· 6 years ago · Jul 20, 2019, 06:33 AM
1#######################################################################################################################################
2========================================================================================================================================
3Hostname teen18topic.com ISP Serverius Holding B.V.
4Continent Europe Flag
5NL
6Country Netherlands Country Code NL
7Region Unknown Local time 20 Jul 2019 06:40 CEST
8City Unknown Postal Code Unknown
9IP Address 37.1.201.205 Latitude 52.382
10 Longitude 4.9
11=======================================================================================================================================
12##################################################################################################################################
13> teen18topic.com
14Server: 185.93.180.131
15Address: 185.93.180.131#53
16
17Non-authoritative answer:
18Name: teen18topic.com
19Address: 37.1.201.205
20>
21######################################################################################################################################
22 Domain Name: TEEN18TOPIC.COM
23 Registry Domain ID: 2020136984_DOMAIN_COM-VRSN
24 Registrar WHOIS Server: whois.danesconames.com
25 Registrar URL: http://www.danesconames.com
26 Updated Date: 2019-04-08T22:21:24Z
27 Creation Date: 2016-04-08T19:24:42Z
28 Registry Expiry Date: 2020-04-08T19:24:42Z
29 Registrar: Danesco Trading Ltd.
30 Registrar IANA ID: 1418
31 Registrar Abuse Contact Email: abuse@danesconames.com
32 Registrar Abuse Contact Phone: +357.95713635
33 Domain Status: ok https://icann.org/epp#ok
34 Name Server: NS1.TEEN18TOPIC.COM
35 Name Server: NS2.TEEN18TOPIC.COM
36 DNSSEC: unsigned
37#####################################################################################################################################
38Domain Name: TEEN18TOPIC.COM
39Registry Domain ID:
40Registrar WHOIS Server: whois.danesconames.com
41Registrar URL: https://danesconames.com/
42Updated Date: 2019-04-08 22:22:21.853081
43Creation Date: 2016-04-08
44Registrar Registration Expiration Date: 2020-04-08
45Registrar: DANESCO TRADING LTD
46Registrar IANA ID: 1418
47Registrar Abuse Contact Email: abuse@danesconames.com
48Registrar Abuse Contact Phone: +357.95713635
49Reseller: AHnames.com https://www.AHnames.com/
50Domain Status: ok
51Registry Registrant ID: MR_8318012WP
52Registrant Name: WhoisProtectService.net
53Registrant Organization: PROTECTSERVICE, LTD.
54Registrant Street: Agios Fylaxeos 66 and Chr. Perevou 2, Kalia Court, off. 601
55Registrant City: Limassol
56Registrant State/Province:
57Registrant Postal Code: 3025
58Registrant Country: Cyprus
59Registrant Phone: +357.95713635
60Registrant Phone Ext:
61Registrant Fax: +357.95713635
62Registrant Fax Ext:
63Registrant Email: teen18topic.com@whoisprotectservice.net
64Registry Admin ID: MR_8318012WP
65Admin Name: WhoisProtectService.net
66Admin Organization: PROTECTSERVICE, LTD.
67Admin Street: Agios Fylaxeos 66 and Chr. Perevou 2, Kalia Court, off. 601
68Admin City: Limassol
69Admin State/Province:
70Admin Postal Code: 3025
71Admin Country: Cyprus
72Admin Phone: +357.95713635
73Admin Phone Ext:
74Admin Fax: +357.95713635
75Admin Fax Ext:
76Admin Email: teen18topic.com@whoisprotectservice.net
77Registry Tech ID: MR_8318012WP
78Tech Name: WhoisProtectService.net
79Tech Organization: PROTECTSERVICE, LTD.
80Tech Street: Agios Fylaxeos 66 and Chr. Perevou 2, Kalia Court, off. 601
81Tech City: Limassol
82Tech State/Province:
83Tech Postal Code: 3025
84Tech Country: Cyprus
85Tech Phone: +357.95713635
86Tech Phone Ext:
87Tech Fax: +357.95713635
88Tech Fax Ext:
89Tech Email: teen18topic.com@whoisprotectservice.net
90Registry Billing ID: MR_8318012WP
91Billing Name: WhoisProtectService.net
92Billing Organization: PROTECTSERVICE, LTD.
93Billing Street: Agios Fylaxeos 66 and Chr. Perevou 2, Kalia Court, off. 601
94Billing City: Limassol
95Billing State/Province:
96Billing Postal Code: 3025
97Billing Country: Cyprus
98Billing Phone: +357.95713635
99Billing Phone Ext:
100Billing Fax: +357.95713635
101Billing Fax Ext:
102Billing Email: teen18topic.com@whoisprotectservice.net
103Name Server: NS2.TEEN18TOPIC.COM
104Name Server: NS1.TEEN18TOPIC.COM
105DNSSEC: unsigned
106#######################################################################################################################################
107[+] Target : teen18topic.com
108
109[+] IP Address : 37.1.201.205
110
111[+] Headers :
112
113[+] Server : nginx
114[+] Date : Sat, 20 Jul 2019 04:49:56 GMT
115[+] Content-Type : text/html; charset=UTF-8
116[+] Transfer-Encoding : chunked
117[+] Connection : keep-alive
118[+] Keep-Alive : timeout=60
119[+] X-Powered-By : PHP/5.4.45
120[+] Content-Encoding : gzip
121
122[+] SSL Certificate Information :
123
124[-] SSL is not Present on Target URL...Skipping...
125
126[+] Whois Lookup :
127
128[+] NIR : None
129[+] ASN Registry : ripencc
130[+] ASN : 50673
131[+] ASN CIDR : 37.1.200.0/21
132[+] ASN Country Code : UA
133[+] ASN Date : 2011-12-13
134[+] ASN Description : SERVERIUS-AS, NL
135[+] cidr : 37.1.200.0/21
136[+] name : INFERNO-NL-DE
137[+] handle : ISPR1-RIPE
138[+] range : 37.1.200.0 - 37.1.207.255
139[+] description : ********************************************************
140* As ISP we provide IP transit and bandwidth services.
141*
142* Those services are self managed by our customers
143* therefore, we are not using this IP space ourselves
144* and it could be assigned to various end customers.
145* In case of issues related with SPAM, Fraud, Phishing
146* DDoS, port scans or others, feel free to contact us
147* with relevant info. Abuse email: abuse@ispiria.net
148[+] country : NL
149[+] state : None
150[+] city : None
151[+] address : 5792 Saint Thomas Street, Suite 303, Belize City, Belize
152[+] postal_code : None
153[+] emails : ['abuse@ispiria.net', 'support@ispiria.net', 'sales@ispiria.net']
154[+] created : 2011-12-13T12:45:15Z
155[+] updated : 2018-05-03T11:48:30Z
156
157[+] Crawling Target...
158
159[+] Looking for robots.txt........[ Found ]
160[+] Extracting robots Links.......[ 0 ]
161[+] Looking for sitemap.xml.......[ Not Found ]
162[+] Extracting CSS Links..........[ 5 ]
163[+] Extracting Javascript Links...[ 0 ]
164[+] Extracting Internal Links.....[ 23 ]
165[+] Extracting External Links.....[ 0 ]
166[+] Extracting Images.............[ 23 ]
167
168[+] Total Links Extracted : 51
169
170[+] Dumping Links in /opt/FinalRecon/dumps/teen18topic.com.dump
171[+] Completed!
172#######################################################################################################################################
173[+] Starting At 2019-07-20 00:50:08.241326
174[+] Collecting Information On: http://teen18topic.com/
175[#] Status: 200
176--------------------------------------------------
177[#] Web Server Detected: nginx
178[#] X-Powered-By: PHP/5.4.45
179[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
180- Server: nginx
181- Date: Sat, 20 Jul 2019 04:50:06 GMT
182- Content-Type: text/html; charset=UTF-8
183- Transfer-Encoding: chunked
184- Connection: keep-alive
185- Keep-Alive: timeout=60
186- X-Powered-By: PHP/5.4.45
187- Content-Encoding: gzip
188--------------------------------------------------
189[#] Finding Location..!
190[#] as: AS50673 Serverius Holding B.V.
191[#] city: Dronten
192[#] country: Netherlands
193[#] countryCode: NL
194[#] isp: 3NT Hosting Network
195[#] lat: 52.5347
196[#] lon: 5.72181
197[#] org: 3NT Solutions LLP
198[#] query: 37.1.201.205
199[#] region: FL
200[#] regionName: Flevoland
201[#] status: success
202[#] timezone: Europe/Amsterdam
203[#] zip: 8254
204--------------------------------------------------
205[x] Didn't Detect WAF Presence on: http://teen18topic.com/
206--------------------------------------------------
207[#] Starting Reverse DNS
208[!] Found 10 any Domain
209- cute18list.com
210- teen18.pro
211- teen18forum.com
212- teen18galls.com
213- teen18mix.com
214- teen18topic.com
215- teenarea18.com
216- teencutex.com
217- www.cutelils.info
218- xteenforum.com
219--------------------------------------------------
220[!] Scanning Open Port
221[#] 21/tcp open ftp
222[#] 22/tcp open ssh
223[#] 80/tcp open http
224[#] 110/tcp open pop3
225[#] 143/tcp open imap
226[#] 465/tcp open smtps
227[#] 587/tcp open submission
228[#] 993/tcp open imaps
229[#] 995/tcp open pop3s
230[#] 2525/tcp open ms-v-worlds
231[#] 3306/tcp open mysql
232[#] 5432/tcp open postgresql
233[#] 8083/tcp open us-srv
234--------------------------------------------------
235[+] Collecting Information Disclosure!
236[#] Detecting sitemap.xml file
237[-] sitemap.xml file not Found!?
238[#] Detecting robots.txt file
239[!] robots.txt File Found: http://teen18topic.com//robots.txt
240[#] Detecting GNU Mailman
241[-] GNU Mailman App Not Detected!?
242--------------------------------------------------
243[+] Crawling Url Parameter On: http://teen18topic.com/
244--------------------------------------------------
245[#] Searching Html Form !
246[+] Html Form Discovered
247[#] action: ./freesites/cgi/out.php?link=Free Galleries
248[#] class: None
249[#] id: jumpbox
250[#] method: post
251--------------------------------------------------
252[-] No DOM Paramter Found!?
253--------------------------------------------------
254[!] 161 Internal Dynamic Parameter Discovered
255[+] http://teen18topic.com//./freesites/cgi/out.php?link=logo
256[+] http://teen18topic.com//./freesites/cgi/out.php?link=Little Cuties
257[+] http://teen18topic.com//./freesites/cgi/out.php?link=find
258[+] http://teen18topic.com//./freesites/cgi/out.php?link=Little Kitties 5 G.b
259[+] http://teen18topic.com//./freesites/cgi/out.php?link=Young Tabooo
260[+] http://teen18topic.com//./freesites/cgi/out.php?link=Cute Forum - Topics
261[+] http://teen18topic.com//./freesites/cgi/out.php?link=Little NN Models 12 m.b
262[+] http://teen18topic.com//./freesites/cgi/out.php?link=Cute Kitties
263[+] http://teen18topic.com//./freesites/cgi/out.php?member=signup
264[+] http://teen18topic.com//./freesites/cgi/out.php?link=Little BBS Forum
265[+] http://teen18topic.com//./freesites/cgi/out.php?link=post_topic
266[+] http://teen18topic.com//./freesites/cgi/out.php?link=xxx1
267[+] http://teen18topic.com//./freesites/cgi/out.php?link=2
268[+] http://teen18topic.com//viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a3xxx&gallery=Family Daddy Secrets 11 m.b Photos&p=0
269[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex5
270[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex6
271[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex7
272[+] http://teen18topic.com//viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a1414xx33x&gallery=Little Masha + Small Dasha - 8 M.b Photos&p=0
273[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex5
274[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex6
275[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex7
276[+] http://teen18topic.com//viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a186xxx&gallery=Little Daughter & Old Dad Topics&p=0
277[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex5
278[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex6
279[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex7
280[+] http://teen18topic.com//viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a1412s2xx3x&gallery=Teen Kittie + Perverted Father Movies&p=0
281[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex5
282[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex6
283[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex7
284[+] http://teen18topic.com//viewtopic/out.php?l=0.2.0.7.0&u=freesites/cgi/out.php?link=Father + Daughter ( 874 Photos & 12 Videos)&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a11xxx&gallery=Father + Daughter ( 874 Photos & 12 Videos)&p=0
285[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex5
286[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex6
287[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex7
288[+] http://teen18topic.com//viewtopic/out.php?l=0.1.4.25.21&u=freesites/cgi/out.php?link=Little Vaginas + Tiny Clits 7 M.b Images&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a1422s2xx3x&gallery=Little Vaginas + Tiny Clits 7 M.b Images&p=0
289[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex5
290[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex6
291[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex7
292[+] http://teen18topic.com//viewtopic/out.php?l=0.1.5.24.20&u=freesites/cgi/out.php?link=Dad + Small Daughters (Forbidden Love)&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a14222xx3x&gallery=Dad + Small Daughters (Forbidden Love)&p=0
293[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex5
294[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex6
295[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex7
296[+] http://teen18topic.com//viewtopic/out.php?l=0.1.6.20.16&u=freesites/cgi/out.php?link=Small Pussy Collection Forum 7 G.b Photos&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a12rrxxx&gallery=Small Pussy Collection Forum 7 G.b Photos&p=0
297[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex5
298[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex6
299[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex7
300[+] http://teen18topic.com//viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a1313xxx&gallery=Hottest Little Content - 12 G.b&p=0
301[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex5
302[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex6
303[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex7
304[+] http://teen18topic.com//viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a144x7x3x&gallery=Younest Girls in sexy Lingerie Forum&p=0
305[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex5
306[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex6
307[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex7
308[+] http://teen18topic.com//viewtopic/out.php?l=0.1.9.22.18&u=freesites/cgi/out.php?link=Cruel Dad + Tiny Daughter Sexual Punishment&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a12rd2xxx&gallery=Cruel Dad + Tiny Daughter Sexual Punishment&p=0
309[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex5
310[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex6
311[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex7
312[+] http://teen18topic.com//viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a14xxx&gallery=Little NUDIST Topic - 7 M.b Photos&p=0
313[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex5
314[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex6
315[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex7
316[+] http://teen18topic.com//viewtopic/out.php?l=0.1.11.2.3&u=freesites/cgi/out.php?link=Young Tabooo Links + 7 M.b + Small Kitties&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a2xxx&gallery=Young Tabooo Links + 7 M.b + Small Kitties&p=0
317[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex5
318[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex6
319[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex7
320[+] http://teen18topic.com//viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a7xxx&gallery=NN Models 8 m.b Archives&p=0
321[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex5
322[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex6
323[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex7
324[+] http://teen18topic.com//viewtopic/out.php?l=0.1.13.4.5&u=freesites/cgi/out.php?link=Forbidden Love :: Photo & Video Sharing&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a4xxx&gallery=Forbidden Love :: Photo & Video Sharing&p=0
325[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex5
326[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex6
327[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex7
328[+] http://teen18topic.com//viewtopic/out.php?l=0.1.14.19.15&u=freesites/cgi/out.php?link=Family RAPE Topics - 14 Video Tapes&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a1rrxxx&gallery=Family RAPE Topics - 14 Video Tapes&p=0
329[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex5
330[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex6
331[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex7
332[+] http://teen18topic.com//viewtopic/out.php?l=0.1.15.30.25&u=freesites/cgi/out.php?link=NN Julia + Tiny Vika + Cute Dasha&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a144x7x33x&gallery=NN Julia + Tiny Vika + Cute Dasha&p=0
333[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex5
334[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex6
335[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex7
336[+] http://teen18topic.com//viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a183xxx&gallery=Sister + Brother Sex Tapes&p=0
337[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex5
338[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex6
339[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex7
340[+] http://teen18topic.com//viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a15xxx&gallery=Family Taboo Sex - Dad & Daughter Forum&p=0
341[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex5
342[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex6
343[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex7
344[+] http://teen18topic.com//viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a1xxx&gallery=Little Cuties DVDrip 8 Gb&p=0
345[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex5
346[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex6
347[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex7
348[+] http://teen18topic.com//viewtopic/out.php?l=0.1.19.21.17&u=freesites/cgi/out.php?link=Cute Daughters + MOM + DAD Forum&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a12rrxxxx&gallery=Cute Daughters + MOM + DAD Forum&p=0
349[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex5
350[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex6
351[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex7
352[+] http://teen18topic.com//viewtopic/out.php?l=0.2.1.8.0&u=freesites/cgi/out.php?link=Young NUDIST & NATURIST :: Home Tapes&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a12xxx&gallery=Young NUDIST & NATURIST :: Home Tapes&p=0
353[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex5
354[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex5
355[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex5
356[+] http://teen18topic.com//viewtopic/out.php?l=0.1.20.15.12.t&u=freesites/cgi/out.php?link=NN Models in Lingerie&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a133xxx&gallery=NN Models in Lingerie&p=0
357[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex5
358[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex6
359[+] http://teen18topic.com//./freesites/cgi/out.php?link=sex7
360[+] http://teen18topic.com///freesites/cgi/out.php?member=pinkteens.club
361[+] http://teen18topic.com///freesites/cgi/out.php?member=teenxxxforum.com
362[+] http://teen18topic.com///freesites/cgi/out.php?member=teenxxx18.com
363[+] http://teen18topic.com///freesites/cgi/out.php?member=cuties18.info
364[+] http://teen18topic.com///freesites/cgi/out.php?member=sexy18teens.pro
365[+] http://teen18topic.com///freesites/cgi/out.php?member=xteenforum.com
366[+] http://teen18topic.com///freesites/cgi/out.php?member=18teencuties.club
367[+] http://teen18topic.com///freesites/cgi/out.php?member=signup
368[+] http://teen18topic.com///freesites/cgi/out.php?member=signup
369[+] http://teen18topic.com///freesites/cgi/out.php?member=signup
370[+] http://teen18topic.com///freesites/cgi/out.php?member=signup
371[+] http://teen18topic.com///freesites/cgi/out.php?member=signup
372[+] http://teen18topic.com///freesites/cgi/out.php?member=signup
373[+] http://teen18topic.com///freesites/cgi/out.php?member=signup
374[+] http://teen18topic.com///freesites/cgi/out.php?member=signup
375[+] http://teen18topic.com///freesites/cgi/out.php?member=signup
376[+] http://teen18topic.com///freesites/cgi/out.php?member=signup
377[+] http://teen18topic.com///freesites/cgi/out.php?member=adultteens.info
378[+] http://teen18topic.com///freesites/cgi/out.php?member=teenforumx.com
379[+] http://teen18topic.com///freesites/cgi/out.php?member=dirtyteenxxx.com
380[+] http://teen18topic.com///freesites/cgi/out.php?member=wetteens.top
381[+] http://teen18topic.com///freesites/cgi/out.php?member=nudist18.mobi
382[+] http://teen18topic.com///freesites/cgi/out.php?member=teenplanet.info
383[+] http://teen18topic.com///freesites/cgi/out.php?member=signup
384[+] http://teen18topic.com///freesites/cgi/out.php?member=signup
385[+] http://teen18topic.com///freesites/cgi/out.php?member=signup
386[+] http://teen18topic.com///freesites/cgi/out.php?member=signup
387[+] http://teen18topic.com///freesites/cgi/out.php?member=signup
388[+] http://teen18topic.com///freesites/cgi/out.php?member=signup
389[+] http://teen18topic.com///freesites/cgi/out.php?member=signup
390[+] http://teen18topic.com///freesites/cgi/out.php?member=signup
391[+] http://teen18topic.com///freesites/cgi/out.php?member=signup
392[+] http://teen18topic.com///freesites/cgi/out.php?member=teengalaxy.info
393[+] http://teen18topic.com///freesites/cgi/out.php?member=teenmodels.live
394[+] http://teen18topic.com///freesites/cgi/out.php?member=juicegirls.info
395[+] http://teen18topic.com///freesites/cgi/out.php?member=cute18gals.club
396[+] http://teen18topic.com///freesites/cgi/out.php?member=teenworld.site
397[+] http://teen18topic.com///freesites/cgi/out.php?member=teennudist.top
398[+] http://teen18topic.com///freesites/cgi/out.php?member=signup
399[+] http://teen18topic.com///freesites/cgi/out.php?member=signup
400[+] http://teen18topic.com///freesites/cgi/out.php?member=signup
401[+] http://teen18topic.com///freesites/cgi/out.php?member=signup
402[+] http://teen18topic.com///freesites/cgi/out.php?member=signup
403[+] http://teen18topic.com///freesites/cgi/out.php?member=signup
404[+] http://teen18topic.com///freesites/cgi/out.php?member=signup
405[+] http://teen18topic.com///freesites/cgi/out.php?member=signup
406[+] http://teen18topic.com///freesites/cgi/out.php?member=signup
407[+] http://teen18topic.com//./freesites/cgi/out.php?link=Lol Taboo Cuties
408[+] http://teen18topic.com//./freesites/cgi/out.php?link=
409[+] http://teen18topic.com//./freesites/cgi/out.php?link=xxxx
410[+] http://teen18topic.com//./freesites/cgi/out.php?link=Cute Kitties
411[+] http://teen18topic.com//./freesites/cgi/out.php?link=Free Galleries
412[+] http://teen18topic.com//./freesites/cgi/out.php?link=See Content
413[+] http://teen18topic.com//./freesites/cgi/out.php?link=Lol Taboo Cuties
414[+] http://teen18topic.com//./freesites/cgi/out.php?link=Little Nudist & Naturis 8 M.b
415[+] http://teen18topic.com//./freesites/cgi/out.php?member=signup
416--------------------------------------------------
417[-] No external Dynamic Paramter Found!?
418--------------------------------------------------
419[!] 6 Internal links Discovered
420[+] http://teen18topic.com//favicon.png
421[+] http://teen18topic.com//./i_files/print.css
422[+] http://teen18topic.com//./i_files/style.css
423[+] http://teen18topic.com//./i_files/normal.css
424[+] http://teen18topic.com//./i_files/medium.css
425[+] http://teen18topic.com//./i_files/large.css
426--------------------------------------------------
427[-] No External Link Found!?
428--------------------------------------------------
429[#] Mapping Subdomain..
430[!] Found 2 Subdomain
431- teen18topic.com
432- mail.teen18topic.com
433--------------------------------------------------
434[!] Done At 2019-07-20 00:50:29.147789
435######################################################################################################################################
436[i] Scanning Site: http://teen18topic.com
437
438
439
440B A S I C I N F O
441====================
442
443
444[+] Site Title: Teen Sex - Cute Teen - Naked Girls
445[+] IP address: 37.1.201.205
446[+] Web Server: nginx
447[+] CMS: Could Not Detect
448[+] Cloudflare: Not Detected
449[+] Robots File: Found
450
451-------------[ contents ]----------------
452# vestacp autogenerated robots.txt
453User-agent: *
454Crawl-delay: 10
455
456-----------[end of contents]-------------
457
458
459
460W H O I S L O O K U P
461========================
462
463 error check your api query
464
465
466
467G E O I P L O O K U P
468=========================
469
470[i] IP Address: 37.1.201.205
471[i] Country: Netherlands
472[i] State:
473[i] City:
474[i] Latitude: 52.3824
475[i] Longitude: 4.8995
476
477
478
479
480H T T P H E A D E R S
481=======================
482
483
484[i] HTTP/1.1 200 OK
485[i] Server: nginx
486[i] Date: Sat, 20 Jul 2019 04:50:25 GMT
487[i] Content-Type: text/html; charset=UTF-8
488[i] Connection: close
489[i] X-Powered-By: PHP/5.4.45
490
491
492
493
494D N S L O O K U P
495===================
496
497teen18topic.com. 14399 IN MX 10 mail.teen18topic.com.
498teen18topic.com. 14399 IN TXT "v=spf1 a mx ip4:37.1.201.205 ?all"
499teen18topic.com. 14399 IN SOA ns1.localhost.ltd. root.teen18topic.com. 2016040803 7200 3600 1209600 180
500teen18topic.com. 14399 IN NS ns2.localhost.ltd.
501teen18topic.com. 14399 IN NS ns1.localhost.ltd.
502teen18topic.com. 14399 IN A 37.1.201.205
503
504
505
506
507S U B N E T C A L C U L A T I O N
508====================================
509
510Address = 37.1.201.205
511Network = 37.1.201.205 / 32
512Netmask = 255.255.255.255
513Broadcast = not needed on Point-to-Point links
514Wildcard Mask = 0.0.0.0
515Hosts Bits = 0
516Max. Hosts = 1 (2^0 - 0)
517Host Range = { 37.1.201.205 - 37.1.201.205 }
518
519
520
521N M A P P O R T S C A N
522============================
523
524Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-20 04:50 UTC
525Nmap scan report for teen18topic.com (37.1.201.205)
526Host is up (0.077s latency).
527
528PORT STATE SERVICE
52921/tcp open ftp
53022/tcp open ssh
53123/tcp filtered telnet
53280/tcp open http
533110/tcp open pop3
534143/tcp open imap
535443/tcp closed https
5363389/tcp filtered ms-wbt-server
537
538Nmap done: 1 IP address (1 host up) scanned in 1.35 seconds
539
540
541
542S U B - D O M A I N F I N D E R
543==================================
544
545
546[i] Total Subdomains Found : 1
547
548[+] Subdomain: mail.teen18topic.com
549[-] IP: 37.1.201.205
550#######################################################################################################################################
551Enter Address Website = teen18topic.com
552
553
554
555Reversing IP With HackTarget 'teen18topic.com'
556-------------------------------------------------
557
558[+] 18teen.mobi
559[+] cute18list.com
560[+] cutelils.info
561[+] forumbbs.info
562[+] gayforcedsex.com
563[+] gayteenboys.live
564[+] mail.cute18list.com
565[+] mail.cutelils.info
566[+] mail.forumbbs.info
567[+] mail.gayforcedsex.com
568[+] mail.gayteenboys.live
569[+] mail.nudistpics.pink
570[+] mail.sweetnudism.com
571[+] mail.teen18topic.com
572[+] mail.teengalaxy.info
573[+] mail.teenwiki.info
574[+] mail.xteenforum.com
575[+] mail.18teen.mobi
576[+] nudistpics.pink
577[+] sweetnudism.com
578[+] teen18topic.com
579[+] teengalaxy.info
580[+] teenwiki.info
581[+] www.nudistpics.pink
582[+] www.teengalaxy.info
583[+] www.18teen.mobi
584[+] xteenforum.com
585
586
587
588Reverse IP With YouGetSignal 'teen18topic.com'
589-------------------------------------------------
590
591[*] IP: 37.1.201.205
592[*] Domain: teen18topic.com
593[*] Total Domains: 10
594
595[+] cute18list.com
596[+] teen18.pro
597[+] teen18forum.com
598[+] teen18galls.com
599[+] teen18mix.com
600[+] teen18topic.com
601[+] teenarea18.com
602[+] teencutex.com
603[+] www.cutelils.info
604[+] xteenforum.com
605
606
607
608Geo IP Lookup 'teen18topic.com'
609----------------------------------
610
611[+] IP Address: 37.1.201.205
612[+] Country: Netherlands
613[+] State:
614[+] City:
615[+] Latitude: 52.3824
616[+] Longitude: 4.8995
617
618
619
620Whois 'teen18topic.com'
621--------------------------
622
623[+] Domain Name: TEEN18TOPIC.COM
624[+] Registry Domain ID: 2020136984_DOMAIN_COM-VRSN
625[+] Registrar WHOIS Server: whois.danesconames.com
626[+] Registrar URL: http://www.danesconames.com
627[+] Updated Date: 2019-04-08T22:21:24Z
628[+] Creation Date: 2016-04-08T19:24:42Z
629[+] Registry Expiry Date: 2020-04-08T19:24:42Z
630[+] Registrar: Danesco Trading Ltd.
631[+] Registrar IANA ID: 1418
632[+] Registrar Abuse Contact Email: abuse@danesconames.com
633[+] Registrar Abuse Contact Phone: +357.95713635
634[+] Domain Status: ok https://icann.org/epp#ok
635[+] Name Server: NS1.TEEN18TOPIC.COM
636[+] Name Server: NS2.TEEN18TOPIC.COM
637[+] DNSSEC: unsigned
638[+] URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
639[+] >>> Last update of whois database: 2019-07-20T04:47:06Z <<<
640[+] For more information on Whois status codes, please visit https://icann.org/epp
641[+] The Registry database contains ONLY .COM, .NET, .EDU domains and
642[+] Registrars.
643
644
645
646Bypass Cloudflare 'teen18topic.com'
647--------------------------------------
648
649[!] CloudFlare Bypass 37.1.201.205 | ftp.teen18topic.com
650[!] CloudFlare Bypass 37.1.201.205 | mail.teen18topic.com
651[!] CloudFlare Bypass 37.1.201.205 | www.teen18topic.com
652[!] CloudFlare Bypass 37.1.201.205 | ns1.teen18topic.com
653[!] CloudFlare Bypass 37.1.201.205 | ns2.teen18topic.com
654
655
656
657
658DNS Lookup 'teen18topic.com'
659-------------------------------
660
661[+] teen18topic.com. 14399 IN MX 10 mail.teen18topic.com.
662[+] teen18topic.com. 14399 IN TXT "v=spf1 a mx ip4:37.1.201.205 ?all"
663[+] teen18topic.com. 14399 IN SOA ns1.localhost.ltd. root.teen18topic.com. 2016040803 7200 3600 1209600 180
664[+] teen18topic.com. 14399 IN NS ns2.localhost.ltd.
665[+] teen18topic.com. 14399 IN NS ns1.localhost.ltd.
666[+] teen18topic.com. 14399 IN A 37.1.201.205
667
668
669
670Find Shared DNS 'teen18topic.com'
671------------------------------------
672
673[+] No DNS server records found for teen18topic.com
674
675
676
677Show HTTP Header 'teen18topic.com'
678-------------------------------------
679
680[+] HTTP/1.1 200 OK
681[+] Server: nginx
682[+] Date: Sat, 20 Jul 2019 04:47:58 GMT
683[+] Content-Type: text/html; charset=UTF-8
684[+] Connection: keep-alive
685[+] Keep-Alive: timeout=60
686[+] X-Powered-By: PHP/5.4.45
687[+]
688
689
690
691Port Scan 'teen18topic.com'
692------------------------------
693
694Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-20 04:47 UTC
695Nmap scan report for teen18topic.com (37.1.201.205)
696Host is up (0.077s latency).
697
698PORT STATE SERVICE
69921/tcp open ftp
70022/tcp open ssh
70123/tcp filtered telnet
70280/tcp open http
703110/tcp open pop3
704143/tcp open imap
705443/tcp closed https
7063389/tcp filtered ms-wbt-server
707
708Nmap done: 1 IP address (1 host up) scanned in 1.62 seconds
709
710
711
712
713
714Robot.txt 'teen18topic.com'
715------------------------------
716
717# vestacp autogenerated robots.txt
718User-agent: *
719Crawl-delay: 10
720
721
722
723
724Traceroute 'teen18topic.com'
725-------------------------------
726
727Start: 2019-07-20T04:48:06+0000
728HOST: web01 Loss% Snt Last Avg Best Wrst StDev
729 1.|-- 45.79.12.201 0.0% 3 0.9 1.0 0.9 1.0 0.1
730 2.|-- 45.79.12.4 0.0% 3 0.5 0.5 0.5 0.6 0.1
731 3.|-- 199.245.16.65 0.0% 3 12.3 5.1 1.5 12.3 6.2
732 4.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
733 5.|-- ??? 100.0 3 0.0 0.0 0.0 0.0 0.0
734 6.|-- 213.19.194.155 0.0% 3 122.6 122.5 122.4 122.6 0.1
735 7.|-- 185.8.179.21 0.0% 3 121.2 124.3 121.2 129.2 4.3
736 8.|-- 185.8.179.25 0.0% 3 122.6 121.7 121.1 122.6 0.8
737 9.|-- 185.8.177.35 33.3% 3 126.2 127.4 126.2 128.6 1.7
738 10.|-- 5.45.66.7 0.0% 3 120.3 120.4 120.3 120.4 0.1
739 11.|-- 37.1.201.205 0.0% 3 115.8 115.8 115.7 116.0 0.1
740#########################################################################################################################################
741[INFO] Date: 20/07/19 | Time: 00:53:09
742[INFO] ------TARGET info------
743[*] TARGET: http://teen18topic.com/
744[*] TARGET IP: 37.1.201.205
745[INFO] NO load balancer detected for teen18topic.com...
746[*] DNS servers: ns1.localhost.ltd.
747[*] TARGET server: nginx
748[*] CC: NL
749[*] Country: Netherlands
750[*] RegionCode: FL
751[*] RegionName: Flevoland
752[*] City: Dronten
753[*] ASN: AS50673
754[*] BGP_PREFIX: 37.1.200.0/21
755[*] ISP: Serverius-as Serverius Holding B.V., NL
756[INFO] DNS enumeration:
757[*] ftp.teen18topic.com 37.1.201.205
758[*] mail.teen18topic.com 37.1.201.205
759[*] ns1.teen18topic.com 37.1.201.205
760[*] ns2.teen18topic.com 37.1.201.205
761[INFO] Possible abuse mails are:
762[*] abuse@teen18topic.com
763[INFO] NO PAC (Proxy Auto Configuration) file FOUND
764[ALERT] robots.txt file FOUND in http://teen18topic.com/robots.txt
765[INFO] Checking for HTTP status codes recursively from http://teen18topic.com/robots.txt
766[INFO] Status code Folders
767[INFO] Starting FUZZing in http://teen18topic.com/FUzZzZzZzZz...
768[INFO] Status code Folders
769[ALERT] Look in the source code. It may contain passwords
770[ALERT] Content in http://teen18topic.com/ AND http://www.teen18topic.com/ is different
771[INFO] MD5 for http://teen18topic.com/ is: 1f1db0a1adf30c289b97d725dbda9b1a
772[INFO] MD5 for http://www.teen18topic.com/ is: de520afeb51486952a250e6a0578be33
773[INFO] http://teen18topic.com/ redirects to http://teen18topic.com/
774[INFO] http://www.teen18topic.com/ redirects to http://www.teen18topic.com/
775[INFO] Links found from http://teen18topic.com/ http://37.1.201.205/:
776[*] http://teen18topic.com/./freesites/cgi/out.php?link=
777[*] http://teen18topic.com/./freesites/cgi/out.php?link=2
778[*] http://teen18topic.com/./freesites/cgi/out.php?link=Cute Forum - Topics
779[*] http://teen18topic.com/./freesites/cgi/out.php?link=Cute Kitties
780[*] http://teen18topic.com/./freesites/cgi/out.php?link=find
781[*] http://teen18topic.com/./freesites/cgi/out.php?link=Free Galleries
782[*] http://teen18topic.com/./freesites/cgi/out.php?link=Little BBS Forum
783[*] http://teen18topic.com/./freesites/cgi/out.php?link=Little Cuties
784[*] http://teen18topic.com/./freesites/cgi/out.php?link=Little Kitties 5 G.b
785[*] http://teen18topic.com/./freesites/cgi/out.php?link=Little NN Models 12 m.b
786[*] http://teen18topic.com/./freesites/cgi/out.php?link=Little Nudist & Naturis 8 M.b
787[*] http://teen18topic.com/./freesites/cgi/out.php?link=logo
788[*] http://teen18topic.com/./freesites/cgi/out.php?link=Lol Taboo Cuties
789[*] http://teen18topic.com/./freesites/cgi/out.php?link=post_topic
790[*] http://teen18topic.com/./freesites/cgi/out.php?link=See Content
791[*] http://teen18topic.com/./freesites/cgi/out.php?link=sex5
792[*] http://teen18topic.com/./freesites/cgi/out.php?link=sex6
793[*] http://teen18topic.com/./freesites/cgi/out.php?link=sex7
794[*] http://teen18topic.com/./freesites/cgi/out.php?link=xxx1
795[*] http://teen18topic.com/./freesites/cgi/out.php?link=xxxx
796[*] http://teen18topic.com/./freesites/cgi/out.php?link=Young Tabooo
797[*] http://teen18topic.com/freesites/cgi/out.php?member=18teencuties.club
798[*] http://teen18topic.com/freesites/cgi/out.php?member=adultteens.info
799[*] http://teen18topic.com/freesites/cgi/out.php?member=cute18gals.club
800[*] http://teen18topic.com/freesites/cgi/out.php?member=cuties18.info
801[*] http://teen18topic.com/freesites/cgi/out.php?member=dirtyteenxxx.com
802[*] http://teen18topic.com/freesites/cgi/out.php?member=juicegirls.info
803[*] http://teen18topic.com/freesites/cgi/out.php?member=nudist18.mobi
804[*] http://teen18topic.com/freesites/cgi/out.php?member=pinkteens.club
805[*] http://teen18topic.com/freesites/cgi/out.php?member=sexy18teens.pro
806[*] http://teen18topic.com/./freesites/cgi/out.php?member=signup
807[*] http://teen18topic.com/freesites/cgi/out.php?member=signup
808[*] http://teen18topic.com/freesites/cgi/out.php?member=teenforumx.com
809[*] http://teen18topic.com/freesites/cgi/out.php?member=teengalaxy.info
810[*] http://teen18topic.com/freesites/cgi/out.php?member=teenmodels.live
811[*] http://teen18topic.com/freesites/cgi/out.php?member=teennudist.top
812[*] http://teen18topic.com/freesites/cgi/out.php?member=teenplanet.info
813[*] http://teen18topic.com/freesites/cgi/out.php?member=teenworld.site
814[*] http://teen18topic.com/freesites/cgi/out.php?member=teenxxx18.com
815[*] http://teen18topic.com/freesites/cgi/out.php?member=teenxxxforum.com
816[*] http://teen18topic.com/freesites/cgi/out.php?member=wetteens.top
817[*] http://teen18topic.com/freesites/cgi/out.php?member=xteenforum.com
818[*] http://teen18topic.com/viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a3xxx&gallery=Family Daddy Secrets 11 m.b Photos&p=0
819[*] http://teen18topic.com/viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a14xxx&gallery=Little NUDIST Topic - 7 M.b Photos&p=0
820[*] http://teen18topic.com/viewtopic/out.php?l=0.1.11.2.3&u=freesites/cgi/out.php?link=Young Tabooo Links + 7 M.b + Small Kitties&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a2xxx&gallery=Young Tabooo Links + 7 M.b + Small Kitties&p=0
821[*] http://teen18topic.com/viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a7xxx&gallery=NN Models 8 m.b Archives&p=0
822[*] http://teen18topic.com/viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a1414xx33x&gallery=Little Masha + Small Dasha - 8 M.b Photos&p=0
823[*] http://teen18topic.com/viewtopic/out.php?l=0.1.13.4.5&u=freesites/cgi/out.php?link=Forbidden Love :: Photo & Video Sharing&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a4xxx&gallery=Forbidden Love :: Photo & Video Sharing&p=0
824[*] http://teen18topic.com/viewtopic/out.php?l=0.1.14.19.15&u=freesites/cgi/out.php?link=Family RAPE Topics - 14 Video Tapes&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a1rrxxx&gallery=Family RAPE Topics - 14 Video Tapes&p=0
825[*] http://teen18topic.com/viewtopic/out.php?l=0.1.15.30.25&u=freesites/cgi/out.php?link=NN Julia + Tiny Vika + Cute Dasha&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a144x7x33x&gallery=NN Julia + Tiny Vika + Cute Dasha&p=0
826[*] http://teen18topic.com/viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a183xxx&gallery=Sister + Brother Sex Tapes&p=0
827[*] http://teen18topic.com/viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a15xxx&gallery=Family Taboo Sex - Dad & Daughter Forum&p=0
828[*] http://teen18topic.com/viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a1xxx&gallery=Little Cuties DVDrip 8 Gb&p=0
829[*] http://teen18topic.com/viewtopic/out.php?l=0.1.19.21.17&u=freesites/cgi/out.php?link=Cute Daughters + MOM + DAD Forum&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a12rrxxxx&gallery=Cute Daughters + MOM + DAD Forum&p=0
830[*] http://teen18topic.com/viewtopic/out.php?l=0.1.20.15.12.t&u=freesites/cgi/out.php?link=NN Models in Lingerie&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a133xxx&gallery=NN Models in Lingerie&p=0
831[*] http://teen18topic.com/viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a186xxx&gallery=Little Daughter & Old Dad Topics&p=0
832[*] http://teen18topic.com/viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a1412s2xx3x&gallery=Teen Kittie + Perverted Father Movies&p=0
833[*] http://teen18topic.com/viewtopic/out.php?l=0.1.4.25.21&u=freesites/cgi/out.php?link=Little Vaginas + Tiny Clits 7 M.b Images&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a1422s2xx3x&gallery=Little Vaginas + Tiny Clits 7 M.b Images&p=0
834[*] http://teen18topic.com/viewtopic/out.php?l=0.1.5.24.20&u=freesites/cgi/out.php?link=Dad + Small Daughters (Forbidden Love)&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a14222xx3x&gallery=Dad + Small Daughters (Forbidden Love)&p=0
835[*] http://teen18topic.com/viewtopic/out.php?l=0.1.6.20.16&u=freesites/cgi/out.php?link=Small Pussy Collection Forum 7 G.b Photos&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a12rrxxx&gallery=Small Pussy Collection Forum 7 G.b Photos&p=0
836[*] http://teen18topic.com/viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a1313xxx&gallery=Hottest Little Content - 12 G.b&p=0
837[*] http://teen18topic.com/viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a144x7x3x&gallery=Younest Girls in sexy Lingerie Forum&p=0
838[*] http://teen18topic.com/viewtopic/out.php?l=0.1.9.22.18&u=freesites/cgi/out.php?link=Cruel Dad + Tiny Daughter Sexual Punishment&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a12rd2xxx&gallery=Cruel Dad + Tiny Daughter Sexual Punishment&p=0
839[*] http://teen18topic.com/viewtopic/out.php?l=0.2.0.7.0&u=freesites/cgi/out.php?link=Father + Daughter ( 874 Photos & 12 Videos)&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a11xxx&gallery=Father + Daughter ( 874 Photos & 12 Videos)&p=0
840[*] http://teen18topic.com/viewtopic/out.php?l=0.2.1.8.0&u=freesites/cgi/out.php?link=Young NUDIST & NATURIST :: Home Tapes&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a12xxx&gallery=Young NUDIST & NATURIST :: Home Tapes&p=0
841[*] http://vestacp.com/
842[INFO] GOOGLE has 296 results (0.16 seconds) about http://teen18topic.com/
843[INFO] BING shows 37.1.201.205 is shared with 73 hosts/vhosts
844[INFO] Shodan detected the following opened ports on 37.1.201.205:
845[*] 1
846[*] 110
847[*] 143
848[*] 21
849[*] 22
850[*] 25
851[*] 3306
852[*] 4
853[*] 465
854[*] 53
855[*] 587
856[*] 80
857[*] 8083
858[*] 993
859[*] 995
860[INFO] ------VirusTotal SECTION------
861[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
862[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
863[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
864[INFO] ------Alexa Rank SECTION------
865[INFO] Percent of Visitors Rank in Country:
866[INFO] Percent of Search Traffic:
867[INFO] Percent of Unique Visits:
868[INFO] Total Sites Linking In:
869[*] Total Sites
870[INFO] Useful links related to teen18topic.com - 37.1.201.205:
871[*] https://www.virustotal.com/pt/ip-address/37.1.201.205/information/
872[*] https://www.hybrid-analysis.com/search?host=37.1.201.205
873[*] https://www.shodan.io/host/37.1.201.205
874[*] https://www.senderbase.org/lookup/?search_string=37.1.201.205
875[*] https://www.alienvault.com/open-threat-exchange/ip/37.1.201.205
876[*] http://pastebin.com/search?q=37.1.201.205
877[*] http://urlquery.net/search.php?q=37.1.201.205
878[*] http://www.alexa.com/siteinfo/teen18topic.com
879[*] http://www.google.com/safebrowsing/diagnostic?site=teen18topic.com
880[*] https://censys.io/ipv4/37.1.201.205
881[*] https://www.abuseipdb.com/check/37.1.201.205
882[*] https://urlscan.io/search/#37.1.201.205
883[*] https://github.com/search?q=37.1.201.205&type=Code
884[INFO] Useful links related to AS50673 - 37.1.200.0/21:
885[*] http://www.google.com/safebrowsing/diagnostic?site=AS:50673
886[*] https://www.senderbase.org/lookup/?search_string=37.1.200.0/21
887[*] http://bgp.he.net/AS50673
888[*] https://stat.ripe.net/AS50673
889[INFO] Date: 20/07/19 | Time: 00:54:23
890[INFO] Total time: 1 minute(s) and 14 second(s)
891#######################################################################################################################################
892Trying "teen18topic.com"
893;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54294
894;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 0
895
896;; QUESTION SECTION:
897;teen18topic.com. IN ANY
898
899;; ANSWER SECTION:
900teen18topic.com. 2017 IN A 37.1.201.205
901teen18topic.com. 2018 IN NS ns2.localhost.ltd.
902teen18topic.com. 2018 IN NS ns1.localhost.ltd.
903
904;; AUTHORITY SECTION:
905teen18topic.com. 2018 IN NS ns1.localhost.ltd.
906teen18topic.com. 2018 IN NS ns2.localhost.ltd.
907
908Received 126 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 29 ms
909#######################################################################################################################################
910; <<>> DiG 9.11.5-P4-5.1-Debian <<>> +trace teen18topic.com any
911;; global options: +cmd
912. 82696 IN NS f.root-servers.net.
913. 82696 IN NS i.root-servers.net.
914. 82696 IN NS m.root-servers.net.
915. 82696 IN NS e.root-servers.net.
916. 82696 IN NS g.root-servers.net.
917. 82696 IN NS j.root-servers.net.
918. 82696 IN NS k.root-servers.net.
919. 82696 IN NS d.root-servers.net.
920. 82696 IN NS c.root-servers.net.
921. 82696 IN NS l.root-servers.net.
922. 82696 IN NS b.root-servers.net.
923. 82696 IN NS a.root-servers.net.
924. 82696 IN NS h.root-servers.net.
925. 82696 IN RRSIG NS 8 0 518400 20190801200000 20190719190000 59944 . C/+qUZeqe0nJU1rs/L49wRGG6pXgonjoFiaCWi8Beh/udcm5KhOiQjE9 W4zIYRCJ84hyiKvJJouH3d0lFyr9sjljq5KCTUeO5sskgk7ipg91Mv9a wTWQEvqSrmm1O8w1vvaNsgSK5dcLzACPsKnQj2QTK41FWiIPE7TXxhjF MPuWvO4XxKawnIHLSHeAwEMf5v9VGtQUZRLv568Ain0ozCo4xAEohEey MRJrjPHN5PkryfZ3ICcmNCeHhm46Fzjkv59iKi0NT+anCHSz9bJZWrgU LUqfH0d0UUkI5CZRu2jVADgwESU8Ok9rHY0394jTCvrbzbcuhtx+Du3L wXJiQw==
926;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 229 ms
927
928com. 172800 IN NS b.gtld-servers.net.
929com. 172800 IN NS i.gtld-servers.net.
930com. 172800 IN NS f.gtld-servers.net.
931com. 172800 IN NS d.gtld-servers.net.
932com. 172800 IN NS g.gtld-servers.net.
933com. 172800 IN NS h.gtld-servers.net.
934com. 172800 IN NS c.gtld-servers.net.
935com. 172800 IN NS j.gtld-servers.net.
936com. 172800 IN NS l.gtld-servers.net.
937com. 172800 IN NS a.gtld-servers.net.
938com. 172800 IN NS k.gtld-servers.net.
939com. 172800 IN NS m.gtld-servers.net.
940com. 172800 IN NS e.gtld-servers.net.
941com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
942com. 86400 IN RRSIG DS 8 1 86400 20190801200000 20190719190000 59944 . gcEzQT7mKXaNaOg3bAT7Rpd7AzRc52TB8X8IC/nenmnXhiTXqLsHHSzF TnAGe7tYYdhx9zwjP78peVG54tshN4OzzNXZ2Exb1ji756GHiUk6NfU+ yZBqEOdFbyYIMo874yLDeC7WP9BZN4h84yMLpCxSn5MVKgQq5bEqaC3M KAzi3zhR7SB6cXLet+LElEAOz/+k51d6XYYGwYCUyTcWRrJzZytJzgGK 8XfzvQoiXgLiv5gUAmrVG3+wGoCWrs/L6jQ9CaPWnFVbgo6zyjrwWkAK 3iaKFnBg734ZHkJ+RSMBH3auAFqfoxoqRG4VtaewPR5xloOIU5O2m1JD tQ7DJg==
943;; Received 1175 bytes from 202.12.27.33#53(m.root-servers.net) in 248 ms
944
945teen18topic.com. 172800 IN NS ns1.teen18topic.com.
946teen18topic.com. 172800 IN NS ns2.teen18topic.com.
947CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
948CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20190726044405 20190719033405 17708 com. pRBP54Si31GNMcUZr5C9aI0AtZV8rI02HinW6IeJ0EmQPL3yvXyj1SQT emWT8Ci6vJp3qRWp9o1QzDgrv0LtfjrpsafJH3291NduauMXMCjcgZqh UV0IazQbjaGEL9VDFFEd2XYnJ20fbXFNY0664O3sYwa8rCLH8uEHv0Yx nBQ=
9494LJQJQUSA7PT1QD6QTRE6LKPUN0OAPMK.com. 86400 IN NSEC3 1 1 0 - 4LJRB04H83B0NCKJ2I3UMODH0R8EUC2O NS DS RRSIG
9504LJQJQUSA7PT1QD6QTRE6LKPUN0OAPMK.com. 86400 IN RRSIG NSEC3 8 2 86400 20190726041523 20190719030523 17708 com. wpdVlzju0u+cLKv7VBMwtIw2wZXE7PnJ4nqkGx3QsYzK46Y6ACz+b0fy GkCAkpCa9Po5/MLfvZPpcVwLDzM4KxpDfLoqfJohUO8HXLm4PYxw6ybl zZvlVIyAhmPLvjEa/acWbyBLznsfIBfFZXFOCQ3cUyIi7J34Eau1MqN8 noE=
951;; Received 597 bytes from 2001:500:d937::30#53(l.gtld-servers.net) in 76 ms
952
953;; Connection to 37.1.201.205#53(37.1.201.205) for teen18topic.com failed: timed out.
954;; Connection to 37.1.201.205#53(37.1.201.205) for teen18topic.com failed: timed out.
955;; connection timed out; no servers could be reached
956;; Connection to 37.1.201.205#53(37.1.201.205) for teen18topic.com failed: timed out.
957#######################################################################################################################################
958[*] Performing General Enumeration of Domain: teen18topic.com
959[-] DNSSEC is not configured for teen18topic.com
960[-] Error while resolving SOA record.
961[*] NS ns1.teen18topic.com 37.1.201.205
962[*] Bind Version for 37.1.201.205 get lost
963[*] NS ns2.teen18topic.com 37.1.201.205
964[*] Bind Version for 37.1.201.205 get lost
965[*] MX mail.teen18topic.com 37.1.201.205
966[*] A teen18topic.com 37.1.201.205
967[*] TXT teen18topic.com v=spf1 a mx ip4:37.1.201.205 ?all
968[*] TXT _domainkey.teen18topic.com t=y; o=~;
969[*] Enumerating SRV Records
970[-] No SRV Records Found for teen18topic.com
971[+] 0 Records Found
972#######################################################################################################################################
973[*] Processing domain teen18topic.com
974[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
975[+] Getting nameservers
97637.1.201.205 - ns1.teen18topic.com
97737.1.201.205 - ns2.teen18topic.com
978[-] Zone transfer failed
979
980[+] TXT records found
981"v=spf1 a mx ip4:37.1.201.205 ?all"
982
983[+] MX records found, added to target list
98410 mail.teen18topic.com.
985
986[*] Scanning teen18topic.com for A records
98737.1.201.205 - teen18topic.com
98837.1.201.205 - ftp.teen18topic.com
98937.1.201.205 - mail.teen18topic.com
99037.1.201.205 - ns1.teen18topic.com
99137.1.201.205 - ns2.teen18topic.com
99237.1.201.205 - pop.teen18topic.com
99337.1.201.205 - www.teen18topic.com
994########################################################################################################################################
995Ip Address Status Type Domain Name Server
996---------- ------ ---- ----------- ------
99737.1.201.205 200 host ftp.teen18topic.com nginx
99837.1.201.205 200 host mail.teen18topic.com nginx
99937.1.201.205 200 host ns1.teen18topic.com nginx
100037.1.201.205 200 host ns2.teen18topic.com nginx
100137.1.201.205 200 host pop.teen18topic.com nginx
100237.1.201.205 200 host www.teen18topic.com nginx
1003##########################################################################################################################################
1004WhatWeb report for http://teen18topic.com
1005Status : 200 OK
1006Title : Teen Sex - Cute Teen - Naked Girls
1007IP : 37.1.201.205
1008Country : UKRAINE, UA
1009
1010Summary : HTTPServer[nginx], X-UA-Compatible[IE=EmulateIE7], PoweredBy[phpBB], Script[text/javascript], nginx, X-Powered-By[PHP/5.4.45], PHP[5.4.45], phpBB
1011
1012Detected Plugins:
1013[ HTTPServer ]
1014 HTTP server header string. This plugin also attempts to
1015 identify the operating system from the server header.
1016
1017 String : nginx (from server string)
1018
1019[ PHP ]
1020 PHP is a widely-used general-purpose scripting language
1021 that is especially suited for Web development and can be
1022 embedded into HTML. This plugin identifies PHP errors,
1023 modules and versions and extracts the local file path and
1024 username if present.
1025
1026 Version : 5.4.45
1027 Google Dorks: (2)
1028 Website : http://www.php.net/
1029
1030[ PoweredBy ]
1031 This plugin identifies instances of 'Powered by x' text and
1032 attempts to extract the value for x.
1033
1034 String : phpBB
1035
1036[ Script ]
1037 This plugin detects instances of script HTML elements and
1038 returns the script language/type.
1039
1040 String : text/javascript
1041
1042[ X-Powered-By ]
1043 X-Powered-By HTTP header
1044
1045 String : PHP/5.4.45 (from x-powered-by string)
1046
1047[ X-UA-Compatible ]
1048 This plugin retrieves the X-UA-Compatible value from the
1049 HTTP header and meta http-equiv tag. - More Info:
1050 http://msdn.microsoft.com/en-us/library/cc817574.aspx
1051
1052 String : IE=EmulateIE7
1053
1054[ nginx ]
1055 Nginx (Engine-X) is a free, open-source, high-performance
1056 HTTP server and reverse proxy, as well as an IMAP/POP3
1057 proxy server.
1058
1059 Website : http://nginx.net/
1060
1061[ phpBB ]
1062 phpBB is a free forum
1063
1064 Aggressive function available (check plugin file or details).
1065 Google Dorks: (1)
1066 Website : http://phpbb.org/
1067
1068HTTP Headers:
1069 HTTP/1.1 200 OK
1070 Server: nginx
1071 Date: Sat, 20 Jul 2019 05:31:48 GMT
1072 Content-Type: text/html; charset=UTF-8
1073 Transfer-Encoding: chunked
1074 Connection: close
1075 X-Powered-By: PHP/5.4.45
1076 Content-Encoding: gzip
1077
1078########################################################################################################################################
1079DNS Servers for teen18topic.com:
1080 ns2.teen18topic.com
1081 ns1.teen18topic.com
1082
1083Trying zone transfer first...
1084 Testing ns2.teen18topic.com
1085 Request timed out or transfer not allowed.
1086 Testing ns1.teen18topic.com
1087 Request timed out or transfer not allowed.
1088
1089Unsuccessful in zone transfer (it was worth a shot)
1090Okay, trying the good old fashioned way... brute force
1091
1092Checking for wildcard DNS...
1093Nope. Good.
1094Now performing 2280 test(s)...
109537.1.201.205 ftp.teen18topic.com
109637.1.201.205 mail.teen18topic.com
109737.1.201.205 pop.teen18topic.com
109837.1.201.205 www.teen18topic.com
1099
1100Subnets found (may want to probe here using nmap or unicornscan):
1101 37.1.201.0-255 : 4 hostnames found.
1102
1103Done with Fierce scan: http://ha.ckers.org/fierce/
1104Found 4 entries.
1105
1106Have a nice day.
1107######################################################################################################################################
1108Domains still to check: 1
1109 Checking if the hostname teen18topic.com. given is in fact a domain...
1110
1111Analyzing domain: teen18topic.com.
1112 Checking NameServers using system default resolver...
1113 IP: 37.1.201.205 (Netherlands)
1114 HostName: ns2.teen18topic.com Type: NS
1115 IP: 37.1.201.205 (Netherlands)
1116 HostName: ns2.teen18topic.com Type: NS
1117 HostName: ns1.teen18topic.com Type: NS
1118
1119 Checking MailServers using system default resolver...
1120 IP: 37.1.201.205 (Netherlands)
1121 HostName: ns2.teen18topic.com Type: NS
1122 HostName: ns1.teen18topic.com Type: NS
1123 HostName: mail.teen18topic.com Type: MX
1124
1125 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
1126^C No zone transfer found on nameserver 37.1.201.205
1127 No zone transfer found on nameserver 37.1.201.205
1128
1129 Checking SPF record...
1130
1131 Checking 192 most common hostnames using system default resolver...
1132 IP: 37.1.201.205 (Netherlands)
1133 HostName: ns2.teen18topic.com Type: NS
1134 HostName: ns1.teen18topic.com Type: NS
1135 HostName: mail.teen18topic.com Type: MX
1136 Type: SPF
1137 HostName: www.teen18topic.com. Type: A
1138 IP: 37.1.201.205 (Netherlands)
1139 HostName: ns2.teen18topic.com Type: NS
1140 HostName: ns1.teen18topic.com Type: NS
1141 HostName: mail.teen18topic.com Type: MX
1142 Type: SPF
1143 HostName: www.teen18topic.com. Type: A
1144 HostName: ftp.teen18topic.com. Type: A
1145 IP: 37.1.201.205 (Netherlands)
1146 HostName: ns2.teen18topic.com Type: NS
1147 HostName: ns1.teen18topic.com Type: NS
1148 HostName: mail.teen18topic.com Type: MX
1149 Type: SPF
1150 HostName: www.teen18topic.com. Type: A
1151 HostName: ftp.teen18topic.com. Type: A
1152 HostName: mail.teen18topic.com. Type: A
1153 IP: 37.1.201.205 (Netherlands)
1154 HostName: ns2.teen18topic.com Type: NS
1155 HostName: ns1.teen18topic.com Type: NS
1156 HostName: mail.teen18topic.com Type: MX
1157 Type: SPF
1158 HostName: www.teen18topic.com. Type: A
1159 HostName: ftp.teen18topic.com. Type: A
1160 HostName: mail.teen18topic.com. Type: A
1161 HostName: ns1.teen18topic.com. Type: A
1162 IP: 37.1.201.205 (Netherlands)
1163 HostName: ns2.teen18topic.com Type: NS
1164 HostName: ns1.teen18topic.com Type: NS
1165 HostName: mail.teen18topic.com Type: MX
1166 Type: SPF
1167 HostName: www.teen18topic.com. Type: A
1168 HostName: ftp.teen18topic.com. Type: A
1169 HostName: mail.teen18topic.com. Type: A
1170 HostName: ns1.teen18topic.com. Type: A
1171 HostName: ns2.teen18topic.com. Type: A
1172 IP: 37.1.201.205 (Netherlands)
1173 HostName: ns2.teen18topic.com Type: NS
1174 HostName: ns1.teen18topic.com Type: NS
1175 HostName: mail.teen18topic.com Type: MX
1176 Type: SPF
1177 HostName: www.teen18topic.com. Type: A
1178 HostName: ftp.teen18topic.com. Type: A
1179 HostName: mail.teen18topic.com. Type: A
1180 HostName: ns1.teen18topic.com. Type: A
1181 HostName: ns2.teen18topic.com. Type: A
1182 HostName: pop.teen18topic.com. Type: A
1183
1184 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
1185 Checking netblock 37.1.201.0
1186
1187 Searching for teen18topic.com. emails in Google
1188
1189 Checking 1 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
1190 Host 37.1.201.205 is up (reset ttl 64)
1191
1192 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
1193 Scanning ip 37.1.201.205 (pop.teen18topic.com.):
1194 21/tcp open ftp syn-ack ttl 52 vsftpd 2.2.2
1195 22/tcp open ssh syn-ack ttl 52 OpenSSH 5.3 (protocol 2.0)
1196 | ssh-hostkey:
1197 | 1024 1a:b9:af:78:58:06:36:0d:65:85:15:db:15:07:e1:69 (DSA)
1198 |_ 2048 e5:87:b0:ac:d3:10:71:34:19:40:d8:85:af:67:41:3e (RSA)
1199 80/tcp open http syn-ack ttl 52 nginx
1200 | http-methods:
1201 | Supported Methods: GET HEAD POST OPTIONS TRACE
1202 |_ Potentially risky methods: TRACE
1203 |_http-server-header: nginx
1204 |_http-title: default.domain — Coming Soon
1205 110/tcp open pop3 syn-ack ttl 53 Dovecot pop3d
1206 |_pop3-capabilities: SASL(PLAIN LOGIN) RESP-CODES USER STLS CAPA UIDL PIPELINING TOP
1207 |_ssl-date: 2019-07-20T05:49:47+00:00; -2s from scanner time.
