perlshop.cgi shopping cart program stores sensitive customer information in directories and files that are under the web root, which allows remote attackers to obtain that information via an HTTP request.
Max CVSS
5.0
EPSS Score
0.47%
Published
2005-05-02
Updated
2016-10-18
Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password.
Max CVSS
5.0
EPSS Score
7.71%
Published
2005-05-02
Updated
2017-12-19
AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a long filename, possibly caused by a buffer overflow.
Max CVSS
5.0
EPSS Score
2.01%
Published
2005-05-02
Updated
2017-07-11
Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion.
Max CVSS
6.9
EPSS Score
0.07%
Published
2005-05-02
Updated
2017-10-11
poppassd_pam 1.0 and earlier, when changing a user password, does not verify that the user entered the old password correctly, which allows remote attackers to change passwords for arbitrary users.
Max CVSS
10.0
EPSS Score
1.01%
Published
2005-05-02
Updated
2008-09-10
Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
Max CVSS
7.5
EPSS Score
10.83%
Published
2005-05-02
Updated
2017-10-11
The COPS dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (infinite loop).
Max CVSS
5.0
EPSS Score
0.62%
Published
2005-05-02
Updated
2017-10-11
Unknown vulnerability in the DLSw dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (application crash from assertion).
Max CVSS
5.0
EPSS Score
0.69%
Published
2005-05-02
Updated
2017-10-11
Unknown vulnerability in the DNP dissector in Ethereal 0.10.5 through 0.10.8 allows remote attackers to cause "memory corruption."
Max CVSS
5.0
EPSS Score
0.28%
Published
2005-05-02
Updated
2017-10-11
Unknown vulnerability in the Gnutella dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (application crash).
Max CVSS
5.0
EPSS Score
0.62%
Published
2005-05-02
Updated
2017-10-11
Unknown vulnerability in the MMSE dissector in Ethereal 0.10.4 through 0.10.8 allows remote attackers to cause a denial of service by triggering a free of statically allocated memory.
Max CVSS
5.0
EPSS Score
0.69%
Published
2005-05-02
Updated
2017-10-11
Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support for Instrument Neutral Distributed Interface (INDI) in KDE 3.3 to 3.3.2, allow local users and remote attackers to execute arbitrary code via stack-based buffer overflows.
Max CVSS
10.0
EPSS Score
0.72%
Published
2005-05-02
Updated
2008-09-05
Format string vulnerability in the a_Interface_msg function in Dillo before 0.8.3-r4 allows remote attackers to execute arbitrary code via format string specifiers in a web page.
Max CVSS
7.5
EPSS Score
4.54%
Published
2005-05-02
Updated
2017-07-11
nwclient.c in ncpfs before 2.2.6 does not drop root privileges before executing utilities using the NetWare client functions, which allows local users to gain privileges.
Max CVSS
7.2
EPSS Score
0.06%
Published
2005-05-02
Updated
2018-10-19
Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote malicious NetWare servers to execute arbitrary code on the NetWare client.
Max CVSS
7.5
EPSS Score
0.85%
Published
2005-05-02
Updated
2018-10-19
diatheke.pl in Sword 1.5.7a allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
Max CVSS
7.5
EPSS Score
1.12%
Published
2005-05-02
Updated
2017-07-11
The f2c translator in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-05-02
Updated
2008-09-05
The f2 shell script in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-05-02
Updated
2008-09-05
Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
Max CVSS
7.2
EPSS Score
0.19%
Published
2005-05-02
Updated
2017-10-11
Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
Max CVSS
4.6
EPSS Score
0.16%
Published
2005-05-02
Updated
2017-10-11
Buffer overflow in the code for recursion and glue fetching in BIND 8.4.4 and 8.4.5 allows remote attackers to cause a denial of service (crash) via queries that trigger the overflow in the q_usedns array that tracks nameservers and addresses.
Max CVSS
5.0
EPSS Score
3.41%
Published
2005-05-02
Updated
2017-07-11
An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enabled, allows remote attackers to cause a denial of service (named server exit) via crafted DNS packets that cause an internal consistency test (self-check) to fail.
Max CVSS
4.3
EPSS Score
3.41%
Published
2005-05-02
Updated
2017-07-11
The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and earlier, when used with Internet Explorer, allows remote attackers to determine the existence of arbitrary files via the LoadFile ActiveX method.
Max CVSS
5.1
EPSS Score
6.52%
Published
2005-05-02
Updated
2011-03-08
Certain configurations of IPsec, when using Encapsulating Security Payload (ESP) in tunnel mode, integrity protection at a higher layer, or Authentication Header (AH), allow remote attackers to decrypt IPSec communications by modifying the outer packet in ways that cause plaintext data from the inner packet to be returned in ICMP messages, as demonstrated using bit-flipping attacks and (1) Destination Address Rewriting, (2) a modified header length that causes portions of the packet to be interpreted as IP Options, or (3) a modified protocol field and source address.
Max CVSS
6.4
EPSS Score
1.03%
Published
2005-05-10
Updated
2016-10-18
Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke before 3.0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) register a new user page, (2) User-Agent, or (3) Username, which is not properly quoted before sending to the error log.
Max CVSS
4.3
EPSS Score
0.83%
Published
2005-05-19
Updated
2016-10-18
1254 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!