High · CVSS 7.8 · CISA KEV
smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.
Published Apr 2, 2003 · Updated Oct 22, 2025
Unknown · CVSS Not scored
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
Published Nov 11, 2021 · Updated Feb 13, 2025
Medium · CVSS 5.5
Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods.
Published Jun 28, 2005 · Updated Jan 16, 2025
Critical · CVSS 9.8
Off-by-one buffer overflow in the sock_gets function in sockhelp.c for ATPhttpd 0.4b and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
Published Jun 28, 2005 · Updated Jan 16, 2025
High · CVSS 7.8
ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services.
Published Jun 28, 2005 · Updated Jan 16, 2025
High · CVSS 7.5
PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.
Published Apr 22, 2005 · Updated Jan 16, 2025
High · CVSS 7.5
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta.
Published Sep 1, 2004 · Updated Jan 16, 2025
Critical · CVSS 9.8
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.
Published Apr 2, 2003 · Updated Jan 16, 2025
High · CVSS 7.8
Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access.
Published Jun 25, 2002 · Updated Jan 16, 2025
High · CVSS 7.5
Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some mail clients.
Published Jun 11, 2002 · Updated Jan 16, 2025
Medium · CVSS 5.4
The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand(), which is not a strong random number generator, for cryptographic keys.
Published Jan 2, 2025 · Updated Jan 6, 2025
Unknown · CVSS Not scored
Belkin F5D6130 Wireless Network Access Point running firmware AP14G8 allows remote attackers to cause a denial of service (connection loss) by sending several SNMP GetNextRequest requests.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in Cisco PIX Firewall 5.2.x to 5.2.8, 6.0.x to 6.0.3, 6.1.x to 6.1.3, and 6.2.x to 6.2.1 allows remote attackers to cause a denial of service via HTTP traffic authentication using (1) TACACS+ or (2) RADIUS.
Published Nov 16, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp.
Published Jul 14, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in QNX RTOS 4.25 may allow attackers to execute arbitrary code via long filename arguments to (1) Watcom or (2) int10.
Published Aug 5, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in the goim handler of AOL Instant Messenger (AIM) 4.4 through 4.8.2616 allows remote attackers to cause a denial of service (crash) via escaping of the screen name parameter, which triggers the overflow when the user selects "Get Info" on the buddy.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote attackers to cause a denial of service in IIS via (1) a long template file name or (2) a long HTTP header.
Published Jul 14, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown impact and attack vectors related to "unsafe use of temporary files."
Published Oct 31, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Sun AnswerBook2 1.2 through 1.4.2 allows remote attackers to execute administrative scripts such as (1) AdminViewError and (2) AdminAddadmin via a direct request.
Published Nov 1, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Lil' HTTP server 2.1 and 2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request.
Published Jul 14, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Pirch and RusPirch, when auto-log is enabled, allows remote attackers to cause a denial of service (crash) via a nickname containing an MS-DOS device name such as AUX, which is inserted into a filename for saving queries.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Hyper NIKKI System (HNS) Lite before 0.9 and HNS before 2.10-pl2 allows remote attackers to inject arbitrary web script or HTML.
Published Aug 5, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Perception LiteServe 2.0 through 2.0.1 allows remote attackers to obtain the source code of CGI scripts via an HTTP request with a trailing dot (".").
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in IceWarp Web Mail 3.3.3 and 3.4.5 allows remote attackers to inject arbitrary web script or HTML via the "Full Name" (addressname) parameter.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information.
Published Nov 1, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Sapio Design Ltd. WebReflex 1.53 allows remote attackers to read arbitrary files via a .. in an HTTP request.
Published Oct 14, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid root if the pkgmap file contains a "?" (question mark) in the (1) mode, (2) owner, or (3) group fields, which allows attackers to elevate privileges.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.
Published Dec 7, 2011 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unknown vulnerability in WesMo phpEventCalendar 1.1 allows remote attackers to execute arbitrary commands via unknown attack vectors.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP POST request that contains a Content-Length header but no body data.
Published Feb 6, 2009 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag.
Published Aug 5, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail.
Published Oct 26, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603.
Published Feb 6, 2009 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Zeroo web server 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL GET request.
Published Nov 1, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Internet Explorer 6.0 does not warn users when an expired certificate authority (CA) certificate is submitted to the user and a newer CA certificate is in the user's local repository, which could allow remote attackers to decrypt web sessions via a man-in-the-middle (MITM) attack.
Published Nov 16, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, allows local users to execute arbitrary code via a long (1) -f or (2) -o command line argument.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The web server for Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (CPU consumption) by sending incomplete HTTP requests and leaving the connections open.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in mojo.cgi for Mojo Mail 2.7 allows remote attackers to inject arbitrary web script via the email parameter.
Published Nov 16, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The default configuration of Xerox DocuTech 6110 and DocuTech 6115 running Solaris 8.0 has a large number of unnecessary services enabled such as RPC and sprayd, which could allow remote attackers to obtain access to the device.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
index.php in Py-Membres 3.1 allows remote attackers to log in as an administrator by setting the pymembs parameter to "admin".
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing.
Published Jul 14, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
Published Aug 5, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the source code of .JSP files via Unicode encoded character values in a URL.
Published Nov 16, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
OpenBSD before 3.2 allows local users to cause a denial of service (kernel crash) via a call to getrlimit(2) with invalid arguments, possibly due to an integer signedness error.
Published Nov 16, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Trend Micro InterScan VirusWall for Windows NT 3.52 does not record the sender's IP address in the headers for a mail message when it is passed from VirusWall to the MTA, which allows remote attackers to hide the origin of the message.
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass the HTTP_REFERER check and conduct unauthorized activities via (1) a blank referer, (2) a spoofed referer with a trusted domain/URL after the beginning of the referer, or (3) a spoofed referer with a trusted domain/URL in the beginning (hostname) portion of the referer.
Published Aug 5, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Pramati Server 3.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
Published Jun 28, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not delete the duplicate ISAKMP SAs for a user's VPN session, which allows local users to hijack a session via a man-in-the-middle attack.
Published Nov 16, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts.
Published Nov 1, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected.
Published Jan 14, 2004 · Updated Sep 17, 2024