|
267501
|
5.0 |
MEDIUM
|
microsoft
|
windows_95
|
Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary f…
|
NVD-CWE-Other
|
CVE-1999-1105
|
2008-09-6 05:18 |
1999-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267502
|
7.2 |
HIGH
|
hp
|
apollo_domain_os
|
Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS sr10.2 and sr10.3 beta, related to the Korn Shell (ksh).
|
NVD-CWE-Other
|
CVE-1999-1115
|
2008-09-6 05:18 |
1990-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267503
|
7.5 |
HIGH
|
allaire
|
coldfusion
|
HTTP Client application in ColdFusion allows remote attackers to bypass access restrictions for web pages on other ports by providing the target page to the mainframeset.cfm application, which reques…
|
NVD-CWE-Other
|
CVE-1999-1124
|
2008-09-6 05:18 |
1999-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267504
|
6.4 |
MEDIUM
|
sco
|
open_desktop
unix
|
Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers to cause a denial of service by preventing users from being able to log into the system.
|
NVD-CWE-Other
|
CVE-1999-1162
|
2008-09-6 05:18 |
1993-05-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267505
|
7.2 |
HIGH
|
linux
|
linux_kernel
|
Linux 2.0.37 does not properly encode the Custom segment limit, which allows local users to gain root privileges by accessing and modifying kernel memory.
|
NVD-CWE-Other
|
CVE-1999-1166
|
2008-09-6 05:18 |
1999-07-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267506
|
7.2 |
HIGH
|
iss
|
internet_security_scanner
|
install.iss installation script for Internet Security Scanner (ISS) for Linux, version 5.3, allows local users to change the permissions of arbitrary files via a symlink attack on a temporary file.
|
NVD-CWE-Other
|
CVE-1999-1168
|
2008-09-6 05:18 |
1999-02-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267507
|
5.0 |
MEDIUM
|
maximizer
|
maximizer_enterprise
|
By design, Maximizer Enterprise 4 calendar and address book program allows arbitrary users to modify the calendar of other users when the calendar is being shared.
|
NVD-CWE-Other
|
CVE-1999-1172
|
2008-09-6 05:18 |
1999-01-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267508
|
7.5 |
HIGH
|
sysadmin_magazine
|
man.sh
|
Vulnerability in man.sh CGI script, included in May 1998 issue of SysAdmin Magazine, allows remote attackers to execute arbitrary commands.
|
NVD-CWE-Other
|
CVE-1999-1179
|
2008-09-6 05:18 |
1998-05-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267509
|
7.2 |
HIGH
|
sgi
|
irix
|
Vulnerability in On-Line Customer Registration software for IRIX 6.2 through 6.4 allows local users to gain root privileges.
|
NVD-CWE-Other
|
CVE-1999-1181
|
2008-09-6 05:18 |
1998-09-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267510
|
10.0 |
HIGH
|
admiral_systems
|
emailclub
|
Buffer overflow in POP3 server of Admiral Systems EmailClub 1.05 allows remote attackers to execute arbitrary commands via a long "From" header in an e-mail message.
|
NVD-CWE-Other
|
CVE-1999-1190
|
2008-09-6 05:18 |
1999-11-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267511
|
5.0 |
MEDIUM
|
hummingbird
|
exceed
|
Hummingbird Exceed X version 5 allows remote attackers to cause a denial of service via malformed data to port 6000.
|
NVD-CWE-Other
|
CVE-1999-1196
|
2008-09-6 05:18 |
1999-04-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267512
|
5.0 |
MEDIUM
|
hummingbird
|
exceed
|
Upgrade to a non-vulnerable version of Exceed (Hummingbird Exceed 6.0.1 Hummingbird Exceed 6.0.2 Hummingbird Exceed 6.1)
|
NVD-CWE-Other
|
CVE-1999-1196
|
2008-09-6 05:18 |
1999-04-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267513
|
7.2 |
HIGH
|
sun
|
sunos
|
TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a user who tries to redirect console output and input, which could allow a local user to gain privileges.
|
NVD-CWE-Other
|
CVE-1999-1197
|
2008-09-6 05:18 |
1990-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267514
|
7.2 |
HIGH
|
next
|
next
|
BuildDisk program on NeXT systems before 2.0 does not prompt users for the root password, which allows local users to gain root privileges.
|
NVD-CWE-Other
|
CVE-1999-1198
|
2008-09-6 05:18 |
1990-10-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267515
|
4.6 |
MEDIUM
|
linux
|
linux_kernel
|
Denial of service in Linux 2.2.0 running the ldd command on a core file.