1208 143/tcp open imap syn-ack ttl 53 Dovecot imapd
1209 |_imap-capabilities: ID IMAP4rev1 completed LOGIN-REFERRALS SASL-IR AUTH=LOGINA0001 OK IDLE ENABLE Capability AUTH=PLAIN LITERAL+ STARTTLS
1210 |_ssl-date: 2019-07-20T05:49:47+00:00; -3s from scanner time.
1211 465/tcp open ssl/smtp syn-ack ttl 53 Exim smtpd 4.92
1212 |_smtp-commands: SMTP EHLO nmap.scanme.org: failed to receive data: failed to receive data
1213 | ssl-cert: Subject: commonName=www.server.domain.com/organizationName=Dis/stateOrProvinceName=Denial/countryName=US
1214 | Issuer: commonName=www.server.domain.com/organizationName=Dis/stateOrProvinceName=Denial/countryName=US
1215 | Public Key type: rsa
1216 | Public Key bits: 2048
1217 | Signature Algorithm: sha1WithRSAEncryption
1218 | Not valid before: 2016-02-10T11:22:51
1219 | Not valid after: 2017-02-09T11:22:51
1220 | MD5: bc54 08c8 cd50 1f1b ea58 9913 7a31 452c
1221 |_SHA-1: 4148 bce2 28f3 5cdd 6693 8ba1 065b 397c 5d3b 9cba
1222 |_ssl-date: 2019-07-20T05:49:41+00:00; -2s from scanner time.
1223 587/tcp open smtp syn-ack ttl 53 Exim smtpd 4.92
1224 | smtp-commands: server.domain.com Hello nmap.scanme.org [160.116.0.99], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, CHUNKING, STARTTLS, HELP,
1225 |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1226 | ssl-cert: Subject: commonName=www.server.domain.com/organizationName=Dis/stateOrProvinceName=Denial/countryName=US
1227 | Issuer: commonName=www.server.domain.com/organizationName=Dis/stateOrProvinceName=Denial/countryName=US
1228 | Public Key type: rsa
1229 | Public Key bits: 2048
1230 | Signature Algorithm: sha1WithRSAEncryption
1231 | Not valid before: 2016-02-10T11:22:51
1232 | Not valid after: 2017-02-09T11:22:51
1233 | MD5: bc54 08c8 cd50 1f1b ea58 9913 7a31 452c
1234 |_SHA-1: 4148 bce2 28f3 5cdd 6693 8ba1 065b 397c 5d3b 9cba
1235 |_ssl-date: 2019-07-20T05:49:47+00:00; -2s from scanner time.
1236 993/tcp open ssl/imaps? syn-ack ttl 52
1237 |_ssl-date: 2019-07-20T05:49:42+00:00; -3s from scanner time.
1238 995/tcp open ssl/pop3s? syn-ack ttl 53
1239 |_ssl-date: 2019-07-20T05:49:43+00:00; -2s from scanner time.
1240 3306/tcp open mysql syn-ack ttl 52 MySQL 5.5.47
1241 | mysql-info:
1242 | Protocol: 10
1243 | Version: 5.5.47
1244 | Thread ID: 298712
1245 | Capabilities flags: 63487
1246 | Some Capabilities: Support41Auth, IgnoreSpaceBeforeParenthesis, IgnoreSigpipes, FoundRows, SupportsLoadDataLocal, Speaks41ProtocolOld, SupportsTransactions, Speaks41ProtocolNew, LongColumnFlag, LongPassword, InteractiveClient, DontAllowDatabaseTableColumn, ODBCClient, ConnectWithDatabase, SupportsCompression, SupportsMultipleStatments, SupportsMultipleResults, SupportsAuthPlugins
1247 | Status: Autocommit
1248 | Salt: <zrPu~9Ay_PS//@3{57Q
1249 |_ Auth Plugin Name: 79
1250 5432/tcp open http syn-ack ttl 53 Node.js Express framework
1251 |_http-cors: HEAD GET POST PUT DELETE PATCH
1252 | http-methods:
1253 |_ Supported Methods: GET HEAD POST OPTIONS
1254 |_http-title: Site doesn't have a title (text/plain).
1255 OS Info: Service Info: Host: server.domain.com; OS: Unix
1256 |_clock-skew: mean: -2s, deviation: 0s, median: -2s
1257 WebCrawling domain's web servers... up to 50 max links.
1258
1259 + URL to crawl: http://mail.teen18topic.com
1260 + Date: 2019-07-20
1261
1262 + Crawling URL: http://mail.teen18topic.com:
1263 + Links:
1264 + Crawling http://mail.teen18topic.com
1265 + Searching for directories...
1266 + Searching open folders...
1267
1268
1269 + URL to crawl: http://www.teen18topic.com.
1270 + Date: 2019-07-20
1271
1272 + Crawling URL: http://www.teen18topic.com.:
1273 + Links:
1274 + Crawling http://www.teen18topic.com.
1275 + Crawling http://www.teen18topic.com./freesites/cgi/out.php?link=logo
1276 + Crawling http://www.teen18topic.com./freesites/cgi/out.php?link=Little Cuties
1277 + Crawling http://www.teen18topic.com./freesites/cgi/out.php?link=find (400 Bad Request)
1278 + Crawling http://www.teen18topic.com./freesites/cgi/out.php?link=Little Kitties 5 G.b
1279 + Crawling http://www.teen18topic.com./freesites/cgi/out.php?link=Young Tabooo
1280 + Crawling http://www.teen18topic.com./freesites/cgi/out.php?link=Cute Forum - Topics
1281 + Crawling http://www.teen18topic.com./freesites/cgi/out.php?link=Little NN Models 12 m.b
1282 + Crawling http://www.teen18topic.com./freesites/cgi/out.php?link=Cute Kitties
1283 + Crawling http://www.teen18topic.com./freesites/cgi/out.php?member=signup
1284 + Crawling http://www.teen18topic.com./freesites/cgi/out.php?link=Little BBS Forum
1285 + Crawling http://www.teen18topic.com./freesites/cgi/out.php?link=post_topic
1286 + Crawling http://www.teen18topic.com./freesites/cgi/out.php?link=xxx1
1287 + Crawling http://www.teen18topic.com./freesites/cgi/out.php?link=2
1288 + Crawling http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a3xxx&gallery=Family Daddy Secrets 11 m.b Photos&p=0
1289 + Crawling http://www.teen18topic.com./freesites/cgi/out.php?link=sex5
1290 + Crawling http://www.teen18topic.com./freesites/cgi/out.php?link=sex6
1291 + Crawling http://www.teen18topic.com./freesites/cgi/out.php?link=sex7
1292 + Crawling http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a1414xx33x&gallery=Little Masha + Small Dasha - 8 M.b Photos&p=0
1293 + Crawling http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a186xxx&gallery=Little Daughter & Old Dad Topics&p=0
1294 + Crawling http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a1412s2xx3x&gallery=Teen Kittie + Perverted Father Movies&p=0
1295 + Crawling http://www.teen18topic.com./viewtopic/out.php?l=0.2.0.7.0&u=freesites/cgi/out.php?link=Father + Daughter ( 874 Photos & 12 Videos)&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a11xxx&gallery=Father + Daughter ( 874 Photos & 12 Videos)&p=0
1296 + Crawling http://www.teen18topic.com./viewtopic/out.php?l=0.1.4.25.21&u=freesites/cgi/out.php?link=Little Vaginas + Tiny Clits 7 M.b Images&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a1422s2xx3x&gallery=Little Vaginas + Tiny Clits 7 M.b Images&p=0
1297 + Crawling http://www.teen18topic.com./viewtopic/out.php?l=0.1.5.24.20&u=freesites/cgi/out.php?link=Dad + Small Daughters (Forbidden Love)&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a14222xx3x&gallery=Dad + Small Daughters (Forbidden Love)&p=0
1298 + Crawling http://www.teen18topic.com./viewtopic/out.php?l=0.1.6.20.16&u=freesites/cgi/out.php?link=Small Pussy Collection Forum 7 G.b Photos&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a12rrxxx&gallery=Small Pussy Collection Forum 7 G.b Photos&p=0
1299 + Crawling http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a1313xxx&gallery=Hottest Little Content - 12 G.b&p=0
1300 + Crawling http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a144x7x3x&gallery=Younest Girls in sexy Lingerie Forum&p=0
1301 + Crawling http://www.teen18topic.com./viewtopic/out.php?l=0.1.9.22.18&u=freesites/cgi/out.php?link=Cruel Dad + Tiny Daughter Sexual Punishment&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a12rd2xxx&gallery=Cruel Dad + Tiny Daughter Sexual Punishment&p=0
1302 + Crawling http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a14xxx&gallery=Little NUDIST Topic - 7 M.b Photos&p=0
1303 + Crawling http://www.teen18topic.com./viewtopic/out.php?l=0.1.11.2.3&u=freesites/cgi/out.php?link=Young Tabooo Links + 7 M.b + Small Kitties&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a2xxx&gallery=Young Tabooo Links + 7 M.b + Small Kitties&p=0
1304 + Crawling http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a7xxx&gallery=NN Models 8 m.b Archives&p=0
1305 + Crawling http://www.teen18topic.com./viewtopic/out.php?l=0.1.13.4.5&u=freesites/cgi/out.php?link=Forbidden Love :: Photo & Video Sharing&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a4xxx&gallery=Forbidden Love :: Photo & Video Sharing&p=0
1306 + Crawling http://www.teen18topic.com./viewtopic/out.php?l=0.1.14.19.15&u=freesites/cgi/out.php?link=Family RAPE Topics - 14 Video Tapes&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a1rrxxx&gallery=Family RAPE Topics - 14 Video Tapes&p=0
1307 + Crawling http://www.teen18topic.com./viewtopic/out.php?l=0.1.15.30.25&u=freesites/cgi/out.php?link=NN Julia + Tiny Vika + Cute Dasha&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a144x7x33x&gallery=NN Julia + Tiny Vika + Cute Dasha&p=0
1308 + Crawling http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a183xxx&gallery=Sister + Brother Sex Tapes&p=0
1309 + Crawling http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a15xxx&gallery=Family Taboo Sex - Dad & Daughter Forum&p=0
1310 + Crawling http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a1xxx&gallery=Little Cuties DVDrip 8 Gb&p=0
1311 + Crawling http://www.teen18topic.com./viewtopic/out.php?l=0.1.19.21.17&u=freesites/cgi/out.php?link=Cute Daughters + MOM + DAD Forum&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a12rrxxxx&gallery=Cute Daughters + MOM + DAD Forum&p=0
1312 + Crawling http://www.teen18topic.com./viewtopic/out.php?l=0.2.1.8.0&u=freesites/cgi/out.php?link=Young NUDIST & NATURIST :: Home Tapes&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a12xxx&gallery=Young NUDIST & NATURIST :: Home Tapes&p=0
1313 + Crawling http://www.teen18topic.com./viewtopic/out.php?l=0.1.20.15.12.t&u=freesites/cgi/out.php?link=NN Models in Lingerie&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a133xxx&gallery=NN Models in Lingerie&p=0
1314 + Crawling http://www.teen18topic.com./freesites/cgi/out.php?member=pinkteens.club
1315 + Crawling http://www.teen18topic.com./freesites/cgi/out.php?member=teenxxxforum.com
1316 + Crawling http://www.teen18topic.com./freesites/cgi/out.php?member=teenxxx18.com
1317 + Crawling http://www.teen18topic.com./freesites/cgi/out.php?member=cuties18.info
1318 + Crawling http://www.teen18topic.com./freesites/cgi/out.php?member=sexy18teens.pro
1319 + Crawling http://www.teen18topic.com./freesites/cgi/out.php?member=teenplanet.info (400 Bad Request)
1320 + Crawling http://www.teen18topic.com./freesites/cgi/out.php?member=xteenforum.com ([Errno -2] Name or service not known)
1321 + Crawling http://www.teen18topic.com./freesites/cgi/out.php?member=adultteens.info
1322 + Crawling http://www.teen18topic.com./freesites/cgi/out.php?member=teenforumx.com
1323 + Crawling http://www.teen18topic.com./freesites/cgi/out.php?member=dirtyteenxxx.com
1324 + Searching for directories...
1325 - Found: http://www.teen18topic.com./freesites/
1326 - Found: http://www.teen18topic.com./freesites/cgi/
1327 - Found: http://www.teen18topic.com./viewtopic/
1328 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/
1329 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/
1330 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http:/
1331 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://
1332 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/
1333 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/
1334 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/
1335 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/
1336 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http:/
1337 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://
1338 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/
1339 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/
1340 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/
1341 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/
1342 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http:/
1343 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://
1344 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/
1345 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/
1346 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/
1347 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/
1348 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http:/
1349 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://
1350 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/
1351 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/
1352 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.2.0.7.0&u=freesites/
1353 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.2.0.7.0&u=freesites/cgi/
1354 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.4.25.21&u=freesites/
1355 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.4.25.21&u=freesites/cgi/
1356 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.4.25.21&u=freesites/cgi/out.php?link=Little Vaginas + Tiny Clits 7 M.b Images&url=http:/
1357 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.4.25.21&u=freesites/cgi/out.php?link=Little Vaginas + Tiny Clits 7 M.b Images&url=http://
1358 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.4.25.21&u=freesites/cgi/out.php?link=Little Vaginas + Tiny Clits 7 M.b Images&url=http://teen18topic.com/
1359 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.4.25.21&u=freesites/cgi/out.php?link=Little Vaginas + Tiny Clits 7 M.b Images&url=http://teen18topic.com/teengalls/
1360 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.5.24.20&u=freesites/
1361 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.5.24.20&u=freesites/cgi/
1362 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.6.20.16&u=freesites/
1363 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.6.20.16&u=freesites/cgi/
1364 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.6.20.16&u=freesites/cgi/out.php?link=Small Pussy Collection Forum 7 G.b Photos&url=http:/
1365 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.6.20.16&u=freesites/cgi/out.php?link=Small Pussy Collection Forum 7 G.b Photos&url=http://
1366 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.6.20.16&u=freesites/cgi/out.php?link=Small Pussy Collection Forum 7 G.b Photos&url=http://teen18topic.com/
1367 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.6.20.16&u=freesites/cgi/out.php?link=Small Pussy Collection Forum 7 G.b Photos&url=http://teen18topic.com/teengalls/
1368 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/
1369 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/
1370 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http:/
1371 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://
1372 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/
1373 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/
1374 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/
1375 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/
1376 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http:/
1377 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://
1378 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/
1379 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/
1380 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.9.22.18&u=freesites/
1381 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.9.22.18&u=freesites/cgi/
1382 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.9.22.18&u=freesites/cgi/out.php?link=Cruel Dad + Tiny Daughter Sexual Punishment&url=http:/
1383 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.9.22.18&u=freesites/cgi/out.php?link=Cruel Dad + Tiny Daughter Sexual Punishment&url=http://
1384 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.9.22.18&u=freesites/cgi/out.php?link=Cruel Dad + Tiny Daughter Sexual Punishment&url=http://teen18topic.com/
1385 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.9.22.18&u=freesites/cgi/out.php?link=Cruel Dad + Tiny Daughter Sexual Punishment&url=http://teen18topic.com/teengalls/
1386 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/
1387 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/
1388 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http:/
1389 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://
1390 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/
1391 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/
1392 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.11.2.3&u=freesites/
1393 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.11.2.3&u=freesites/cgi/
1394 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.11.2.3&u=freesites/cgi/out.php?link=Young Tabooo Links + 7 M.b + Small Kitties&url=http:/
1395 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.11.2.3&u=freesites/cgi/out.php?link=Young Tabooo Links + 7 M.b + Small Kitties&url=http://
1396 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.11.2.3&u=freesites/cgi/out.php?link=Young Tabooo Links + 7 M.b + Small Kitties&url=http://teen18topic.com/
1397 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.11.2.3&u=freesites/cgi/out.php?link=Young Tabooo Links + 7 M.b + Small Kitties&url=http://teen18topic.com/teengalls/
1398 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/
1399 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/
1400 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http:/
1401 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://
1402 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/
1403 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/
1404 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.13.4.5&u=freesites/
1405 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.13.4.5&u=freesites/cgi/
1406 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.13.4.5&u=freesites/cgi/out.php?link=Forbidden Love :: Photo & Video Sharing&url=http:/
1407 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.13.4.5&u=freesites/cgi/out.php?link=Forbidden Love :: Photo & Video Sharing&url=http://
1408 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.13.4.5&u=freesites/cgi/out.php?link=Forbidden Love :: Photo & Video Sharing&url=http://teen18topic.com/
1409 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.13.4.5&u=freesites/cgi/out.php?link=Forbidden Love :: Photo & Video Sharing&url=http://teen18topic.com/teengalls/
1410 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.14.19.15&u=freesites/
1411 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.14.19.15&u=freesites/cgi/
1412 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.14.19.15&u=freesites/cgi/out.php?link=Family RAPE Topics - 14 Video Tapes&url=http:/
1413 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.14.19.15&u=freesites/cgi/out.php?link=Family RAPE Topics - 14 Video Tapes&url=http://
1414 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.14.19.15&u=freesites/cgi/out.php?link=Family RAPE Topics - 14 Video Tapes&url=http://teen18topic.com/
1415 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.14.19.15&u=freesites/cgi/out.php?link=Family RAPE Topics - 14 Video Tapes&url=http://teen18topic.com/teengalls/
1416 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.15.30.25&u=freesites/
1417 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.15.30.25&u=freesites/cgi/
1418 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.15.30.25&u=freesites/cgi/out.php?link=NN Julia + Tiny Vika + Cute Dasha&url=http:/
1419 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.15.30.25&u=freesites/cgi/out.php?link=NN Julia + Tiny Vika + Cute Dasha&url=http://
1420 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.15.30.25&u=freesites/cgi/out.php?link=NN Julia + Tiny Vika + Cute Dasha&url=http://teen18topic.com/
1421 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.15.30.25&u=freesites/cgi/out.php?link=NN Julia + Tiny Vika + Cute Dasha&url=http://teen18topic.com/teengalls/
1422 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/
1423 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/
1424 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http:/
1425 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://
1426 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/
1427 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/
1428 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/
1429 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/
1430 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http:/
1431 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://
1432 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/
1433 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/
1434 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/
1435 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/
1436 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http:/
1437 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://
1438 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/
1439 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/
1440 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.19.21.17&u=freesites/
1441 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.19.21.17&u=freesites/cgi/
1442 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.19.21.17&u=freesites/cgi/out.php?link=Cute Daughters + MOM + DAD Forum&url=http:/
1443 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.19.21.17&u=freesites/cgi/out.php?link=Cute Daughters + MOM + DAD Forum&url=http://
1444 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.19.21.17&u=freesites/cgi/out.php?link=Cute Daughters + MOM + DAD Forum&url=http://teen18topic.com/
1445 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.19.21.17&u=freesites/cgi/out.php?link=Cute Daughters + MOM + DAD Forum&url=http://teen18topic.com/teengalls/
1446 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.2.1.8.0&u=freesites/
1447 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.2.1.8.0&u=freesites/cgi/
1448 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.2.1.8.0&u=freesites/cgi/out.php?link=Young NUDIST & NATURIST :: Home Tapes&url=http:/
1449 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.2.1.8.0&u=freesites/cgi/out.php?link=Young NUDIST & NATURIST :: Home Tapes&url=http://
1450 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.2.1.8.0&u=freesites/cgi/out.php?link=Young NUDIST & NATURIST :: Home Tapes&url=http://teen18topic.com/
1451 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.2.1.8.0&u=freesites/cgi/out.php?link=Young NUDIST & NATURIST :: Home Tapes&url=http://teen18topic.com/teengalls/
1452 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.20.15.12.t&u=freesites/
1453 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.20.15.12.t&u=freesites/cgi/
1454 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.20.15.12.t&u=freesites/cgi/out.php?link=NN Models in Lingerie&url=http:/
1455 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.20.15.12.t&u=freesites/cgi/out.php?link=NN Models in Lingerie&url=http://
1456 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.20.15.12.t&u=freesites/cgi/out.php?link=NN Models in Lingerie&url=http://teen18topic.com/
1457 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.20.15.12.t&u=freesites/cgi/out.php?link=NN Models in Lingerie&url=http://teen18topic.com/teengalls/
1458 - Found: http://www.teen18topic.com./i_files/
1459 - Found: http://www.teen18topic.com./freesites/cgi/desk_img/
1460 - Found: http://www.teen18topic.com./styles/
1461 - Found: http://www.teen18topic.com./styles/black_pearl/
1462 - Found: http://www.teen18topic.com./styles/black_pearl/template/
1463 - Found: http://www.teen18topic.com./includes/
1464 - Found: http://www.teen18topic.com./includes/js/
1465 - Found: http://www.teen18topic.com./freesites/cgi/icons2/
1466 - Found: http://www.teen18topic.com./freesites/cgi/download/
1467 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/
1468 - Found: http://www.teen18topic.com./18virginxxx_files/
1469 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/icons2/
1470 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/
1471 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/icons2/
1472 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/
1473 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/icons2/
1474 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/
1475 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.2.0.7.0&u=freesites/cgi/out.php?link=Father + Daughter ( 874 Photos & 12 Videos)&url=http:/
1476 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.2.0.7.0&u=freesites/cgi/out.php?link=Father + Daughter ( 874 Photos & 12 Videos)&url=http://
1477 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.2.0.7.0&u=freesites/cgi/out.php?link=Father + Daughter ( 874 Photos & 12 Videos)&url=http://teen18topic.com/
1478 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.2.0.7.0&u=freesites/cgi/out.php?link=Father + Daughter ( 874 Photos & 12 Videos)&url=http://teen18topic.com/teengalls/
1479 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/icons/
1480 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/img/
1481 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/websites/
1482 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/desk_img/
1483 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/
1484 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/
1485 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/desk_img/
1486 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/
1487 - Found: http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/
1488 - Found: http://www.teen18topic.com./cdn.tube3.com/
1489 - Found: http://www.teen18topic.com./cdn.tube3.com/icon/
1490 - Found: http://www.teen18topic.com./js/
1491 - Found: http://www.teen18topic.com./cdn.tube3.com/js/
1492 - Found: http://www.teen18topic.com./cdn.tube3.com/img/
1493 - Found: http://www.teen18topic.com./img/
1494 - Found: http://www.teen18topic.com./freesites/cgi/icons/
1495 - Found: http://www.teen18topic.com./freesites/cgi/img/
1496 - Found: http://www.teen18topic.com./freesites/cgi/websites/
1497 + Searching open folders...
