| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complex
ity
|
Authen
tication
|
Confiden
tiality
|
Integrity
|
Availa
bility
|
|
1 |
CVE-2012-0312 |
|
|
XSS |
2012-01-26 |
2012-01-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9, and osCommerce Online Merchant before 2.3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
2 |
CVE-2012-0311 |
|
|
XSS |
2012-01-26 |
2012-01-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
3 |
CVE-2011-4879 |
|
|
DoS |
2012-02-03 |
2012-02-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not properly handle URIs beginning with a 0xfa character, which allows remote attackers to read data from arbitrary memory locations or cause a denial of service (application crash) via a crafted POST request. |
|
4 |
CVE-2011-4878 |
|
|
Dir. Trav. |
2012-02-03 |
2012-02-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via a ..%5c (dot dot backslash) in a URI. |
|
5 |
CVE-2011-4877 |
|
|
DoS |
2012-02-03 |
2012-02-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to cause a denial of service (application crash) by sending crafted data over TCP. |
|
6 |
CVE-2011-4876 |
|
|
Dir. Trav. |
2012-02-03 |
2012-02-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute, read, create, modify, or delete arbitrary files via a .. (dot dot) in a string. |
|
7 |
CVE-2011-4875 |
|
|
Exec Code Overflow |
2012-02-03 |
2012-02-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute arbitrary code via vectors related to Unicode strings. |
|
8 |
CVE-2011-4514 |
|
|
|
2012-02-03 |
2012-02-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attackers to obtain access via a TCP session. |
|
9 |
CVE-2011-4513 |
|
|
Exec Code |
2012-02-03 |
2012-02-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader. |
|
10 |
CVE-2011-4512 |
|
|
Http R.Spl. |
2012-02-03 |
2012-02-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. |
|
11 |
CVE-2011-4511 |
|
|
XSS |
2012-02-03 |
2012-02-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4510. |
|
12 |
CVE-2011-4510 |
|
|
XSS |
2012-02-03 |
2012-02-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4511. |
|
13 |
CVE-2011-4509 |
|
|
|
2012-02-03 |
2012-02-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests. |
|
14 |
CVE-2011-4508 |
|
|
Bypass |
2012-02-03 |
2012-02-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie. |
|
15 |
CVE-2009-0671 |
|
|
Exec Code |
2009-02-22 |
2009-02-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** REJECT ** Format string vulnerability in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit imap-2007d and other applications, allows remote attackers to execute arbitrary code via format string specifiers in the initial request to the IMAP port (143/tcp). NOTE: Red Hat has disputed the vulnerability, stating "The Red Hat Security Response Team have been unable to confirm the existence of this format string vulnerability in the toolkit, and the sample published exploit is not complete or functional." CVE agrees that the exploit contains syntax errors and uses Unix-only include files while invoking Windows functions. |
|
16 |
CVE-2009-0242 |
|
|
DoS |
2009-01-21 |
2009-02-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** REJECT ** gmetad in Ganglia 3.1.1, when supporting multiple requests per connection on an interactive port, allows remote attackers to cause a denial of service via a request to the gmetad service with a path does not exist, which causes Ganglia to (1) perform excessive CPU computation and (2) send the entire tree, which consumes network bandwidth. NOTE: the vendor and original researcher have disputed this issue, since legitimate requests can generate the same amount of resource consumption. CVE concurs with the dispute, so this identifier should not be used. |
|
17 |
CVE-2008-6049 |
|
|
Exec Code Sql |
2009-02-04 |
2009-03-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** REJECT ** SQL injection vulnerability in index.php in TinyMCE 2.0.1 allows remote attackers to execute arbitrary SQL commands via the menuID parameter. NOTE: CVE and multiple reliable third parties dispute this issue, since TinyMCE does not contain index.php or any PHP code. This may be an issue in a product that has integrated TinyMCE. |
|
18 |
CVE-2007-5908 |
|
|
DoS Exec Code Overflow |
2007-11-09 |
2008-09-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** REJECT ** Buffer overflow in the (1) sysfs_show_available_clocksources and (2) sysfs_show_current_clocksources functions in Linux kernel 2.6.23 and earlier might allow local users to cause a denial of service or execute arbitrary code via crafted clock source names. NOTE: follow-on analysis by Linux developers states that "There is no way for unprivileged users (or really even the root user) to add new clocksources." |
|
19 |
CVE-2007-5421 |
|
|
Exec Code Overflow |
2007-10-12 |
2008-09-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** REJECT ** Multiple stack-based buffer overflows in Cisco IOS 12.x and IOS XR allow attackers to execute arbitrary code, as demonstrated via the "Bind Shell", "Reverse Shell", and "Two byte rootshell (Tiny Shell)" attacks. NOTE: the vendor and researcher agree that this issue does not cross privilege boundaries, saying they do not "represent a vulnerability." The disclosure was intended to demonstrate techniques for exploitation, which is not covered by CVE. |
|
20 |
CVE-2007-4044 |
|
|
|
2007-07-27 |
2008-09-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** REJECT ** The MS-RPC functionality in smbd in Samba 3 on SUSE Linux before 20070720 does not include "one character in the shell escape handling." NOTE: this issue was originally characterized as a shell metacharacter issue due to an incomplete fix for CVE-2007-2447, which was interpreted by CVE to be security relevant. However, SUSE and Red Hat have disputed the problem, stating that the only impact is that scripts will not be executed if they have a "c" in their name, but even this limitation might not exist. This does not have security implications, so should not be included in CVE. |
