|
363501
|
4.6 |
MEDIUM
|
sco
|
unixware
|
Some packaging commands in SCO UnixWare 7.1.0 have insecure privileges, which allows local users to add or remove software packages.
|
NVD-CWE-Other
|
CVE-2000-0351
|
2011-03-8 11:03 |
2001-03-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363502
|
6.2 |
MEDIUM
|
sun
|
solstice_adminsuite
|
Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write permissions on source files for NIS maps, which could allow local users to gain privileges by modifying /etc/passwd.
|
NVD-CWE-Other
|
CVE-1999-1425
|
2011-03-8 11:02 |
1997-11-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363503
|
6.2 |
MEDIUM
|
freebsd netbsd openbsd
|
freebsd netbsd openbsd
|
The BSD make program allows local users to modify files via a symlink attack when the -j option is being used.
|
NVD-CWE-Other
|
CVE-2000-0092
|
2011-03-8 11:02 |
2000-01-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363504
|
7.2 |
HIGH
|
freebsd
|
freebsd
|
Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges.
|
NVD-CWE-Other
|
CVE-2000-0235
|
2011-03-8 11:02 |
2000-03-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363505
|
4.6 |
MEDIUM
|
digital
|
unix
|
Vulnerability in Advanced File System Utility (advfs) in Digital UNIX 4.0 through 4.0d allows local users to gain privileges.
|
NVD-CWE-Other
|
CVE-1999-1044
|
2011-03-8 11:01 |
1998-05-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363506
|
7.2 |
HIGH
|
sco
|
open_desktop open_desktop_lite openserver_enterprise_system openserver_network_system unix
|
Vulnerability in prwarn in SCO UNIX 4.2 and earlier allows local users to gain root access.
|
NVD-CWE-Other
|
CVE-1999-1303
|
2011-03-8 11:01 |
1994-11-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363507
|
7.2 |
HIGH
|
sco
|
open_desktop open_desktop_lite openserver_enterprise_system openserver_network_system unix
|
Vulnerability in login in SCO UNIX 4.2 and earlier allows local users to gain root access.
|
NVD-CWE-Other
|
CVE-1999-1304
|
2011-03-8 11:01 |
1994-11-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363508
|
7.2 |
HIGH
|
sco
|
open_desktop open_desktop_lite openserver_enterprise_system openserver_network_system unix
|
Vulnerability in "at" program in SCO UNIX 4.2 and earlier allows local users to gain root access.
|
NVD-CWE-Other
|
CVE-1999-1305
|
2011-03-8 11:01 |
1994-11-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363509
|
4.6 |
MEDIUM
|
hp
|
hp-ux
|
Certain programs in HP-UX 10.20 do not properly handle large user IDs (UID) or group IDs (GID) over 60000, which could allow local users to gain privileges.
|
NVD-CWE-Other
|
CVE-1999-1308
|
2011-03-8 11:01 |
1997-07-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363510
|
4.6 |
MEDIUM
|
hp
|
hp-ux
|
Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows local users to bypass authentication and gain privileges.
|
NVD-CWE-Other
|
CVE-1999-1311
|
2011-03-8 11:01 |
1997-01-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363511
|
4.3 |
MEDIUM
|
phpbb_group
|
phpbb
|
Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single q…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2006-0063
|
2011-03-7 14:00 |
2006-01-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363512
|
10.0 |
HIGH
|
hp
|
psc_1210_all-in-one
|
Unspecified vulnerability in HP PSC 1210 All-in-One Drivers before 1.0.06 has unknown impact and attack vectors.
|
NVD-CWE-noinfo
|
CVE-2006-0672
|
2011-03-7 14:00 |
2006-02-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363513
|
6.4 |
MEDIUM
|
mambo
|
mambo
|
Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_tem…
|
CWE-22
パス・トラバーサル
|
CVE-2006-0871
|
2011-03-7 14:00 |
2006-02-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363514
|
7.5 |
HIGH
|
apple
|
mac_os_x mac_os_x_server
|
Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, as used in applications that use ImageIO or AppKit, allows remote attackers to execute arbitrary code via crafted…
|
CWE-119
バッファエラー
|
CVE-2006-1982
|
2011-03-7 14:00 |
2006-04-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363515
|
7.8 |
HIGH
|
sun
|
java_enterprise_system java_system_directory_server
|
Memory leak in Network Security Services (NSS) 3.11, as used in Sun Java Enterprise System 2003Q4 through 2005Q1 and Java System Directory Server 5.2, allows remote attackers to cause a denial of ser…
|
CWE-399
リソース管理の問題
|
CVE-2006-3127
|
2011-03-7 14:00 |
2006-06-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363516
|
5.0 |
MEDIUM
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to "JSP source code exposure" (PK23475), whic…
|
CWE-200
情報漏えい
|
CVE-2006-4223
|
2011-03-7 14:00 |
2006-08-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363517
|
7.5 |
HIGH
|
trend_micro
|
serverprotect
|
Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cle…
|
CWE-119
バッファエラー
|
CVE-2005-1929
|
2011-03-7 14:00 |
2005-12-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363518
|
4.3 |
MEDIUM
|
php_handicapper
|
php_handicapper
|
Cross-site scripting (XSS) vulnerability in PHP Handicapper allows remote attackers to inject arbitrary web script or HTML via the msg parameter to msg.php. NOTE: some sources identify a second vect…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2005-3496
|
2011-03-7 14:00 |
2005-11-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363519
|
5.0 |
MEDIUM
|
apple
|
airport_express airport_extreme
|
The network interface for Apple AirPort Express 6.x before Firmware Update 6.3, and AirPort Extreme 5.x before Firmware Update 5.7, allows remote attackers to cause a denial of service (unresponsive …
|
CWE-399
リソース管理の問題
|
CVE-2005-3714
|
2011-03-7 14:00 |
2005-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363520
|
4.6 |
MEDIUM
|
sunncomm
|
mediamax_drm
|
SunnComm MediaMax DRM 5.0.21.0, as used by Sony BMG, assigns insecure Everyone/Full Control permissions to the "SunnComm Shared" directory, which allows local users to gain privileges by modifying pr…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2005-4069
|
2011-03-7 14:00 |
2005-12-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363521
|
10.0 |
HIGH
|
mybulletinboard
|
mybulletinboard
|
Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0 have unknown impact and attack vectors, a different set of vulnerabilities than those identified by CVE-2005-4199.