1498 - http://www.teen18topic.com./freesites/ (No Open Folder)
1499 - http://www.teen18topic.com./freesites/cgi/ (404 Not Found)
1500 - http://www.teen18topic.com./viewtopic/ (403 Forbidden)
1501 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/ (No Open Folder)
1502 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/ (404 Not Found)
1503 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http:/ (No Open Folder)
1504 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http:// (Moved)
1505 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/ (No Open Folder)
1506 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/ (403 Forbidden)
1507 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/ (No Open Folder)
1508 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/ (404 Not Found)
1509 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http:/ (No Open Folder)
1510 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http:// (Moved)
1511 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/ (No Open Folder)
1512 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/ (403 Forbidden)
1513 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/ (No Open Folder)
1514 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/ (404 Not Found)
1515 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http:/ (No Open Folder)
1516 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http:// (Moved)
1517 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/ (No Open Folder)
1518 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/ (403 Forbidden)
1519 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/ (No Open Folder)
1520 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/ (404 Not Found)
1521 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http:/ (No Open Folder)
1522 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http:// (Moved)
1523 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/ (No Open Folder)
1524 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/ (403 Forbidden)
1525 - http://www.teen18topic.com./viewtopic/out.php?l=0.2.0.7.0&u=freesites/ (No Open Folder)
1526 - http://www.teen18topic.com./viewtopic/out.php?l=0.2.0.7.0&u=freesites/cgi/ (404 Not Found)
1527 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.4.25.21&u=freesites/ (No Open Folder)
1528 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.4.25.21&u=freesites/cgi/ (404 Not Found)
1529 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.4.25.21&u=freesites/cgi/out.php?link=Little Vaginas + Tiny Clits 7 M.b Images&url=http:/ (No Open Folder)
1530 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.4.25.21&u=freesites/cgi/out.php?link=Little Vaginas + Tiny Clits 7 M.b Images&url=http:// (Moved)
1531 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.4.25.21&u=freesites/cgi/out.php?link=Little Vaginas + Tiny Clits 7 M.b Images&url=http://teen18topic.com/ (No Open Folder)
1532 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.4.25.21&u=freesites/cgi/out.php?link=Little Vaginas + Tiny Clits 7 M.b Images&url=http://teen18topic.com/teengalls/ (403 Forbidden)
1533 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.5.24.20&u=freesites/ (No Open Folder)
1534 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.5.24.20&u=freesites/cgi/ (404 Not Found)
1535 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.6.20.16&u=freesites/ (No Open Folder)
1536 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.6.20.16&u=freesites/cgi/ (404 Not Found)
1537 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.6.20.16&u=freesites/cgi/out.php?link=Small Pussy Collection Forum 7 G.b Photos&url=http:/ (No Open Folder)
1538 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.6.20.16&u=freesites/cgi/out.php?link=Small Pussy Collection Forum 7 G.b Photos&url=http:// (Moved)
1539 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.6.20.16&u=freesites/cgi/out.php?link=Small Pussy Collection Forum 7 G.b Photos&url=http://teen18topic.com/ (No Open Folder)
1540 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.6.20.16&u=freesites/cgi/out.php?link=Small Pussy Collection Forum 7 G.b Photos&url=http://teen18topic.com/teengalls/ (403 Forbidden)
1541 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/ (No Open Folder)
1542 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/ (404 Not Found)
1543 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http:/ (No Open Folder)
1544 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http:// (Moved)
1545 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/ (No Open Folder)
1546 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/ (403 Forbidden)
1547 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/ (No Open Folder)
1548 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/ (404 Not Found)
1549 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http:/ (No Open Folder)
1550 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http:// (Moved)
1551 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/ (No Open Folder)
1552 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/ (403 Forbidden)
1553 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.9.22.18&u=freesites/ (No Open Folder)
1554 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.9.22.18&u=freesites/cgi/ (404 Not Found)
1555 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.9.22.18&u=freesites/cgi/out.php?link=Cruel Dad + Tiny Daughter Sexual Punishment&url=http:/ (No Open Folder)
1556 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.9.22.18&u=freesites/cgi/out.php?link=Cruel Dad + Tiny Daughter Sexual Punishment&url=http:// (Moved)
1557 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.9.22.18&u=freesites/cgi/out.php?link=Cruel Dad + Tiny Daughter Sexual Punishment&url=http://teen18topic.com/ (No Open Folder)
1558 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.9.22.18&u=freesites/cgi/out.php?link=Cruel Dad + Tiny Daughter Sexual Punishment&url=http://teen18topic.com/teengalls/ (403 Forbidden)
1559 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/ (No Open Folder)
1560 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/ (404 Not Found)
1561 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http:/ (No Open Folder)
1562 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http:// (Moved)
1563 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/ (No Open Folder)
1564 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/ (403 Forbidden)
1565 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.11.2.3&u=freesites/ (No Open Folder)
1566 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.11.2.3&u=freesites/cgi/ (404 Not Found)
1567 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.11.2.3&u=freesites/cgi/out.php?link=Young Tabooo Links + 7 M.b + Small Kitties&url=http:/ (No Open Folder)
1568 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.11.2.3&u=freesites/cgi/out.php?link=Young Tabooo Links + 7 M.b + Small Kitties&url=http:// (Moved)
1569 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.11.2.3&u=freesites/cgi/out.php?link=Young Tabooo Links + 7 M.b + Small Kitties&url=http://teen18topic.com/ (No Open Folder)
1570 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.11.2.3&u=freesites/cgi/out.php?link=Young Tabooo Links + 7 M.b + Small Kitties&url=http://teen18topic.com/teengalls/ (403 Forbidden)
1571 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/ (No Open Folder)
1572 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/ (404 Not Found)
1573 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http:/ (No Open Folder)
1574 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http:// (Moved)
1575 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/ (No Open Folder)
1576 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/ (403 Forbidden)
1577 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.13.4.5&u=freesites/ (No Open Folder)
1578 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.13.4.5&u=freesites/cgi/ (404 Not Found)
1579 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.13.4.5&u=freesites/cgi/out.php?link=Forbidden Love :: Photo & Video Sharing&url=http:/ (No Open Folder)
1580 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.13.4.5&u=freesites/cgi/out.php?link=Forbidden Love :: Photo & Video Sharing&url=http:// (Moved)
1581 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.13.4.5&u=freesites/cgi/out.php?link=Forbidden Love :: Photo & Video Sharing&url=http://teen18topic.com/ (No Open Folder)
1582 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.13.4.5&u=freesites/cgi/out.php?link=Forbidden Love :: Photo & Video Sharing&url=http://teen18topic.com/teengalls/ (403 Forbidden)
1583 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.14.19.15&u=freesites/ (No Open Folder)
1584 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.14.19.15&u=freesites/cgi/ (404 Not Found)
1585 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.14.19.15&u=freesites/cgi/out.php?link=Family RAPE Topics - 14 Video Tapes&url=http:/ (No Open Folder)
1586 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.14.19.15&u=freesites/cgi/out.php?link=Family RAPE Topics - 14 Video Tapes&url=http:// (Moved)
1587 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.14.19.15&u=freesites/cgi/out.php?link=Family RAPE Topics - 14 Video Tapes&url=http://teen18topic.com/ (No Open Folder)
1588 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.14.19.15&u=freesites/cgi/out.php?link=Family RAPE Topics - 14 Video Tapes&url=http://teen18topic.com/teengalls/ (403 Forbidden)
1589 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.15.30.25&u=freesites/ (No Open Folder)
1590 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.15.30.25&u=freesites/cgi/ (404 Not Found)
1591 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.15.30.25&u=freesites/cgi/out.php?link=NN Julia + Tiny Vika + Cute Dasha&url=http:/ (No Open Folder)
1592 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.15.30.25&u=freesites/cgi/out.php?link=NN Julia + Tiny Vika + Cute Dasha&url=http:// (Moved)
1593 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.15.30.25&u=freesites/cgi/out.php?link=NN Julia + Tiny Vika + Cute Dasha&url=http://teen18topic.com/ (No Open Folder)
1594 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.15.30.25&u=freesites/cgi/out.php?link=NN Julia + Tiny Vika + Cute Dasha&url=http://teen18topic.com/teengalls/ (403 Forbidden)
1595 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/ (No Open Folder)
1596 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/ (404 Not Found)
1597 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http:/ (No Open Folder)
1598 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http:// (Moved)
1599 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/ (No Open Folder)
1600 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/ (403 Forbidden)
1601 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/ (No Open Folder)
1602 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/ (404 Not Found)
1603 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http:/ (No Open Folder)
1604 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http:// (Moved)
1605 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/ (No Open Folder)
1606 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/ (403 Forbidden)
1607 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/ (No Open Folder)
1608 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/ (404 Not Found)
1609 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http:/ (No Open Folder)
1610 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http:// (400 Bad Request)
1611 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/ (No Open Folder)
1612 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/ (403 Forbidden)
1613 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.19.21.17&u=freesites/ (No Open Folder)
1614 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.19.21.17&u=freesites/cgi/ (404 Not Found)
1615 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.19.21.17&u=freesites/cgi/out.php?link=Cute Daughters + MOM + DAD Forum&url=http:/ (No Open Folder)
1616 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.19.21.17&u=freesites/cgi/out.php?link=Cute Daughters + MOM + DAD Forum&url=http:// (Moved)
1617 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.19.21.17&u=freesites/cgi/out.php?link=Cute Daughters + MOM + DAD Forum&url=http://teen18topic.com/ (No Open Folder)
1618 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.19.21.17&u=freesites/cgi/out.php?link=Cute Daughters + MOM + DAD Forum&url=http://teen18topic.com/teengalls/ (403 Forbidden)
1619 - http://www.teen18topic.com./viewtopic/out.php?l=0.2.1.8.0&u=freesites/ (No Open Folder)
1620 - http://www.teen18topic.com./viewtopic/out.php?l=0.2.1.8.0&u=freesites/cgi/ (404 Not Found)
1621 - http://www.teen18topic.com./viewtopic/out.php?l=0.2.1.8.0&u=freesites/cgi/out.php?link=Young NUDIST & NATURIST :: Home Tapes&url=http:/ (No Open Folder)
1622 - http://www.teen18topic.com./viewtopic/out.php?l=0.2.1.8.0&u=freesites/cgi/out.php?link=Young NUDIST & NATURIST :: Home Tapes&url=http:// (Moved)
1623 - http://www.teen18topic.com./viewtopic/out.php?l=0.2.1.8.0&u=freesites/cgi/out.php?link=Young NUDIST & NATURIST :: Home Tapes&url=http://teen18topic.com/ (No Open Folder)
1624 - http://www.teen18topic.com./viewtopic/out.php?l=0.2.1.8.0&u=freesites/cgi/out.php?link=Young NUDIST & NATURIST :: Home Tapes&url=http://teen18topic.com/teengalls/ (403 Forbidden)
1625 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.20.15.12.t&u=freesites/ (No Open Folder)
1626 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.20.15.12.t&u=freesites/cgi/ (404 Not Found)
1627 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.20.15.12.t&u=freesites/cgi/out.php?link=NN Models in Lingerie&url=http:/ (No Open Folder)
1628 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.20.15.12.t&u=freesites/cgi/out.php?link=NN Models in Lingerie&url=http:// (Moved)
1629 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.20.15.12.t&u=freesites/cgi/out.php?link=NN Models in Lingerie&url=http://teen18topic.com/ (No Open Folder)
1630 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.20.15.12.t&u=freesites/cgi/out.php?link=NN Models in Lingerie&url=http://teen18topic.com/teengalls/ (403 Forbidden)
1631 - http://www.teen18topic.com./i_files/ (403 Forbidden)
1632 - http://www.teen18topic.com./freesites/cgi/desk_img/ (404 Not Found)
1633 - http://www.teen18topic.com./styles/ (404 Not Found)
1634 - http://www.teen18topic.com./styles/black_pearl/ (404 Not Found)
1635 - http://www.teen18topic.com./styles/black_pearl/template/ (404 Not Found)
1636 - http://www.teen18topic.com./includes/ (404 Not Found)
1637 - http://www.teen18topic.com./includes/js/ (404 Not Found)
1638 - http://www.teen18topic.com./freesites/cgi/icons2/ (404 Not Found)
1639 - http://www.teen18topic.com./freesites/cgi/download/ (404 Not Found)
1640 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/ (404 Not Found)
1641 - http://www.teen18topic.com./18virginxxx_files/ (404 Not Found)
1642 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/icons2/ (404 Not Found)
1643 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/ (404 Not Found)
1644 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/icons2/ (404 Not Found)
1645 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/ (404 Not Found)
1646 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/icons2/ (404 Not Found)
1647 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/ (404 Not Found)
1648 - http://www.teen18topic.com./viewtopic/out.php?l=0.2.0.7.0&u=freesites/cgi/out.php?link=Father + Daughter ( 874 Photos & 12 Videos)&url=http:/ (No Open Folder)
1649 - http://www.teen18topic.com./viewtopic/out.php?l=0.2.0.7.0&u=freesites/cgi/out.php?link=Father + Daughter ( 874 Photos & 12 Videos)&url=http:// (Moved)
1650 - http://www.teen18topic.com./viewtopic/out.php?l=0.2.0.7.0&u=freesites/cgi/out.php?link=Father + Daughter ( 874 Photos & 12 Videos)&url=http://teen18topic.com/ (No Open Folder)
1651 - http://www.teen18topic.com./viewtopic/out.php?l=0.2.0.7.0&u=freesites/cgi/out.php?link=Father + Daughter ( 874 Photos & 12 Videos)&url=http://teen18topic.com/teengalls/ (403 Forbidden)
1652 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/icons/ (404 Not Found)
1653 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/img/ (404 Not Found)
1654 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/websites/ (404 Not Found)
1655 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/desk_img/ (404 Not Found)
1656 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/ (404 Not Found)
1657 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/ (404 Not Found)
1658 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/desk_img/ (404 Not Found)
1659 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/ (404 Not Found)
1660 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/ (404 Not Found)
1661 - http://www.teen18topic.com./cdn.tube3.com/ (404 Not Found)
1662 - http://www.teen18topic.com./cdn.tube3.com/icon/ (404 Not Found)
1663 - http://www.teen18topic.com./js/ (404 Not Found)
1664 - http://www.teen18topic.com./cdn.tube3.com/js/ (404 Not Found)
1665 - http://www.teen18topic.com./cdn.tube3.com/img/ (404 Not Found)
1666 - http://www.teen18topic.com./img/ (404 Not Found)
1667 - http://www.teen18topic.com./freesites/cgi/icons/ (404 Not Found)
1668 - http://www.teen18topic.com./freesites/cgi/img/ (404 Not Found)
1669 - http://www.teen18topic.com./freesites/cgi/websites/ (404 Not Found)
1670 + Crawl finished successfully.
1671----------------------------------------------------------------------
1672Summary of http://http://www.teen18topic.com.
1673----------------------------------------------------------------------
1674+ Links crawled:
1675 - http://www.teen18topic.com.
1676 - http://www.teen18topic.com./freesites/cgi/out.php?link=2
1677 - http://www.teen18topic.com./freesites/cgi/out.php?link=Cute Forum - Topics
1678 - http://www.teen18topic.com./freesites/cgi/out.php?link=Cute Kitties
1679 - http://www.teen18topic.com./freesites/cgi/out.php?link=Little BBS Forum
1680 - http://www.teen18topic.com./freesites/cgi/out.php?link=Little Cuties
1681 - http://www.teen18topic.com./freesites/cgi/out.php?link=Little Kitties 5 G.b
1682 - http://www.teen18topic.com./freesites/cgi/out.php?link=Little NN Models 12 m.b
1683 - http://www.teen18topic.com./freesites/cgi/out.php?link=Young Tabooo
1684 - http://www.teen18topic.com./freesites/cgi/out.php?link=find (400 Bad Request)
1685 - http://www.teen18topic.com./freesites/cgi/out.php?link=logo
1686 - http://www.teen18topic.com./freesites/cgi/out.php?link=post_topic
1687 - http://www.teen18topic.com./freesites/cgi/out.php?link=sex5
1688 - http://www.teen18topic.com./freesites/cgi/out.php?link=sex6
1689 - http://www.teen18topic.com./freesites/cgi/out.php?link=sex7
1690 - http://www.teen18topic.com./freesites/cgi/out.php?link=xxx1
1691 - http://www.teen18topic.com./freesites/cgi/out.php?member=adultteens.info
1692 - http://www.teen18topic.com./freesites/cgi/out.php?member=cuties18.info
1693 - http://www.teen18topic.com./freesites/cgi/out.php?member=dirtyteenxxx.com
1694 - http://www.teen18topic.com./freesites/cgi/out.php?member=pinkteens.club
1695 - http://www.teen18topic.com./freesites/cgi/out.php?member=sexy18teens.pro
1696 - http://www.teen18topic.com./freesites/cgi/out.php?member=signup
1697 - http://www.teen18topic.com./freesites/cgi/out.php?member=teenforumx.com
1698 - http://www.teen18topic.com./freesites/cgi/out.php?member=teenplanet.info (400 Bad Request)
1699 - http://www.teen18topic.com./freesites/cgi/out.php?member=teenxxx18.com
1700 - http://www.teen18topic.com./freesites/cgi/out.php?member=teenxxxforum.com
1701 - http://www.teen18topic.com./freesites/cgi/out.php?member=xteenforum.com ([Errno -2] Name or service not known)
1702 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a3xxx&gallery=Family Daddy Secrets 11 m.b Photos&p=0
1703 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a1414xx33x&gallery=Little Masha + Small Dasha - 8 M.b Photos&p=0
1704 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a14xxx&gallery=Little NUDIST Topic - 7 M.b Photos&p=0
1705 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.11.2.3&u=freesites/cgi/out.php?link=Young Tabooo Links + 7 M.b + Small Kitties&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a2xxx&gallery=Young Tabooo Links + 7 M.b + Small Kitties&p=0
1706 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a7xxx&gallery=NN Models 8 m.b Archives&p=0
1707 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.13.4.5&u=freesites/cgi/out.php?link=Forbidden Love :: Photo & Video Sharing&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a4xxx&gallery=Forbidden Love :: Photo & Video Sharing&p=0
1708 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.14.19.15&u=freesites/cgi/out.php?link=Family RAPE Topics - 14 Video Tapes&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a1rrxxx&gallery=Family RAPE Topics - 14 Video Tapes&p=0
1709 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.15.30.25&u=freesites/cgi/out.php?link=NN Julia + Tiny Vika + Cute Dasha&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a144x7x33x&gallery=NN Julia + Tiny Vika + Cute Dasha&p=0
1710 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a183xxx&gallery=Sister + Brother Sex Tapes&p=0
1711 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a15xxx&gallery=Family Taboo Sex - Dad & Daughter Forum&p=0
1712 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a1xxx&gallery=Little Cuties DVDrip 8 Gb&p=0
1713 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.19.21.17&u=freesites/cgi/out.php?link=Cute Daughters + MOM + DAD Forum&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a12rrxxxx&gallery=Cute Daughters + MOM + DAD Forum&p=0
1714 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a186xxx&gallery=Little Daughter & Old Dad Topics&p=0
1715 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.20.15.12.t&u=freesites/cgi/out.php?link=NN Models in Lingerie&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a133xxx&gallery=NN Models in Lingerie&p=0
1716 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a1412s2xx3x&gallery=Teen Kittie + Perverted Father Movies&p=0
1717 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.4.25.21&u=freesites/cgi/out.php?link=Little Vaginas + Tiny Clits 7 M.b Images&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a1422s2xx3x&gallery=Little Vaginas + Tiny Clits 7 M.b Images&p=0
1718 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.5.24.20&u=freesites/cgi/out.php?link=Dad + Small Daughters (Forbidden Love)&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a14222xx3x&gallery=Dad + Small Daughters (Forbidden Love)&p=0
1719 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.6.20.16&u=freesites/cgi/out.php?link=Small Pussy Collection Forum 7 G.b Photos&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a12rrxxx&gallery=Small Pussy Collection Forum 7 G.b Photos&p=0
1720 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a1313xxx&gallery=Hottest Little Content - 12 G.b&p=0
1721 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a144x7x3x&gallery=Younest Girls in sexy Lingerie Forum&p=0
1722 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.9.22.18&u=freesites/cgi/out.php?link=Cruel Dad + Tiny Daughter Sexual Punishment&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a12rd2xxx&gallery=Cruel Dad + Tiny Daughter Sexual Punishment&p=0
1723 - http://www.teen18topic.com./viewtopic/out.php?l=0.2.0.7.0&u=freesites/cgi/out.php?link=Father + Daughter ( 874 Photos & 12 Videos)&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a11xxx&gallery=Father + Daughter ( 874 Photos & 12 Videos)&p=0
1724 - http://www.teen18topic.com./viewtopic/out.php?l=0.2.1.8.0&u=freesites/cgi/out.php?link=Young NUDIST & NATURIST :: Home Tapes&url=http://teen18topic.com/teengalls/teen-galls.php?pics=a12xxx&gallery=Young NUDIST & NATURIST :: Home Tapes&p=0
1725 Total links crawled: 50
1726
1727+ Links to files found:
1728 - http://www.teen18topic.com./18virginxxx_files/8_hot1.gif
1729 - http://www.teen18topic.com./18virginxxx_files/clock.js
1730 - http://www.teen18topic.com./18virginxxx_files/collapse_thead.gif
1731 - http://www.teen18topic.com./18virginxxx_files/connection-min.js
1732 - http://www.teen18topic.com./18virginxxx_files/icon1.gif
1733 - http://www.teen18topic.com./18virginxxx_files/keep2.png
1734 - http://www.teen18topic.com./18virginxxx_files/lastpost.gif
1735 - http://www.teen18topic.com./18virginxxx_files/menu_open.gif
1736 - http://www.teen18topic.com./18virginxxx_files/multipage.gif
1737 - http://www.teen18topic.com./18virginxxx_files/navbits_finallink_ltr.gif
1738 - http://www.teen18topic.com./18virginxxx_files/navbits_start.gif
1739 - http://www.teen18topic.com./18virginxxx_files/newthread.gif
1740 - http://www.teen18topic.com./18virginxxx_files/rating_5.gif
1741 - http://www.teen18topic.com./18virginxxx_files/sortasc.gif
1742 - http://www.teen18topic.com./18virginxxx_files/tag.png
1743 - http://www.teen18topic.com./18virginxxx_files/thread.gif
1744 - http://www.teen18topic.com./18virginxxx_files/thread_hot.gif
1745 - http://www.teen18topic.com./18virginxxx_files/thread_hot_new.gif
1746 - http://www.teen18topic.com./18virginxxx_files/thread_lock.gif
1747 - http://www.teen18topic.com./18virginxxx_files/thread_new.gif
1748 - http://www.teen18topic.com./18virginxxx_files/update.gif
1749 - http://www.teen18topic.com./18virginxxx_files/vbulletin_global.js
1750 - http://www.teen18topic.com./18virginxxx_files/vbulletin_important.css
1751 - http://www.teen18topic.com./18virginxxx_files/vbulletin_md5.js
1752 - http://www.teen18topic.com./18virginxxx_files/vbulletin_menu.js
1753 - http://www.teen18topic.com./18virginxxx_files/vbulletin_read_marker.js
1754 - http://www.teen18topic.com./18virginxxx_files/yahoo-dom-event.js
1755 - http://www.teen18topic.com./cdn.tube3.com/icon/apple-touch-icon.png
1756 - http://www.teen18topic.com./cdn.tube3.com/icon/favicon-16x16.png
1757 - http://www.teen18topic.com./cdn.tube3.com/icon/favicon-32x32.png
1758 - http://www.teen18topic.com./cdn.tube3.com/icon/favicon.ico
1759 - http://www.teen18topic.com./cdn.tube3.com/img/bg.png
1760 - http://www.teen18topic.com./cdn.tube3.com/js/8.15.2.lazyload.min.js
1761 - http://www.teen18topic.com./favicon.png
1762 - http://www.teen18topic.com./freesites/cgi/arrow_down.png
1763 - http://www.teen18topic.com./freesites/cgi/arrow_up.png
1764 - http://www.teen18topic.com./freesites/cgi/avatar.png
1765 - http://www.teen18topic.com./freesites/cgi/b.jpg
1766 - http://www.teen18topic.com./freesites/cgi/button_blankic_new.gif
1767 - http://www.teen18topic.com./freesites/cgi/button_topic_new.gif
1768 - http://www.teen18topic.com./freesites/cgi/button_topic_new.png
1769 - http://www.teen18topic.com./freesites/cgi/button_topic_reply.gif
1770 - http://www.teen18topic.com./freesites/cgi/button_topic_reply.png
1771 - http://www.teen18topic.com./freesites/cgi/c1.gif
1772 - http://www.teen18topic.com./freesites/cgi/c2.gif
1773 - http://www.teen18topic.com./freesites/cgi/c3.gif
1774 - http://www.teen18topic.com./freesites/cgi/c4.gif
1775 - http://www.teen18topic.com./freesites/cgi/cellpic4_l.png
1776 - http://www.teen18topic.com./freesites/cgi/cellpic4_r.png
1777 - http://www.teen18topic.com./freesites/cgi/content.php?link=05.gif
1778 - http://www.teen18topic.com./freesites/cgi/content.php?link=1egal_l0_l1.jpg
1779 - http://www.teen18topic.com./freesites/cgi/content.php?link=1ittle_69_movies.avi
1780 - http://www.teen18topic.com./freesites/cgi/content.php?link=3d-taboo.jpg
1781 - http://www.teen18topic.com./freesites/cgi/content.php?link=BOY+BOY.avi
1782 - http://www.teen18topic.com./freesites/cgi/content.php?link=Bianka_Ams_012.jpg
1783 - http://www.teen18topic.com./freesites/cgi/content.php?link=Image_011.jpg
1784 - http://www.teen18topic.com./freesites/cgi/content.php?link=Image_08.jpg
1785 - http://www.teen18topic.com./freesites/cgi/content.php?link=Image_09.jpg
1786 - http://www.teen18topic.com./freesites/cgi/content.php?link=Kiki_Model_012.jpg
1787 - http://www.teen18topic.com./freesites/cgi/content.php?link=Kiss_My_Pussy.jpg
1788 - http://www.teen18topic.com./freesites/cgi/content.php?link=L1ttle_Stesha.jpg
1789 - http://www.teen18topic.com./freesites/cgi/content.php?link=Lena_videos.avi
1790 - http://www.teen18topic.com./freesites/cgi/content.php?link=Lilianna_07.jpg
1791 - http://www.teen18topic.com./freesites/cgi/content.php?link=Lo-Jasmine.jpg
1792 - http://www.teen18topic.com./freesites/cgi/content.php?link=Lo-Olga.avi
1793 - http://www.teen18topic.com./freesites/cgi/content.php?link=Lo_Olga_011.jpg
1794 - http://www.teen18topic.com./freesites/cgi/content.php?link=NN-Bianka_model.jpg
1795 - http://www.teen18topic.com./freesites/cgi/content.php?link=No_Daddy.avi
1796 - http://www.teen18topic.com./freesites/cgi/content.php?link=Nudism07.rar
1797 - http://www.teen18topic.com./freesites/cgi/content.php?link=Oh_papa.jpg
1798 - http://www.teen18topic.com./freesites/cgi/content.php?link=PCTD1996y.AVI
1799 - http://www.teen18topic.com./freesites/cgi/content.php?link=R.A.P.E.avi
1800 - http://www.teen18topic.com./freesites/cgi/content.php?link=Sabrina_lo.avi
1801 - http://www.teen18topic.com./freesites/cgi/content.php?link=closeup_pussy.jpg
1802 - http://www.teen18topic.com./freesites/cgi/content.php?link=cumshot.avi
1803 - http://www.teen18topic.com./freesites/cgi/content.php?link=cute_nn_bianka_011.jpg
1804 - http://www.teen18topic.com./freesites/cgi/content.php?link=cute_rebecca_007.jpg
1805 - http://www.teen18topic.com./freesites/cgi/content.php?link=dark-net_images.jpg
1806 - http://www.teen18topic.com./freesites/cgi/content.php?link=deepweb_videos.rar
1807 - http://www.teen18topic.com./freesites/cgi/content.php?link=first.jpg
1808 - http://www.teen18topic.com./freesites/cgi/content.php?link=hidden_file.avi
1809 - http://www.teen18topic.com./freesites/cgi/content.php?link=image_014.jpg
1810 - http://www.teen18topic.com./freesites/cgi/content.php?link=image_Anna09.jpg
1811 - http://www.teen18topic.com./freesites/cgi/content.php?link=image_lil_holes.jpg
1812 - http://www.teen18topic.com./freesites/cgi/content.php?link=kittie_Olga.avi
1813 - http://www.teen18topic.com./freesites/cgi/content.php?link=lil-philia-08.jpg
1814 - http://www.teen18topic.com./freesites/cgi/content.php?link=lilitanna_011.jpg
1815 - http://www.teen18topic.com./freesites/cgi/content.php?link=lo-Kaita_09.jpg
1816 - http://www.teen18topic.com./freesites/cgi/content.php?link=lo_nudism_007.avi
1817 - http://www.teen18topic.com./freesites/cgi/content.php?link=load_teen_jpg2_pretty_jpg_image.jpg
1818 - http://www.teen18topic.com./freesites/cgi/content.php?link=lolipops.jpg
1819 - http://www.teen18topic.com./freesites/cgi/content.php?link=lov1ta11.rar
1820 - http://www.teen18topic.com./freesites/cgi/content.php?link=lov1ta_lo.avi
1821 - http://www.teen18topic.com./freesites/cgi/content.php?link=lovita_011.jpg
1822 - http://www.teen18topic.com./freesites/cgi/content.php?link=lovita_1996y.avi
1823 - http://www.teen18topic.com./freesites/cgi/content.php?link=lovita_img_9.jpg
1824 - http://www.teen18topic.com./freesites/cgi/content.php?link=nn-Biana012.jpg
1825 - http://www.teen18topic.com./freesites/cgi/content.php?link=nudism_FKK.jpg
1826 - http://www.teen18topic.com./freesites/cgi/content.php?link=photophilia_1997y.jpg
1827 - http://www.teen18topic.com./freesites/cgi/content.php?link=pretty.jpg
1828 - http://www.teen18topic.com./freesites/cgi/content.php?link=pussies.rar
1829 - http://www.teen18topic.com./freesites/cgi/content.php?link=russian_nudist.avi
1830 - http://www.teen18topic.com./freesites/cgi/content.php?link=sma11.rar
1831 - http://www.teen18topic.com./freesites/cgi/content.php?link=taboo-3d-comics.jpg
1832 - http://www.teen18topic.com./freesites/cgi/content.php?link=teeni_camgirls.avi
1833 - http://www.teen18topic.com./freesites/cgi/content.php?link=tiny_Tania.jpg
1834 - http://www.teen18topic.com./freesites/cgi/content.php?link=tiny_paula.png
1835 - http://www.teen18topic.com./freesites/cgi/content.php?link=virgin_Anna.jpg
1836 - http://www.teen18topic.com./freesites/cgi/content.php?link=young-set_014.rar
1837 - http://www.teen18topic.com./freesites/cgi/counter.js
1838 - http://www.teen18topic.com./freesites/cgi/desk_img/a5b1c6d3.jpg
1839 - http://www.teen18topic.com./freesites/cgi/desk_img/a5b4f3e6.jpg
1840 - http://www.teen18topic.com./freesites/cgi/desk_img/a5e3d2c1.jpg
1841 - http://www.teen18topic.com./freesites/cgi/desk_img/a6e4f3d5.jpg
1842 - http://www.teen18topic.com./freesites/cgi/desk_img/b1f6a2d5.jpg
1843 - http://www.teen18topic.com./freesites/cgi/desk_img/b2f5a1d3.jpg
1844 - http://www.teen18topic.com./freesites/cgi/desk_img/b2f5e1d6.jpg
1845 - http://www.teen18topic.com./freesites/cgi/desk_img/b3d2c5a6.jpg
1846 - http://www.teen18topic.com./freesites/cgi/desk_img/b4a6d2c1.jpg
1847 - http://www.teen18topic.com./freesites/cgi/desk_img/b4e2d1c5.jpg
1848 - http://www.teen18topic.com./freesites/cgi/desk_img/b5f6c1a2.jpg
1849 - http://www.teen18topic.com./freesites/cgi/desk_img/b6c3a1f5.jpg
1850 - http://www.teen18topic.com./freesites/cgi/desk_img/c1d5f2b6.jpg
1851 - http://www.teen18topic.com./freesites/cgi/desk_img/c1e5d4f2.jpg
1852 - http://www.teen18topic.com./freesites/cgi/desk_img/c4b1a2f5.jpg
1853 - http://www.teen18topic.com./freesites/cgi/desk_img/c4d1b5a6.jpg
1854 - http://www.teen18topic.com./freesites/cgi/desk_img/c5b6f4e2.jpg
1855 - http://www.teen18topic.com./freesites/cgi/desk_img/c6a2e3d5.jpg
1856 - http://www.teen18topic.com./freesites/cgi/desk_img/d1a3f4b6.jpg
1857 - http://www.teen18topic.com./freesites/cgi/desk_img/d3b1c4a2.jpg
1858 - http://www.teen18topic.com./freesites/cgi/desk_img/d3e6a2f4.jpg
1859 - http://www.teen18topic.com./freesites/cgi/desk_img/d4c3e6a5.jpg
1860 - http://www.teen18topic.com./freesites/cgi/desk_img/d4e2a3f6.jpg
1861 - http://www.teen18topic.com./freesites/cgi/desk_img/d5a1b3c6.jpg
1862 - http://www.teen18topic.com./freesites/cgi/desk_img/d5a6e3b4.jpg
1863 - http://www.teen18topic.com./freesites/cgi/desk_img/d5c4e3a2.jpg
1864 - http://www.teen18topic.com./freesites/cgi/desk_img/e1a3d5f2.jpg
1865 - http://www.teen18topic.com./freesites/cgi/desk_img/e3d1f4c6.jpg
1866 - http://www.teen18topic.com./freesites/cgi/desk_img/e4a2d3c1.jpg
1867 - http://www.teen18topic.com./freesites/cgi/desk_img/e4b5f3d2.jpg
1868 - http://www.teen18topic.com./freesites/cgi/desk_img/e6d1c3b5.jpg
1869 - http://www.teen18topic.com./freesites/cgi/desk_img/f2a3d5e1.jpg
1870 - http://www.teen18topic.com./freesites/cgi/desk_img/f2c4b5d1.jpg
1871 - http://www.teen18topic.com./freesites/cgi/desk_img/f3d5b1a2.jpg
1872 - http://www.teen18topic.com./freesites/cgi/desk_img/f4d5b1e6.jpg
1873 - http://www.teen18topic.com./freesites/cgi/desk_img/f5e2c3d6.jpg
1874 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=1000-nonude_girls.rar
1875 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=100_nonude_girls.zip
1876 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=Cherish_NN_Dasha_Img:09.jpg
1877 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=Cute_NoNude_Niki-Ls-models.avi
1878 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=Cute_christine.jpg
1879 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=Cute_nn_imageboard.rar
1880 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=DSC_009.jpg
1881 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=DSC_irina_0012.jpg
1882 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=Image_011.jpg
1883 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=Image_012.jpg
1884 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=Jb-NN-Lilianna08.jpg
1885 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=Lovita_Kataia_Set_011.jpg
1886 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=Lovita_Ola_Set.11.jpg
1887 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=NN_Mila014.jpg
1888 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=NoNude_model_Tasha_forum_2018.rar
1889 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=Oh_papa_oh_oh_oh.avi
1890 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=Sharechan_Cute_Sandra_1997.avi
1891 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=Teen--cute-jpg_icon.jpg
1892 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=Teen-_NN_-Olga.avi
1893 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=Teen-_nonude_Cassy6550Bikini_[011].jpg
1894 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=Viperteens_Rosa.jpg
1895 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=VladModels-sonya-m-08min.avi
1896 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=Young-Miss-Nudist_Pageant.jpg
1897 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=amateur_cutie-Katia-[08].gif
1898 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=charmingmodels.jpg
1899 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=cherish-nn-cuties-play.avi
1900 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=cherish_nonnude_Natasha-Set_(013).jpg
1901 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=cherry_014.jpg
1902 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=flower_008.jpg
1903 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=funnygirls_dunja_18.jpg
1904 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=girl_dancing.rar
1905 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=imgchili_collection_Olga_+_Dasha.RAR
1906 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=innocent_Bianka_011.jpg
1907 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=juniors.jpg
1908 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=kitty-_cam_girl07.jpg
1909 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=kylie_011c.jpg
1910 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=ladmodels-karina.rar
1911 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=ls-nonude-models.avi
1912 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=my_lovely_hotties.jpg
1913 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=newstar.jpg
1914 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=nonude-ville-photos.zip
1915 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=nudejailbait.rar
1916 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=oh_liliana_0114.jpg
1917 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=pink_vulva.jpg
1918 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=silverdream_studio.rar
1919 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=sweet-Russian_sonja.jpg
1920 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=teen-naked-girls-bikini.jpg
1921 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=teen-nonude-stars.jpg
1922 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=teen_asses_assholes.jpg
1923 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=tiny_ballerina.jpg
1924 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=tiny_modles.jpg
1925 - http://www.teen18topic.com./freesites/cgi/download/content.php?link=ukraine-cuties_Nastia.jpg
1926 - http://www.teen18topic.com./freesites/cgi/favicon.ico
1927 - http://www.teen18topic.com./freesites/cgi/favicon.png
1928 - http://www.teen18topic.com./freesites/cgi/icon.png
1929 - http://www.teen18topic.com./freesites/cgi/icon_blankic_latest.gif
1930 - http://www.teen18topic.com./freesites/cgi/icon_e_smile.gif
1931 - http://www.teen18topic.com./freesites/cgi/icon_mrgreen.gif
1932 - http://www.teen18topic.com./freesites/cgi/icon_post_quote.gif
1933 - http://www.teen18topic.com./freesites/cgi/icon_post_quote.png
1934 - http://www.teen18topic.com./freesites/cgi/icon_post_target.gif
1935 - http://www.teen18topic.com./freesites/cgi/icon_razz.gif
1936 - http://www.teen18topic.com./freesites/cgi/icon_topic_latest.gif
1937 - http://www.teen18topic.com./freesites/cgi/icon_user_offline.gif
1938 - http://www.teen18topic.com./freesites/cgi/icon_user_offline.png
1939 - http://www.teen18topic.com./freesites/cgi/icon_user_profile.gif
1940 - http://www.teen18topic.com./freesites/cgi/icon_user_profile.png
1941 - http://www.teen18topic.com./freesites/cgi/icons/a_01.jpg
1942 - http://www.teen18topic.com./freesites/cgi/icons/ab07.png
1943 - http://www.teen18topic.com./freesites/cgi/icons/filedownload%20(2).png
