in December 2007 by the Tarodrop.F trojan. NOTE: some of these details are obtained from third party information. |
Ichitaro vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_ichitaro_ver | ||
|
Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service via unknown vectors. NOTE: this identifier originally included MP3 and NCP, but those issues are already covered by CVE-2007-6111. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_wireshark | ||
|
Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite or large loop) via the (1) IPv6 or (2) USB dissector, which can trigger resource consumption or a crash. NOTE: this identifier originally included Firebird/Interbase, but it is already covered by CVE-2007-6116. The DCP ETSI issue is already covered by CVE-2007-6119. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_wireshark | ||
|
The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors related to "unaligned access on some platforms." |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_wireshark | ||
|
The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_wireshark | ||
|
Unspecified vulnerability in the CIP dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger allocation of large amounts of memory. |
Ethereal vulnerabilities Note: Authentication is required to detect this vulnerability |
net_wireshark | ||
|
Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request. |
Peercast vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_peercast | ||
|
The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method. |
HP Software Update vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_hpsoftwareupdatetoolax | ||
|
SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code. |
Trend Micro vulnerabilities Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_av_trendmicro_sprotecttmregchange | ||
|
Unspecified vulnerability in Appian Enterprise Business Process Management (BPM) Suite 5.6 SP1 allows remote attackers to cause a denial of service via a crafted packet to port 5400/tcp. |
Appian Enterprise Business Process Management vulnerabilities |
misc_aebpm | ||
|
Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive. |
Apache vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_server_apache_version | ||
|
Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins. |
Opera vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_opera9 | ||
|
Unspecified vulnerability in Opera before 9.25 allows remote attackers to execute arbitrary code via crafted TLS certificates. |
Opera vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_opera9 | ||
|
The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by using designMode to modify contents of pages in other domains. |
Opera vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_opera9 | ||
|
Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before 9.25 allows remote attackers to cause a denial of service (CPU consumption) via a crafted bitmap (BMP) file that triggers a large number of calculations and checks. |
Opera vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_opera9 | ||
|
Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file, as demonstrated using a CANVAS element and JavaScript in an HTML document for copying these contents from 9.50 beta, a related issue to CVE-2008-0420. |
Opera vulnerabilities Note: Authentication is required to detect this vulnerability |
web_client_opera9 | ||
|
Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter. |
TikiWiki vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_tikiwikiver | ||
|
Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and modified filename in the movie parameter. |
TikiWiki vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_tikiwikiver | ||
|
Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have unknown impact and attack vectors involving (1) tiki-edit_css.php, (2) tiki-list_games.php, or (3) tiki-g-admin_shared_source.php. |
TikiWiki vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_tikiwikiver | ||
|
Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote attackers to execute arbitrary code via a long argument to the AddFolder function. |
Persits Software XUpload vulnerability Note: Authentication is required to detect this vulnerability |
misc_persitsxuploadax | ||
|
Buffer overflow in the YShortcut ActiveX control in YShortcut.dll 2006.8.15.1 in Yahoo! Toolbar might allow attackers to execute arbitrary code via a long string to the IsTaggedBM method. |
Yahoo Toolbar vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_yahootb_ysax | ||
|
Heap-based buffer overflow in WinAce 2.65 and earlier, and possibly other versions before 2.69, allows user-assisted remote attackers to execute arbitrary code via a long filename in a compressed UUE archive. |
Winace vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_compress_winacever | ||
|
Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246. |
Sun ONE Web Proxy Note: Authentication is recommended to improve the accuracy of this check |
web_proxy_sunone | ||
|
Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309. |
Sun ONE Web Proxy Note: Authentication is recommended to improve the accuracy of this check |
web_proxy_sunone | ||
|
Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356. |
Sun ONE Web Proxy Note: Authentication is recommended to improve the accuracy of this check |
web_proxy_sunone | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2) forum/viewforum.php or (3) forum/viewthread.php. |
Claroline vulnerabilities |
web_prog_php_dokeosver | ||
|
Multiple stack-based buffer overflows in l123sr.dll in Autonomy (formerly Verity) KeyView SDK, as used by IBM Lotus Notes 5.x through 8.x, allow user-assisted remote attackers to execute arbitrary code via the (1) Length and (2) Value fields for certain Types in a Lotus 1-2-3 (.123) file in the Worksheet File (WKS) format, as demonstrated by a file with a crafted SRANGE record, a different vulnerability than CVE-2007-5909. |
Lotus Notes email client vulnerabilities Note: Authentication is required to detect this vulnerability |
mail_client_notes123 | ||
|
ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled. |
ClamAV vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam | ||
|
ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file. |
ClamAV vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam | ||
|
PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for (1) VACUUM and (2) ANALYZE operations within index functions, and supports (3) SET ROLE and (4) SET SESSION AUTHORIZATION within index functions, which allows remote authenticated users to gain privileges. |
PostgreSQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_pgsql | ||
|
