cpe:/o:microsoft:windows_2000::sp2:professional
cpe:/o:linux:linux_kernel:2.4.4
cpe:/o:microsoft:windows_2000_terminal_services::sp1
cpe:/o:microsoft:windows_2000::sp1:advanced_server
cpe:/o:linux:linux_kernel:2.4.19
cpe:/o:microsoft:windows_2000::sp2:advanced_server
cpe:/o:microsoft:windows_2000_terminal_services
cpe:/o:microsoft:windows_2000:::advanced_server
cpe:/o:linux:linux_kernel:2.4.20
cpe:/o:netbsd:netbsd:1.5.1
cpe:/o:microsoft:windows_2000_terminal_services::sp2
cpe:/o:netbsd:netbsd:1.5.3
cpe:/o:netbsd:netbsd:1.5.2
cpe:/o:linux:linux_kernel:2.4.6
cpe:/o:linux:linux_kernel:2.4.9
cpe:/o:microsoft:windows_2000:::datacenter_server
cpe:/o:netbsd:netbsd:1.6
cpe:/o:netbsd:netbsd:1.5
cpe:/o:linux:linux_kernel:2.4.7
cpe:/o:linux:linux_kernel:2.4.8
cpe:/o:microsoft:windows_2000::sp1:datacenter_server
cpe:/o:microsoft:windows_2000::sp2:datacenter_server
cpe:/o:freebsd:freebsd:4.3
cpe:/o:linux:linux_kernel:2.4.10
cpe:/o:microsoft:windows_2000::sp1:server
cpe:/o:freebsd:freebsd:4.5
cpe:/o:linux:linux_kernel:2.4.12
cpe:/o:freebsd:freebsd:4.2
cpe:/o:freebsd:freebsd:4.7
cpe:/o:freebsd:freebsd:4.4
cpe:/o:freebsd:freebsd:4.6
cpe:/o:microsoft:windows_2000::sp2:server
cpe:/o:linux:linux_kernel:2.4.18
cpe:/o:linux:linux_kernel:2.4.1
cpe:/o:linux:linux_kernel:2.4.15
cpe:/o:microsoft:windows_2000:::server
cpe:/o:linux:linux_kernel:2.4.17
cpe:/o:linux:linux_kernel:2.4.14
cpe:/o:linux:linux_kernel:2.4.2
cpe:/o:microsoft:windows_2000:::professional
cpe:/o:linux:linux_kernel:2.4.11
cpe:/o:linux:linux_kernel:2.4.5
cpe:/o:linux:linux_kernel:2.4.16
cpe:/o:microsoft:windows_2000::sp1:professional
cpe:/o:linux:linux_kernel:2.4.13
cpe:/o:linux:linux_kernel:2.4.3
CVE-2003-0001
2003-01-17T00:00:00.000-05:00
2015-11-24T13:05:47.073-05:00
5.0
NETWORK
LOW
NONE
PARTIAL
NONE
NONE
http://nvd.nist.gov
2015-11-24T12:23:33.593-05:00
CERT-VN
VU#412115
BUGTRAQ
20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE
BUGTRAQ
20030117 Re: More information regarding Etherleak
BUGTRAQ
20030106 Etherleak: Ethernet frame padding information leakage (A010603-1)
REDHAT
RHSA-2003:088
REDHAT
RHSA-2003:025
OSVDB
9962
CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
MISC
http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf
ATSTAKE
A010603-1
FULLDISC
20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE
MISC
http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html
BUGTRAQ
20030110 More information regarding Etherleak
VULNWATCH
20030110 More information regarding Etherleak
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
cpe:/a:tcp:tcp
CVE-2004-0230
2004-08-18T00:00:00.000-04:00
2015-11-24T13:06:40.597-05:00
5.0
NETWORK
LOW
NONE
NONE
NONE
PARTIAL
http://nvd.nist.gov
2015-11-24T12:17:30.930-05:00
CERT
TA04-111A
CERT-VN
VU#415294
CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10053
XF
tcp-rst-dos(15886)
