Vulnerabilities > Configuration
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-31 | CVE-2006-6899 | Configuration vulnerability in Bluez Project Bluez hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack. | 5.4 |
| 2006-07-27 | CVE-2006-3677 | Configuration vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution. | 7.5 |
| 2006-06-28 | CVE-2006-3291 | Configuration vulnerability in Cisco IOS 12.3(8)Ja/12.3(8)Ja1 The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote attackers to access the system. | 9.3 |
| 2006-02-22 | CVE-2006-0848 | Configuration vulnerability in Apple mac OS X and mac OS X Server The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension. | 5.1 |
| 2005-12-31 | CVE-2005-4845 | Configuration vulnerability in SUN Java Plug-In 1.4.203/1.4.204 The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the 1.4.2_03 and 1.4.2_04 <applet> redirector controls, allow remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer. | 5.0 |
| 2005-05-02 | CVE-2005-0197 | Configuration vulnerability in Cisco IOS Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Label Switching (MPLS) installed but disabled, allows remote attackers to cause a denial of service (device reload) via a crafted packet sent to the disabled interface. | 6.1 |
| 2004-12-31 | CVE-2004-2760 | Configuration vulnerability in Openbsd Openssh 3.5/3.5P1 sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. | 6.8 |
| 2004-12-31 | CVE-2004-2687 | Configuration vulnerability in multiple products distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks. | 9.3 |
| 2004-12-06 | CVE-2004-0605 | Configuration vulnerability in multiple products Non-registered IRC users using (1) ircd-hybrid 7.0.1 and earlier, (2) ircd-ratbox 1.5.1 and earlier, or (3) ircd-ratbox 2.0rc6 and earlier do not have a rate-limit imposed, which could allow remote attackers to cause a denial of service by repeatedly making requests, which are slowly dequeued. | 5.0 |
| 2003-12-31 | CVE-2003-1457 | Configuration vulnerability in Auerswald Comsuite CTI Controlcenter 3.1 Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositron" user account with an easily guessable password, which allows local users or remote attackers to gain access. | 4.6 |