The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21, when local trust or ident authentication is used, allows remote attackers to gain privileges via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2007-3278. |
PostgreSQL vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
database_pgsql | ||
|
Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php. |
Mantis vulnerabilities |
web_prog_php_mantis | ||
|
Directory traversal vulnerability in DirHandler (lib/mongrel/handlers.rb) in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences (".%252e"). |
MacOSX vulnerabilities http server read access Note: Authentication is required to detect this vulnerability |
misc_macosx_version web_server_read |
||
|
Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterprise Edition before 3.12.1 allows remote attackers to inject arbitrary web script or HTML, which is not properly handled when generating error messages, as demonstrated by input originally sent in the URI to secure/CreateIssue. NOTE: some of these details are obtained from third party information. |
Atlassian JIRA vulnerabilities |
web_prog_jsp_jira | ||
|
JIRA Enterprise Edition before 3.12.1 allows remote attackers to delete another user's shared filter via a modified filter ID. |
Atlassian JIRA vulnerabilities |
web_prog_jsp_jira | ||
|
The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language. |
Atlassian JIRA vulnerabilities |
web_prog_jsp_jira | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by CVE-2007-6244.1. |
Flash vulnerabilities MacOSX vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_flash misc_macosx_version |
||
|
Buffer overflow in a certain ActiveX control in Macrovision InstallShield Update Service Web Agent 5.1.100.47363 allows remote attackers to execute arbitrary code via a long string in the ProductCode argument (second argument) to the DownloadAndExecute method, a different vulnerability than CVE-2007-0321, CVE-2007-2419, and CVE-2007-5660. |
Macrovision InstallShield vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_installshieldusax | ||
|
Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' (slash) characters in the URI. |
Jetty vulnerabilities |
web_dev_jetty | ||
|
Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file. |
VLC vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vlc | ||
|
Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter. |
VLC vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vlc | ||
|
The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability. |
VLC vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vlc | ||
|
The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference. |
VLC vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_vlc | ||
|
Unspecified vulnerability in the Publish XP module Menalto Gallery before 2.2.4 allows attackers to create albums and upload files via unknown vectors. |
Gallery vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion | ||
|
The URL rewrite module in Menalto Gallery before 2.2.4 allows attackers to include and execute arbitrary local files via unknown vectors related to the admin controller. |
Gallery vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion | ||
|
Multiple cross-site scripting (XSS) vulnerabilities in Menalto Gallery before 2.2.4 allow remote attackers to inject arbitrary web script or HTML via crafted filenames to the (1) Core or (2) add-item modules; or via (3) HTTP PROPPATCH in the WebDAV module. |
Gallery vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion | ||
|
Unspecified vulnerability in the Installation application in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to "web-accessibility protection of the storage folder." |
Gallery vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion | ||
|
Menalto Gallery before 2.2.4 does not properly check for malicious file extensions during file uploads, which allows attackers to execute arbitrary code via the (1) Core application or (2) MIME module. |
Gallery vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion | ||
|
The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknown impact and attack vectors. |
Gallery vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion | ||
|
Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to (1) "hotlink protection" in the URL rewrite module, (2) a WebDAV view in the WebDAV module, (3) a comment view in the Comment module, (4) unspecified "item information disclosure attacks" in the Core module Gallery application, (5) the slideshow in the Slideshow module, and (6) multiple Print modules. |
Gallery vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion | ||
|
Open redirect vulnerability in Menalto Gallery before 2.2.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) Core and (2) print modules. |
Gallery vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion | ||
|
Unspecified vulnerability in the WebCam module in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to a "proxied request." |
Gallery vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion | ||
|
The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability. |
MacOSX vulnerabilities OpenLDAP vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_macosx_version misc_openldap |
||
|
Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control in YGPPicEdit.dll in AOL You've Got Pictures (YGP) Picture Editor allow remote attackers to cause a denial of service (browser crash) via a long string in the (1) DisplayName, (2) FinalSavePath, (3) ForceSaveTo, (4) HiddenControls, (5) InitialEditorScreen, (6) Locale, (7) Proxy, and (8) UserAgent property values. |
AOL vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_aol_ygppiceditax | ||
|
Cross-site scripting (XSS) vulnerability in cgi-bin/bgplg in the web interface for the BGPD daemon in OpenBSD 4.1 allows remote attackers to inject arbitrary web script or HTML via the cmd parameter. |
Cross site scripting |
web_prog_cgi_bgplgxss | ||
|
Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP4 for Windows allow remote attackers to execute arbitrary code via long arguments to multiple unspecified RPC functions, aka Novell bug 287919, a different vulnerability than CVE-2007-2954. |
Novell Print Services vulnerabilities Note: Authentication is required to detect this vulnerability |
printer_novellclient2 | ||
|
fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test. |
Linux Kernel vulnerabilities Note: Authentication is required to detect this vulnerability |
misc_linuxkernel | ||
|
The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15. |
Apple OS X Server vulnerabilities Cisco FireSIGHT vulnerabilities Apache vulnerabilities HP SMH vulnerabilities Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_server_version web_prog_firesightver web_server_apache_version web_tool_hpsmh |
: A dangerous check is available for this vulnerability.