| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-1999-0497 |
|
|
|
1999-01-01 |
2022-08-17 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
Anonymous FTP is enabled. |
|
2 |
CVE-1999-0523 |
|
|
|
1999-01-01 |
2022-08-17 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
ICMP echo (ping) is allowed from arbitrary hosts. |
|
3 |
CVE-1999-0525 |
|
|
|
1997-01-01 |
2022-08-17 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
IP traceroute is allowed from arbitrary hosts. |
|
4 |
CVE-1999-0532 |
|
|
|
1997-07-01 |
2022-08-17 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
A DNS server allows zone transfers. |
|
5 |
CVE-1999-0586 |
|
|
|
1999-01-01 |
2022-08-17 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
A network service is running on a nonstandard port. |
|
6 |
CVE-1999-0612 |
|
|
|
1997-03-01 |
2022-08-17 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
A version of finger is running that exposes valid user information to any entity on the network. |
|
7 |
CVE-1999-0613 |
|
|
|
1999-01-01 |
2022-08-17 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
The rpc.sprayd service is running. |
|
8 |
CVE-1999-0624 |
|
|
|
1999-01-01 |
2022-08-17 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
The rstat/rstatd service is running. |
|
9 |
CVE-1999-0625 |
|
|
|
1999-01-01 |
2022-08-17 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
The rpc.rquotad service is running. |
|
10 |
CVE-1999-0626 |
|
|
|
1997-01-01 |
2022-08-17 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
A version of rusers is running that exposes valid user information to any entity on the network. |
|
11 |
CVE-1999-0627 |
|
|
Exec Code |
1992-03-01 |
2022-08-17 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
The rexd service is running, which uses weak authentication that can allow an attacker to execute commands. |
|
12 |
CVE-1999-0629 |
|
|
|
1999-01-01 |
2022-08-17 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
The ident/identd service is running. |
|
13 |
CVE-1999-0632 |
|
|
|
1999-01-01 |
2022-08-17 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
The RPC portmapper service is running. |
|
14 |
CVE-1999-0635 |
|
|
|
1999-01-01 |
2007-07-13 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
The echo service is running. |
|
15 |
CVE-1999-0637 |
|
|
|
1999-01-01 |
2022-08-17 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
The systat service is running. |
|
16 |
CVE-1999-0638 |
|
|
|
1999-01-01 |
2022-08-17 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
The daytime service is running. |
|
17 |
CVE-1999-0639 |
|
|
|
1999-01-01 |
2022-08-17 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
The chargen service is running. |
|
18 |
CVE-1999-0641 |
|
|
|
1999-01-01 |
2022-08-17 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
The UUCP service is running. |
|
19 |
CVE-1999-0657 |
|
|
|
1999-01-01 |
2022-08-17 |
0.0 |
None |
Remote |
Low |
Not required |
None |
None |
None |
|
WinGate is being used. |
|
20 |
CVE-2005-0951 |
|
|
|
2005-05-02 |
2008-09-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: this candidate was created as a result of an analysis error for a researcher advisory for an issue that already existed. It stated an incorrect parameter, which was not part of the vulnerability at all. Notes: CVE users should not reference this candidate at all. |
|
21 |
CVE-2005-1032 |
|
|
Sql +Info |
2005-04-06 |
2008-09-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** REJECT ** cart.php in LiteCommerce might allow remote attackers to obtain sensitive information via invalid (1) category_id or (2) product_id parameters. NOTE: this issue was originally claimed to be due to SQL injection, but the original researcher is known to be frequently inaccurate with respect to bug type and severity. The vendor has disputed this issue, saying "These reports are credited to malicious person we refused to hire. We have not taken legal action against him only because he is located in India. The vulnerabilites reported can not be reproduced, hence information you provide is contrary to fact." Further investigation by CVE personnel shows that an invalid SQL syntax error could be generated, but it only reveals portions of underlying database structure, which is already available in documentation from the vendor, and it does not appear to lead to path disclosure. Therefore, this issue is not a vulnerability or an exposure, and it probably should be REJECTED. |
|
22 |
CVE-2006-4274 |
|
|
Exec Code |
2006-08-21 |
