Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3672 1 Stonesoft 1 Stonegate Firewall 2025-04-03 N/A
The Internet Key Exchange version 1 (IKEv1) implementation in Stonesoft StoneGate Firewall before 2.6.1 allows remote attackers to cause a denial of service via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the Stonesoft advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
CVE-2006-0787 1 Plaino 1 Wimpy Mp3 2025-04-03 N/A
wimpy_trackplays.php in Plaino Wimpy MP3 Player, possibly 5.2 and earlier, allows remote attackers to insert arbitrary strings into trackme.txt via the (1) trackFile, (2) trackArtist, and (3) trackTitle parameters, which can result in providing false information about songs, occupying excessive disk space with very long parameter values, and storing executable code that might be invoked through a different vulnerability. NOTE: since this issue, as described by the original researcher, is entirely dependent on the presence of another vulnerability, it could be argued that Wimpy cannot be responsible for how its data file is processed by applications outside of its control. Since this issue might only be useful as a facilitator manipulation in another vulnerability, perhaps it should not be included in CVE.
CVE-2002-2041 1 Qnx 1 Rtos 2025-04-03 N/A
Multiple buffer overflows in realtime operating system (RTOS) 6.1.0 allows local users to execute arbitrary code via (1) a long ABLANG environment variable in phlocale or (2) a long -u option to pkg-installer.
CVE-2002-2042 1 Qnx 1 Rtos 2025-04-03 N/A
ptrace in the QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows programs to attach to privileged processes, which could allow local users to execute arbitrary code by modifying running processes.
CVE-2005-3673 1 Checkpoint 5 Check Point, Express, Firewall-1 and 2 more 2025-04-03 N/A
The Internet Key Exchange version 1 (IKEv1) implementation in Check Point products allows remote attackers to cause a denial of service via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
CVE-2006-0788 1 Kyocera 1 Fs-3830n 2025-04-03 N/A
Kyocera 3830 (aka FS-3830N) printers have a back door that allows remote attackers to read and alter configuration settings via strings that begin with "!R!SIOP0", as demonstrated using (1) a connection to to TCP port 9100 or (2) the UNIX lp command.
CVE-2006-1532 1 Deltascripts 1 Php Classifieds 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in search.php in PHP Classifieds 6.18, 6.20, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the searchword parameter.
CVE-2002-2043 1 Cyrus 1 Sasl 2025-04-03 N/A
SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password.
CVE-2002-2049 1 Dug Song 3 Dsniff, Fragroute, Fragrouter 2025-04-03 N/A
configure for Dsniff 2.3, fragroute 1.2, and fragrouter 1.6, when downloaded from monkey.org on May 17, 2002, has been modified to contain a backdoor, which allows remote attackers to access the system.
CVE-2006-1533 1 Sourceworkshop 1 Newsletter 2025-04-03 N/A
SQL injection vulnerability in newsletter.php in Sourceworkshop newsletter 1.0 allows remote attackers to execute arbitrary SQL commands via the newsletteremail parameter.
CVE-2002-2050 1 Modlogan 1 Modlogan 2025-04-03 N/A
Directory traversal vulnerability in processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used with the splitby option, allows local users to overwrite arbitrary files via a .. (dot dot) in the hostname of a log entry.
CVE-2005-3675 1 Tcp 1 Tcp 2025-04-03 N/A
The Transmission Control Protocol (TCP) allows remote attackers to cause a denial of service (bandwidth consumption) by sending ACK messages for packets that have not yet been received (optimistic ACKs), which can cause the sender to increase its transmission rate until it fills available bandwidth.
CVE-2002-2051 1 Modlogan 1 Modlogan 2025-04-03 N/A
The processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used with the splitby option, allows local users to overwrite arbitrary files via a symlink attack on files specified as hostnames in a log file.
CVE-2002-2060 1 Twibright Labs 1 Links 2025-04-03 N/A
Buffer overflow in Links 2.0 pre4 allows remote attackers to crash client browsers and possibly execute arbitrary code via gamma tables in large 16-bit PNG images.
CVE-2002-2088 1 Mosix Project 1 Clump Os 2025-04-03 N/A
The MOSIX Project clump/os 5.4 creates a default VNC account without a password, which allows remote attackers to gain root access.
CVE-2004-0551 1 Cisco 24 Catalyst 2901, Catalyst 2902, Catalyst 2926 and 21 more 2025-04-03 N/A
Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and 8.3(2)GLX, as used in Catalyst switches, allows remote attackers to cause a denial of service (system crash and reload) by sending invalid packets instead of the final ACK portion of the three-way handshake to the (1) Telnet, (2) HTTP, or (3) SSH services, aka "TCP-ACK DoS attack."
CVE-2002-2101 1 Microsoft 1 Outlook 2025-04-03 N/A
Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag.
CVE-2002-2102 1 Jcraft 1 Jzlib 2025-04-03 N/A
InfBlocks.java in JCraft JZlib before 0.0.7 allow remote attackers to cause a denial of service (NullPointerException) via an invalid block of deflated data.
CVE-2005-3677 1 Realnetworks 1 Realplayer 2025-04-03 N/A
Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote attackers to execute arbitrary code via a crafted image in a RealPlayer Skin (RJS) file. NOTE: due to the lack of details, it is unclear how this is different than CVE-2005-2629 and CVE-2005-2630, but the vendor advisory implies that it is different.
CVE-2005-0037 1 Dnrd 1 Dnrd 2025-04-03 N/A
The DNS implementation of DNRD before 2.10 allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop.