The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-1999-0095 | The debug command in Sendmail is enabled, allowing attackers to execute commands as root. | HIGH | Jun 11, 2019 | n/a |
CVE-1999-0145 | Sendmail WIZ command enabled, allowing root access. | HIGH | Jun 11, 2019 | n/a |
CVE-1999-0199 | manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree\'s root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999. | HIGH | Oct 6, 2020 | n/a |
CVE-1999-1170 | IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the \"flags\" registry key to 1920. | MEDIUM | Aug 13, 2019 | n/a |
CVE-1999-1171 | IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the \"flags\" registry key to 1920. | MEDIUM | Aug 13, 2019 | n/a |
CVE-1999-1593 | Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain controller to point to a malicious server. NOTE: this problem may be limited when Windows 95/98 clients are used, or if the primary domain controller becomes unavailable. | High | Jan 15, 2009 | n/a |
CVE-2000-1247 | The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an allow from 127.0.0.1 line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI. | Low | Oct 5, 2011 | n/a |
CVE-2001-1021 | Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLST, (4) MKD, (5) RMD, (6) RNFR, (7) RNTO, (8) SIZE, (9) STAT, (10) XMKD, or (11) XRMD. | HIGH | Aug 13, 2019 | n/a |
CVE-2002-0390 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-0639. Reason: This candidate is a reservation duplicate of CVE-2002-0639. Notes: All CVE users should reference CVE-2002-0639 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | -- | Jul 21, 2019 | n/a |
CVE-2002-0510 | The UDP implementation in Linux 2.4.x kernels keeps the IP Identification field at 0 for all non-fragmented packets, which could allow remote attackers to determine that a target system is running Linux. | LOW | Sep 5, 2008 | n/a |
CVE-2002-0826 | Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated users to execute arbitrary code via a long SITE CPWD command. | HIGH | Aug 13, 2019 | n/a |
CVE-2002-2438 | TCP firewalls could be circumvented by sending a SYN Packets with other flags (like e.g. RST flag) set, which was not correctly discarded by the Linux TCP stack after firewalling. | MEDIUM | May 18, 2021 | n/a |
CVE-2002-2439 | Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts. | MEDIUM | Oct 31, 2019 | n/a |
CVE-2002-2444 | Snoopy before 2.0.0 has a security hole in exec cURL | HIGH | Oct 30, 2019 | n/a |
CVE-2002-20001 | The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE. | MEDIUM | Nov 12, 2021 | n/a |
CVE-2003-0367 | znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files. | LOW | May 23, 2019 | n/a |
CVE-2003-0772 | Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via long (1) APPE (append) or (2) STAT (status) arguments. | HIGH | Aug 13, 2019 | n/a |
CVE-2003-1605 | curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server. | MEDIUM | Aug 23, 2018 | n/a |
CVE-2003-5001 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection and classified as critical. Affected by this issue is the component Cross Site Scripting Detection. The manipulation as part of POST/PUT/DELETE/OPTIONS Request leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | HIGH | Mar 29, 2022 | n/a |
CVE-2003-5002 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection. It has been declared as problematic. Affected by this vulnerability is the component Update Handler which allows cleartext transmission of data. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | MEDIUM | Mar 29, 2022 | n/a |
CVE-2003-5003 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection. It has been rated as problematic. Affected by this issue is the Update Handler. The manipulation with an unknown input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | MEDIUM | Mar 29, 2022 | n/a |
CVE-2004-0281 | Caucho Technology Resin 2.1.12 allows remote attackers to gain sensitive information and view the contents of the /WEB-INF/ directory via an HTTP request for \"WEB-INF..\", which is equivalent to \"WEB-INF\" in Windows. | MEDIUM | Jun 12, 2019 | n/a |
CVE-2004-1179 | The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before 3.7.7 allows local users to overwrite arbitrary files via a symlink attack on temporary directories. | LOW | Jul 31, 2019 | n/a |