2008-09-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** REJECT ** Unknown vulnerability in Microsoft PowerPoint allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as TROJ_MDROPPER.BH. NOTE: on 20060822, it was determined that TROJ_MDROPPER.BH was exploiting CVE-2006-0009, so this is not a new vulnerability. |
|
23 |
CVE-2006-4854 |
|
|
Exec Code |
2006-09-19 |
2008-09-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** REJECT ** Unspecified vulnerability in Microsoft Office 2000 (Chinese Edition) and Microsoft PowerPoint 2000 (Chinese Edition) allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as Trojan.PPDropper.E. NOTE: on 20060919, Microsoft notified CVE that this is a duplicate of CVE-2006-0009. |
|
24 |
CVE-2006-10001 |
79 |
|
XSS |
2023-03-05 |
2023-03-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability, which was classified as problematic, was found in Subscribe to Comments Plugin up to 2.0.7. This affects an unknown part of the file subscribe-to-comments.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The name of the patch is 9683bdf462fcac2f32b33be98f0b96497fbd1bb6. It is recommended to upgrade the affected component. The identifier VDB-222321 was assigned to this vulnerability. |
|
25 |
CVE-2006-20001 |
787 |
|
|
2023-01-17 |
2023-01-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. |
|
26 |
CVE-2007-2056 |
|
|
|
2007-04-30 |
2008-09-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** REJECT ** The getlock function in aimage/aimage.cpp in AFFLIB 2.2.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary lock files (aka "time-of-check-time-of-use file race"). NOTE: the researcher has retracted the original advisory, stating that "the portion of vulnerable code is not called in any current version of AFFLIB and is therefore not exploitable." |
|
27 |
CVE-2007-4044 |
|
|
|
2007-07-27 |
2008-09-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** REJECT ** The MS-RPC functionality in smbd in Samba 3 on SUSE Linux before 20070720 does not include "one character in the shell escape handling." NOTE: this issue was originally characterized as a shell metacharacter issue due to an incomplete fix for CVE-2007-2447, which was interpreted by CVE to be security relevant. However, SUSE and Red Hat have disputed the problem, stating that the only impact is that scripts will not be executed if they have a "c" in their name, but even this limitation might not exist. This does not have security implications, so should not be included in CVE. |
|
28 |
CVE-2007-5421 |
|
|
Exec Code Overflow |
2007-10-12 |
2008-09-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** REJECT ** Multiple stack-based buffer overflows in Cisco IOS 12.x and IOS XR allow attackers to execute arbitrary code, as demonstrated via the "Bind Shell", "Reverse Shell", and "Two byte rootshell (Tiny Shell)" attacks. NOTE: the vendor and researcher agree that this issue does not cross privilege boundaries, saying they do not "represent a vulnerability." The disclosure was intended to demonstrate techniques for exploitation, which is not covered by CVE. |
|
29 |
CVE-2007-5908 |
|
|
DoS Exec Code Overflow |
2007-11-09 |
2008-09-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** REJECT ** Buffer overflow in the (1) sysfs_show_available_clocksources and (2) sysfs_show_current_clocksources functions in Linux kernel 2.6.23 and earlier might allow local users to cause a denial of service or execute arbitrary code via crafted clock source names. NOTE: follow-on analysis by Linux developers states that "There is no way for unprivileged users (or really even the root user) to add new clocksources." |
|
30 |
CVE-2007-10001 |
89 |
|
Sql |
2023-01-05 |
2023-01-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability classified as problematic has been found in web-cyradm. This affects an unknown part of the file search.php. The manipulation of the argument searchstring leads to sql injection. It is recommended to apply a patch to fix this issue. The identifier VDB-217449 was assigned to this vulnerability. |
|
31 |
CVE-2007-10002 |
89 |
|
Sql |
2023-01-08 |
2023-01-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability, which was classified as critical, has been found in web-cyradm. Affected by this issue is some unknown functionality of the file auth.inc.php. The manipulation of the argument login/login_password/LANG leads to sql injection. The attack may be launched remotely. The name of the patch is 2bcbead3bdb5f118bf2c38c541eaa73c29dcc90f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217640. |
