Total
315 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0128 | 2 Apache, Redhat | 3 Tomcat, Certificate System, Network Satellite | 2025-04-09 | N/A |
| The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. | ||||
| CVE-2008-5844 | 1 Php | 1 Php | 2025-04-09 | N/A |
| PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW functionality, and unintentionally disables magic_quotes_gpc regardless of the actual magic_quotes_gpc setting, which might make it easier for context-dependent attackers to conduct SQL injection attacks and unspecified other attacks. | ||||
| CVE-2009-2335 | 1 Wordpress | 2 Wordpress, Wordpress Mu | 2025-04-09 | N/A |
| WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience." | ||||
| CVE-2003-1457 | 1 Auerswald | 1 Comsuite Cti Controlcenter | 2025-04-03 | N/A |
| Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositron" user account with an easily guessable password, which allows local users or remote attackers to gain access. | ||||
| CVE-2003-1491 | 1 Kerio | 1 Personal Firewall | 2025-04-03 | N/A |
| Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incoming packets from DNS (UDP port 53), which allows remote attackers to bypass the firewall filters via packets with a source port of 53. | ||||
| CVE-2003-1452 | 1 Qualcomm | 1 Qpopper | 2025-04-03 | N/A |
| Untrusted search path vulnerability in Qualcomm qpopper 4.0 through 4.05 allows local users to execute arbitrary code by modifying the PATH environment variable to reference a malicious smbpasswd program. | ||||
| CVE-2003-1422 | 1 Gentoo | 1 Syslinux | 2025-04-03 | N/A |
| Multiple unspecified vulnerabilities in the installer for SYSLINUX 2.01, when running setuid root, allow local users to gain privileges via unknown vectors. | ||||
| CVE-2004-2692 | 1 Kyberdigi Labs | 1 Php-exec-dir | 2025-04-03 | N/A |
| The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not handled using the php_escape_shell_cmd function. | ||||
| CVE-2003-1362 | 1 Hp | 2 Bastille, Hp-ux | 2025-04-03 | N/A |
| Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configure the (1) NOVRFY and (2) NOEXPN options in the sendmail.cf file, which could allow remote attackers to verify the existence of system users and expand defined sendmail aliases. | ||||
| CVE-1999-0886 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | N/A |
| The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager. | ||||
| CVE-2006-3291 | 1 Cisco | 1 Ios | 2025-04-03 | N/A |
| The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote attackers to access the system. | ||||
| CVE-2002-2247 | 1 Mambo | 1 Mambo Site Server | 2025-04-03 | N/A |
| The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function. | ||||
| CVE-2002-2263 | 1 Hp | 2 Hp-ux, Visualize Conference Ftp | 2025-04-03 | N/A |
| The installation program for HP-UX Visualize Conference B.11.00.11 running on HP-UX 11.00 and 11.11 installs /etc/dt and its subdirecties with insecure permissions, which allows local users to read or write arbitrary files. | ||||
| CVE-2003-1449 | 1 Aladdin Knowledge Systems | 1 Esafe Gateway | 2025-04-03 | N/A |
| Aladdin Knowlege Systems eSafe Gateway 3.5.126.0 does not check the entire stream of Content Vectoring Protocol (CVP) data, which allows remote attackers to bypass virus protection. | ||||
| CVE-2002-2285 | 1 Broadcom | 1 Inoculateit | 2025-04-03 | N/A |
| eTrust InoculateIT 6.0 with the "Incremental Scan" option enabled may certify that a file is free of viruses before the file has been completely downloaded, which allows remote attackers to bypass virus detection. | ||||
| CVE-2005-0197 | 1 Cisco | 1 Ios | 2025-04-03 | N/A |
| Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Label Switching (MPLS) installed but disabled, allows remote attackers to cause a denial of service (device reload) via a crafted packet sent to the disabled interface. | ||||
| CVE-2005-4837 | 3 Net-snmp, Redhat, Sourceforge | 3 Net-snmp, Enterprise Linux, Net-snmp | 2025-04-03 | N/A |
| snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177. | ||||
| CVE-1999-0701 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | N/A |
| After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password. | ||||
| CVE-2004-2687 | 2 Apple, Samba | 2 Xcode, Samba | 2025-04-03 | N/A |
| distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks. | ||||
| CVE-2003-1367 | 1 Great Circle Associates | 1 Majordomo | 2025-04-03 | N/A |
| The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to "open" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a "which" command. | ||||