CVE-2004-1643 | WS_FTP 5.0.2 allows remote authenticated users to cause a denial of service (CPU consumption) via a CD command that contains an invalid path with a \"../\" sequence. | MEDIUM | Aug 13, 2019 | n/a |
CVE-2004-1848 | Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial of service (disk consumption) and bypass file size restrictions via a REST command with a large size argument, followed by a STOR of a smaller file. | MEDIUM | Aug 13, 2019 | n/a |
CVE-2004-1883 | Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow remote authenticated users to execute arbitrary code by causing a large error string to be generated by the ALLO handler, or (2) may allow remote FTP administrators to execute arbitrary code by causing a long hostname or username to be inserted into a reply to a STAT command while a file is being transferred. | HIGH | Aug 13, 2019 | n/a |
CVE-2004-1884 | Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access. | HIGH | Aug 13, 2019 | n/a |
CVE-2004-1885 | Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify certain iFtpSvc options that are handled by iftpmgr.exe. | HIGH | Aug 13, 2019 | n/a |
CVE-2004-2776 | go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter. | HIGH | Jan 14, 2020 | n/a |
CVE-2004-2778 | Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected commands. | -- | Jun 27, 2017 | n/a |
CVE-2004-2779 | id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition is reached, leading to denial-of-service (DoS). | MEDIUM | Feb 20, 2018 | n/a |
CVE-2005-0162 | Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code. | HIGH | Jul 29, 2019 | n/a |
CVE-2005-0563 | Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL (\"javAsc
ript:\") in an IMG tag. | MEDIUM | Jun 1, 2019 | n/a |
CVE-2005-0758 | zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. | MEDIUM | Oct 16, 2019 | n/a |
CVE-2005-1028 | PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message. | MEDIUM | Jul 16, 2019 | n/a |
CVE-2005-2349 | Zoo 2.10 has Directory traversal | MEDIUM | Oct 30, 2019 | n/a |
CVE-2005-2350 | Cross-site scripting (XSS) vulnerability in websieve v0.62 allows remote attackers to inject arbitrary web script or HTML code in the web user interface. | MEDIUM | Nov 4, 2019 | n/a |
CVE-2005-2351 | Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files. | LOW | Nov 13, 2019 | n/a |
CVE-2005-2352 | I race condition in Temp files was found in gs-gpl before 8.56 addons scripts. | MEDIUM | Nov 6, 2019 | n/a |
CVE-2005-2354 | Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues. | HIGH | Nov 8, 2019 | n/a |
CVE-2005-2969 | The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack. | LOW | Sep 30, 2016 | n/a |
CVE-2005-3056 | TWiki allows arbitrary shell command execution via the Include function | HIGH | Nov 5, 2019 | n/a |
CVE-2005-3590 | The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory. | High | Apr 11, 2019 | n/a |
CVE-2005-3671 | The Internet Key Exchange version 1 (IKEv1) implementation in Openswan 2 (openswan-2) before 2.4.4, and freeswan in SUSE LINUX 9.1 before 2.04_1.5.4-1.23, allow remote attackers to cause a denial of service via (1) a crafted packet using 3DES with an invalid key length, or (2) unspecified inputs when Aggressive Mode is enabled and the PSK is known, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | HIGH | Jul 29, 2019 | n/a |
CVE-2005-3979 | relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request. | MEDIUM | Jul 16, 2019 | n/a |
CVE-2005-4850 | eZ publish 3.5 through 3.7 before 20050608 requires both edit and create permissions in order to submit data, which allows remote attackers to edit data submitted by arbitrary anonymous users. | MEDIUM | Jul 31, 2019 | n/a |
CVE-2005-4851 | eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects. | MEDIUM | Jul 31, 2019 | n/a |
CVE-2005-4890 | There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via \"su - user -c program\". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. | HIGH | Nov 8, 2019 | n/a |
CVE-2005-4891 | Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements. | HIGH | Jan 15, 2020 | n/a |
CVE-2005-10001 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical. Affected by this issue is the file /siteminderagent/pwcgi/smpwservicescgi.exe of the component Login. The manipulation of the argument target leads to an open redirect. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | MEDIUM | Mar 29, 2022 | n/a |