1944 - http://www.teen18topic.com./freesites/cgi/icons/jpg-2.png
1945 - http://www.teen18topic.com./freesites/cgi/icons/rar_ico.png
1946 - http://www.teen18topic.com./freesites/cgi/icons2/icon_rar_2.png
1947 - http://www.teen18topic.com./freesites/cgi/icons2/jpg2_icon-.png
1948 - http://www.teen18topic.com./freesites/cgi/icons2/mp4_icon.png
1949 - http://www.teen18topic.com./freesites/cgi/icons2/video_icon.png
1950 - http://www.teen18topic.com./freesites/cgi/icons2/videos.jpg
1951 - http://www.teen18topic.com./freesites/cgi/icons2/zip.jpg
1952 - http://www.teen18topic.com./freesites/cgi/img/avi2.gif
1953 - http://www.teen18topic.com./freesites/cgi/img/icon-zip.gif
1954 - http://www.teen18topic.com./freesites/cgi/img/jpg.gif
1955 - http://www.teen18topic.com./freesites/cgi/img/jpg2.png
1956 - http://www.teen18topic.com./freesites/cgi/img/jpg3.png
1957 - http://www.teen18topic.com./freesites/cgi/img/rar.gif
1958 - http://www.teen18topic.com./freesites/cgi/img/video3.gif
1959 - http://www.teen18topic.com./freesites/cgi/index.css
1960 - http://www.teen18topic.com./freesites/cgi/logo.jpg
1961 - http://www.teen18topic.com./freesites/cgi/logo.png
1962 - http://www.teen18topic.com./freesites/cgi/menu_sep.png
1963 - http://www.teen18topic.com./freesites/cgi/mrgreen.gif
1964 - http://www.teen18topic.com./freesites/cgi/nonnude_liliana-ams_set_014.rar
1965 - http://www.teen18topic.com./freesites/cgi/post_email.png
1966 - http://www.teen18topic.com./freesites/cgi/post_next.png
1967 - http://www.teen18topic.com./freesites/cgi/post_previous.png
1968 - http://www.teen18topic.com./freesites/cgi/post_print.png
1969 - http://www.teen18topic.com./freesites/cgi/site_logo.gif
1970 - http://www.teen18topic.com./freesites/cgi/spacer.gif
1971 - http://www.teen18topic.com./freesites/cgi/topic_read.gif
1972 - http://www.teen18topic.com./freesites/cgi/view.php?link=Cutie-Set-12.jpg
1973 - http://www.teen18topic.com./freesites/cgi/view.php?link=Kiki-Model.jpg
1974 - http://www.teen18topic.com./freesites/cgi/view.php?link=Lil-Holes.jpg
1975 - http://www.teen18topic.com./freesites/cgi/view.php?link=Lil.flv
1976 - http://www.teen18topic.com./freesites/cgi/view.php?link=Oh_Oh_Oh.jpg
1977 - http://www.teen18topic.com./freesites/cgi/view.php?link=Pretty_Ania_set_8.jpg
1978 - http://www.teen18topic.com./freesites/cgi/view.php?link=Sister.flv
1979 - http://www.teen18topic.com./freesites/cgi/view.php?link=Teenie.avi
1980 - http://www.teen18topic.com./freesites/cgi/view.php?link=Viki.flv
1981 - http://www.teen18topic.com./freesites/cgi/view.php?link=Young_cutie.flv
1982 - http://www.teen18topic.com./freesites/cgi/view.php?link=im_Cutie-Set-12.jpg
1983 - http://www.teen18topic.com./freesites/cgi/view.php?link=im_Pretty_Ania_set_8.jpg
1984 - http://www.teen18topic.com./freesites/cgi/websites/dsite.php?link=Shocking Innocence.avi
1985 - http://www.teen18topic.com./freesites/cgi/websites/dsite.php?link=pussy.avi pussy.mov pussy.mkv
1986 - http://www.teen18topic.com./i_files/icon_topic_latest.gif
1987 - http://www.teen18topic.com./i_files/large.css
1988 - http://www.teen18topic.com./i_files/medium.css
1989 - http://www.teen18topic.com./i_files/normal.css
1990 - http://www.teen18topic.com./i_files/print.css
1991 - http://www.teen18topic.com./i_files/site_logo.gif
1992 - http://www.teen18topic.com./i_files/style.css
1993 - http://www.teen18topic.com./img/email.jpg
1994 - http://www.teen18topic.com./includes/js/fast_trade_import.js
1995 - http://www.teen18topic.com./includes/js/jquery.js
1996 - http://www.teen18topic.com./js/agreement.js
1997 - http://www.teen18topic.com./styles/black_pearl/template/pngfix.js
1998 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/avatar.png
1999 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/button_topic_new.gif
2000 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/button_topic_reply.gif
2001 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/cellpic4_l.png
2002 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/cellpic4_r.png
2003 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/a5b1c6d3.jpg
2004 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/a5b4f3e6.jpg
2005 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/a6e4f3d5.jpg
2006 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/b1f6a2d5.jpg
2007 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/b2f5a1d3.jpg
2008 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/b2f5e1d6.jpg
2009 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/b3d2c5a6.jpg
2010 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/b4a6d2c1.jpg
2011 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/b5f6c1a2.jpg
2012 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/c1d5f2b6.jpg
2013 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/c1e5d4f2.jpg
2014 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/c4b1a2f5.jpg
2015 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/c4d1b5a6.jpg
2016 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/c5b6f4e2.jpg
2017 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/c6a2e3d5.jpg
2018 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/d1a3f4b6.jpg
2019 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/d3b1c4a2.jpg
2020 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/d3e6a2f4.jpg
2021 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/d4c3e6a5.jpg
2022 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/d4e2a3f6.jpg
2023 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/d5a1b3c6.jpg
2024 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/d5a6e3b4.jpg
2025 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/d5c4e3a2.jpg
2026 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/e1a3d5f2.jpg
2027 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/e3d1f4c6.jpg
2028 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/e4a2d3c1.jpg
2029 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/e4b5f3d2.jpg
2030 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/e6d1c3b5.jpg
2031 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/f2c4b5d1.jpg
2032 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/f3d5b1a2.jpg
2033 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/f4d5b1e6.jpg
2034 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/f5e2c3d6.jpg
2035 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/icon.png
2036 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/icon_e_smile.gif
2037 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/icon_mrgreen.gif
2038 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/icon_post_quote.gif
2039 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/icon_post_target.gif
2040 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/icon_razz.gif
2041 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/icon_user_offline.gif
2042 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/icon_user_profile.gif
2043 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/index.css
2044 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/mrgreen.gif
2045 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/spacer.gif
2046 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/view.php?link=Cutie-Set-12.jpg
2047 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/view.php?link=Kiki-Model.jpg
2048 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/view.php?link=Lil-Holes.jpg
2049 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/view.php?link=Lil.flv
2050 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/view.php?link=Oh_Oh_Oh.jpg
2051 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/view.php?link=Pretty_Ania_set_8.jpg
2052 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/view.php?link=Sister.flv
2053 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/view.php?link=Teenie.avi
2054 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/view.php?link=Viki.flv
2055 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/view.php?link=Young_cutie.flv
2056 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/view.php?link=im_Cutie-Set-12.jpg
2057 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/view.php?link=im_Pretty_Ania_set_8.jpg
2058 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=1000-nonude_girls.rar
2059 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=100_nonude_girls.zip
2060 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=Cherish_NN_Dasha_Img:09.jpg
2061 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=Cute_NoNude_Niki-Ls-models.avi
2062 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=Cute_christine.jpg
2063 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=Cute_nn_imageboard.rar
2064 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=DSC_009.jpg
2065 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=DSC_irina_0012.jpg
2066 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=Image_011.jpg
2067 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=Image_012.jpg
2068 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=Jb-NN-Lilianna08.jpg
2069 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=Lovita_Kataia_Set_011.jpg
2070 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=Lovita_Ola_Set.11.jpg
2071 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=NN_Mila014.jpg
2072 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=NoNude_model_Tasha_forum_2018.rar
2073 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=Oh_papa_oh_oh_oh.avi
2074 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=Sharechan_Cute_Sandra_1997.avi
2075 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=Teen--cute-jpg_icon.jpg
2076 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=Teen-_NN_-Olga.avi
2077 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=Teen-_nonude_Cassy6550Bikini_[011].jpg
2078 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=Viperteens_Rosa.jpg
2079 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=VladModels-sonya-m-08min.avi
2080 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=Young-Miss-Nudist_Pageant.jpg
2081 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=amateur_cutie-Katia-[08].gif
2082 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=charmingmodels.jpg
2083 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=cherish-nn-cuties-play.avi
2084 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=cherish_nonnude_Natasha-Set_(013).jpg
2085 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=cherry_014.jpg
2086 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=flower_008.jpg
2087 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=funnygirls_dunja_18.jpg
2088 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=girl_dancing.rar
2089 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=imgchili_collection_Olga_+_Dasha.RAR
2090 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=innocent_Bianka_011.jpg
2091 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=juniors.jpg
2092 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=kitty-_cam_girl07.jpg
2093 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=kylie_011c.jpg
2094 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=ladmodels-karina.rar
2095 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=ls-nonude-models.avi
2096 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=my_lovely_hotties.jpg
2097 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=newstar.jpg
2098 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=nonude-ville-photos.zip
2099 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=nudejailbait.rar
2100 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=oh_liliana_0114.jpg
2101 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=pink_vulva.jpg
2102 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=silverdream_studio.rar
2103 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=sweet-Russian_sonja.jpg
2104 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=teen-naked-girls-bikini.jpg
2105 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=teen-nonude-stars.jpg
2106 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=teen_asses_assholes.jpg
2107 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=tiny_ballerina.jpg
2108 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=tiny_modles.jpg
2109 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/content.php?link=ukraine-cuties_Nastia.jpg
2110 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/icons2/icon_rar_2.png
2111 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/icons2/jpg2_icon-.png
2112 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/icons2/mp4_icon.png
2113 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/icons2/video_icon.png
2114 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/icons2/videos.jpg
2115 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/icons2/zip.jpg
2116 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/nonnude_liliana-ams_set_014.rar
2117 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/arrow_down.png
2118 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/arrow_up.png
2119 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/avatar.png
2120 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/button_topic_new.png
2121 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/button_topic_reply.png
2122 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/a5b1c6d3.jpg
2123 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/a5b4f3e6.jpg
2124 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/a6e4f3d5.jpg
2125 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/b1f6a2d5.jpg
2126 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/b2f5a1d3.jpg
2127 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/b2f5e1d6.jpg
2128 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/b3d2c5a6.jpg
2129 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/b4a6d2c1.jpg
2130 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/b4e2d1c5.jpg
2131 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/b5f6c1a2.jpg
2132 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/b6c3a1f5.jpg
2133 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/c1d5f2b6.jpg
2134 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/c1e5d4f2.jpg
2135 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/c4d1b5a6.jpg
2136 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/c5b6f4e2.jpg
2137 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/c6a2e3d5.jpg
2138 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/d1a3f4b6.jpg
2139 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/d3b1c4a2.jpg
2140 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/d3e6a2f4.jpg
2141 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/d4c3e6a5.jpg
2142 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/d4e2a3f6.jpg
2143 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/d5a1b3c6.jpg
2144 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/d5a6e3b4.jpg
2145 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/d5c4e3a2.jpg
2146 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/e1a3d5f2.jpg
2147 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/e3d1f4c6.jpg
2148 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/e4a2d3c1.jpg
2149 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/e4b5f3d2.jpg
2150 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/e6d1c3b5.jpg
2151 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/f2a3d5e1.jpg
2152 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/f2c4b5d1.jpg
2153 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/f3d5b1a2.jpg
2154 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/f5e2c3d6.jpg
2155 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/icon_e_smile.gif
2156 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/icon_mrgreen.gif
2157 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/icon_post_quote.png
2158 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/icon_post_target.gif
2159 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/icon_razz.gif
2160 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/icon_user_offline.png
2161 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/icon_user_profile.png
2162 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/index.css
2163 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/menu_sep.png
2164 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/mrgreen.gif
2165 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/post_email.png
2166 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/post_next.png
2167 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/post_previous.png
2168 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/post_print.png
2169 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/spacer.gif
2170 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.11.2.3&u=freesites/cgi/out.php?link=Young Tabooo Links + 7 M.b + Small Kitties&url=http://teen18topic.com/teengalls/icon_topic_latest.gif
2171 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.11.2.3&u=freesites/cgi/out.php?link=Young Tabooo Links + 7 M.b + Small Kitties&url=http://teen18topic.com/teengalls/index.css
2172 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.11.2.3&u=freesites/cgi/out.php?link=Young Tabooo Links + 7 M.b + Small Kitties&url=http://teen18topic.com/teengalls/site_logo.gif
2173 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/avatar.png
2174 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/button_topic_new.gif
2175 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/button_topic_reply.gif
2176 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/cellpic4_l.png
2177 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/cellpic4_r.png
2178 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/a5b1c6d3.jpg
2179 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/a5b4f3e6.jpg
2180 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/a5e3d2c1.jpg
2181 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/a6e4f3d5.jpg
2182 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/b1f6a2d5.jpg
2183 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/b2f5a1d3.jpg
2184 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/b2f5e1d6.jpg
2185 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/b4a6d2c1.jpg
2186 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/b4e2d1c5.jpg
2187 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/b5f6c1a2.jpg
2188 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/c1d5f2b6.jpg
2189 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/c1e5d4f2.jpg
2190 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/c4b1a2f5.jpg
2191 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/c4d1b5a6.jpg
2192 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/c5b6f4e2.jpg
2193 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/d1a3f4b6.jpg
2194 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/d3b1c4a2.jpg
2195 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/d3e6a2f4.jpg
2196 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/d4c3e6a5.jpg
2197 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/d4e2a3f6.jpg
2198 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/d5a1b3c6.jpg
2199 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/d5a6e3b4.jpg
2200 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/d5c4e3a2.jpg
2201 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/e1a3d5f2.jpg
2202 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/e3d1f4c6.jpg
2203 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/e4a2d3c1.jpg
2204 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/e4b5f3d2.jpg
2205 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/e6d1c3b5.jpg
2206 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/f2a3d5e1.jpg
2207 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/f3d5b1a2.jpg
2208 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/f4d5b1e6.jpg
2209 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/f5e2c3d6.jpg
2210 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/icon.png
2211 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/icon_e_smile.gif
2212 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/icon_mrgreen.gif
2213 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/icon_post_quote.gif
2214 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/icon_post_target.gif
2215 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/icon_razz.gif
2216 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/icon_user_offline.gif
2217 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/icon_user_profile.gif
2218 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/index.css
2219 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/mrgreen.gif
2220 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/spacer.gif
2221 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/view.php?link=Cutie-Set-12.jpg
2222 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/view.php?link=Kiki-Model.jpg
2223 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/view.php?link=Lil-Holes.jpg
2224 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/view.php?link=Lil.flv
2225 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/view.php?link=Oh_Oh_Oh.jpg
2226 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/view.php?link=Pretty_Ania_set_8.jpg
2227 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/view.php?link=Sister.flv
2228 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/view.php?link=Teenie.avi
2229 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/view.php?link=Viki.flv
2230 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/view.php?link=Young_cutie.flv
2231 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/view.php?link=im_Cutie-Set-12.jpg
2232 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/view.php?link=im_Pretty_Ania_set_8.jpg
2233 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.13.4.5&u=freesites/cgi/out.php?link=Forbidden Love :: Photo & Video Sharing&url=http://teen18topic.com/teengalls/icon_topic_latest.gif
2234 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.13.4.5&u=freesites/cgi/out.php?link=Forbidden Love :: Photo & Video Sharing&url=http://teen18topic.com/teengalls/index.css
2235 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.13.4.5&u=freesites/cgi/out.php?link=Forbidden Love :: Photo & Video Sharing&url=http://teen18topic.com/teengalls/site_logo.gif
2236 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.14.19.15&u=freesites/cgi/out.php?link=Family RAPE Topics - 14 Video Tapes&url=http://teen18topic.com/teengalls/icon_topic_latest.gif
2237 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.14.19.15&u=freesites/cgi/out.php?link=Family RAPE Topics - 14 Video Tapes&url=http://teen18topic.com/teengalls/index.css
2238 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.14.19.15&u=freesites/cgi/out.php?link=Family RAPE Topics - 14 Video Tapes&url=http://teen18topic.com/teengalls/site_logo.gif
2239 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.15.30.25&u=freesites/cgi/out.php?link=NN Julia + Tiny Vika + Cute Dasha&url=http://teen18topic.com/teengalls/icon_topic_latest.gif
2240 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.15.30.25&u=freesites/cgi/out.php?link=NN Julia + Tiny Vika + Cute Dasha&url=http://teen18topic.com/teengalls/index.css
2241 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.15.30.25&u=freesites/cgi/out.php?link=NN Julia + Tiny Vika + Cute Dasha&url=http://teen18topic.com/teengalls/site_logo.gif
2242 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/button_blankic_new.gif
2243 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/c1.gif
2244 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/c2.gif
2245 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/c3.gif
2246 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/c4.gif
2247 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/cellpic4_l.png
2248 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/cellpic4_r.png
2249 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/desk_img/a5b1c6d3.jpg
2250 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/desk_img/a5b4f3e6.jpg
2251 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/desk_img/b1f6a2d5.jpg
2252 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/desk_img/b2f5e1d6.jpg
2253 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/desk_img/b4a6d2c1.jpg
2254 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/desk_img/b6c3a1f5.jpg
2255 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/desk_img/c1e5d4f2.jpg
2256 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/desk_img/c4b1a2f5.jpg
2257 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/desk_img/c5b6f4e2.jpg
2258 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/desk_img/d1a3f4b6.jpg
2259 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/desk_img/d3b1c4a2.jpg
2260 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/desk_img/d3e6a2f4.jpg
2261 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/desk_img/d4c3e6a5.jpg
2262 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/desk_img/d5a6e3b4.jpg
2263 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/desk_img/e1a3d5f2.jpg
2264 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/desk_img/e4b5f3d2.jpg
2265 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/desk_img/e6d1c3b5.jpg
2266 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/icon.png
2267 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/icon_blankic_latest.gif
2268 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/index.css
2269 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/topic_read.gif
2270 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/avatar.png
2271 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/button_topic_new.gif
2272 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/button_topic_reply.gif
2273 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/cellpic4_l.png
2274 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/cellpic4_r.png
2275 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/a5b1c6d3.jpg
2276 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/a5b4f3e6.jpg
2277 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/a5e3d2c1.jpg
2278 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/a6e4f3d5.jpg
2279 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/b1f6a2d5.jpg
2280 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/b2f5a1d3.jpg
2281 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/b2f5e1d6.jpg
2282 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/b3d2c5a6.jpg
2283 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/b4a6d2c1.jpg
2284 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/b5f6c1a2.jpg
2285 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/c1e5d4f2.jpg
2286 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/c4b1a2f5.jpg
2287 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/c4d1b5a6.jpg
2288 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/c5b6f4e2.jpg
2289 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/c6a2e3d5.jpg
2290 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/d1a3f4b6.jpg
2291 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/d3b1c4a2.jpg
2292 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/d3e6a2f4.jpg
2293 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/d4c3e6a5.jpg
2294 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/d4e2a3f6.jpg
2295 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/d5a1b3c6.jpg
2296 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/d5a6e3b4.jpg
2297 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/d5c4e3a2.jpg
2298 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/e1a3d5f2.jpg
2299 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/e3d1f4c6.jpg
2300 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/e4a2d3c1.jpg
2301 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/e4b5f3d2.jpg
2302 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/e6d1c3b5.jpg
2303 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/f2a3d5e1.jpg
2304 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/f2c4b5d1.jpg
2305 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/f3d5b1a2.jpg
2306 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/f4d5b1e6.jpg
2307 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/icon.png
2308 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/icon_e_smile.gif
2309 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/icon_mrgreen.gif
2310 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/icon_post_quote.gif
2311 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/icon_post_target.gif
2312 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/icon_razz.gif
2313 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/icon_user_offline.gif
2314 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/icon_user_profile.gif
2315 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/index.css
2316 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/mrgreen.gif
2317 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/spacer.gif
2318 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/view.php?link=Cutie-Set-12.jpg
2319 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/view.php?link=Kiki-Model.jpg
2320 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/view.php?link=Lil-Holes.jpg
2321 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/view.php?link=Lil.flv
2322 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/view.php?link=Oh_Oh_Oh.jpg
2323 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/view.php?link=Pretty_Ania_set_8.jpg
2324 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/view.php?link=Sister.flv
2325 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/view.php?link=Teenie.avi
2326 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/view.php?link=Viki.flv
2327 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/view.php?link=Young_cutie.flv
2328 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/view.php?link=im_Cutie-Set-12.jpg
2329 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/view.php?link=im_Pretty_Ania_set_8.jpg
2330 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/avatar.png
2331 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/button_topic_new.gif
2332 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/button_topic_reply.gif
2333 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/cellpic4_l.png
2334 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/cellpic4_r.png
2335 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/a5b1c6d3.jpg
2336 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/a5b4f3e6.jpg
2337 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/a5e3d2c1.jpg
2338 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/a6e4f3d5.jpg
2339 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/b1f6a2d5.jpg
2340 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/b2f5a1d3.jpg
2341 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/b2f5e1d6.jpg
2342 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/b3d2c5a6.jpg
2343 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/b4a6d2c1.jpg
2344 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/b4e2d1c5.jpg
2345 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/b6c3a1f5.jpg
2346 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/c1d5f2b6.jpg
2347 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/c1e5d4f2.jpg
2348 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/c4b1a2f5.jpg
2349 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/c4d1b5a6.jpg
2350 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/c6a2e3d5.jpg
2351 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/d1a3f4b6.jpg
2352 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/d3b1c4a2.jpg
2353 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/d4c3e6a5.jpg
2354 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/d4e2a3f6.jpg
2355 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/d5a1b3c6.jpg
2356 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/d5a6e3b4.jpg
2357 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/d5c4e3a2.jpg
2358 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/e3d1f4c6.jpg
2359 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/e4a2d3c1.jpg
2360 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/e4b5f3d2.jpg
2361 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/e6d1c3b5.jpg
2362 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/f2a3d5e1.jpg
2363 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/f2c4b5d1.jpg
2364 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/f3d5b1a2.jpg
2365 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/f4d5b1e6.jpg
2366 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/f5e2c3d6.jpg
2367 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/icon.png
2368 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/icon_e_smile.gif
2369 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/icon_mrgreen.gif
2370 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/icon_post_quote.gif
2371 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/icon_post_target.gif
2372 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/icon_razz.gif
2373 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/icon_user_offline.gif
2374 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/icon_user_profile.gif
2375 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/index.css
2376 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/mrgreen.gif
2377 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/spacer.gif
2378 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/view.php?link=Cutie-Set-12.jpg
2379 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/view.php?link=Kiki-Model.jpg
2380 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/view.php?link=Lil-Holes.jpg
2381 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/view.php?link=Lil.flv
2382 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/view.php?link=Oh_Oh_Oh.jpg
2383 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/view.php?link=Pretty_Ania_set_8.jpg
2384 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/view.php?link=Sister.flv
2385 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/view.php?link=Teenie.avi
2386 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/view.php?link=Viki.flv
2387 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/view.php?link=Young_cutie.flv
2388 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/view.php?link=im_Cutie-Set-12.jpg
2389 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/view.php?link=im_Pretty_Ania_set_8.jpg
2390 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=1000-nonude_girls.rar
2391 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=100_nonude_girls.zip
2392 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=Cherish_NN_Dasha_Img:09.jpg
2393 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=Cute_NoNude_Niki-Ls-models.avi
2394 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=Cute_christine.jpg
2395 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=Cute_nn_imageboard.rar
2396 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=DSC_009.jpg
2397 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=DSC_irina_0012.jpg
2398 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=Image_011.jpg
2399 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=Image_012.jpg
2400 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=Jb-NN-Lilianna08.jpg
2401 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=Lovita_Kataia_Set_011.jpg
2402 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=Lovita_Ola_Set.11.jpg
2403 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=NN_Mila014.jpg
2404 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=NoNude_model_Tasha_forum_2018.rar
2405 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=Oh_papa_oh_oh_oh.avi
2406 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=Sharechan_Cute_Sandra_1997.avi
2407 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=Teen--cute-jpg_icon.jpg
2408 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=Teen-_NN_-Olga.avi
2409 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=Teen-_nonude_Cassy6550Bikini_[011].jpg
2410 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=Viperteens_Rosa.jpg
2411 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=VladModels-sonya-m-08min.avi
2412 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=Young-Miss-Nudist_Pageant.jpg
2413 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=amateur_cutie-Katia-[08].gif
2414 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=charmingmodels.jpg
2415 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=cherish-nn-cuties-play.avi
2416 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=cherish_nonnude_Natasha-Set_(013).jpg
2417 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=cherry_014.jpg
2418 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=flower_008.jpg
2419 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=funnygirls_dunja_18.jpg
2420 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=girl_dancing.rar
2421 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=imgchili_collection_Olga_+_Dasha.RAR
2422 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=innocent_Bianka_011.jpg
2423 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=juniors.jpg
2424 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=kitty-_cam_girl07.jpg
2425 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=kylie_011c.jpg
2426 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=ladmodels-karina.rar
2427 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=ls-nonude-models.avi
2428 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=my_lovely_hotties.jpg
2429 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=newstar.jpg
2430 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=nonude-ville-photos.zip
2431 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=nudejailbait.rar
2432 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=oh_liliana_0114.jpg
2433 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=pink_vulva.jpg
2434 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=silverdream_studio.rar
2435 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=sweet-Russian_sonja.jpg
2436 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=teen-naked-girls-bikini.jpg
2437 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=teen-nonude-stars.jpg
2438 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=teen_asses_assholes.jpg
2439 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=tiny_ballerina.jpg
2440 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=tiny_modles.jpg
2441 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/content.php?link=ukraine-cuties_Nastia.jpg
2442 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/icons2/icon_rar_2.png
2443 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/icons2/jpg2_icon-.png
2444 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/icons2/mp4_icon.png
2445 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/icons2/video_icon.png
2446 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/icons2/videos.jpg
2447 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/icons2/zip.jpg
2448 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/nonnude_liliana-ams_set_014.rar
2449 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=1000-nonude_girls.rar
2450 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=100_nonude_girls.zip
2451 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=Cherish_NN_Dasha_Img:09.jpg
2452 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=Cute_NoNude_Niki-Ls-models.avi
2453 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=Cute_christine.jpg
2454 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=Cute_nn_imageboard.rar
2455 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=DSC_009.jpg
2456 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=DSC_irina_0012.jpg
2457 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=Image_011.jpg
2458 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=Image_012.jpg