VUPEN
ADV-2006-3983
MISC
http://www.uniras.gov.uk/vuls/2004/236929/index.htm
BID
10183
BUGTRAQ
20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE
HP
SSRT061264
OSVDB
4030
CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
MS
MS06-064
MS
MS05-019
CISCO
20040420 TCP Vulnerabilities in Multiple IOS-Based Cisco Products
FULLDISC
20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE
MISC
http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html
HP
SSRT4696
BUGTRAQ
20040425 Perl code exploting TCP not checking RST ACK.
CONFIRM
http://kb.juniper.net/JSA10638
SGI
20040403-01-A
SCO
SCOSA-2005.14
SCO
SCOSA-2005.9
SCO
SCOSA-2005.3
NETBSD
NetBSD-SA2004-006
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
cpe:/a:vastal:phpvid:1.1
cpe:/a:vastal:phpvid:1.2
CVE-2008-2335
2008-05-19T09:20:00.000-04:00
2015-11-24T11:45:25.057-05:00
4.3
NETWORK
MEDIUM
NONE
NONE
PARTIAL
NONE
http://nvd.nist.gov
2015-11-24T10:50:05.737-05:00
XF
phpvid-query-xss(42450)
VUPEN
ADV-2008-2552
BID
29238
MILW0RM
6422
EXPLOIT-DB
27519
MISC
http://tetraph.com/security/xss-vulnerability/vastal-i-tech-phpvid-1-2-3-multiple-xss-cross-site-scripting-security-vulnerabilities/
FULLDISC
20150310 Vastal I-tech phpVID 1.2.3 Multiple XSS (Cross-site Scripting) Security Vulnerabilities
MISC
http://packetstormsecurity.com/files/130755/Vastal-I-tech-phpVID-1.2.3-Cross-Site-Scripting.html
MISC
http://packetstormsecurity.com/files/122746/PHP-VID-XSS-SQL-Injection-CRLF-Injection.html
OSVDB
45171
MISC
http://holisticinfosec.org/content/view/65/45/
Cross-site scripting (XSS) vulnerability in search_results.php in Vastal I-Tech phpVID 1.1 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 1.2.3 is also affected.
cpe:/a:redhat:enterprise_virtualization:3.5
cpe:/a:jasper_project:jasper:1.900.1
CVE-2008-3522
2008-10-02T14:18:05.790-04:00
2015-11-24T11:46:04.933-05:00
10.0
NETWORK
LOW
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2015-11-24T10:05:46.467-05:00
ALLOWS_ADMIN_ACCESS
XF
jasper-jasstreamprintf-bo(45623)
UBUNTU
USN-742-1
BID
31470
MANDRIVA
MDVSA-2009:164
MANDRIVA
MDVSA-2009:144
MANDRIVA
MDVSA-2009:142
GENTOO
GLSA-200812-18
REDHAT
RHSA-2015:0698
MISC
http://bugs.gentoo.org/show_bug.cgi?id=222819
MISC
http://bugs.gentoo.org/attachment.cgi?id=163282&action=view
Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.
cpe:/o:canonical:ubuntu_linux:10.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:8.04:-:lts
cpe:/o:canonical:ubuntu_linux:10.10
cpe:/a:sun:openoffice.org:2.1.0
cpe:/a:sun:openoffice.org:2.3.0
cpe:/a:sun:openoffice.org:2.2.1
CVE-2009-3301
2010-02-16T14:30:00.533-05:00
2015-11-17T10:59:44.723-05:00
9.3
NETWORK
MEDIUM
NONE
COMPLETE
COMPLETE
COMPLETE
http://nvd.nist.gov
2015-11-17T10:02:50.097-05:00
CERT
TA10-287A
CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=533038
XF
openoffice-word-sprmtdeftable-bo(56240)
VUPEN
ADV-2010-2905
VUPEN
ADV-2010-0635
VUPEN
ADV-2010-0366
UBUNTU
USN-903-1
BID
38218
REDHAT
RHSA-2010:0101
CONFIRM
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
CONFIRM
http://www.openoffice.org/security/cves/CVE-2009-3301-3302.html
CONFIRM
http://www.openoffice.org/security/bulletin.html
MANDRIVA
MDVSA-2010:221
GENTOO
GLSA-201408-19
DEBIAN
DSA-1995
SECTRACK
1023591
SUSE
SUSE-SA:2010:017
Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document.
CVE-2015-8330
2015-11-24T15:59:25.897-05:00
2015-11-24T15:59:26.930-05:00
MISC
https://www.onapsis.com/blog/analyzing-sap-security-notes-november-2015
MISC
http://erpscan.com/advisories/erpscan-15-032-sap-pco-agent-dos-vulnerability/
The PCo agent in SAP Plant Connectivity (PCo) allows remote attackers to cause a denial of service (memory corruption and agent crash) via crafted xMII requests, aka SAP Security Note 2238619.
cpe:/o:debian:debian_linux:8.0
cpe:/a:littlecms:little_cms_color_engine
cpe:/o:novell:leap:42.1
CVE-2016-10165
2017-02-03T14:59:00.177-05:00
2017-02-09T10:05:10.670-05:00
5.8
NETWORK
MEDIUM
NONE
PARTIAL
NONE
PARTIAL
http://nvd.nist.gov
2017-02-08T12:23:39.653-05:00
SUSE
openSUSE-SU-2017:0336
DEBIAN
DSA-3774
MLIST
[oss-security] 20170125 Re: CVE MLIST:[oss-security] 20170123 CVE request: lcms2 heap OOB read parsing crafted ICC profile
MLIST
[oss-security] 20170125 Re: CVE request: lcms2 heap OOB read parsing crafted ICC profile
BID
95808
CONFIRM
https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.