|
NVD-CWE-Other
|
CVE-1999-0400
|
2008-09-6 05:17 |
1999-01-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267516
|
2.1 |
LOW
|
linux
|
linux_kernel
|
Denial of service in Linux 2.0.36 allows local users to prevent any server from listening on any non-privileged port.
|
NVD-CWE-Other
|
CVE-1999-0451
|
2008-09-6 05:17 |
1999-01-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267517
|
2.1 |
LOW
|
linux
|
linux_kernel
|
Buffer overflow in Linux autofs module through long directory names allows local users to perform a denial of service.
|
NVD-CWE-Other
|
CVE-1999-0460
|
2008-09-6 05:17 |
1999-02-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267518
|
7.5 |
HIGH
|
allaire
|
coldfusion_server
|
The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly.
|
NVD-CWE-Other
|
CVE-1999-0477
|
2008-09-6 05:17 |
1999-12-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267519
|
7.5 |
HIGH
|
netscape
|
enterprise_server
fasttrack_server
|
Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request.
|
NVD-CWE-Other
|
CVE-1999-0744
|
2008-09-6 05:17 |
2000-01-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267520
|
5.0 |
MEDIUM
|
oracle
|
database_server
|
Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed string to the listener port, aka NERP.
|
NVD-CWE-Other
|
CVE-1999-0784
|
2008-09-6 05:17 |
2001-03-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267521
|
5.0 |
MEDIUM
|
freebsd
|
freebsd
|
TCP RST denial of service in FreeBSD.
|
NVD-CWE-Other
|
CVE-1999-0053
|
2008-09-6 05:16 |
1998-10-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267522
|
10.0 |
HIGH
|
ssh
|
ssh
|
A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials.
|
NVD-CWE-Other
|
CVE-1999-0248
|
2008-09-6 05:16 |
1999-01-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267523
|
9.3 |
HIGH
|
freebsd
|
freebsd
|
Buffer overflow in FreeBSD lpd through long DNS hostnames.
|
NVD-CWE-Other
|
CVE-1999-0299
|
2008-09-6 05:16 |
1997-03-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267524
|
4.3 |
MEDIUM
|
d-ic
|
shop_v50
shop_v52
|
Cross-site scripting (XSS) vulnerability in DIC shop_v50 3.0 and earlier and shop_v52 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2008-3935
|
2008-09-6 00:08 |
2008-09-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267525
|
4.3 |
MEDIUM
|
opendb
|
opendb
|
Multiple cross-site scripting (XSS) vulnerabilities in Open Media Collectors Database (OpenDb) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) user_id parameter in an …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2008-3937
|
2008-09-6 00:08 |
2008-09-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267526
|
5.8 |
MEDIUM
|
opendb
|
opendb
|
Cross-site request forgery (CSRF) vulnerability in user_admin.php in Open Media Collectors Database (OpenDb) 1.0.6 allows remote attackers to change arbitrary passwords via an update_password action.
|
CWE-352
同一生成元ポリシー違反
|
CVE-2008-3938
|
2008-09-6 00:08 |
2008-09-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267527
|
5.0 |
MEDIUM
|
avtech
|
pager_enterprise
|
Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.
|
CWE-22
パス・トラバーサル
|
CVE-2008-3939
|
2008-09-6 00:08 |
2008-09-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267528
|
4.3 |
MEDIUM
|
manageengine
|
servicedesk_plus
|
Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the sear…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2008-1299
|
2008-09-5 13:00 |
2008-03-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267529
|
7.5 |
HIGH
|
oocomments
|
oocomments
|
Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the PathToComment parameter for (1) classes/class_admin.php and …
|
CWE-94
コード・インジェクション
|
CVE-2008-1511
|
2008-09-5 13:00 |
2008-03-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267530
|
7.1 |
HIGH
|
avici
hitachi
|
router
gr2000
gr3000
gr4000
|
Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue …
|
NVD-CWE-noinfo
CWE-20
不適切な入力確認
|
CVE-2008-2169
|
2008-09-5 13:00 |
2008-05-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267531
|
7.1 |
HIGH
|
century_software
|
router
|
Unspecified vulnerability in Century routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issu…
|
CWE-20
不適切な入力確認
|
CVE-2008-2170
|
2008-09-5 13:00 |
2008-05-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267532
|
7.1 |
HIGH
|
yamaha
|
router
|
Unspecified vulnerability in Yamaha routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue…
|
CWE-20
不適切な入力確認
|
CVE-2008-2173
|
2008-09-5 13:00 |
2008-05-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267533
|
4.3 |
MEDIUM
|
runesoft
|
cerberus_cms
|
Cross-site scripting (XSS) vulnerability in Runesoft Cerberus CMS before 3_1.4_0.9 allows remote attackers to inject arbitrary web script or HTML via a cerberus_user cookie.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2008-3397
