# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2002-2232 |
119 |
|
Exec Code Overflow |
2002-12-31 |
2008-09-05 |
8.5 |
Admin |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
Buffer overflow in Enceladus Server Suite 3.9 allows remote attackers to execute arbitrary code via a long CD (CWD) command. |
2 |
CVE-2002-2233 |
22 |
|
DoS Dir. Trav. |
2002-12-31 |
2017-07-28 |
8.3 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Complete |
Directory traversal vulnerability in Enceladus Server Suite 3.9 allows remote attackers to list arbitrary directories and possibly cause a denial of service via "@" (at) characters in a CD (CWD) command, such as (1) "@/....\", (2) "@@@/..c:\", or (3) "@/[email protected]/..". |
3 |
CVE-2002-2313 |
|
|
|
2002-12-31 |
2008-09-05 |
8.8 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
None |
Eudora email client 5.1.1, with "use Microsoft viewer" enabled, allows remote attackers to execute arbitrary programs via an HTML email message containing a META refresh tag that references an embedded .mhtml file with ActiveX controls that execute a second embedded program, which is processed by Internet Explorer. |
4 |
CVE-2003-1364 |
20 |
|
DoS |
2003-12-31 |
2017-07-28 |
8.5 |
None |
Remote |
Low |
Not required |
None |
Partial |
Complete |
Aprelium Technologies Abyss Web Server 1.1.2, and possibly other versions before 1.1.4, allows remote attackers to cause a denial of service (crash) via an HTTP GET message with empty (1) Connection or (2) Range fields. |
5 |
CVE-2003-1377 |
119 |
|
Exec Code Overflow |
2003-12-31 |
2017-07-28 |
8.3 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Complete |
Buffer overflow in the reverse DNS lookup of Smart IRC Daemon (SIRCD) 0.4.0 and 0.4.4 allows remote attackers to execute arbitrary code via a client with a long hostname. |
6 |
CVE-2003-1378 |
264 |
|
Exec Code |
2003-12-31 |
2017-07-28 |
8.8 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
None |
Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077. |
7 |
CVE-2003-1393 |
119 |
|
DoS Exec Code Overflow |
2003-12-31 |
2017-07-28 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
Buffer overflow in Gupta SQLBase 8.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long EXECUTE command. |
8 |
CVE-2004-0638 |
119 |
|
Exec Code Overflow |
2004-12-31 |
2017-07-10 |
8.5 |
Admin |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument. |
9 |
CVE-2004-1364 |
22 |
|
Dir. Trav. |
2004-08-04 |
2018-10-19 |
8.5 |
Admin |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory. |
10 |
CVE-2004-2111 |
119 |
|
Exec Code Overflow |
2004-12-31 |
2017-07-10 |
8.5 |
Admin |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename. |
11 |
CVE-2004-2690 |
|
|
Exec Code |
2004-12-31 |
2017-07-28 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
Unrestricted file upload vulnerability in the Administration Panel for NewsPHP allows remote authenticated administrators to upload and execute arbitrary code instead of video files. |
12 |
CVE-2005-2572 |
|
|
DoS Exec Code |
2005-08-16 |
2017-07-10 |
8.5 |
Admin |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
MySQL, when running on Windows, allows remote authenticated users with insert privileges on the mysql.func table to cause a denial of service (server hang) and possibly execute arbitrary code via (1) a request for a non-library file, which causes the Windows LoadLibraryEx function to block, or (2) a request for a function in a library that has the XXX_deinit or XXX_init functions defined but is not tailored for mySQL, such as jpeg1x32.dll and jpeg2x32.dll. |
13 |
CVE-2006-3456 |
94 |
|
Exec Code |
2007-05-11 |
2017-07-19 |
8.5 |
Admin |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771. |
14 |
CVE-2006-5882 |
119 |
|
Exec Code Overflow |
2006-11-14 |
2017-07-19 |
8.3 |
Admin |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver 3.50.21.10, as used in Cisco Linksys WPC300N Wireless-N Notebook Adapter before 4.100.15.5 and other products, allows remote attackers to execute arbitrary code via an 802.11 response frame containing a long SSID field. |
15 |
CVE-2006-7094 |
|
|
|
2007-03-02 |
2018-10-16 |
8.5 |
Admin |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary directories with the privileges of gid 0 and possibly enable additional attack vectors. |
16 |
CVE-2006-7152 |
|
|
+Priv |
2007-03-07 |
2017-10-10 |
8.5 |
Admin |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
default.asp in ASP-Nuke Community 1.5 and earlier allows remote attackers to gain privileges by setting certain pseudo cookie values. |
17 |
CVE-2006-7199 |
|
|
|
2007-04-30 |
2008-09-05 |
8.5 |
Admin |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