|
NVD-CWE-noinfo
|
CVE-2005-4200
|
2011-03-7 14:00 |
2005-12-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363522
|
7.5 |
HIGH
|
phpwebgallery
|
phpwebgallery
|
Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) since, (2) sort_by, and (3) items_number parameters to c…
|
CWE-89
SQLインジェクション
|
CVE-2005-4228
|
2011-03-7 14:00 |
2005-12-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363523
|
7.5 |
HIGH
|
envolution
|
envolution
|
SQL injection vulnerability in the News module in Envolution allows remote attackers to execute arbitrary SQL commands via the (1) startrow and (2) catid parameter.
|
CWE-89
SQLインジェクション
|
CVE-2005-4263
|
2011-03-7 14:00 |
2005-12-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363524
|
7.5 |
HIGH
|
qualcomm
|
worldmail
|
Stack-based buffer overflow in Qualcomm WorldMail 3.0 allows remote attackers to execute arbitrary code via a long IMAP command that ends with a "}" character, as demonstrated using long (1) LIST, (2…
|
CWE-119
バッファエラー
|
CVE-2005-4267
|
2011-03-7 14:00 |
2005-12-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363525
|
7.5 |
HIGH
|
nicplex
|
plexcart_x3
|
SQL injection vulnerability in the search function in Plexum PLEXCART X3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly involving the (1) s_itemname and (…
|
CWE-89
SQLインジェクション
|
CVE-2005-4315
|
2011-03-7 14:00 |
2005-12-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363526
|
4.3 |
MEDIUM
|
apple
|
safari webkit
|
WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an in…
|
CWE-399
リソース管理の問題
|
CVE-2010-1729
|
2011-02-17 15:55 |
2010-05-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363527
|
4.3 |
MEDIUM
|
apple
|
safari webkit
|
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and before 4.1 on Mac OS X 10.4, does not properly handle clipboard (1) drag and (2) paste operations for URLs, which allows user-assi…
|
CWE-200
情報漏えい
|
CVE-2010-1388
|
2011-02-17 15:54 |
2010-06-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363528
|
10.0 |
HIGH
|
fetchmail
|
fetchmail
|
Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as …
|
CWE-264
認可・権限・アクセス制御
|
CVE-2001-1009
|
2011-02-16 14:00 |
2001-08-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363529
|
2.1 |
LOW
|
fetchmail
|
fetchmail
|
fetchmailconf in fetchmail before 5.7.4 allows local users to overwrite files of other users via a symlink attack on temporary files.