2459 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=Jb-NN-Lilianna08.jpg
2460 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=Lovita_Kataia_Set_011.jpg
2461 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=Lovita_Ola_Set.11.jpg
2462 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=NN_Mila014.jpg
2463 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=NoNude_model_Tasha_forum_2018.rar
2464 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=Oh_papa_oh_oh_oh.avi
2465 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=Sharechan_Cute_Sandra_1997.avi
2466 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=Teen--cute-jpg_icon.jpg
2467 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=Teen-_NN_-Olga.avi
2468 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=Teen-_nonude_Cassy6550Bikini_[011].jpg
2469 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=Viperteens_Rosa.jpg
2470 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=VladModels-sonya-m-08min.avi
2471 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=Young-Miss-Nudist_Pageant.jpg
2472 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=amateur_cutie-Katia-[08].gif
2473 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=charmingmodels.jpg
2474 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=cherish-nn-cuties-play.avi
2475 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=cherish_nonnude_Natasha-Set_(013).jpg
2476 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=cherry_014.jpg
2477 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=flower_008.jpg
2478 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=funnygirls_dunja_18.jpg
2479 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=girl_dancing.rar
2480 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=imgchili_collection_Olga_+_Dasha.RAR
2481 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=innocent_Bianka_011.jpg
2482 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=juniors.jpg
2483 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=kitty-_cam_girl07.jpg
2484 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=kylie_011c.jpg
2485 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=ladmodels-karina.rar
2486 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=ls-nonude-models.avi
2487 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=my_lovely_hotties.jpg
2488 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=newstar.jpg
2489 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=nonude-ville-photos.zip
2490 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=nudejailbait.rar
2491 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=oh_liliana_0114.jpg
2492 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=pink_vulva.jpg
2493 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=silverdream_studio.rar
2494 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=sweet-Russian_sonja.jpg
2495 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=teen-naked-girls-bikini.jpg
2496 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=teen-nonude-stars.jpg
2497 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=teen_asses_assholes.jpg
2498 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=tiny_ballerina.jpg
2499 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=tiny_modles.jpg
2500 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/content.php?link=ukraine-cuties_Nastia.jpg
2501 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/icons2/icon_rar_2.png
2502 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/icons2/jpg2_icon-.png
2503 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/icons2/mp4_icon.png
2504 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/icons2/video_icon.png
2505 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/icons2/videos.jpg
2506 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/icons2/zip.jpg
2507 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/nonnude_liliana-ams_set_014.rar
2508 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.4.25.21&u=freesites/cgi/out.php?link=Little Vaginas + Tiny Clits 7 M.b Images&url=http://teen18topic.com/teengalls/icon_topic_latest.gif
2509 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.4.25.21&u=freesites/cgi/out.php?link=Little Vaginas + Tiny Clits 7 M.b Images&url=http://teen18topic.com/teengalls/index.css
2510 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.4.25.21&u=freesites/cgi/out.php?link=Little Vaginas + Tiny Clits 7 M.b Images&url=http://teen18topic.com/teengalls/site_logo.gif
2511 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.6.20.16&u=freesites/cgi/out.php?link=Small Pussy Collection Forum 7 G.b Photos&url=http://teen18topic.com/teengalls/icon_topic_latest.gif
2512 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.6.20.16&u=freesites/cgi/out.php?link=Small Pussy Collection Forum 7 G.b Photos&url=http://teen18topic.com/teengalls/index.css
2513 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.6.20.16&u=freesites/cgi/out.php?link=Small Pussy Collection Forum 7 G.b Photos&url=http://teen18topic.com/teengalls/site_logo.gif
2514 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=05.gif
2515 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=1egal_l0_l1.jpg
2516 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=1ittle_69_movies.avi
2517 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=3d-taboo.jpg
2518 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=BOY+BOY.avi
2519 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=Bianka_Ams_012.jpg
2520 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=Image_011.jpg
2521 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=Image_08.jpg
2522 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=Image_09.jpg
2523 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=Kiki_Model_012.jpg
2524 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=Kiss_My_Pussy.jpg
2525 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=L1ttle_Stesha.jpg
2526 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=Lena_videos.avi
2527 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=Lilianna_07.jpg
2528 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=Lo-Jasmine.jpg
2529 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=Lo-Olga.avi
2530 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=Lo_Olga_011.jpg
2531 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=NN-Bianka_model.jpg
2532 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=No_Daddy.avi
2533 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=Nudism07.rar
2534 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=Oh_papa.jpg
2535 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=PCTD1996y.AVI
2536 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=R.A.P.E.avi
2537 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=Sabrina_lo.avi
2538 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=closeup_pussy.jpg
2539 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=cumshot.avi
2540 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=cute_nn_bianka_011.jpg
2541 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=cute_rebecca_007.jpg
2542 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=dark-net_images.jpg
2543 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=deepweb_videos.rar
2544 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=first.jpg
2545 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=hidden_file.avi
2546 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=image_014.jpg
2547 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=image_Anna09.jpg
2548 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=image_lil_holes.jpg
2549 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=kittie_Olga.avi
2550 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=lil-philia-08.jpg
2551 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=lilitanna_011.jpg
2552 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=lo-Kaita_09.jpg
2553 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=lo_nudism_007.avi
2554 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=load_teen_jpg2_pretty_jpg_image.jpg
2555 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=lolipops.jpg
2556 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=lov1ta11.rar
2557 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=lov1ta_lo.avi
2558 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=lovita_011.jpg
2559 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=lovita_1996y.avi
2560 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=lovita_img_9.jpg
2561 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=nn-Biana012.jpg
2562 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=nudism_FKK.jpg
2563 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=photophilia_1997y.jpg
2564 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=pretty.jpg
2565 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=pussies.rar
2566 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=russian_nudist.avi
2567 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=sma11.rar
2568 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=taboo-3d-comics.jpg
2569 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=teeni_camgirls.avi
2570 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=tiny_Tania.jpg
2571 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=tiny_paula.png
2572 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=virgin_Anna.jpg
2573 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/content.php?link=young-set_014.rar
2574 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/icons/a_01.jpg
2575 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/icons/ab07.png
2576 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/icons/filedownload%20(2).png
2577 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/icons/jpg-2.png
2578 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/icons/rar_ico.png
2579 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/img/avi2.gif
2580 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/img/icon-zip.gif
2581 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/img/jpg.gif
2582 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/img/jpg2.png
2583 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/img/jpg3.png
2584 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/img/rar.gif
2585 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/img/video3.gif
2586 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/websites/dsite.php?link=Shocking Innocence.avi
2587 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/websites/dsite.php?link=img_007.jpg img_008.jpg img_009.jpg
2588 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/websites/dsite.php?link=pussy.avi pussy.mov pussy.mkv
2589 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/button_blankic_new.gif
2590 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/c1.gif
2591 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/c2.gif
2592 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/c3.gif
2593 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/c4.gif
2594 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/cellpic4_l.png
2595 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/cellpic4_r.png
2596 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/desk_img/a5b1c6d3.jpg
2597 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/desk_img/a5e3d2c1.jpg
2598 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/desk_img/a6e4f3d5.jpg
2599 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/desk_img/b1f6a2d5.jpg
2600 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/desk_img/b3d2c5a6.jpg
2601 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/desk_img/b4a6d2c1.jpg
2602 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/desk_img/b5f6c1a2.jpg
2603 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/desk_img/b6c3a1f5.jpg
2604 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/desk_img/c1e5d4f2.jpg
2605 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/desk_img/d1a3f4b6.jpg
2606 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/desk_img/d3b1c4a2.jpg
2607 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/desk_img/d3e6a2f4.jpg
2608 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/desk_img/d5c4e3a2.jpg
2609 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/desk_img/e1a3d5f2.jpg
2610 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/desk_img/e4a2d3c1.jpg
2611 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/desk_img/e4b5f3d2.jpg
2612 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/desk_img/f3d5b1a2.jpg
2613 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/icon.png
2614 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/icon_blankic_latest.gif
2615 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/index.css
2616 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/topic_read.gif
2617 - http://www.teen18topic.com./viewtopic/out.php?l=0.2.0.7.0&u=freesites/cgi/out.php?link=Father + Daughter ( 874 Photos & 12 Videos)&url=http://teen18topic.com/teengalls/icon_topic_latest.gif
2618 - http://www.teen18topic.com./viewtopic/out.php?l=0.2.0.7.0&u=freesites/cgi/out.php?link=Father + Daughter ( 874 Photos & 12 Videos)&url=http://teen18topic.com/teengalls/index.css
2619 - http://www.teen18topic.com./viewtopic/out.php?l=0.2.0.7.0&u=freesites/cgi/out.php?link=Father + Daughter ( 874 Photos & 12 Videos)&url=http://teen18topic.com/teengalls/site_logo.gif
2620 Total links to files: 892
2621
2622+ Externals links found:
2623 - http://cdn.tube3.com/css/laba2.css
2624 - http://cdn.tube3.com/img/tube3logo.png
2625 - http://cdn.tube3.com/js/js-straight.js
2626 - http://demo.phpbb3styles.net/memberlist.php?style=300&mode=viewprofile&u=2
2627 - http://demo.phpbb3styles.net/memberlist.php?style=300&mode=viewprofile&u=447
2628 - http://demo.phpbb3styles.net/memberlist.php?style=300&mode=viewprofile&u=463
2629 - http://demo.phpbb3styles.net/memberlist.php?style=300&mode=viewprofile&u=506
2630 - http://demo.phpbb3styles.net/posting.php?style=176&mode=post&f=9&sid=3f561f37407b0e1d823ead0b3b36ca98
2631 - http://demo.phpbb3styles.net/posting.php?style=176&mode=reply&f=9&t=197&sid=3f561f37407b0e1d823ead0b3b36ca98
2632 - http://demo.phpbb3styles.net/posting.php?style=300&mode=quote&f=9&p=590
2633 - http://demo.phpbb3styles.net/posting.php?style=300&mode=quote&f=9&p=591
2634 - http://demo.phpbb3styles.net/posting.php?style=300&mode=quote&f=9&p=631
2635 - http://demo.phpbb3styles.net/posting.php?style=300&mode=quote&f=9&p=675
2636 - http://demo.phpbb3styles.net/posting.php?style=300&mode=quote&f=9&p=777
2637 - http://demo.phpbb3styles.net/viewforum.php?style=445&f=9&start=100
2638 - http://demo.phpbb3styles.net/viewforum.php?style=445&f=9&start=1875
2639 - http://demo.phpbb3styles.net/viewforum.php?style=445&f=9&start=25
2640 - http://demo.phpbb3styles.net/viewforum.php?style=445&f=9&start=50
2641 - http://demo.phpbb3styles.net/viewforum.php?style=445&f=9&start=75
2642 - http://demo.phpbb3styles.net/viewtopic.php?f=2&t=5
2643 - http://demo.phpbb3styles.net/viewtopic.php?f=3&t=17
2644 - http://demo.phpbb3styles.net/viewtopic.php?style=300&p=591
2645 - http://demo.phpbb3styles.net/viewtopic.php?style=300&p=631
2646 - http://demo.phpbb3styles.net/viewtopic.php?style=300&p=675
2647 - http://demo.phpbb3styles.net/viewtopic.php?style=300&p=677
2648 - http://demo.phpbb3styles.net/viewtopic.php?style=300&p=777
2649 - http://demo.phpbb3styles.net/viewtopic.php?style=300&p=858
2650 - http://google.com
2651 - http://hardvidz.com/category/enter.php?find=animalsexd&desc=ZOO SEX VIDEOS - Teen & Dog Sex!
2652 - http://hardvidz.com/category/enter.php?find=nudismt&title=RUSSIAN NUDISM!!!
2653 - http://newextra.com/dcuz.cgi?10¶meter=adultdatingtxt
2654 - http://newextra.com/dcuz.cgi?10¶meter=gayboystxt
2655 - http://newextra.com/dcuz.cgi?10¶meter=oldmanyounggirltxt
2656 - http://newextra.com/dcuz.cgi?10¶meter=penisenlargementtxt
2657 - http://newextra.com/dcuz.cgi?10¶meter=sexgamestxt
2658 - http://newextra.com/dcuz.cgi?10¶meter=teencamstxt
2659 - http://newextra.com/dcuz.cgi?10¶meter=teennudisttxt
2660 - http://newextra.com/dcuz.cgi?10¶meter=vrporntxt
2661 - http://smartcj.com/
2662 - http://teenforumx.com/icon/flv.png
2663 - http://teenforumx.com/icon/jpg.png
2664 - http://teenforumx.com/tr/t.jpg
2665 - http://teenplanet.info
2666 - http://teenplanet.info/category/enter.php?find=nudismt;;;FAMILY NUDISM !!!$!$animalsexd;;;Animal Zoo Porn - Cute + Dog + Horse&title=
2667 - http://teenworld.site
2668 - http://teenxxxforum.com
2669 - http://ultrafile.org/
2670 - http://www.cjwebmasters.com/
2671 - http://www.google.com/s2/favicons?domain=18cutiegals.club
2672 - http://www.google.com/s2/favicons?domain=18nudist.com
2673 - http://www.google.com/s2/favicons?domain=18teen.mobi
2674 - http://www.google.com/s2/favicons?domain=18teencuties.club
2675 - http://www.google.com/s2/favicons?domain=18teens.blue
2676 - http://www.google.com/s2/favicons?domain=adultteens.info
2677 - http://www.google.com/s2/favicons?domain=crazy18xxx.com
2678 - http://www.google.com/s2/favicons?domain=cute18gals.club
2679 - http://www.google.com/s2/favicons?domain=cute18list.com
2680 - http://www.google.com/s2/favicons?domain=cute18reactor.mobi
2681 - http://www.google.com/s2/favicons?domain=cutelils.info
2682 - http://www.google.com/s2/favicons?domain=cuties18.info
2683 - http://www.google.com/s2/favicons?domain=dirtyteenxxx.com
2684 - http://www.google.com/s2/favicons?domain=fap18videos.com
2685 - http://www.google.com/s2/favicons?domain=forumbbs.info
2686 - http://www.google.com/s2/favicons?domain=gallsarchive.com
2687 - http://www.google.com/s2/favicons?domain=hotplanet.mobi
2688 - http://www.google.com/s2/favicons?domain=joyteens.blue
2689 - http://www.google.com/s2/favicons?domain=juicegirls.info
2690 - http://www.google.com/s2/favicons?domain=newteens.org
2691 - http://www.google.com/s2/favicons?domain=nudist18.mobi
2692 - http://www.google.com/s2/favicons?domain=nudistpics.pink
2693 - http://www.google.com/s2/favicons?domain=petitenudism.com
2694 - http://www.google.com/s2/favicons?domain=pinkteens.club
2695 - http://www.google.com/s2/favicons?domain=pornfile.info
2696 - http://www.google.com/s2/favicons?domain=sexy18teens.club
2697 - http://www.google.com/s2/favicons?domain=sexy18teens.pro
2698 - http://www.google.com/s2/favicons?domain=signup
2699 - http://www.google.com/s2/favicons?domain=smutvids.info
2700 - http://www.google.com/s2/favicons?domain=taboo20.com
2701 - http://www.google.com/s2/favicons?domain=teen18forum.mobi
2702 - http://www.google.com/s2/favicons?domain=teen18galleries.com
2703 - http://www.google.com/s2/favicons?domain=teen18index.info
2704 - http://www.google.com/s2/favicons?domain=teen18planet.link
2705 - http://www.google.com/s2/favicons?domain=teen18topic.com
2706 - http://www.google.com/s2/favicons?domain=teen19chan.info
2707 - http://www.google.com/s2/favicons?domain=teenarea.biz
2708 - http://www.google.com/s2/favicons?domain=teenboard.pro
2709 - http://www.google.com/s2/favicons?domain=teencollection.info
2710 - http://www.google.com/s2/favicons?domain=teencuties.mobi
2711 - http://www.google.com/s2/favicons?domain=teenfolder.org
2712 - http://www.google.com/s2/favicons?domain=teenforumx.com
2713 - http://www.google.com/s2/favicons?domain=teenfuckvideo.pw
2714 - http://www.google.com/s2/favicons?domain=teengalaxy.info
2715 - http://www.google.com/s2/favicons?domain=teenmodels.live
2716 - http://www.google.com/s2/favicons?domain=teennudist.top
2717 - http://www.google.com/s2/favicons?domain=teenphotoclub.net
2718 - http://www.google.com/s2/favicons?domain=teenplanet.info
2719 - http://www.google.com/s2/favicons?domain=teenprivate.com
2720 - http://www.google.com/s2/favicons?domain=teensgals.xyz
2721 - http://www.google.com/s2/favicons?domain=teentop100.club
2722 - http://www.google.com/s2/favicons?domain=teenvagina18.com
2723 - http://www.google.com/s2/favicons?domain=teenvideoshub.com
2724 - http://www.google.com/s2/favicons?domain=teenworld.site
2725 - http://www.google.com/s2/favicons?domain=teenxxx18.com
2726 - http://www.google.com/s2/favicons?domain=teenxxxforum.com
2727 - http://www.google.com/s2/favicons?domain=tinyteens.club
2728 - http://www.google.com/s2/favicons?domain=tinyteens.pw
2729 - http://www.google.com/s2/favicons?domain=wetteens.top
2730 - http://www.google.com/s2/favicons?domain=xteenforum.com
2731 - http://www.google.com/s2/favicons?domain=xxx18top.com
2732 - http://www.google.com/s2/favicons?domain=youngnudistporn.club
2733 - http://www.icyphoenix.com/
2734 - http://www.phpbb.com/
2735 - http://www.phpbbguru.net/
2736 - http://www.rtalabel.org/index.php?content=parents
2737 - http://www.smartcj.com/
2738 - http://www.smartcj.com/freescripts.shtml
2739 - http://www.stopie6.com
2740 - http://www.tube3.com/
2741 - http://www.wseetk.com/
2742 - http://xnudistteens.com/other/enter.php?site=cuties18.info_teens
2743 - http://youtube.com
2744 - https://mc.yandex.ru/watch/50485801
2745 - https://www.phpbb.com/
2746 Total external links: 123
2747
2748+ Email addresses found:
2749 Total email address found: 0
2750
2751+ Directories found:
2752 - http://www.teen18topic.com./18virginxxx_files/ (404 Not Found)
2753 - http://www.teen18topic.com./cdn.tube3.com/ (404 Not Found)
2754 - http://www.teen18topic.com./cdn.tube3.com/icon/ (404 Not Found)
2755 - http://www.teen18topic.com./cdn.tube3.com/img/ (404 Not Found)
2756 - http://www.teen18topic.com./cdn.tube3.com/js/ (404 Not Found)
2757 - http://www.teen18topic.com./freesites/ (No open folder)
2758 - http://www.teen18topic.com./freesites/cgi/ (404 Not Found)
2759 - http://www.teen18topic.com./freesites/cgi/desk_img/ (404 Not Found)
2760 - http://www.teen18topic.com./freesites/cgi/download/ (404 Not Found)
2761 - http://www.teen18topic.com./freesites/cgi/icons/ (404 Not Found)
2762 - http://www.teen18topic.com./freesites/cgi/icons2/ (404 Not Found)
2763 - http://www.teen18topic.com./freesites/cgi/img/ (404 Not Found)
2764 - http://www.teen18topic.com./freesites/cgi/websites/ (404 Not Found)
2765 - http://www.teen18topic.com./i_files/ (403 Forbidden)
2766 - http://www.teen18topic.com./img/ (404 Not Found)
2767 - http://www.teen18topic.com./includes/ (404 Not Found)
2768 - http://www.teen18topic.com./includes/js/ (404 Not Found)
2769 - http://www.teen18topic.com./js/ (404 Not Found)
2770 - http://www.teen18topic.com./styles/ (404 Not Found)
2771 - http://www.teen18topic.com./styles/black_pearl/ (404 Not Found)
2772 - http://www.teen18topic.com./styles/black_pearl/template/ (404 Not Found)
2773 - http://www.teen18topic.com./viewtopic/ (403 Forbidden)
2774 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/ (No open folder)
2775 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/ (404 Not Found)
2776 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http:/ (No open folder)
2777 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http:// (Moved)
2778 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/ (No open folder)
2779 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/ (403 Forbidden)
2780 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.0.3.2&u=freesites/cgi/out.php?link=Family Daddy Secrets 11 m.b Photos&url=http://teen18topic.com/teengalls/desk_img/ (404 Not Found)
2781 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/ (No open folder)
2782 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/ (404 Not Found)
2783 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http:/ (No open folder)
2784 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http:// (Moved)
2785 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/ (No open folder)
2786 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/ (403 Forbidden)
2787 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/download/ (404 Not Found)
2788 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.1.29.26&u=freesites/cgi/out.php?link=Little Masha + Small Dasha - 8 M.b Photos&url=http://teen18topic.com/teengalls/icons2/ (404 Not Found)
2789 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/ (No open folder)
2790 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/ (404 Not Found)
2791 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http:/ (No open folder)
2792 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http:// (Moved)
2793 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/ (No open folder)
2794 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/ (403 Forbidden)
2795 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.10.10.8&u=freesites/cgi/out.php?link=Little NUDIST Topic - 7 M.b Photos&url=http://teen18topic.com/teengalls/desk_img/ (404 Not Found)
2796 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.11.2.3&u=freesites/ (No open folder)
2797 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.11.2.3&u=freesites/cgi/ (404 Not Found)
2798 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.11.2.3&u=freesites/cgi/out.php?link=Young Tabooo Links + 7 M.b + Small Kitties&url=http:/ (No open folder)
2799 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.11.2.3&u=freesites/cgi/out.php?link=Young Tabooo Links + 7 M.b + Small Kitties&url=http:// (Moved)
2800 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.11.2.3&u=freesites/cgi/out.php?link=Young Tabooo Links + 7 M.b + Small Kitties&url=http://teen18topic.com/ (No open folder)
2801 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.11.2.3&u=freesites/cgi/out.php?link=Young Tabooo Links + 7 M.b + Small Kitties&url=http://teen18topic.com/teengalls/ (403 Forbidden)
2802 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/ (No open folder)
2803 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/ (404 Not Found)
2804 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http:/ (No open folder)
2805 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http:// (Moved)
2806 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/ (No open folder)
2807 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/ (403 Forbidden)
2808 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.12.6.6&u=freesites/cgi/out.php?link=NN Models 8 m.b Archives&url=http://teen18topic.com/teengalls/desk_img/ (404 Not Found)
2809 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.13.4.5&u=freesites/ (No open folder)
2810 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.13.4.5&u=freesites/cgi/ (404 Not Found)
2811 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.13.4.5&u=freesites/cgi/out.php?link=Forbidden Love :: Photo & Video Sharing&url=http:/ (No open folder)
2812 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.13.4.5&u=freesites/cgi/out.php?link=Forbidden Love :: Photo & Video Sharing&url=http:// (Moved)
2813 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.13.4.5&u=freesites/cgi/out.php?link=Forbidden Love :: Photo & Video Sharing&url=http://teen18topic.com/ (No open folder)
2814 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.13.4.5&u=freesites/cgi/out.php?link=Forbidden Love :: Photo & Video Sharing&url=http://teen18topic.com/teengalls/ (403 Forbidden)
2815 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.14.19.15&u=freesites/ (No open folder)
2816 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.14.19.15&u=freesites/cgi/ (404 Not Found)
2817 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.14.19.15&u=freesites/cgi/out.php?link=Family RAPE Topics - 14 Video Tapes&url=http:/ (No open folder)
2818 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.14.19.15&u=freesites/cgi/out.php?link=Family RAPE Topics - 14 Video Tapes&url=http:// (Moved)
2819 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.14.19.15&u=freesites/cgi/out.php?link=Family RAPE Topics - 14 Video Tapes&url=http://teen18topic.com/ (No open folder)
2820 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.14.19.15&u=freesites/cgi/out.php?link=Family RAPE Topics - 14 Video Tapes&url=http://teen18topic.com/teengalls/ (403 Forbidden)
2821 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.15.30.25&u=freesites/ (No open folder)
2822 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.15.30.25&u=freesites/cgi/ (404 Not Found)
2823 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.15.30.25&u=freesites/cgi/out.php?link=NN Julia + Tiny Vika + Cute Dasha&url=http:/ (No open folder)
2824 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.15.30.25&u=freesites/cgi/out.php?link=NN Julia + Tiny Vika + Cute Dasha&url=http:// (Moved)
2825 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.15.30.25&u=freesites/cgi/out.php?link=NN Julia + Tiny Vika + Cute Dasha&url=http://teen18topic.com/ (No open folder)
2826 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.15.30.25&u=freesites/cgi/out.php?link=NN Julia + Tiny Vika + Cute Dasha&url=http://teen18topic.com/teengalls/ (403 Forbidden)
2827 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/ (No open folder)
2828 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/ (404 Not Found)
2829 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http:/ (No open folder)
2830 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http:// (Moved)
2831 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/ (No open folder)
2832 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/ (403 Forbidden)
2833 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.16.14.11&u=freesites/cgi/out.php?link=Sister + Brother Sex Tapes&url=http://teen18topic.com/teengalls/desk_img/ (404 Not Found)
2834 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/ (No open folder)
2835 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/ (404 Not Found)
2836 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http:/ (No open folder)
2837 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http:// (Moved)
2838 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/ (No open folder)
2839 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/ (403 Forbidden)
2840 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.17.11.9&u=freesites/cgi/out.php?link=Family Taboo Sex - Dad & Daughter Forum&url=http://teen18topic.com/teengalls/desk_img/ (404 Not Found)
2841 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/ (No open folder)
2842 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/ (404 Not Found)
2843 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http:/ (No open folder)
2844 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http:// (400 Bad Request)
2845 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/ (No open folder)
2846 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/ (403 Forbidden)
2847 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.18.1.1&u=freesites/cgi/out.php?link=Little Cuties DVDrip 8 Gb&url=http://teen18topic.com/teengalls/desk_img/ (404 Not Found)
2848 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.19.21.17&u=freesites/ (No open folder)
2849 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.19.21.17&u=freesites/cgi/ (404 Not Found)
2850 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.19.21.17&u=freesites/cgi/out.php?link=Cute Daughters + MOM + DAD Forum&url=http:/ (No open folder)
2851 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.19.21.17&u=freesites/cgi/out.php?link=Cute Daughters + MOM + DAD Forum&url=http:// (Moved)
2852 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.19.21.17&u=freesites/cgi/out.php?link=Cute Daughters + MOM + DAD Forum&url=http://teen18topic.com/ (No open folder)
2853 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.19.21.17&u=freesites/cgi/out.php?link=Cute Daughters + MOM + DAD Forum&url=http://teen18topic.com/teengalls/ (403 Forbidden)
2854 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/ (No open folder)
2855 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/ (404 Not Found)
2856 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http:/ (No open folder)
2857 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http:// (Moved)
2858 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/ (No open folder)
2859 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/ (403 Forbidden)
2860 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/download/ (404 Not Found)
2861 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.2.13.10.t&u=freesites/cgi/out.php?link=Little Daughter & Old Dad Topics&url=http://teen18topic.com/teengalls/icons2/ (404 Not Found)
2862 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.20.15.12.t&u=freesites/ (No open folder)
2863 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.20.15.12.t&u=freesites/cgi/ (404 Not Found)
2864 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.20.15.12.t&u=freesites/cgi/out.php?link=NN Models in Lingerie&url=http:/ (No open folder)
2865 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.20.15.12.t&u=freesites/cgi/out.php?link=NN Models in Lingerie&url=http:// (Moved)
2866 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.20.15.12.t&u=freesites/cgi/out.php?link=NN Models in Lingerie&url=http://teen18topic.com/ (No open folder)
2867 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.20.15.12.t&u=freesites/cgi/out.php?link=NN Models in Lingerie&url=http://teen18topic.com/teengalls/ (403 Forbidden)
2868 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/ (No open folder)
2869 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/ (404 Not Found)
2870 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http:/ (No open folder)
2871 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http:// (Moved)
2872 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/ (No open folder)
2873 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/ (403 Forbidden)
2874 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/download/ (404 Not Found)
2875 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.3.26.22&u=freesites/cgi/out.php?link=Teen Kittie + Perverted Father Movies&url=http://teen18topic.com/teengalls/icons2/ (404 Not Found)
2876 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.4.25.21&u=freesites/ (No open folder)
2877 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.4.25.21&u=freesites/cgi/ (404 Not Found)
2878 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.4.25.21&u=freesites/cgi/out.php?link=Little Vaginas + Tiny Clits 7 M.b Images&url=http:/ (No open folder)
2879 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.4.25.21&u=freesites/cgi/out.php?link=Little Vaginas + Tiny Clits 7 M.b Images&url=http:// (Moved)
2880 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.4.25.21&u=freesites/cgi/out.php?link=Little Vaginas + Tiny Clits 7 M.b Images&url=http://teen18topic.com/ (No open folder)
2881 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.4.25.21&u=freesites/cgi/out.php?link=Little Vaginas + Tiny Clits 7 M.b Images&url=http://teen18topic.com/teengalls/ (403 Forbidden)
2882 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.5.24.20&u=freesites/ (No open folder)
2883 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.5.24.20&u=freesites/cgi/ (404 Not Found)
2884 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.6.20.16&u=freesites/ (No open folder)
2885 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.6.20.16&u=freesites/cgi/ (404 Not Found)
2886 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.6.20.16&u=freesites/cgi/out.php?link=Small Pussy Collection Forum 7 G.b Photos&url=http:/ (No open folder)
2887 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.6.20.16&u=freesites/cgi/out.php?link=Small Pussy Collection Forum 7 G.b Photos&url=http:// (Moved)
2888 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.6.20.16&u=freesites/cgi/out.php?link=Small Pussy Collection Forum 7 G.b Photos&url=http://teen18topic.com/ (No open folder)
2889 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.6.20.16&u=freesites/cgi/out.php?link=Small Pussy Collection Forum 7 G.b Photos&url=http://teen18topic.com/teengalls/ (403 Forbidden)
2890 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/ (No open folder)
2891 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/ (404 Not Found)
2892 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http:/ (No open folder)
2893 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http:// (Moved)
2894 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/ (No open folder)
2895 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/ (403 Forbidden)
2896 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/icons/ (404 Not Found)
2897 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/img/ (404 Not Found)
2898 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.7.18.14.t&u=freesites/cgi/out.php?link=Hottest Little Content - 12 G.b&url=http://teen18topic.com/teengalls/websites/ (404 Not Found)
2899 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/ (No open folder)
2900 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/ (404 Not Found)
2901 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http:/ (No open folder)
2902 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http:// (Moved)
2903 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/ (No open folder)
2904 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/ (403 Forbidden)
2905 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.8.28.24&u=freesites/cgi/out.php?link=Younest Girls in sexy Lingerie Forum&url=http://teen18topic.com/teengalls/desk_img/ (404 Not Found)
2906 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.9.22.18&u=freesites/ (No open folder)
2907 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.9.22.18&u=freesites/cgi/ (404 Not Found)
2908 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.9.22.18&u=freesites/cgi/out.php?link=Cruel Dad + Tiny Daughter Sexual Punishment&url=http:/ (No open folder)
2909 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.9.22.18&u=freesites/cgi/out.php?link=Cruel Dad + Tiny Daughter Sexual Punishment&url=http:// (Moved)
2910 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.9.22.18&u=freesites/cgi/out.php?link=Cruel Dad + Tiny Daughter Sexual Punishment&url=http://teen18topic.com/ (No open folder)
2911 - http://www.teen18topic.com./viewtopic/out.php?l=0.1.9.22.18&u=freesites/cgi/out.php?link=Cruel Dad + Tiny Daughter Sexual Punishment&url=http://teen18topic.com/teengalls/ (403 Forbidden)
2912 - http://www.teen18topic.com./viewtopic/out.php?l=0.2.0.7.0&u=freesites/ (No open folder)
2913 - http://www.teen18topic.com./viewtopic/out.php?l=0.2.0.7.0&u=freesites/cgi/ (404 Not Found)
2914 - http://www.teen18topic.com./viewtopic/out.php?l=0.2.0.7.0&u=freesites/cgi/out.php?link=Father + Daughter ( 874 Photos & 12 Videos)&url=http:/ (No open folder)
2915 - http://www.teen18topic.com./viewtopic/out.php?l=0.2.0.7.0&u=freesites/cgi/out.php?link=Father + Daughter ( 874 Photos & 12 Videos)&url=http:// (Moved)
2916 - http://www.teen18topic.com./viewtopic/out.php?l=0.2.0.7.0&u=freesites/cgi/out.php?link=Father + Daughter ( 874 Photos & 12 Videos)&url=http://teen18topic.com/ (No open folder)
2917 - http://www.teen18topic.com./viewtopic/out.php?l=0.2.0.7.0&u=freesites/cgi/out.php?link=Father + Daughter ( 874 Photos & 12 Videos)&url=http://teen18topic.com/teengalls/ (403 Forbidden)
2918 - http://www.teen18topic.com./viewtopic/out.php?l=0.2.1.8.0&u=freesites/ (No open folder)
2919 - http://www.teen18topic.com./viewtopic/out.php?l=0.2.1.8.0&u=freesites/cgi/ (404 Not Found)
2920 - http://www.teen18topic.com./viewtopic/out.php?l=0.2.1.8.0&u=freesites/cgi/out.php?link=Young NUDIST & NATURIST :: Home Tapes&url=http:/ (No open folder)
2921 - http://www.teen18topic.com./viewtopic/out.php?l=0.2.1.8.0&u=freesites/cgi/out.php?link=Young NUDIST & NATURIST :: Home Tapes&url=http:// (Moved)
2922 - http://www.teen18topic.com./viewtopic/out.php?l=0.2.1.8.0&u=freesites/cgi/out.php?link=Young NUDIST & NATURIST :: Home Tapes&url=http://teen18topic.com/ (No open folder)
2923 - http://www.teen18topic.com./viewtopic/out.php?l=0.2.1.8.0&u=freesites/cgi/out.php?link=Young NUDIST & NATURIST :: Home Tapes&url=http://teen18topic.com/teengalls/ (403 Forbidden)
2924 Total directories: 172
2925
2926+ Directory indexing found:
2927 Total directories with indexing: 0
2928
2929----------------------------------------------------------------------
2930
2931
2932 + URL to crawl: http://pop.teen18topic.com.