|
21 |
CVE-2007-2056 |
|
|
|
2007-04-30 |
2008-09-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** REJECT ** The getlock function in aimage/aimage.cpp in AFFLIB 2.2.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary lock files (aka "time-of-check-time-of-use file race"). NOTE: the researcher has retracted the original advisory, stating that "the portion of vulnerable code is not called in any current version of AFFLIB and is therefore not exploitable." |
|
22 |
CVE-2006-4854 |
|
|
Exec Code |
2006-09-19 |
2008-09-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** REJECT ** Unspecified vulnerability in Microsoft Office 2000 (Chinese Edition) and Microsoft PowerPoint 2000 (Chinese Edition) allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as Trojan.PPDropper.E. NOTE: on 20060919, Microsoft notified CVE that this is a duplicate of CVE-2006-0009. |
|
23 |
CVE-2006-4274 |
|
|
Exec Code |
2006-08-21 |
2008-09-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** REJECT ** Unknown vulnerability in Microsoft PowerPoint allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as TROJ_MDROPPER.BH. NOTE: on 20060822, it was determined that TROJ_MDROPPER.BH was exploiting CVE-2006-0009, so this is not a new vulnerability. |
|
24 |
CVE-2005-1032 |
|
|
Sql +Info |
2005-04-06 |
2008-09-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** REJECT ** cart.php in LiteCommerce might allow remote attackers to obtain sensitive information via invalid (1) category_id or (2) product_id parameters. NOTE: this issue was originally claimed to be due to SQL injection, but the original researcher is known to be frequently inaccurate with respect to bug type and severity. The vendor has disputed this issue, saying "These reports are credited to malicious person we refused to hire. We have not taken legal action against him only because he is located in India. The vulnerabilites reported can not be reproduced, hence information you provide is contrary to fact." Further investigation by CVE personnel shows that an invalid SQL syntax error could be generated, but it only reveals portions of underlying database structure, which is already available in documentation from the vendor, and it does not appear to lead to path disclosure. Therefore, this issue is not a vulnerability or an exposure, and it probably should be REJECTED. |
|
25 |
CVE-2005-0951 |
|
|
|
2005-05-02 |
2008-09-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: this candidate was created as a result of an analysis error for a researcher advisory for an issue that already existed. It stated an incorrect parameter, which was not part of the vulnerability at all. Notes: CVE users should not reference this candidate at all. |
|
26 |
CVE-1999-0657 |
|
|
|
1999-01-01 |
2007-07-21 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
WinGate is being used. |
|
27 |
CVE-1999-0641 |
|
|
|
1999-01-01 |
2007-07-13 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
The UUCP service is running. |
|
28 |
CVE-1999-0639 |
|
|
|
1999-01-01 |
2007-07-13 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
The chargen service is running. |
|
29 |
CVE-1999-0638 |
|
|
|
1999-01-01 |
2007-07-13 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
The daytime service is running. |
|
30 |
CVE-1999-0637 |
|
|
|
1999-01-01 |
2007-07-13 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
The systat service is running. |
|
31 |
CVE-1999-0635 |
|
|
|
1999-01-01 |
2007-07-13 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
The echo service is running. |
|
32 |
CVE-1999-0632 |
|
|
|
1999-01-01 |
2007-07-13 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
The RPC portmapper service is running. |
|
33 |
CVE-1999-0629 |
|
|
|
1999-01-01 |
2010-12-01 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
The ident/identd service is running. |
|
34 |
CVE-1999-0627 |
|
|
Exec Code |
1992-03-01 |
2008-09-09 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
The rexd service is running, which uses weak authentication that can allow an attacker to execute commands. |
|
35 |
CVE-1999-0626 |
|
|
|
1997-01-01 |
2008-09-09 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
A version of rusers is running that exposes valid user information to any entity on the network. |
|
36 |
CVE-1999-0625 |
|
|
|
1999-01-01 |
2007-07-13 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
The rpc.rquotad service is running. |
|
37 |
CVE-1999-0624 |
|
|
|
1999-01-01 |
2007-07-13 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
The rstat/rstatd service is running. |
|
38 |
CVE-1999-0613 |
|
|
|
1999-01-01 |
2007-07-13 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
The rpc.sprayd service is running. |
|
39 |
CVE-1999-0612 |
|
|
|
1997-03-01 |
2008-09-09 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
A version of finger is running that exposes valid user information to any entity on the network. |
|
40 |
CVE-1999-0532 |
|
|
|
1997-07-01 |
2008-09-09 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
A DNS server allows zone transfers. |
|
41 |
CVE-1999-0524 |
200 |
|
+Info |
1997-08-01 |
2008-09-09 |
0.0 |
None |
Local |
Low |
Not required |
None |
None |
None |
|
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. |
|
42 |
CVE-1999-0523 |
|
|
|
1999-01-01 |
2010-12-01 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
ICMP echo (ping) is allowed from arbitrary hosts. |
|
43 |
CVE-1999-0497 |
|
|
|
1999-01-01 |
2007-07-13 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
Anonymous FTP is enabled. |