|
CWE-59
リンク解釈の問題
|
CVE-2001-1378
|
2011-02-16 14:00 |
2001-09-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363530
|
5.0 |
MEDIUM
|
fetchmail
|
fetchmail
|
fetchmail email client before 5.9.10 does not properly limit the maximum number of messages available, which allows a remote IMAP server to overwrite memory via a message count that exceeds the bound…
|
CWE-20
不適切な入力確認
|
CVE-2002-0146
|
2011-02-16 05:45 |
2002-06-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363531
|
6.8 |
MEDIUM
|
php
|
php
|
Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary…
|
CWE-134
書式文字列の問題
|
CVE-2010-2094
|
2011-01-26 15:48 |
2010-05-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363532
|
5.0 |
MEDIUM
|
typsoft
|
typsoft_ftp_server
|
Typsoft FTP Server 1.11, with "Sub Directory Include" enabled, allows remote attackers to cause a denial of service (crash) by sending multiple RETR commands. NOTE: it was later reported that 1.10 i…
|
CWE-399
リソース管理の問題
|
CVE-2005-3294
|
2011-01-26 14:00 |
2005-10-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363533
|
4.0 |
MEDIUM
|
wordpress
|
wordpress
|
WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2010-0682
|
2011-01-19 15:55 |
2010-02-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363534
|
6.8 |
MEDIUM
|
phpf1
|
max\'s_image_uploader
|
Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, a…
|
NVD-CWE-Other
|
CVE-2010-0390
|
2011-01-12 14:00 |
2010-01-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363535
|
6.8 |
MEDIUM
|
phpf1
|
max\'s_image_uploader
|
Per: http://cwe.mitre.org/data/definitions/434.html
'CWE-434: Unrestricted Upload of File with Dangerous Type'
|
NVD-CWE-Other
|
CVE-2010-0390
|
2011-01-12 14:00 |
2010-01-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363536
|
7.5 |
HIGH
|
embarcadero
|
interbase_smp_2009
|
Multiple stack-based buffer overflows in Embarcadero Technologies InterBase SMP 2009 9.0.3.437 allow remote attackers to execute arbitrary code via unknown vectors involving crafted packets. NOTE: t…
|
CWE-119
バッファエラー
|
CVE-2010-0391
|
2011-01-12 14:00 |
2010-01-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363537
|
9.0 |
HIGH
|
cisco
|
unified_meetingplace
|
Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.2, and possibly 5 does not properly validate SQL commands, which allows remote attackers to create, modify, or delete data in …
|
CWE-89
SQLインジェクション
|
CVE-2010-0139
|
2011-01-7 14:00 |
2010-01-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363538
|
6.4 |
MEDIUM
|
cisco
|
unified_meetingplace
|
MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote attackers to discover usernames, passwords, and unspecified other data from the user database via a modified auth…
|
CWE-255
証明書・パスワード管理
|
CVE-2010-0141
|
2011-01-7 14:00 |
2010-01-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363539
|
5.0 |
MEDIUM
|
xerox
|
workcentre_6400_net_controller workcentre_6400_system_software
|
Unspecified vulnerability in the Network Controller in Xerox WorkCentre 6400 System Software 060.070.109.11407 through 060.070.109.29510, and Net Controller 060.079.11410 through 060.079.29310, allow…
|
CWE-200
情報漏えい
|
CVE-2010-0549
|
2011-01-6 14:00 |
2010-02-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363540
|
10.0 |
HIGH
|
realnetworks
|
helix_mobile_server helix_server helix_server_mobile
|
Integer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers …
|
CWE-189
数値処理の問題
|
CVE-2010-1319
|
2010-12-29 14:00 |
2010-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363541
|
4.3 |
MEDIUM
|
gianluca_baldo
|
phpauction
|
Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2005-2254
|
2010-12-21 14:00 |
2005-07-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363542
|
5.0 |
MEDIUM
|
bsdi freebsd openbsd
|
bsd_os freebsd openbsd
|
ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.
|
CWE-20
不適切な入力確認
|
CVE-1999-0001
|
2010-12-16 14:00 |
1999-12-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363543
|
6.8 |
MEDIUM
|
1024cms
|
1024_cms
|
SQL injection vulnerability in rss.php in 1024 CMS 2.1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a vp action.
|
CWE-89
SQLインジェクション
|
CVE-2010-1093
|
2010-12-14 23:34 |
2010-03-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363544
|
4.3 |
MEDIUM
|
jan_schutze
|
truc
|
Cross-site scripting (XSS) vulnerability in login_reset_password_page.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 and earlier allows remote attackers to inject arbitrary web script or HTML…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2010-1095
|
2010-12-14 14:00 |
2010-03-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363545
|
6.8 |
MEDIUM
|
dedecms
|
dedecms
|
include/userlogin.class.php in DeDeCMS 5.5 GBK, when session.auto_start is enabled, allows remote attackers to bypass authentication and gain administrative access via a value of 1 for the _SESSION[d…
|
CWE-287
不適切な認証
|
CVE-2010-1097
|
2010-12-14 14:00 |
2010-03-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363546
|
6.4 |
MEDIUM
|
php
|
php
|
The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpr…
|
CWE-310
暗号の問題
|
CVE-2010-1128
|
2010-12-10 15:39 |
2010-03-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363547
|
5.0 |
MEDIUM
|
php
|
php
|
The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause …
|
NVD-CWE-Other
|
CVE-2010-0397
|
2010-12-10 15:37 |
2010-03-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363548
|
5.0 |
MEDIUM
|
php
|
php
|
Per: http://cwe.mitre.org/data/slices/2000.html
Improper Check for Unusual or Exceptional Conditions CWE-754
|
NVD-CWE-Other
|
CVE-2010-0397
|
2010-12-10 15:37 |
2010-03-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363549
|
4.9 |
MEDIUM
|
apple
|
mac_os_x
|
The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users t…
|
NVD-CWE-Other
|
CVE-2010-0105
|
2010-12-10 14:00 |
2010-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363550
|
5.0 |
MEDIUM
|
php
|
php
|
Use-after-free vulnerability in the request shutdown functionality in PHP 5.2 before 5.2.13 and 5.3 before 5.3.2 allows context-dependent attackers to cause a denial of service (crash) via a stream c…
|
CWE-399
リソース管理の問題
|
CVE-2010-2093
|
2010-12-7 15:48 |
2010-05-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|