2933 + Date: 2019-07-20
2934
2935 + Crawling URL: http://pop.teen18topic.com.:
2936 + Links:
2937 + Crawling http://pop.teen18topic.com.
2938 + Searching for directories...
2939 + Searching open folders...
2940
2941
2942 + URL to crawl: http://ns1.teen18topic.com.
2943 + Date: 2019-07-20
2944
2945 + Crawling URL: http://ns1.teen18topic.com.:
2946 + Links:
2947 + Crawling http://ns1.teen18topic.com.
2948 + Searching for directories...
2949 + Searching open folders...
2950
2951
2952 + URL to crawl: http://ns1.teen18topic.com
2953 + Date: 2019-07-20
2954
2955 + Crawling URL: http://ns1.teen18topic.com:
2956 + Links:
2957 + Crawling http://ns1.teen18topic.com
2958 + Searching for directories...
2959 + Searching open folders...
2960
2961
2962 + URL to crawl: http://ns2.teen18topic.com
2963 + Date: 2019-07-20
2964
2965 + Crawling URL: http://ns2.teen18topic.com:
2966 + Links:
2967 + Crawling http://ns2.teen18topic.com
2968 + Searching for directories...
2969 + Searching open folders...
2970
2971
2972 + URL to crawl: http://ftp.teen18topic.com.
2973 + Date: 2019-07-20
2974
2975 + Crawling URL: http://ftp.teen18topic.com.:
2976 + Links:
2977 + Crawling http://ftp.teen18topic.com.
2978 + Searching for directories...
2979 + Searching open folders...
2980
2981
2982 + URL to crawl: http://mail.teen18topic.com.
2983 + Date: 2019-07-20
2984
2985 + Crawling URL: http://mail.teen18topic.com.:
2986 + Links:
2987 + Crawling http://mail.teen18topic.com.
2988 + Searching for directories...
2989 + Searching open folders...
2990
2991
2992 + URL to crawl: http://ns2.teen18topic.com.
2993 + Date: 2019-07-20
2994
2995 + Crawling URL: http://ns2.teen18topic.com.:
2996 + Links:
2997 + Crawling http://ns2.teen18topic.com.
2998 + Searching for directories...
2999 + Searching open folders...
3000
3001
3002 + URL to crawl: http://mail.teen18topic.com:5432
3003 + Date: 2019-07-20
3004
3005 + Crawling URL: http://mail.teen18topic.com:5432:
3006 + Links:
3007 + Crawling http://mail.teen18topic.com:5432 (404 Not Found)
3008 + Searching for directories...
3009 + Searching open folders...
3010
3011
3012 + URL to crawl: http://www.teen18topic.com.:5432
3013 + Date: 2019-07-20
3014
3015 + Crawling URL: http://www.teen18topic.com.:5432:
3016 + Links:
3017 + Crawling http://www.teen18topic.com.:5432 (404 Not Found)
3018 + Searching for directories...
3019 + Searching open folders...
3020
3021
3022 + URL to crawl: http://pop.teen18topic.com.:5432
3023 + Date: 2019-07-20
3024
3025 + Crawling URL: http://pop.teen18topic.com.:5432:
3026 + Links:
3027 + Crawling http://pop.teen18topic.com.:5432 (404 Not Found)
3028 + Searching for directories...
3029 + Searching open folders...
3030
3031
3032 + URL to crawl: http://ns1.teen18topic.com.:5432
3033 + Date: 2019-07-20
3034
3035 + Crawling URL: http://ns1.teen18topic.com.:5432:
3036 + Links:
3037 + Crawling http://ns1.teen18topic.com.:5432 (404 Not Found)
3038 + Searching for directories...
3039 + Searching open folders...
3040
3041
3042 + URL to crawl: http://ns1.teen18topic.com:5432
3043 + Date: 2019-07-20
3044
3045 + Crawling URL: http://ns1.teen18topic.com:5432:
3046 + Links:
3047 + Crawling http://ns1.teen18topic.com:5432 (404 Not Found)
3048 + Searching for directories...
3049 + Searching open folders...
3050
3051
3052 + URL to crawl: http://ns2.teen18topic.com:5432
3053 + Date: 2019-07-20
3054
3055 + Crawling URL: http://ns2.teen18topic.com:5432:
3056 + Links:
3057 + Crawling http://ns2.teen18topic.com:5432 (404 Not Found)
3058 + Searching for directories...
3059 + Searching open folders...
3060
3061
3062 + URL to crawl: http://ftp.teen18topic.com.:5432
3063 + Date: 2019-07-20
3064
3065 + Crawling URL: http://ftp.teen18topic.com.:5432:
3066 + Links:
3067 + Crawling http://ftp.teen18topic.com.:5432 (404 Not Found)
3068 + Searching for directories...
3069 + Searching open folders...
3070
3071
3072 + URL to crawl: http://mail.teen18topic.com.:5432
3073 + Date: 2019-07-20
3074
3075 + Crawling URL: http://mail.teen18topic.com.:5432:
3076 + Links:
3077 + Crawling http://mail.teen18topic.com.:5432 (404 Not Found)
3078 + Searching for directories...
3079 + Searching open folders...
3080
3081
3082 + URL to crawl: http://ns2.teen18topic.com.:5432
3083 + Date: 2019-07-20
3084
3085 + Crawling URL: http://ns2.teen18topic.com.:5432:
3086 + Links:
3087 + Crawling http://ns2.teen18topic.com.:5432 (404 Not Found)
3088 + Searching for directories...
3089 + Searching open folders...
3090
3091--Finished--
3092Summary information for domain teen18topic.com.
3093-----------------------------------------
3094
3095 Domain Ips Information:
3096 IP: 37.1.201.205
3097 HostName: ns2.teen18topic.com Type: NS
3098 HostName: ns1.teen18topic.com Type: NS
3099 HostName: mail.teen18topic.com Type: MX
3100 Type: SPF
3101 HostName: www.teen18topic.com. Type: A
3102 HostName: ftp.teen18topic.com. Type: A
3103 HostName: mail.teen18topic.com. Type: A
3104 HostName: ns1.teen18topic.com. Type: A
3105 HostName: ns2.teen18topic.com. Type: A
3106 HostName: pop.teen18topic.com. Type: A
3107 Country: Netherlands
3108 Is Active: True (reset ttl 64)
3109 Port: 21/tcp open ftp syn-ack ttl 52 vsftpd 2.2.2
3110 Port: 22/tcp open ssh syn-ack ttl 52 OpenSSH 5.3 (protocol 2.0)
3111 Script Info: | ssh-hostkey:
3112 Script Info: | 1024 1a:b9:af:78:58:06:36:0d:65:85:15:db:15:07:e1:69 (DSA)
3113 Script Info: |_ 2048 e5:87:b0:ac:d3:10:71:34:19:40:d8:85:af:67:41:3e (RSA)
3114 Port: 80/tcp open http syn-ack ttl 52 nginx
3115 Script Info: | http-methods:
3116 Script Info: | Supported Methods: GET HEAD POST OPTIONS TRACE
3117 Script Info: |_ Potentially risky methods: TRACE
3118 Script Info: |_http-server-header: nginx
3119 Script Info: |_http-title: default.domain — Coming Soon
3120 Port: 110/tcp open pop3 syn-ack ttl 53 Dovecot pop3d
3121 Script Info: |_pop3-capabilities: SASL(PLAIN LOGIN) RESP-CODES USER STLS CAPA UIDL PIPELINING TOP
3122 Script Info: |_ssl-date: 2019-07-20T05:49:47+00:00; -2s from scanner time.
3123 Port: 143/tcp open imap syn-ack ttl 53 Dovecot imapd
3124 Script Info: |_imap-capabilities: ID IMAP4rev1 completed LOGIN-REFERRALS SASL-IR AUTH=LOGINA0001 OK IDLE ENABLE Capability AUTH=PLAIN LITERAL+ STARTTLS
3125 Script Info: |_ssl-date: 2019-07-20T05:49:47+00:00; -3s from scanner time.
3126 Port: 465/tcp open ssl/smtp syn-ack ttl 53 Exim smtpd 4.92
3127 Script Info: |_smtp-commands: SMTP EHLO nmap.scanme.org: failed to receive data: failed to receive data
3128 Script Info: | ssl-cert: Subject: commonName=www.server.domain.com/organizationName=Dis/stateOrProvinceName=Denial/countryName=US
3129 Script Info: | Issuer: commonName=www.server.domain.com/organizationName=Dis/stateOrProvinceName=Denial/countryName=US
3130 Script Info: | Public Key type: rsa
3131 Script Info: | Public Key bits: 2048
3132 Script Info: | Signature Algorithm: sha1WithRSAEncryption
3133 Script Info: | Not valid before: 2016-02-10T11:22:51
3134 Script Info: | Not valid after: 2017-02-09T11:22:51
3135 Script Info: | MD5: bc54 08c8 cd50 1f1b ea58 9913 7a31 452c
3136 Script Info: |_SHA-1: 4148 bce2 28f3 5cdd 6693 8ba1 065b 397c 5d3b 9cba
3137 Script Info: |_ssl-date: 2019-07-20T05:49:41+00:00; -2s from scanner time.
3138 Port: 587/tcp open smtp syn-ack ttl 53 Exim smtpd 4.92
3139 Script Info: | smtp-commands: server.domain.com Hello nmap.scanme.org [160.116.0.99], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, CHUNKING, STARTTLS, HELP,
3140 Script Info: |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
3141 Script Info: | ssl-cert: Subject: commonName=www.server.domain.com/organizationName=Dis/stateOrProvinceName=Denial/countryName=US
3142 Script Info: | Issuer: commonName=www.server.domain.com/organizationName=Dis/stateOrProvinceName=Denial/countryName=US
3143 Script Info: | Public Key type: rsa
3144 Script Info: | Public Key bits: 2048
3145 Script Info: | Signature Algorithm: sha1WithRSAEncryption
3146 Script Info: | Not valid before: 2016-02-10T11:22:51
3147 Script Info: | Not valid after: 2017-02-09T11:22:51
3148 Script Info: | MD5: bc54 08c8 cd50 1f1b ea58 9913 7a31 452c
3149 Script Info: |_SHA-1: 4148 bce2 28f3 5cdd 6693 8ba1 065b 397c 5d3b 9cba
3150 Script Info: |_ssl-date: 2019-07-20T05:49:47+00:00; -2s from scanner time.
3151 Port: 993/tcp open ssl/imaps? syn-ack ttl 52
3152 Script Info: |_ssl-date: 2019-07-20T05:49:42+00:00; -3s from scanner time.
3153 Port: 995/tcp open ssl/pop3s? syn-ack ttl 53
3154 Script Info: |_ssl-date: 2019-07-20T05:49:43+00:00; -2s from scanner time.
3155 Port: 3306/tcp open mysql syn-ack ttl 52 MySQL 5.5.47
3156 Script Info: | mysql-info:
3157 Script Info: | Protocol: 10
3158 Script Info: | Version: 5.5.47
3159 Script Info: | Thread ID: 298712
3160 Script Info: | Capabilities flags: 63487
3161 Script Info: | Some Capabilities: Support41Auth, IgnoreSpaceBeforeParenthesis, IgnoreSigpipes, FoundRows, SupportsLoadDataLocal, Speaks41ProtocolOld, SupportsTransactions, Speaks41ProtocolNew, LongColumnFlag, LongPassword, InteractiveClient, DontAllowDatabaseTableColumn, ODBCClient, ConnectWithDatabase, SupportsCompression, SupportsMultipleStatments, SupportsMultipleResults, SupportsAuthPlugins
3162 Script Info: | Status: Autocommit
3163 Script Info: | Salt: <zrPu~9Ay_PS//@3{57Q
3164 Script Info: |_ Auth Plugin Name: 79
3165 Port: 5432/tcp open http syn-ack ttl 53 Node.js Express framework
3166 Script Info: |_http-cors: HEAD GET POST PUT DELETE PATCH
3167 Script Info: | http-methods:
3168 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
3169 Script Info: |_http-title: Site doesn't have a title (text/plain).
3170 Os Info: Host: server.domain.com; OS: Unix
3171 Script Info: |_clock-skew: mean: -2s, deviation: 0s, median: -2s
3172
3173--------------End Summary --------------
3174-----------------------------------------
3175#######################################################################################################################################
3176dnsenum VERSION:1.2.4
3177
3178----- teen18topic.com -----
3179
3180
3181Host's addresses:
3182__________________
3183
3184teen18topic.com. 7129 IN A 37.1.201.205
3185
3186
3187Name Servers:
3188______________
3189
3190ns1.teen18topic.com. 85377 IN A 37.1.201.205
3191ns2.teen18topic.com. 85822 IN A 37.1.201.205
3192
3193
3194Mail (MX) Servers:
3195___________________
3196
3197mail.teen18topic.com. 14166 IN A 37.1.201.205
3198
3199
3200Trying Zone Transfers and getting Bind Versions:
3201_________________________________________________
3202
3203
3204Trying Zone Transfer for teen18topic.com on ns1.teen18topic.com ...
3205
3206Trying Zone Transfer for teen18topic.com on ns2.teen18topic.com ...
3207
3208brute force file not specified, bay.
3209#######################################################################################################################################
3210[-] Enumerating subdomains now for teen18topic.com
3211[-] verbosity is enabled, will show the subdomains results in realtime
3212[-] Searching now in Baidu..
3213[-] Searching now in Yahoo..
3214[-] Searching now in Google..
3215[-] Searching now in Bing..
3216[-] Searching now in Ask..
3217[-] Searching now in Netcraft..
3218[-] Searching now in DNSdumpster..
3219[-] Searching now in Virustotal..
3220[-] Searching now in ThreatCrowd..
3221[-] Searching now in SSL Certificates..
3222[-] Searching now in PassiveDNS..
3223DNSdumpster: mail.teen18topic.com
3224Yahoo: www.teen18topic.com
3225[-] Saving results to file: /usr/share/sniper/loot/workspace/teen18topic.com/domains/domains-teen18topic.com.txt
3226[-] Total Unique Subdomains Found: 2
3227www.teen18topic.com
3228mail.teen18topic.com
3229#######################################################################################################################################
3230teen18topic.com,37.1.201.205
3231ftp.teen18topic.com,37.1.201.205
3232www.teen18topic.com,37.1.201.205
3233mail.teen18topic.com,37.1.201.205
3234pop.teen18topic.com,37.1.201.205
3235#######################################################################################################################################
3236===============================================
3237-=Subfinder v1.1.3 github.com/subfinder/subfinder
3238===============================================
3239
3240
3241Running Source: Ask
3242Running Source: Archive.is
3243Running Source: Baidu
3244Running Source: Bing
3245Running Source: CertDB
3246Running Source: CertificateTransparency
3247Running Source: Certspotter
3248Running Source: Commoncrawl
3249Running Source: Crt.sh
3250Running Source: Dnsdb
3251Running Source: DNSDumpster
3252Running Source: DNSTable
3253Running Source: Dogpile
3254Running Source: Exalead
3255Running Source: Findsubdomains
3256Running Source: Googleter
3257Running Source: Hackertarget
3258Running Source: Ipv4Info
3259Running Source: PTRArchive
3260Running Source: Sitedossier
3261Running Source: Threatcrowd
3262Running Source: ThreatMiner
3263Running Source: WaybackArchive
3264Running Source: Yahoo
3265
3266Running enumeration on teen18topic.com
3267
3268dnsdb: Unexpected return status 503
3269
3270dogpile: Get https://www.dogpile.com/search/web?q=teen18topic.com&qsi=1: EOF
3271
3272waybackarchive: parse http://web.archive.org/cdx/search/cdx?url=*.teen18topic.com/*&output=json&fl=original&collapse=urlkey&page=: net/url: invalid control character in URL
3273
3274
3275Starting Bruteforcing of teen18topic.com with 9985 words
3276
3277Total 7 Unique subdomains found for teen18topic.com
3278
3279.teen18topic.com
3280ftp.teen18topic.com
3281mail.teen18topic.com
3282mail.teen18topic.com
3283pop.teen18topic.com
3284www.teen18topic.com
3285www.teen18topic.com
3286#######################################################################################################################################
3287[*] Processing domain teen18topic.com
3288[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
3289[+] Getting nameservers
329037.1.201.205 - ns1.teen18topic.com
329137.1.201.205 - ns2.teen18topic.com
3292[-] Zone transfer failed
3293
3294[+] TXT records found
3295"v=spf1 a mx ip4:37.1.201.205 ?all"
3296
3297[+] MX records found, added to target list
329810 mail.teen18topic.com.
3299
3300[*] Scanning teen18topic.com for A records
330137.1.201.205 - teen18topic.com
330237.1.201.205 - ftp.teen18topic.com
330337.1.201.205 - mail.teen18topic.com
330437.1.201.205 - ns1.teen18topic.com
330537.1.201.205 - ns2.teen18topic.com
330637.1.201.205 - pop.teen18topic.com
330737.1.201.205 - www.teen18topic.com
3308#######################################################################################################################################
3309[*] Found SPF record:
3310[*] v=spf1 a mx ip4:37.1.201.205 ?all
3311[+] SPF record has no All string
3312[*] Checking SPF include mechanisms
3313[*] Include mechanisms are not strong
3314[*] No DMARC record found. Looking for organizational record
3315[+] No organizational DMARC record
3316[+] Spoofing possible for teen18topic.com!
3317#######################################################################################################################################
3318[Not Vulnerable] .teen18topic.com
3319[Not Vulnerable]
3320[Not Vulnerable] domain
3321[Not Vulnerable] ns2.teen18topic.com
3322[Not Vulnerable] ftp.teen18topic.com
3323[Not Vulnerable] mail.teen18topic.com
3324[Not Vulnerable] ns1.teen18topic.com
3325[Not Vulnerable] teen18topic.com
3326[Not Vulnerable] www.teen18topic.com
3327[Not Vulnerable] pop.teen18topic.com
3328#######################################################################################################################################
33295.45.64.0/21
33305.45.72.0/22
33315.45.76.0/22
33325.45.84.0/22
33335.45.88.0/22
33345.56.133.0/24
33355.61.48.0/22
33365.178.64.0/21
33375.178.64.0/24
33385.178.65.0/24
33395.178.66.0/23
33405.178.68.0/22
33415.188.12.0/22
33425.188.12.0/24
33435.188.13.0/24
33445.188.14.0/24
33455.188.15.0/24
33465.255.64.0/19
33475.255.64.0/21
33485.255.72.0/24
33495.255.73.0/24
33505.255.74.0/23
33515.255.77.0/24
33525.255.78.0/23
33535.255.80.0/22
33545.255.84.0/24
33555.255.85.0/24
33565.255.86.0/23
33575.255.88.0/24
33585.255.90.0/23
33595.255.92.0/23
33605.255.94.0/23
336131.186.171.0/24
336231.186.172.0/24
336331.186.173.0/24
336431.186.174.0/23
336537.1.200.0/21
336637.1.216.0/21
336737.252.3.0/24
336837.252.13.0/24
336937.252.14.0/23
337046.243.152.0/22
337146.243.188.0/22
337246.243.192.0/21
337346.249.32.0/19
337446.249.32.0/22
337546.249.36.0/23
337646.249.39.0/24
337746.249.40.0/23
337846.249.42.0/24
337946.249.43.0/24
338046.249.44.0/22
338146.249.48.0/21
338246.249.56.0/24
338346.249.57.0/24
338446.249.58.0/24
338546.249.59.0/24
338646.249.60.0/22
338777.83.184.0/22
338885.208.160.0/22
338988.218.28.0/24
339088.218.132.0/22
339189.47.1.0/24
339291.142.132.0/24
339391.195.80.0/24
339491.195.81.0/24
339591.198.106.0/24
339691.201.124.0/22
339791.205.192.0/23
339891.210.172.0/22
339991.216.34.0/24
340091.217.191.0/24
340191.217.235.0/24
340291.218.124.0/22
340391.220.37.0/24
340491.220.53.0/24
340591.221.69.0/24
340691.235.136.0/23
340791.243.44.0/22
340893.158.200.0/21
340993.158.200.0/24
341093.158.201.0/24
341193.158.202.0/23
341293.158.204.0/22
341393.158.208.0/20
341493.158.208.0/24
341593.158.209.0/24
341693.158.210.0/23
341793.158.212.0/23
341893.158.214.0/24
341993.158.215.0/24
342093.158.216.0/21
3421103.196.240.0/22
3422128.0.68.0/23
3423141.98.32.0/22
3424142.0.71.0/24
3425144.208.96.0/24
3426146.185.253.0/24
3427159.253.2.0/24
3428160.20.152.0/22
3429178.18.28.0/24
3430178.18.29.0/24
3431178.21.16.0/21
3432178.21.22.0/24
3433185.8.176.0/22
3434185.12.12.0/22
3435185.20.184.0/23
3436185.20.186.0/23
3437185.27.28.0/24
3438185.27.29.0/24
3439185.27.30.0/24
3440185.27.31.0/24
3441185.35.96.0/22
3442185.36.188.0/22
3443185.42.59.0/24
3444185.44.128.0/22
3445185.53.160.0/22
3446185.53.208.0/24
3447185.53.211.0/24
3448185.56.144.0/22
3449185.67.0.0/24
3450185.79.112.0/22
3451185.89.132.0/22
3452185.89.132.0/24
3453185.89.133.0/24
3454185.89.134.0/24
3455185.89.135.0/24
3456185.90.136.0/22
3457185.90.136.0/23
3458185.90.138.0/24
3459185.90.139.0/24
3460185.116.164.0/22
3461185.129.68.0/22
3462185.145.24.0/22
3463185.159.240.0/22
3464185.161.208.0/22
3465185.162.235.0/24
3466185.166.235.0/24
3467185.177.23.0/24
3468185.178.232.0/22
3469185.181.165.0/24
3470185.193.216.0/22
3471185.200.101.0/24
3472185.200.103.0/24
3473185.224.214.0/24
3474185.225.112.0/22
3475185.228.56.0/23
3476185.228.58.0/24
3477185.234.114.0/24
3478185.236.76.0/22
3479185.251.68.0/23
3480185.253.219.0/24
3481185.254.172.0/22
3482188.72.64.0/22
3483188.72.68.0/23
3484188.120.32.0/22
3485188.120.44.0/22
3486192.243.124.0/22
3487193.23.143.0/24
3488193.111.152.0/22
3489193.169.244.0/23
3490193.176.184.0/24
3491193.176.185.0/24
3492193.188.23.0/24
3493194.34.245.0/24
3494194.34.247.0/24
3495194.107.76.0/22
3496194.107.79.0/24
3497194.247.30.0/23
3498194.247.38.0/24
3499195.10.212.0/24
3500195.114.100.0/23
3501195.238.74.0/23
3502198.105.117.0/24
3503212.80.216.0/22
3504217.12.200.0/23
3505217.12.208.0/23
3506##################################################################################################################################
3507Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-20 01:09 EDT
3508Nmap scan report for teen18topic.com (37.1.201.205)
3509Host is up (0.32s latency).
3510Not shown: 460 filtered ports, 4 closed ports
3511Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
3512PORT STATE SERVICE
351321/tcp open ftp
351422/tcp open ssh
351580/tcp open http
3516110/tcp open pop3
3517143/tcp open imap
3518465/tcp open smtps
3519587/tcp open submission
3520993/tcp open imaps
3521995/tcp open pop3s
35222525/tcp open ms-v-worlds
35233306/tcp open mysql
35245432/tcp open postgresql
3525####################################################################################################################################
3526Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-20 01:10 EDT
3527Nmap scan report for teen18topic.com (37.1.201.205)
3528Host is up (0.19s latency).
3529Not shown: 2 filtered ports
3530PORT STATE SERVICE
353153/udp open domain
353267/udp open|filtered dhcps
353368/udp open|filtered dhcpc
353469/udp open|filtered tftp
353588/udp open|filtered kerberos-sec
3536123/udp open|filtered ntp
3537139/udp open|filtered netbios-ssn
3538161/udp open|filtered snmp
3539162/udp open|filtered snmptrap
3540389/udp open|filtered ldap
3541520/udp open|filtered route
35422049/udp open|filtered nfs
3543####################################################################################################################################
3544Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-20 01:10 EDT
3545Nmap scan report for teen18topic.com (37.1.201.205)
3546Host is up (0.25s latency).