|
32 |
CVE-2008-6049 |
|
|
Exec Code Sql |
2009-02-04 |
2009-03-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** REJECT ** SQL injection vulnerability in index.php in TinyMCE 2.0.1 allows remote attackers to execute arbitrary SQL commands via the menuID parameter. NOTE: CVE and multiple reliable third parties dispute this issue, since TinyMCE does not contain index.php or any PHP code. This may be an issue in a product that has integrated TinyMCE. |
|
33 |
CVE-2008-10002 |
79 |
|
XSS |
2023-03-05 |
2023-03-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability has been found in cfire24 ajaxlife up to 0.3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.3.3 is able to address this issue. The name of the patch is 9fb53b67312fe3f4336e01c1e3e1bedb4be0c1c8. It is recommended to upgrade the affected component. VDB-222286 is the identifier assigned to this vulnerability. |
|
34 |
CVE-2008-10003 |
89 |
|
Sql |
2023-03-05 |
2023-03-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability was found in iGamingModules flashgames 1.1.0. It has been classified as critical. Affected is an unknown function of the file game.php. The manipulation of the argument lid leads to sql injection. It is possible to launch the attack remotely. The name of the patch is 6e57683704885be32eea2ea614f80c9bb8f012c5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222288. |
|
35 |
CVE-2008-10004 |
89 |
|
Sql |
2023-03-06 |
2023-03-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability was found in Email Registration 5.x-2.1. It has been declared as critical. This vulnerability affects the function email_registration_user of the file email_registration.module. The manipulation of the argument namenew leads to sql injection. The attack can be initiated remotely. Upgrading to version 6.x-1.0 is able to address this issue. The name of the patch is 126c141b7db038c778a2dc931d38766aad8d1112. It is recommended to upgrade the affected component. VDB-222334 is the identifier assigned to this vulnerability. |
|
36 |
CVE-2009-0242 |
|
|
DoS |
2009-01-21 |
2009-02-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** REJECT ** gmetad in Ganglia 3.1.1, when supporting multiple requests per connection on an interactive port, allows remote attackers to cause a denial of service via a request to the gmetad service with a path does not exist, which causes Ganglia to (1) perform excessive CPU computation and (2) send the entire tree, which consumes network bandwidth. NOTE: the vendor and original researcher have disputed this issue, since legitimate requests can generate the same amount of resource consumption. CVE concurs with the dispute, so this identifier should not be used. |
|
37 |
CVE-2009-0671 |
|
|
Exec Code |
2009-02-22 |
2009-02-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** REJECT ** Format string vulnerability in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit imap-2007d and other applications, allows remote attackers to execute arbitrary code via format string specifiers in the initial request to the IMAP port (143/tcp). NOTE: Red Hat has disputed the vulnerability, stating "The Red Hat Security Response Team have been unable to confirm the existence of this format string vulnerability in the toolkit, and the sample published exploit is not complete or functional." CVE agrees that the exploit contains syntax errors and uses Unix-only include files while invoking Windows functions. |
|
38 |
CVE-2009-1142 |
59 |
|
+Priv |
2022-11-23 |
2022-11-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled. |
|
39 |
CVE-2009-1143 |
59 |
|
Bypass |
2022-11-23 |
2022-11-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter). |
|
40 |
CVE-2009-10001 |
79 |
|
XSS |
2023-01-13 |
2023-01-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability classified as problematic was found in jianlinwei cool-php-captcha up to 0.2. This vulnerability affects unknown code of the file example-form.php. The manipulation of the argument captcha with the input %3Cscript%3Ealert(1)%3C/script%3E leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.3 is able to address this issue. The name of the patch is c84fb6b153bebaf228feee0cbf50728d27ae3f80. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218296. |
|
41 |
CVE-2009-10002 |
79 |
|
XSS |
2023-01-13 |
2023-01-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability, which was classified as problematic, has been found in dpup fittr-flickr. This issue affects some unknown processing of the file fittr-flickr/features/easy-exif.js of the component EXIF Preview Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 08875dd8a2e5d0d16568bb0d67cb4328062fccde. It is recommended to apply a patch to fix this issue. The identifier VDB-218297 was assigned to this vulnerability. |
