|
266401
|
7.5 |
HIGH
|
apache
matt_wright
|
http_server
matt_wright_guestbook
|
guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1…
|
NVD-CWE-Other
|
CVE-1999-1053
|
2008-09-6 05:18 |
1999-09-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266402
|
4.6 |
MEDIUM
|
digital
|
vms
|
VMS 4.0 through 5.3 allows local users to gain privileges via the ANALYZE/PROCESS_DUMP dcl command.
|
NVD-CWE-Other
|
CVE-1999-1057
|
2008-09-6 05:18 |
1990-10-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266403
|
10.0 |
HIGH
|
att
|
svr4
|
Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various SVR4 systems allows remote attackers to execute arbitrary commands.
|
NVD-CWE-Other
|
CVE-1999-1059
|
2008-09-6 05:18 |
1992-02-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266404
|
5.0 |
MEDIUM
|
xylogics
|
annex
|
Buffer overflow in ping CGI program in Xylogics Annex terminal service allows remote attackers to cause a denial of service via a long query parameter.
|
NVD-CWE-Other
|
CVE-1999-1070
|
2008-09-6 05:18 |
1998-07-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266405
|
7.5 |
HIGH
|
ipswitch
|
ws_ftp_pro
|
WS_FTP Pro 6.0 uses weak encryption for passwords in its initialization files, which allows remote attackers to easily decrypt the passwords and gain privileges.
|
NVD-CWE-Other
|
CVE-1999-1078
|
2008-09-6 05:18 |
1999-07-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266406
|
5.0 |
MEDIUM
|
bsd
|
bsd
|
Vulnerability in BSD Telnet client with encryption and Kerberos 4 authentication allows remote attackers to decrypt the session via sniffing.
|
NVD-CWE-Other
|
CVE-1999-1098
|
2008-09-6 05:18 |
1995-03-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266407
|
2.1 |
LOW
|
sgi
apple
bsd
sun
|
irix
a_ux
bsd
sunos
|
lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000…
|
NVD-CWE-Other
|
CVE-1999-1102
|
2008-09-6 05:18 |
1999-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266408
|
4.6 |
MEDIUM
|
digital
|
osf_1
|
dxconsole in DEC OSF/1 3.2C and earlier allows local users to read arbitrary files by specifying the file with the -file parameter.
|
NVD-CWE-Other
|
CVE-1999-1103
|
2008-09-6 05:18 |
1996-04-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266409
|
5.0 |
MEDIUM
|
microsoft
|
windows_95
|
Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary f…
|
NVD-CWE-Other
|
CVE-1999-1105
|
2008-09-6 05:18 |
1999-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266410
|
7.2 |
HIGH
|
hp
|
apollo_domain_os
|
Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS sr10.2 and sr10.3 beta, related to the Korn Shell (ksh).
|
NVD-CWE-Other
|
CVE-1999-1115
|
2008-09-6 05:18 |
1990-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266411
|
7.5 |
HIGH
|
allaire
|
coldfusion
|
HTTP Client application in ColdFusion allows remote attackers to bypass access restrictions for web pages on other ports by providing the target page to the mainframeset.cfm application, which reques…
|
NVD-CWE-Other
|
CVE-1999-1124
|
2008-09-6 05:18 |
1999-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266412
|
6.4 |
MEDIUM
|
sco
|
open_desktop
unix
|
Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers to cause a denial of service by preventing users from being able to log into the system.
|
NVD-CWE-Other
|
CVE-1999-1162
|
2008-09-6 05:18 |
1993-05-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266413
|
7.2 |
HIGH
|
linux
|
linux_kernel
|
Linux 2.0.37 does not properly encode the Custom segment limit, which allows local users to gain root privileges by accessing and modifying kernel memory.
|
NVD-CWE-Other
|
CVE-1999-1166
|
2008-09-6 05:18 |
1999-07-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266414
|
7.2 |
HIGH
|
iss
|
internet_security_scanner
|
install.iss installation script for Internet Security Scanner (ISS) for Linux, version 5.3, allows local users to change the permissions of arbitrary files via a symlink attack on a temporary file.
|
NVD-CWE-Other
|
CVE-1999-1168
|
2008-09-6 05:18 |
1999-02-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266415
|
5.0 |
MEDIUM
|
maximizer
|
maximizer_enterprise
|
By design, Maximizer Enterprise 4 calendar and address book program allows arbitrary users to modify the calendar of other users when the calendar is being shared.
|
NVD-CWE-Other
|
CVE-1999-1172
|
2008-09-6 05:18 |
1999-01-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266416
|
7.5 |
HIGH
|
sysadmin_magazine
|
man.sh
|
Vulnerability in man.sh CGI script, included in May 1998 issue of SysAdmin Magazine, allows remote attackers to execute arbitrary commands.