|
2008-09-5 13:00 |
2008-08-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267534
|
6.8 |
MEDIUM
|
spacetag
|
lacoodast
|
Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
|
CWE-287
不適切な認証
|
CVE-2008-3738
|
2008-09-5 13:00 |
2008-08-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267535
|
1.9 |
LOW
|
microsoft
|
windows_vista
|
Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sen…
|
CWE-200
情報漏えい
|
CVE-2008-3893
|
2008-09-5 13:00 |
2008-09-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267536
|
1.9 |
LOW
|
microsoft
|
windows_vista
|
Upgrade to Vista Service Pack 1
|
CWE-200
情報漏えい
|
CVE-2008-3893
|
2008-09-5 13:00 |
2008-09-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267537
|
4.3 |
MEDIUM
|
apple
omnigroup
|
safari
webkit
omniweb
mac_os_x
|
WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as dem…
|
CWE-399
リソース管理の問題
|
CVE-2007-0342
|
2008-09-5 13:00 |
2007-01-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267538
|
10.0 |
HIGH
|
php
|
php
|
Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destr…
|
CWE-189
数値処理の問題
|
CVE-2007-1383
|
2008-09-5 13:00 |
2007-03-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267539
|
5.0 |
MEDIUM
|
exv2
|
content_management_system
|
Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie.
|
CWE-287
不適切な認証
|
CVE-2007-1966
|
2008-09-5 13:00 |
2007-04-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267540
|
5.0 |
MEDIUM
|
mywebland
|
mybloggie
|
myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and …
|
CWE-200
情報漏えい
|
CVE-2007-3650
|
2008-09-5 13:00 |
2008-07-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267541
|
4.3 |
MEDIUM
|
fascript
|
faname
|
class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to obtain sensitive information via a '; (quote semicolon) sequence in the id parameter, which reveals the installatio…
|
CWE-200
情報漏えい
|
CVE-2007-3651
|
2008-09-5 13:00 |
2008-07-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267542
|
6.8 |
MEDIUM
|
fascript
|
faname
|
SQL injection vulnerability in class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might be the same i…
|
CWE-89
SQLインジェクション
|
CVE-2007-3652
|
2008-09-5 13:00 |
2008-07-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267543
|
5.0 |
MEDIUM
|
dirlist
|
dirlist_php
|
Directory traversal vulnerability in index.php in PHP Directory Lister (dirLIST) before 0.1.1 allows remote attackers to list the contents of a parent directory via a .. (dot dot) in the folder param…
|
CWE-22
パス・トラバーサル
|
CVE-2007-3967
|
2008-09-5 13:00 |
2007-07-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267544
|
5.0 |
MEDIUM
|
dirlist
|
dirlist_php
|
index.php in dirLIST before 0.1.1 allows remote attackers to list the contents of an excluded folder via a modified URL containing the folder name.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2007-3968
|
2008-09-5 13:00 |
2007-07-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267545
|
4.3 |
MEDIUM
|
mozilla
|
mozilla
|
Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metac…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2007-4039
|
2008-09-5 13:00 |
2007-07-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267546
|
4.3 |
MEDIUM
|
microsoft
|
outlook
outlook_express
|
Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbi…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2007-4040
|
2008-09-5 13:00 |
2007-07-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267547
|
5.0 |
MEDIUM
|
securecomputing
|
securityreporter
|
file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE…
|
CWE-287
不適切な認証
|
CVE-2007-4043
|
2008-09-5 13:00 |
2007-07-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267548
|
9.3 |
HIGH
|
bitdefender
|
antivirus
internet_security
total_security
|
Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory wit…
|
NVD-CWE-noinfo
|
CVE-2007-5775
|
2008-09-5 13:00 |
2007-11-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267549
|
4.3 |
MEDIUM
|
contentcustomizer
|
contentcustomizer
|
dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to perform certain privileged actions via a (1) del, (2) delbackup, (3) res, or (4) ren action. NOTE: this issue can be leve…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2007-5817
|
2008-09-5 13:00 |
2007-11-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267550
|
9.0 |
HIGH
|
openbase_international_ltd
|
openbase
|
Directory traversal vulnerability in OpenBase 10.0.5 and earlier allows remote authenticated users to create files with arbitrary contents via a .. (dot dot) in the first argument to the GlobalLog st…
|
CWE-22
パス・トラバーサル
|
CVE-2007-5927
|
2008-09-5 13:00 |
2007-11-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