|
42 |
CVE-2009-10003 |
79 |
|
XSS |
2023-01-29 |
2023-02-07 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability was found in capnsquarepants wordcraft up to 0.6. It has been classified as problematic. Affected is an unknown function of the file tag.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 0.7 is able to address this issue. The name of the patch is be23028633e8105de92f387036871c03f34d3124. It is recommended to upgrade the affected component. VDB-219714 is the identifier assigned to this vulnerability. |
|
43 |
CVE-2010-10002 |
79 |
|
XSS |
2023-01-01 |
2023-01-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. Affected is an unknown function of the file templates/consumer.php of the component OpenID Handler. The manipulation of the argument AuthState leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0 is able to address this issue. The name of the patch is d652d41ccaf8c45d5707e741c0c5d82a2365a9a3. It is recommended to upgrade the affected component. VDB-217170 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
|
44 |
CVE-2010-10003 |
89 |
|
Sql |
2023-01-04 |
2023-01-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability classified as critical was found in gesellix titlelink. Affected by this vulnerability is an unknown functionality of the file plugin_content_title.php. The manipulation of the argument phrase leads to sql injection. The name of the patch is b4604e523853965fa981a4e79aef4b554a535db0. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217351. |
|
45 |
CVE-2010-10004 |
79 |
|
XSS |
2023-01-09 |
2023-01-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability was found in Information Cards Module and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.0 is able to address this issue. The name of the patch is f6bfea49ae16dc6e179df8306d39c3694f1ef186. It is recommended to upgrade the affected component. The identifier VDB-217661 was assigned to this vulnerability. |
|
46 |
CVE-2010-10005 |
121 |
|
Overflow |
2023-01-16 |
2023-01-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability was found in msmania poodim. It has been declared as critical. This vulnerability affects unknown code of the component Command Line Argument Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The name of the patch is 6340d5d2c81e55e61522c4b40a6cdd5c39738cc6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218392. |
|
47 |
CVE-2010-10006 |
203 |
|
|
2023-01-18 |
2023-01-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability, which was classified as problematic, was found in michaelliao jopenid. Affected is the function getAuthentication of the file JOpenId/src/org/expressme/openid/OpenIdManager.java. The manipulation leads to observable timing discrepancy. Upgrading to version 1.08 is able to address this issue. The name of the patch is c9baaa976b684637f0d5a50268e91846a7a719ab. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218460. |
|
48 |
CVE-2010-10007 |
89 |
|
Sql |
2023-01-18 |
2023-01-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in lierdakil click-reminder. It has been rated as critical. This issue affects the function db_query of the file src/backend/include/BaseAction.php. The manipulation leads to sql injection. The name of the patch is 41213b660e8eb01b22c8074f06208f59a73ca8dc. It is recommended to apply a patch to fix this issue. The identifier VDB-218465 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
|
49 |
CVE-2010-10008 |
79 |
|
XSS |
2023-01-17 |
2023-01-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in simplesamlphp simplesamlphp-module-openidprovider up to 0.8.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file templates/trust.tpl.php. The manipulation of the argument StateID leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.9.0 is able to address this issue. The name of the patch is 8365d48c863cf06ccf1465cc0a161cefae29d69d. It is recommended to upgrade the affected component. The identifier VDB-218473 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
|
50 |
CVE-2010-10009 |
89 |
|
Sql |
2023-01-18 |
2023-01-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability was found in frioux ptome. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is 26829bba67858ca0bd4ce49ad50e7ce653914276. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218519. |
