libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack."
Max CVSS
9.3
EPSS Score
0.37%
Published
2003-12-31
Updated
2024-02-02
sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190.
Max CVSS
7.6
EPSS Score
1.50%
Published
2003-12-31
Updated
2022-12-13
Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, when using BSMTP mode ("-B"), allows remote attackers to execute arbitrary code via email containing headers with leading "." characters.
Max CVSS
7.6
EPSS Score
7.38%
Published
2003-12-31
Updated
2018-10-19
Unrestricted file upload vulnerability in uploader.php in Uploader 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/.
Max CVSS
6.8
EPSS Score
1.35%
Published
2003-12-31
Updated
2018-10-19
Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before Revision F has unknown impact and attack vectors related to "malicious script."
Max CVSS
10.0
EPSS Score
0.50%
Published
2003-12-31
Updated
2017-08-08
Unrestricted critical resource lock in Terminal Services for Windows 2000 before SP4 and Windows XP allows remote authenticated users to cause a denial of service (reboot) by obtaining a read lock on msgina.dll, which prevents msgina.dll from being loaded.
Max CVSS
6.8
EPSS Score
1.07%
Published
2003-12-31
Updated
2017-08-08
susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and Openexchange Server 4 does not properly filter shell metacharacters, which allows remote attackers to execute arbitrary commands via CGI queries.
Max CVSS
6.4
EPSS Score
0.22%
Published
2003-12-31
Updated
2008-09-05
SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters.
Max CVSS
7.5
EPSS Score
0.06%
Published
2003-12-31
Updated
2018-10-19
SQL injection vulnerability in compte.php in PhpMyShop 1.00 allows remote attackers to execute arbitrary SQL commands via the (1) identifiant and (2) password parameters.
Max CVSS
7.5
EPSS Score
0.09%
Published
2003-12-31
Updated
2018-10-19
SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the mark[] parameter.
Max CVSS
7.5
EPSS Score
0.09%
Published
2003-12-31
Updated
2018-10-19
nsr_shutdown in Fujitsu Siemens NetWorker 6.0 allows local users to overwrite arbitrary files via a symlink attack on the nsrsh[PID] temporary file.
Max CVSS
7.2
EPSS Score
0.04%
Published
2003-12-31
Updated
2018-10-19
Unspecified vulnerability in My Photo Gallery 3.5, and possibly earlier versions, has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.27%
Published
2003-12-31
Updated
2017-07-29
PGPi PGPDisk 6.0.2i does not unmount a PGP partition when the switch user function in Windows XP is used, which could allow local users to access data on another user's PGP partition.
Max CVSS
6.3
EPSS Score
0.04%
Published
2003-12-31
Updated
2017-07-29
SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows remote attackers to execute arbitrary SQL commands via the (1) login username, (2) mailbox name, and possibly other attack vectors.
Max CVSS
7.5
EPSS Score
0.15%
Published
2003-12-31
Updated
2017-07-29
Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
Max CVSS
6.4
EPSS Score
0.85%
Published
2003-12-31
Updated
2008-09-05
SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows remote attackers to execute arbitrary SQL commands via the email parameter.
Max CVSS
6.8
EPSS Score
0.06%
Published
2003-12-31
Updated
2008-09-05
Adiscon WinSyslog 4.21 SP1 allows remote attackers to cause a denial of service (CPU consumption) via a long syslog message.
Max CVSS
7.8
EPSS Score
1.38%
Published
2003-12-31
Updated
2017-07-29
The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
Max CVSS
6.8
EPSS Score
0.83%
Published
2003-12-31
Updated
2008-09-05
Origo ASR-8100 ADSL Router 3.21 has an administration service running on port 254 that does not require a password, which allows remote attackers to cause a denial of service by restoring the factory defaults.
Max CVSS
7.8
EPSS Score
0.78%
Published
2003-12-31
Updated
2017-07-29
eMule 0.29c allows remote attackers to cause a denial of service (crash) via a long password, possibly due to a buffer overflow.
Max CVSS
7.8
EPSS Score
0.96%
Published
2003-12-31
Updated
2017-07-29
TinyWeb 1.9 allows remote attackers to cause a denial of service (CPU consumption) via a ".%00." in an HTTP GET request to the cgi-bin directory.
Max CVSS
7.8
EPSS Score
0.72%
Published
2003-12-31
Updated
2017-07-29
Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser.
Max CVSS
10.0
EPSS Score
0.81%
Published
2003-12-31
Updated
2017-08-17
Planet Technology WGSD-1020 and WSW-2401 Ethernet switches use a default "superuser" account with the "planet" password, which allows remote attackers to gain administrative access.
Max CVSS
10.0
EPSS Score
0.79%
Published
2003-12-31
Updated
2017-07-29
SQL injection vulnerability in variables.php in Goldlink 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) vadmin_login or (2) vadmin_pass cookie in a request to goldlink.php.
Max CVSS
7.5
EPSS Score
0.06%
Published
2003-12-31
Updated
2017-07-29
Buffer overflow in AOL Instant Messenger (AIM) 5.2.3292 allows remote attackers to execute arbitrary code via an aim:getfile URL with a long screen name.
Max CVSS
10.0
EPSS Score
3.88%
Published
2003-12-31
Updated
2017-07-29
787 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!