Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-09-18 | CVE-2007-3010 | Unspecified vulnerability in Al-Enterprise Omnipcx Enterprise Communication Server masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action. | 9.8 |
| 2007-07-16 | CVE-2007-3798 | Unchecked Return Value vulnerability in multiple products Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value. | 9.8 |
| 2007-03-02 | CVE-2006-7079 | Improper Control of Dynamically-Managed Code Resources vulnerability in Exv2 Content Management System Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code by modifying the $xoopsOption['pagetype'] variable. | 9.8 |
| 2007-02-03 | CVE-2007-0681 | Insufficiently Protected Credentials vulnerability in Extcalendar Project Extcalendar 2 profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php. | 9.8 |
| 2005-11-02 | CVE-2005-3435 | Insufficiently Protected Credentials vulnerability in Archilles Newsworld 1.3.0 admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another Newsworld vulnerability, and specifying the hash in the pwd argument. | 9.8 |
| 2005-10-17 | CVE-2005-3120 | Incorrect Calculation of Buffer Size vulnerability in multiple products Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters. | 9.8 |
| 2005-09-02 | CVE-2005-2773 | Unspecified vulnerability in HP Openview Network Node Manager HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl. | 9.8 |
| 2005-08-16 | CVE-2005-2103 | Incorrect Calculation of Buffer Size vulnerability in Gaim Project Gaim 0.75 Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM substitution strings, such as %t or %n. | 9.8 |
| 2005-07-18 | CVE-2005-1689 | Double Free vulnerability in multiple products Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions. | 9.8 |
| 2005-05-24 | CVE-2005-1744 | Incomplete Cleanup vulnerability in BEA Weblogic Server BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings. | 9.8 |