EMC RSA Security SiteKey allows remote attackers to display the correct image via a man-in-the-middle (MITM) attack in which an attacker-controlled server proxies authentication data to and from a legitimate SiteKey server. NOTE: the vendor disputes the severity of the issue, stating that it is easier to monitor this attack than "attacks against static web pages." |
18 |
CVE-2007-0272 |
119 |
|
DoS Exec Code Overflow |
2007-01-16 |
2018-10-16 |
8.5 |
None |
Remote |
Low |
Single system |
None |
Complete |
Complete |
Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via unspecified vectors involving certain public procedures, aka DB05. |
19 |
CVE-2007-0505 |
|
|
Exec Code |
2007-01-25 |
2017-07-28 |
8.5 |
Admin |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue. |
20 |
CVE-2007-0555 |
|
|
DoS |
2007-02-05 |
2018-10-16 |
8.5 |
None |
Remote |
Low |
Single system |
Complete |
None |
Complete |
PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content. |
21 |
CVE-2007-0723 |
|
|
+Priv |
2007-03-13 |
2008-09-05 |
8.5 |
Admin |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
Unspecified vulnerability in the authentication feature for DirectoryService (DS Plug-Ins) for Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote authenticated LDAP users to modify the root password and gain privileges via unknown vectors. |
22 |
CVE-2007-1216 |
119 |
|
Exec Code Overflow |
2007-04-05 |
2018-10-16 |
8.5 |
Admin |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding". |
23 |
CVE-2007-1351 |
189 |
|
Exec Code Overflow |
2007-04-05 |
2018-10-16 |
8.5 |
Admin |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow. |
24 |
CVE-2007-2363 |
|
|
Exec Code Overflow |
2007-04-30 |
2017-10-10 |
8.5 |
Admin |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file. |
25 |
CVE-2007-2613 |
|
|
|
2007-05-11 |
2013-08-30 |
8.3 |
Admin |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitrary configuration file by modifying the WAKKA_CONFIG environment variable. |
26 |
CVE-2007-2911 |
|
|
Exec Code Sql |
2007-05-30 |
2017-07-28 |
8.5 |
Admin |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573. |
27 |
CVE-2007-3464 |
|
|
+Priv CSRF |
2007-06-27 |
2018-10-16 |
8.5 |
Admin |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
Check Point SofaWare [email protected], with firmware before Embedded NGX 7.0.45 GA, does not require entry of the old password when changing the admin password, which might allow attackers to gain privileges by conducting a CSRF attack, making a password change on an unattended workstation, or other vectors. |
28 |
CVE-2007-3514 |
|
|
Bypass |
2007-07-03 |
2012-10-29 |
8.5 |
None |
Remote |
Low |
Not required |
Complete |
Partial |
None |
Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, a different vector than CVE-2007-3482. |
29 |
CVE-2007-3597 |
287 |
|
|
2007-07-06 |
2018-10-15 |
8.5 |
Admin |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows remote attackers to hijack web sessions by setting the Cookie parameter. |
30 |
CVE-2007-3599 |
|
|
|
2007-07-06 |
2008-11-15 |
8.5 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
None |
vtiger CRM before 5.0.3 allows remote authenticated users to import and export the information for a contact even when they only have the View permission. |
31 |
CVE-2007-3768 |
|
|
DoS |
2007-07-15 |
2017-07-28 |
8.5 |
None |
Remote |
Low |
Not required |
None |
Partial |
Complete |
The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command. |
32 |
CVE-2007-3901 |
119 |
|
Exec Code Overflow |
2007-12-11 |
2019-04-30 |
8.5 |
Admin |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file. |
33 |
CVE-2007-3949 |
|
|
Bypass |
2007-07-23 |
2018-10-15 |
8.3 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Complete |
mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings. |
34 |
CVE-2007-4000 |
264 |
|
Exec Code |
2007-09-05 |
2018-10-15 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer. |
35 |
CVE-2007-4262 |
|
|
Exec Code |
2007-08-08 |
2018-10-15 |
8.5 |
Admin |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
Unrestricted file upload vulnerability in EZPhotoSales 1.9.3 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP code under OnlineViewing/galleries/. |
36 |
CVE-2007-4263 |
|
|
|
2007-08-08 |
2017-09-28 |
8.5 |
Admin |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's filesystem via unknown vectors. |
37 |
CVE-2007-4364 |
287 |
|
Bypass |
2007-08-15 |
2017-07-28 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
Fedora Commons before 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface (JNDI), related to (1) a nonexistent account name in combination with an empty password, which allows remote attackers to trigger a certain "unexpected / strange response" from an LDAP server, and (2) a reauthentication attempt that throws an exception, which allows remote attackers to trigger use of a cached authentication decision. NOTE: authentication can be bypassed by using vector 1 followed by vector 2, and possibly can be bypassed by using a single vector. |
