Vulnerabilities (CVE)

CWE filter

CWE-20

Filter

7801 total CVE
CVE Vendors Products Updated CVSS
CVE-2002-1979 1 Watchguard 3 Soho, Vclass, Legacy Rssa 2009-04-03 7.5
WatchGuard SOHO products running firmware 5.1.6 and earlier, and Vclass/RSSA using 3.2 SP1 and earlier, allows remote attackers to bypass firewall rules by sending a PASV command string as the argument of another command to an FTP server, which...
CVE-2009-1082 1 Sun 1 Java System Identity Manager 2009-03-25 9.0
Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows remote authenticated users to gain privileges by submitting crafted commands to the Admin Console, as demonstrated by privileges for account creation and other administrative...
CVE-2009-0027 1 Redhat 1 Jboss Enterprise Application Platform 2009-03-21 5.0
The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom...
CVE-2009-0609 1 Sun 1 Java System Directory Server 2009-02-18 7.8
Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3, when a JDBC data source is used, does not properly handle (1) a long value in an ADD or (2) long string attributes, which allows remote...
CVE-2003-1569 1 Goahead 1 Goahead Webserver 2009-02-09 5.0
GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different...
CVE-2003-1568 2 Goahead Software, Goahead 2 Goahead Webserver, Goahead Webserver 2009-02-09 5.0
GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an invalid URL, related to the websSafeUrl function.
CVE-2002-2429 1 Goahead 1 Goahead Webserver 2009-02-06 5.0
webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request that contains a negative integer in the Content-Length header.
CVE-2008-6058 1 Syslserve 1 Syslserve 2009-02-05 5.0
Syslserve 1.058 and earlier, and probably 1.059, allows remote attackers to cause a denial of service (hang) via a crafted UDP Syslog packet.
CVE-2008-4641 1 Sentex 1 Jhead 2008-12-03 10.0
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input.
CVE-2008-4640 1 Sentex 1 Jhead 2008-12-03 3.6
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a...
CVE-2007-6689 1 Menalto 1 Gallery 2008-11-15 7.5
Menalto Gallery before 2.2.4 does not properly check for malicious file extensions during file uploads, which allows attackers to execute arbitrary code via the (1) Core application or (2) MIME module.
CVE-2007-6218 1 Ossigeno 1 Cms 2008-11-15 5.0
Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 pre1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) level parameter to (a) install_module.php and (b) uninstall_module.php in...
CVE-2007-6094 1 Ingate 2 Ingate Siparator, Ingate Firewall 2008-11-15 4.3
The IPsec module in the VPN component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (module crash) via an IPsec Phase 2 proposal that lacks Perfect Forward Secrecy (PFS).
CVE-2007-6093 1 Ingate 2 Ingate Siparator, Ingate Firewall 2008-11-15 7.1
The SRTP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (kernel crash) via an RTCP index that is "much more than expected."
CVE-2007-6010 1 Pioneers 1 Pioneers 2008-11-15 7.8
Unspecified vulnerability in pioneers (formerly gnocatan) 0.11.3 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors that trigger an assert error. NOTE: this issue reportedly exists because of an...
CVE-2007-5832 1 Ssl-explorer 1 Ssl-explorer 2008-11-15 7.5
Unspecified vulnerability in selectLanguage.do in SSL-Explorer before 0.2.15 allows remote attackers to inject (1) headers or (2) body data in an HTTP transaction, a different vulnerability than CVE-2007-2907. NOTE: some of these details are...
CVE-2007-5830 1 Avaya 2 Messaging Storage Server, Message Networking 2008-11-15 7.8
Unspecified vulnerability in the administrative interface in Avaya Messaging Storage Server (MSS) 3.1 before SP1, and Message Networking (MN) 3.1, allows remote attackers to cause a denial of service via unspecified vectors related to "input validation."
CVE-2007-5563 1 Virtuemart 1 Virtuemart 2008-11-15 7.5
Unspecified vulnerability in VirtueMart before 1.0.13 allows remote attackers to execute arbitrary PHP code via unspecified vectors.
CVE-2007-5375 1 Sun 1 Java Virtual Machine 2008-11-15 2.6
Interpretation conflict in the Sun Java Virtual Machine (JVM) allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML...
CVE-2007-5258 1 Phpfreelog 1 Phpfreelog 2008-11-15 7.5
PHP remote file inclusion vulnerability in log.php in phpFreeLog alpha 0.2.0 allows remote attackers to include and execute arbitrary files via unspecified vectors. NOTE: the original disclosure is likely erroneous.