|
NVD-CWE-Other
|
CVE-1999-1179
|
2008-09-6 05:18 |
1998-05-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266417
|
7.2 |
HIGH
|
sgi
|
irix
|
Vulnerability in On-Line Customer Registration software for IRIX 6.2 through 6.4 allows local users to gain root privileges.
|
NVD-CWE-Other
|
CVE-1999-1181
|
2008-09-6 05:18 |
1998-09-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266418
|
10.0 |
HIGH
|
admiral_systems
|
emailclub
|
Buffer overflow in POP3 server of Admiral Systems EmailClub 1.05 allows remote attackers to execute arbitrary commands via a long "From" header in an e-mail message.
|
NVD-CWE-Other
|
CVE-1999-1190
|
2008-09-6 05:18 |
1999-11-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266419
|
5.0 |
MEDIUM
|
hummingbird
|
exceed
|
Hummingbird Exceed X version 5 allows remote attackers to cause a denial of service via malformed data to port 6000.
|
NVD-CWE-Other
|
CVE-1999-1196
|
2008-09-6 05:18 |
1999-04-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266420
|
5.0 |
MEDIUM
|
hummingbird
|
exceed
|
Upgrade to a non-vulnerable version of Exceed (Hummingbird Exceed 6.0.1 Hummingbird Exceed 6.0.2 Hummingbird Exceed 6.1)
|
NVD-CWE-Other
|
CVE-1999-1196
|
2008-09-6 05:18 |
1999-04-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266421
|
7.2 |
HIGH
|
sun
|
sunos
|
TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a user who tries to redirect console output and input, which could allow a local user to gain privileges.
|
NVD-CWE-Other
|
CVE-1999-1197
|
2008-09-6 05:18 |
1990-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266422
|
7.2 |
HIGH
|
next
|
next
|
BuildDisk program on NeXT systems before 2.0 does not prompt users for the root password, which allows local users to gain root privileges.
|
NVD-CWE-Other
|
CVE-1999-1198
|
2008-09-6 05:18 |
1990-10-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266423
|
4.6 |
MEDIUM
|
linux
|
linux_kernel
|
Denial of service in Linux 2.2.0 running the ldd command on a core file.
|
NVD-CWE-Other
|
CVE-1999-0400
|
2008-09-6 05:17 |
1999-01-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266424
|
2.1 |
LOW
|
linux
|
linux_kernel
|
Denial of service in Linux 2.0.36 allows local users to prevent any server from listening on any non-privileged port.
|
NVD-CWE-Other
|
CVE-1999-0451
|
2008-09-6 05:17 |
1999-01-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266425
|
2.1 |
LOW
|
linux
|
linux_kernel
|
Buffer overflow in Linux autofs module through long directory names allows local users to perform a denial of service.
|
NVD-CWE-Other
|
CVE-1999-0460
|
2008-09-6 05:17 |
1999-02-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266426
|
7.5 |
HIGH
|
allaire
|
coldfusion_server
|
The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly.
|
NVD-CWE-Other
|
CVE-1999-0477
|
2008-09-6 05:17 |
1999-12-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266427
|
7.5 |
HIGH
|
netscape
|
enterprise_server
fasttrack_server
|
Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request.
|
NVD-CWE-Other
|
CVE-1999-0744
|
2008-09-6 05:17 |
2000-01-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266428
|
5.0 |
MEDIUM
|
oracle
|
database_server
|
Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed string to the listener port, aka NERP.
|
NVD-CWE-Other
|
CVE-1999-0784
|
2008-09-6 05:17 |
2001-03-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266429
|
5.0 |
MEDIUM
|
freebsd
|
freebsd
|
TCP RST denial of service in FreeBSD.
|
NVD-CWE-Other
|
CVE-1999-0053
|
2008-09-6 05:16 |
1998-10-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266430
|
10.0 |
HIGH
|
ssh
|
ssh
|
A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials.
|
NVD-CWE-Other
|
CVE-1999-0248
|
2008-09-6 05:16 |
1999-01-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266431
|
9.3 |
HIGH
|
freebsd
|
freebsd
|
Buffer overflow in FreeBSD lpd through long DNS hostnames.