38 |
CVE-2007-4529 |
|
|
|
2007-08-24 |
2018-10-15 |
8.5 |
Admin |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote authenticated users with the ServerAdmin flag to assign Registered users certain privileges, resulting in a privilege set that extends beyond that ServerAdmin's own servers, as demonstrated by the (1) AdminAddServer, (2) AdminDeleteServer, (3) AdminStartServer, and (4) AdminStopServer privileges; and administration of arbitrary virtual servers via a request to a .tscmd URI with a modified serverid parameter, as demonstrated by (a) add_server.tscmd, (b) ask_delete_server.tscmd, (c) start_server.tscmd, and (d) stop_server.tscmd. |
39 |
CVE-2007-4709 |
22 |
|
Dir. Trav. |
2007-12-19 |
2017-07-28 |
8.8 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
None |
Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response. |
40 |
CVE-2007-5361 |
|
|
DoS |
2007-11-20 |
2018-10-15 |
8.5 |
None |
Remote |
Low |
Not required |
Partial |
None |
Complete |
The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service (loss of audio) or intercept voice communications via a crafted TFTP request containing the phone's MAC address in the filename. |
41 |
CVE-2007-5453 |
94 |
|
Exec Code |
2007-10-14 |
2017-09-28 |
8.5 |
Admin |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the _options table, which is used in an eval function call by (1) admin.php, (2) click.php, (3) download.php, and unspecified other files, as demonstrated by modifying _options through a backup restore action in admin.php. |
42 |
CVE-2007-5850 |
119 |
|
Exec Code Overflow |
2007-12-19 |
2017-07-28 |
8.8 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
None |
Heap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4.11 allows user-assisted attackers to execute arbitrary code via a directory with a crafted .DS_Store file. |
43 |
CVE-2007-5897 |
119 |
|
DoS Exec Code Overflow |
2007-11-08 |
2018-10-15 |
8.5 |
Admin |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, 9iR2 up to 9.2.0.6, and 10gR1 up to 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via the TRANSFORM function. NOTE: this issue might already be covered by CVE-2007-5515, CVE-2007-5509, or CVE-2007-5505, but there are insufficient details to be sure. |
44 |
CVE-2007-6174 |
264 |
|
+Priv |
2007-11-29 |
2017-07-28 |
8.5 |
Admin |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
PHPDevShell before 0.7.0 allows remote authenticated users to gain privileges via a crafted request to update a user profile. NOTE: some of these details are obtained from third party information. |
45 |
CVE-2007-6181 |
119 |
|
Exec Code Overflow |
2007-11-29 |
2018-10-26 |
8.5 |
Admin |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
Heap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier allows context-dependent attackers to execute arbitrary code via a filename with a certain length, as demonstrated by a remote authenticated user who uses the SCP protocol to send a file to the Cygwin machine, and thereby causes scp.exe on this machine to execute, and then overwrite heap memory with characters from the filename. NOTE: it is also reported that a related issue might exist in 1.5.7 through 1.5.19. |
46 |
CVE-2007-6350 |
264 |
|
Exec Code Bypass |
2007-12-14 |
2011-08-08 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including (1) unison, (2) rsync, (3) svn, and (4) svnserve, as originally demonstrated by creating a Subversion (SVN) repository with malicious hooks, then using svn to trigger execution of those hooks. |
47 |
CVE-2007-6415 |
94 |
|
Exec Code Bypass |
2008-01-24 |
2008-09-05 |
8.5 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
None |
scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options. |
48 |
CVE-2007-6593 |
119 |
|
Exec Code Overflow |
2007-12-28 |
2018-10-15 |
8.8 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
None |
Multiple stack-based buffer overflows in l123sr.dll in Autonomy (formerly Verity) KeyView SDK, as used by IBM Lotus Notes 5.x through 8.x, allow user-assisted remote attackers to execute arbitrary code via the (1) Length and (2) Value fields for certain Types in a Lotus 1-2-3 (.123) file in the Worksheet File (WKS) format, as demonstrated by a file with a crafted SRANGE record, a different vulnerability than CVE-2007-5909. |
49 |
CVE-2008-0087 |
287 |
|
|
2008-04-08 |
2018-10-30 |
8.8 |
None |
Remote |
Medium |
Not required |
None |
Complete |
Complete |
The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses. |
50 |
CVE-2008-0127 |
119 |
|
DoS Exec Code Overflow |
2008-01-09 |
2018-10-15 |
8.8 |
None |
Remote |
Medium |
Not required |
None |
Complete |
Complete |
The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long initial authentication packet. |