|
NVD-CWE-Other
|
CVE-1999-0299
|
2008-09-6 05:16 |
1997-03-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266432
|
4.3 |
MEDIUM
|
d-ic
|
shop_v50
shop_v52
|
Cross-site scripting (XSS) vulnerability in DIC shop_v50 3.0 and earlier and shop_v52 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2008-3935
|
2008-09-6 00:08 |
2008-09-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266433
|
4.3 |
MEDIUM
|
opendb
|
opendb
|
Multiple cross-site scripting (XSS) vulnerabilities in Open Media Collectors Database (OpenDb) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) user_id parameter in an …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2008-3937
|
2008-09-6 00:08 |
2008-09-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266434
|
5.8 |
MEDIUM
|
opendb
|
opendb
|
Cross-site request forgery (CSRF) vulnerability in user_admin.php in Open Media Collectors Database (OpenDb) 1.0.6 allows remote attackers to change arbitrary passwords via an update_password action.
|
CWE-352
同一生成元ポリシー違反
|
CVE-2008-3938
|
2008-09-6 00:08 |
2008-09-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266435
|
5.0 |
MEDIUM
|
avtech
|
pager_enterprise
|
Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.
|
CWE-22
パス・トラバーサル
|
CVE-2008-3939
|
2008-09-6 00:08 |
2008-09-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266436
|
4.3 |
MEDIUM
|
manageengine
|
servicedesk_plus
|
Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the sear…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2008-1299
|
2008-09-5 13:00 |
2008-03-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266437
|
7.5 |
HIGH
|
oocomments
|
oocomments
|
Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the PathToComment parameter for (1) classes/class_admin.php and …
|
CWE-94
コード・インジェクション
|
CVE-2008-1511
|
2008-09-5 13:00 |
2008-03-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266438
|
7.1 |
HIGH
|
avici
hitachi
|
router
gr2000
gr3000
gr4000
|
Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue …
|
NVD-CWE-noinfo
CWE-20
不適切な入力確認
|
CVE-2008-2169
|
2008-09-5 13:00 |
2008-05-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266439
|
7.1 |
HIGH
|
century_software
|
router
|
Unspecified vulnerability in Century routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issu…
|
CWE-20
不適切な入力確認
|
CVE-2008-2170
|
2008-09-5 13:00 |
2008-05-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266440
|
7.1 |
HIGH
|
yamaha
|
router
|
Unspecified vulnerability in Yamaha routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue…
|
CWE-20
不適切な入力確認
|
CVE-2008-2173
|
2008-09-5 13:00 |
2008-05-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266441
|
4.3 |
MEDIUM
|
runesoft
|
cerberus_cms
|
Cross-site scripting (XSS) vulnerability in Runesoft Cerberus CMS before 3_1.4_0.9 allows remote attackers to inject arbitrary web script or HTML via a cerberus_user cookie.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2008-3397
|
2008-09-5 13:00 |
2008-08-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266442
|
6.8 |
MEDIUM
|
spacetag
|
lacoodast
|
Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
|
CWE-287
不適切な認証
|
CVE-2008-3738
|
2008-09-5 13:00 |
2008-08-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266443
|
1.9 |
LOW
|
microsoft
|
windows_vista
|
Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sen…
|
CWE-200
情報漏えい
|
CVE-2008-3893
|
2008-09-5 13:00 |
2008-09-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266444
|
1.9 |
LOW
|
microsoft
|
windows_vista
|
Upgrade to Vista Service Pack 1
|
CWE-200
情報漏えい
|
CVE-2008-3893
|
2008-09-5 13:00 |
2008-09-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266445
|
4.3 |
MEDIUM
|
apple
omnigroup
|
safari
webkit
omniweb
mac_os_x
|
WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as dem…
|
CWE-399
リソース管理の問題
|
CVE-2007-0342
|
2008-09-5 13:00 |
2007-01-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266446
|
10.0 |
HIGH
|
php
|
php
|
Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destr…
|
CWE-189
数値処理の問題
|
CVE-2007-1383
|
2008-09-5 13:00 |
2007-03-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266447
|
5.0 |
MEDIUM
|
exv2
|
content_management_system
|
Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie.
|
CWE-287
不適切な認証
|
CVE-2007-1966
|
2008-09-5 13:00 |
2007-04-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266448
|
5.0 |
MEDIUM
|
mywebland
|
mybloggie
|
myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and …
|
CWE-200
情報漏えい
|
CVE-2007-3650
|
2008-09-5 13:00 |
2008-07-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266449
|
4.3 |
MEDIUM
|
fascript
|
faname
|
class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to obtain sensitive information via a '; (quote semicolon) sequence in the id parameter, which reveals the installatio…
|
CWE-200
情報漏えい
|
CVE-2007-3651
|
2008-09-5 13:00 |
2008-07-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266450
|
6.8 |
MEDIUM
|
fascript
|
faname
|
SQL injection vulnerability in class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might be the same i…
|
CWE-89
SQLインジェクション
|
CVE-2007-3652
|
2008-09-5 13:00 |
2008-07-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