3547
3548PORT STATE SERVICE VERSION
354921/tcp open ftp vsftpd 2.2.2
3550| ftp-brute:
3551| Accounts: No valid accounts found
3552|_ Statistics: Performed 911 guesses in 182 seconds, average tps: 4.6
3553| vulscan: VulDB - https://vuldb.com:
3554| [43110] vsftpd up to 2.0.4 Memory Leak denial of service
3555|
3556| MITRE CVE - https://cve.mitre.org:
3557| [CVE-2011-2189] net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd.
3558| [CVE-2011-0762] The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.
3559| [CVE-2009-5029] Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd.
3560| [CVE-2008-4969] ltp-network-test 20060918 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/vsftpd.conf, (b) /tmp/udp/2/*, (c) /tmp/tcp/2/*, (d) /tmp/udp/3/*, (e) /tmp/tcp/3/*, (f) /tmp/nfs_fsstress.udp.2.log, (g) /tmp/nfs_fsstress.udp.3.log, (h) /tmp/nfs_fsstress.tcp.2.log, (i) /tmp/nfs_fsstress.tcp.3.log, and (j) /tmp/nfs_fsstress.sardata temporary files, related to the (1) ftp_setup_vsftp_conf and (2) nfs_fsstress.sh scripts.
3561| [CVE-2008-2375] Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962.
3562| [CVE-2007-5962] Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option.
3563| [CVE-2007-4322] BlockHosts before 2.0.4 does not properly parse (1) sshd and (2) vsftpd log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by connecting through ssh with a client protocol version identification contain#######################################ing an IP address string, or connecting through ftp with a username containing an IP address string, different vectors than CVE-2007-2765.
3564|
3565| SecurityFocus - https://www.securityfocus.com/bid/:
3566| [82285] Vsftpd CVE-2004-0042 Remote Security Vulnerability
3567| [72451] vsftpd CVE-2015-1419 Security Bypass Vulnerability
3568| [51013] vsftpd '__tzfile_read()' Function Heap Based Buffer Overflow Vulnerability
3569| [48539] vsftpd Compromised Source Packages Backdoor Vulnerability
3570| [46617] vsftpd FTP Server 'ls.c' Remote Denial of Service Vulnerability
3571| [41443] Vsftpd Webmin Module Multiple Unspecified Vulnerabilities
3572| [30364] vsftpd FTP Server Pluggable Authentication Module (PAM) Remote Denial of Service Vulnerability
3573| [29322] vsftpd FTP Server 'deny_file' Option Remote Denial of Service Vulnerability
3574| [10394] Vsftpd Listener Denial of Service Vulnerability
3575| [7253] Red Hat Linux 9 vsftpd Compiling Error Weakness
3576|
3577| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3578| [68366] vsftpd package backdoor
3579| [65873] vsftpd vsf_filename_passes_filter denial of service
3580| [55148] VSFTPD-WEBMIN-MODULE unknown unspecified
3581| [43685] vsftpd authentication attempts denial of service
3582| [42593] vsftpd deny_file denial of service
3583| [16222] vsftpd connection denial of service
3584| [14844] vsftpd message allows attacker to obtain username
3585| [11729] Red Hat Linux vsftpd FTP daemon tcp_wrapper could allow an attacker to gain access to server
3586|
3587| Exploit-DB - https://www.exploit-db.com:
3588| [17491] VSFTPD 2.3.4 - Backdoor Command Execution
3589| [16270] vsftpd 2.3.2 - Denial of Service Vulnerability
3590| [5814] vsftpd 2.0.5 (CWD) Remote Memory Consumption Exploit (post auth)
3591|
3592| OpenVAS (Nessus) - http://www.openvas.org:
3593| [70770] Gentoo Security Advisory GLSA 201110-07 (vsftpd)
3594| [70399] Debian Security Advisory DSA 2305-1 (vsftpd)
3595|
3596| SecurityTracker - https://www.securitytracker.com:
3597| [1025186] vsftpd vsf_filename_passes_filter() Bug Lets Remote Authenticated Users Deny Service
3598| [1020546] vsftpd Memory Leak When Invalid Authentication Attempts Occur Lets Remote Authenticated Users Deny Service
3599| [1020079] vsftpd Memory Leak in 'deny_file' Option Lets Remote Authenticated Users Deny Service
3600| [1008628] vsftpd Discloses Whether Usernames are Valid or Not
3601|
3602| OSVDB - http://www.osvdb.org:
3603| [73573] vsftpd on vsftpd.beasts.org Trojaned Distribution
3604| [73340] vsftpd ls.c vsf_filename_passes_filter STAT Command glob Expression Remote DoS
3605| [61362] Vsftpd Webmin Module Unspecified Issues
3606| [46930] Red Hat Linux vsftpd w/ PAM Memory Exhaustion Remote DoS
3607| [45626] vsftpd deny_file Option Crafted FTP Data Remote Memory Exhaustion DoS
3608| [36515] BlockHosts sshd/vsftpd hosts.allow Arbitrary Deny Entry Manipulation
3609| [28610] vsftpd SIGURG Handler Unspecified Issue
3610| [28609] vsftpd tunable_chroot_local_user Filesystem Root Access
3611| [6861] vsftpd Login Error Message Username Enumeration
3612| [6306] vsftpd Connection Handling DoS
3613| [4564] vsftpd on Red Hat Linux Restricted Access Failure
3614|_
3615Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
3616Aggressive OS guesses: Linux 3.10 - 4.11 (91%), Linux 3.18 (91%), Linux 3.2 - 4.9 (91%), Crestron XPanel control system (89%), Linux 3.16 (88%), HP P2000 G3 NAS device (86%), ASUS RT-N56U WAP (Linux 3.4) (86%), Linux 3.1 (86%), Linux 3.2 (86%), Oracle VM Server 3.4.2 (Linux 4.1) (86%)
3617No exact OS matches for host (test conditions non-ideal).
3618Network Distance: 12 hops
3619Service Info: OS: Unix
3620
3621TRACEROUTE (using port 21/tcp)
3622HOP RTT ADDRESS
36231 185.39 ms 10.252.200.1
36242 186.59 ms 213.184.122.97
36253 185.42 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
36264 186.20 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
36275 249.71 ms bzq-179-124-82.cust.bezeqint.net (212.179.124.82)
36286 236.00 ms bzq-219-189-230.dsl.bezeqint.net (62.219.189.230)
36297 242.70 ms ae5-2074.ams10.core-backbone.com (81.95.2.138)
36308 233.60 ms ae23-0.fra20.core-backbone.com (5.56.18.217)
36319 254.23 ms 178.21.16.10
363210 249.80 ms 185.8.179.21
363311 ...
363412 249.56 ms 37.1.201.205
3635##########################################################################################################################################
3636# general
3637(gen) banner: SSH-2.0-OpenSSH_5.3
3638(gen) software: OpenSSH 5.3
3639(gen) compatibility: OpenSSH 5.9-6.6, Dropbear SSH 2013.56+ (some functionality from 0.52)
3640(gen) compression: enabled (zlib@openssh.com)
3641
3642# key exchange algorithms
3643(kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
3644 `- [info] available since OpenSSH 4.4
3645(kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
3646 `- [warn] using weak hashing algorithm
3647 `- [info] available since OpenSSH 2.3.0
3648(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
3649 `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
3650(kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
3651 `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
3652 `- [warn] using small 1024-bit modulus
3653 `- [warn] using weak hashing algorithm
3654 `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
3655
3656# host-key algorithms
3657(key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
3658(key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
3659 `- [warn] using small 1024-bit modulus
3660 `- [warn] using weak random number generator could reveal the key
3661 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
3662
3663# encryption algorithms (ciphers)
3664(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
3665(enc) aes192-ctr -- [info] available since OpenSSH 3.7
3666(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
3667(enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
3668 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
3669 `- [warn] using weak cipher
3670 `- [info] available since OpenSSH 4.2
3671(enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
3672 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
3673 `- [warn] using weak cipher
3674 `- [info] available since OpenSSH 4.2
3675(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
3676 `- [warn] using weak cipher mode
3677 `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
3678(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
3679 `- [warn] using weak cipher
3680 `- [warn] using weak cipher mode
3681 `- [warn] using small 64-bit block size
3682 `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
3683(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
3684 `- [fail] disabled since Dropbear SSH 0.53
3685 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
3686 `- [warn] using weak cipher mode
3687 `- [warn] using small 64-bit block size
3688 `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
3689(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
3690 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
3691 `- [warn] using weak cipher mode
3692 `- [warn] using small 64-bit block size
3693 `- [info] available since OpenSSH 2.1.0
3694(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
3695 `- [warn] using weak cipher mode
3696 `- [info] available since OpenSSH 2.3.0
3697(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
3698 `- [warn] using weak cipher mode
3699 `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
3700(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
3701 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
3702 `- [warn] using weak cipher
3703 `- [info] available since OpenSSH 2.1.0
3704(enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
3705 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
3706 `- [warn] using weak cipher mode
3707 `- [info] available since OpenSSH 2.3.0
3708
3709# message authentication code algorithms
3710(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
3711 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
3712 `- [warn] using encrypt-and-MAC mode
3713 `- [warn] using weak hashing algorithm
3714 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
3715(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
3716 `- [warn] using weak hashing algorithm
3717 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
3718(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
3719 `- [warn] using small 64-bit tag size
3720 `- [info] available since OpenSSH 4.7
3721(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
3722 `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
3723(mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
3724 `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
3725(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
3726 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
3727 `- [warn] using encrypt-and-MAC mode
3728 `- [info] available since OpenSSH 2.5.0
3729(mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
3730 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
3731 `- [warn] using encrypt-and-MAC mode
3732 `- [info] available since OpenSSH 2.1.0
3733(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
3734 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
3735 `- [warn] using encrypt-and-MAC mode
3736 `- [warn] using weak hashing algorithm
3737 `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
3738(mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
3739 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
3740 `- [warn] using encrypt-and-MAC mode
3741 `- [warn] using weak hashing algorithm
3742 `- [info] available since OpenSSH 2.5.0
3743
3744# algorithm recommendations (for OpenSSH 5.3)
3745(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
3746(rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove
3747(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
3748(rec) -ssh-dss -- key algorithm to remove
3749(rec) -arcfour -- enc algorithm to remove
3750(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove
3751(rec) -blowfish-cbc -- enc algorithm to remove
3752(rec) -3des-cbc -- enc algorithm to remove
3753(rec) -aes256-cbc -- enc algorithm to remove
3754(rec) -arcfour256 -- enc algorithm to remove
3755(rec) -cast128-cbc -- enc algorithm to remove
3756(rec) -aes192-cbc -- enc algorithm to remove
3757(rec) -arcfour128 -- enc algorithm to remove
3758(rec) -aes128-cbc -- enc algorithm to remove
3759(rec) -hmac-md5-96 -- mac algorithm to remove
3760(rec) -hmac-ripemd160 -- mac algorithm to remove
3761(rec) -hmac-sha1-96 -- mac algorithm to remove
3762(rec) -umac-64@openssh.com -- mac algorithm to remove
3763(rec) -hmac-md5 -- mac algorithm to remove
3764(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove
3765(rec) -hmac-sha1 -- mac algorithm to remove
3766########################################################################################################################################
3767Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-20 01:14 EDT
3768NSE: [ssh-run] Failed to specify credentials and command to run.
3769NSE: [ssh-brute] Trying username/password pair: root:root
3770NSE: [ssh-brute] Trying username/password pair: admin:admin
3771NSE: [ssh-brute] Trying username/password pair: administrator:administrator
3772NSE: [ssh-brute] Trying username/password pair: webadmin:webadmin
3773NSE: [ssh-brute] Trying username/password pair: sysadmin:sysadmin
3774NSE: [ssh-brute] Trying username/password pair: netadmin:netadmin
3775NSE: [ssh-brute] Trying username/password pair: guest:guest
3776NSE: [ssh-brute] Trying username/password pair: user:user
3777NSE: [ssh-brute] Trying username/password pair: web:web
3778NSE: [ssh-brute] Trying username/password pair: test:test
3779NSE: [ssh-brute] Trying username/password pair: root:
3780NSE: [ssh-brute] Trying username/password pair: admin:
3781NSE: [ssh-brute] Trying username/password pair: administrator:
3782NSE: [ssh-brute] Trying username/password pair: webadmin:
3783NSE: [ssh-brute] Trying username/password pair: sysadmin:
3784NSE: [ssh-brute] Trying username/password pair: netadmin:
3785NSE: [ssh-brute] Trying username/password pair: guest:
3786NSE: [ssh-brute] Trying username/password pair: user:
3787NSE: [ssh-brute] Trying username/password pair: web:
3788NSE: [ssh-brute] Trying username/password pair: test:
3789NSE: [ssh-brute] Trying username/password pair: root:123456
3790NSE: [ssh-brute] Trying username/password pair: admin:123456
3791NSE: [ssh-brute] Trying username/password pair: administrator:123456
3792NSE: [ssh-brute] Trying username/password pair: webadmin:123456
3793NSE: [ssh-brute] Trying username/password pair: sysadmin:123456
3794NSE: [ssh-brute] Trying username/password pair: netadmin:123456
3795NSE: [ssh-brute] Trying username/password pair: guest:123456
3796NSE: [ssh-brute] Trying username/password pair: user:123456
3797NSE: [ssh-brute] Trying username/password pair: web:123456
3798NSE: [ssh-brute] Trying username/password pair: test:123456
3799NSE: [ssh-brute] Trying username/password pair: root:12345
3800NSE: [ssh-brute] Trying username/password pair: admin:12345
3801NSE: [ssh-brute] Trying username/password pair: administrator:12345
3802NSE: [ssh-brute] Trying username/password pair: webadmin:12345
3803NSE: [ssh-brute] Trying username/password pair: sysadmin:12345
3804NSE: [ssh-brute] Trying username/password pair: netadmin:12345
3805NSE: [ssh-brute] Trying username/password pair: guest:12345
3806NSE: [ssh-brute] Trying username/password pair: user:12345
3807NSE: [ssh-brute] Trying username/password pair: web:12345
3808NSE: [ssh-brute] Trying username/password pair: test:12345
3809NSE: [ssh-brute] Trying username/password pair: root:123456789
3810NSE: [ssh-brute] Trying username/password pair: admin:123456789
3811NSE: [ssh-brute] Trying username/password pair: administrator:123456789
3812NSE: [ssh-brute] Trying username/password pair: webadmin:123456789
3813NSE: [ssh-brute] Trying username/password pair: sysadmin:123456789
3814NSE: [ssh-brute] Trying username/password pair: netadmin:123456789
3815NSE: [ssh-brute] Trying username/password pair: guest:123456789
3816NSE: [ssh-brute] Trying username/password pair: user:123456789
3817NSE: [ssh-brute] Trying username/password pair: web:123456789
3818NSE: [ssh-brute] Trying username/password pair: test:123456789
3819NSE: [ssh-brute] Trying username/password pair: root:password
3820NSE: [ssh-brute] Trying username/password pair: admin:password
3821NSE: [ssh-brute] Trying username/password pair: administrator:password
3822NSE: [ssh-brute] Trying username/password pair: webadmin:password
3823NSE: [ssh-brute] Trying username/password pair: sysadmin:password
3824NSE: [ssh-brute] Trying username/password pair: netadmin:password
3825NSE: [ssh-brute] Trying username/password pair: guest:password
3826NSE: [ssh-brute] Trying username/password pair: user:password
3827NSE: [ssh-brute] Trying username/password pair: web:password
3828NSE: [ssh-brute] Trying username/password pair: test:password
3829NSE: [ssh-brute] Trying username/password pair: root:iloveyou
3830NSE: [ssh-brute] Trying username/password pair: admin:iloveyou
3831NSE: [ssh-brute] Trying username/password pair: administrator:iloveyou
3832NSE: [ssh-brute] Trying username/password pair: webadmin:iloveyou
3833NSE: [ssh-brute] Trying username/password pair: sysadmin:iloveyou
3834NSE: [ssh-brute] Trying username/password pair: netadmin:iloveyou
3835NSE: [ssh-brute] Trying username/password pair: guest:iloveyou
3836NSE: [ssh-brute] Trying username/password pair: user:iloveyou
3837NSE: [ssh-brute] Trying username/password pair: web:iloveyou
3838NSE: [ssh-brute] Trying username/password pair: test:iloveyou
3839NSE: [ssh-brute] Trying username/password pair: root:princess
3840NSE: [ssh-brute] Trying username/password pair: admin:princess
3841NSE: [ssh-brute] Trying username/password pair: administrator:princess
3842NSE: [ssh-brute] Trying username/password pair: webadmin:princess
3843NSE: [ssh-brute] Trying username/password pair: sysadmin:princess
3844NSE: [ssh-brute] Trying username/password pair: netadmin:princess
3845NSE: [ssh-brute] Trying username/password pair: guest:princess
3846NSE: [ssh-brute] Trying username/password pair: user:princess
3847NSE: [ssh-brute] Trying username/password pair: web:princess
3848NSE: [ssh-brute] Trying username/password pair: test:princess
3849NSE: [ssh-brute] Trying username/password pair: root:12345678
3850NSE: [ssh-brute] Trying username/password pair: admin:12345678
3851NSE: [ssh-brute] Trying username/password pair: administrator:12345678
3852NSE: [ssh-brute] Trying username/password pair: webadmin:12345678
3853NSE: [ssh-brute] Trying username/password pair: sysadmin:12345678
3854NSE: [ssh-brute] Trying username/password pair: netadmin:12345678
3855NSE: [ssh-brute] Trying username/password pair: guest:12345678
3856NSE: [ssh-brute] Trying username/password pair: user:12345678
3857NSE: [ssh-brute] Trying username/password pair: web:12345678
3858NSE: [ssh-brute] Trying username/password pair: test:12345678
3859NSE: [ssh-brute] Trying username/password pair: root:1234567
3860NSE: [ssh-brute] Trying username/password pair: admin:1234567
3861NSE: [ssh-brute] Trying username/password pair: administrator:1234567
3862NSE: [ssh-brute] Trying username/password pair: webadmin:1234567
3863NSE: [ssh-brute] Trying username/password pair: sysadmin:1234567
3864NSE: [ssh-brute] Trying username/password pair: netadmin:1234567
3865NSE: [ssh-brute] Trying username/password pair: guest:1234567
3866NSE: [ssh-brute] Trying username/password pair: user:1234567
3867NSE: [ssh-brute] Trying username/password pair: web:1234567
3868NSE: [ssh-brute] Trying username/password pair: test:1234567
3869NSE: [ssh-brute] Trying username/password pair: root:abc123
3870NSE: [ssh-brute] Trying username/password pair: admin:abc123
3871NSE: [ssh-brute] Trying username/password pair: administrator:abc123
3872NSE: [ssh-brute] Trying username/password pair: webadmin:abc123
3873NSE: [ssh-brute] Trying username/password pair: sysadmin:abc123
3874NSE: [ssh-brute] Trying username/password pair: netadmin:abc123
3875NSE: [ssh-brute] Trying username/password pair: guest:abc123
3876NSE: [ssh-brute] Trying username/password pair: user:abc123
3877NSE: [ssh-brute] Trying username/password pair: web:abc123
3878NSE: [ssh-brute] Trying username/password pair: test:abc123
3879NSE: [ssh-brute] Trying username/password pair: root:nicole
3880NSE: [ssh-brute] Trying username/password pair: admin:nicole
3881NSE: [ssh-brute] Trying username/password pair: administrator:nicole
3882NSE: [ssh-brute] Trying username/password pair: webadmin:nicole
3883NSE: [ssh-brute] Trying username/password pair: sysadmin:nicole
3884NSE: [ssh-brute] Trying username/password pair: netadmin:nicole
3885NSE: [ssh-brute] Trying username/password pair: guest:nicole
3886NSE: [ssh-brute] Trying username/password pair: user:nicole
3887NSE: [ssh-brute] Trying username/password pair: web:nicole
3888NSE: [ssh-brute] Trying username/password pair: test:nicole
3889NSE: [ssh-brute] Trying username/password pair: root:daniel
3890NSE: [ssh-brute] Trying username/password pair: admin:daniel
3891NSE: [ssh-brute] Trying username/password pair: administrator:daniel
3892NSE: [ssh-brute] Trying username/password pair: webadmin:daniel
3893NSE: [ssh-brute] Trying username/password pair: sysadmin:daniel
3894NSE: [ssh-brute] Trying username/password pair: netadmin:daniel
3895NSE: [ssh-brute] Trying username/password pair: guest:daniel
3896NSE: [ssh-brute] Trying username/password pair: user:daniel
3897NSE: [ssh-brute] Trying username/password pair: web:daniel
3898NSE: [ssh-brute] Trying username/password pair: test:daniel
3899NSE: [ssh-brute] Trying username/password pair: root:monkey
3900NSE: [ssh-brute] Trying username/password pair: admin:monkey
3901NSE: [ssh-brute] Trying username/password pair: administrator:monkey
3902NSE: [ssh-brute] Trying username/password pair: webadmin:monkey
3903NSE: [ssh-brute] Trying username/password pair: sysadmin:monkey
3904NSE: [ssh-brute] Trying username/password pair: netadmin:monkey
3905NSE: [ssh-brute] Trying username/password pair: guest:monkey
3906NSE: [ssh-brute] Trying username/password pair: user:monkey
3907NSE: [ssh-brute] Trying username/password pair: web:monkey
3908NSE: [ssh-brute] Trying username/password pair: test:monkey
3909NSE: [ssh-brute] Trying username/password pair: root:babygirl
3910NSE: [ssh-brute] Trying username/password pair: admin:babygirl
3911NSE: [ssh-brute] Trying username/password pair: administrator:babygirl
3912NSE: [ssh-brute] Trying username/password pair: webadmin:babygirl
3913NSE: [ssh-brute] Trying username/password pair: sysadmin:babygirl
3914NSE: [ssh-brute] Trying username/password pair: netadmin:babygirl
3915NSE: [ssh-brute] Trying username/password pair: guest:babygirl
3916NSE: [ssh-brute] Trying username/password pair: user:babygirl
3917NSE: [ssh-brute] Trying username/password pair: web:babygirl
3918NSE: [ssh-brute] Trying username/password pair: test:babygirl
3919NSE: [ssh-brute] Trying username/password pair: root:qwerty
3920NSE: [ssh-brute] Trying username/password pair: admin:qwerty
3921NSE: [ssh-brute] Trying username/password pair: administrator:qwerty
3922NSE: [ssh-brute] Trying username/password pair: webadmin:qwerty
3923NSE: [ssh-brute] Trying username/password pair: sysadmin:qwerty
3924NSE: [ssh-brute] Trying username/password pair: netadmin:qwerty
3925NSE: [ssh-brute] Trying username/password pair: guest:qwerty
3926NSE: [ssh-brute] Trying username/password pair: user:qwerty
3927NSE: [ssh-brute] Trying username/password pair: web:qwerty
3928NSE: [ssh-brute] Trying username/password pair: test:qwerty
3929NSE: [ssh-brute] Trying username/password pair: root:lovely
3930NSE: [ssh-brute] Trying username/password pair: admin:lovely
3931NSE: [ssh-brute] Trying username/password pair: administrator:lovely
3932NSE: [ssh-brute] Trying username/password pair: webadmin:lovely
3933NSE: [ssh-brute] Trying username/password pair: sysadmin:lovely
3934NSE: [ssh-brute] Trying username/password pair: netadmin:lovely
3935NSE: [ssh-brute] Trying username/password pair: guest:lovely
3936NSE: [ssh-brute] Trying username/password pair: user:lovely
3937NSE: [ssh-brute] Trying username/password pair: web:lovely
3938NSE: [ssh-brute] Trying username/password pair: test:lovely
3939NSE: [ssh-brute] Trying username/password pair: root:654321
3940NSE: [ssh-brute] Trying username/password pair: admin:654321
3941NSE: [ssh-brute] Trying username/password pair: administrator:654321
3942NSE: [ssh-brute] Trying username/password pair: webadmin:654321
3943NSE: [ssh-brute] Trying username/password pair: sysadmin:654321
3944NSE: [ssh-brute] Trying username/password pair: netadmin:654321
3945NSE: [ssh-brute] Trying username/password pair: guest:654321
3946NSE: [ssh-brute] Trying username/password pair: user:654321
3947NSE: [ssh-brute] Trying username/password pair: web:654321
3948NSE: [ssh-brute] Trying username/password pair: test:654321
3949NSE: [ssh-brute] Trying username/password pair: root:michael
3950NSE: [ssh-brute] Trying username/password pair: admin:michael
3951NSE: [ssh-brute] Trying username/password pair: administrator:michael
3952NSE: [ssh-brute] Trying username/password pair: webadmin:michael
3953NSE: [ssh-brute] Trying username/password pair: sysadmin:michael
3954NSE: [ssh-brute] Trying username/password pair: netadmin:michael
3955NSE: [ssh-brute] Trying username/password pair: guest:michael
3956NSE: [ssh-brute] Trying username/password pair: user:michael
3957NSE: [ssh-brute] Trying username/password pair: web:michael
3958NSE: [ssh-brute] Trying username/password pair: test:michael
3959NSE: [ssh-brute] Trying username/password pair: root:jessica
3960NSE: [ssh-brute] Trying username/password pair: admin:jessica
3961NSE: [ssh-brute] Trying username/password pair: administrator:jessica
3962NSE: [ssh-brute] Trying username/password pair: webadmin:jessica
3963NSE: [ssh-brute] Trying username/password pair: sysadmin:jessica
3964NSE: [ssh-brute] Trying username/password pair: netadmin:jessica
3965NSE: [ssh-brute] Trying username/password pair: guest:jessica
3966NSE: [ssh-brute] Trying username/password pair: user:jessica
3967NSE: [ssh-brute] Trying username/password pair: web:jessica
3968NSE: [ssh-brute] Trying username/password pair: test:jessica
3969NSE: [ssh-brute] Trying username/password pair: root:111111
3970NSE: [ssh-brute] Trying username/password pair: admin:111111
3971NSE: [ssh-brute] Trying username/password pair: administrator:111111
3972NSE: [ssh-brute] Trying username/password pair: webadmin:111111
3973NSE: [ssh-brute] Trying username/password pair: sysadmin:111111
3974NSE: [ssh-brute] Trying username/password pair: netadmin:111111
3975NSE: [ssh-brute] Trying username/password pair: guest:111111
3976NSE: [ssh-brute] Trying username/password pair: user:111111
3977NSE: [ssh-brute] Trying username/password pair: web:111111
3978NSE: [ssh-brute] Trying username/password pair: test:111111
3979NSE: [ssh-brute] Trying username/password pair: root:ashley
3980NSE: [ssh-brute] Trying username/password pair: admin:ashley
3981NSE: [ssh-brute] Trying username/password pair: administrator:ashley
3982NSE: [ssh-brute] Trying username/password pair: webadmin:ashley
3983NSE: [ssh-brute] Trying username/password pair: sysadmin:ashley
3984NSE: [ssh-brute] Trying username/password pair: netadmin:ashley
3985NSE: [ssh-brute] Trying username/password pair: guest:ashley
3986NSE: [ssh-brute] Trying username/password pair: user:ashley
3987NSE: [ssh-brute] Trying username/password pair: web:ashley
3988NSE: [ssh-brute] Trying username/password pair: test:ashley
3989NSE: [ssh-brute] Trying username/password pair: root:000000
3990NSE: [ssh-brute] Trying username/password pair: admin:000000
3991NSE: [ssh-brute] Trying username/password pair: administrator:000000
3992NSE: [ssh-brute] Trying username/password pair: webadmin:000000
3993NSE: [ssh-brute] Trying username/password pair: sysadmin:000000
3994NSE: [ssh-brute] Trying username/password pair: netadmin:000000
3995NSE: [ssh-brute] Trying username/password pair: guest:000000
3996NSE: [ssh-brute] Trying username/password pair: user:000000
3997NSE: [ssh-brute] Trying username/password pair: web:000000
3998NSE: [ssh-brute] Trying username/password pair: test:000000
3999NSE: [ssh-brute] Trying username/password pair: root:iloveu
4000NSE: [ssh-brute] Trying username/password pair: admin:iloveu
4001NSE: [ssh-brute] Trying username/password pair: administrator:iloveu
4002NSE: [ssh-brute] Trying username/password pair: webadmin:iloveu
4003NSE: [ssh-brute] Trying username/password pair: sysadmin:iloveu
4004NSE: [ssh-brute] Trying username/password pair: netadmin:iloveu
4005NSE: [ssh-brute] Trying username/password pair: guest:iloveu
4006NSE: [ssh-brute] Trying username/password pair: user:iloveu
4007NSE: [ssh-brute] Trying username/password pair: web:iloveu
4008NSE: [ssh-brute] Trying username/password pair: test:iloveu
4009NSE: [ssh-brute] Trying username/password pair: root:michelle
4010NSE: [ssh-brute] Trying username/password pair: admin:michelle
4011NSE: [ssh-brute] Trying username/password pair: administrator:michelle
4012NSE: [ssh-brute] Trying username/password pair: webadmin:michelle
4013NSE: [ssh-brute] Trying username/password pair: sysadmin:michelle
4014NSE: [ssh-brute] Trying username/password pair: netadmin:michelle
4015NSE: [ssh-brute] Trying username/password pair: guest:michelle
4016NSE: [ssh-brute] Trying username/password pair: user:michelle
4017NSE: [ssh-brute] Trying username/password pair: web:michelle
4018NSE: [ssh-brute] Trying username/password pair: test:michelle
4019NSE: [ssh-brute] Trying username/password pair: root:tigger
4020NSE: [ssh-brute] Trying username/password pair: admin:tigger
4021NSE: [ssh-brute] Trying username/password pair: administrator:tigger
4022NSE: [ssh-brute] Trying username/password pair: webadmin:tigger
4023NSE: [ssh-brute] Trying username/password pair: sysadmin:tigger
4024NSE: [ssh-brute] Trying username/password pair: netadmin:tigger
4025NSE: [ssh-brute] Trying username/password pair: guest:tigger
4026NSE: [ssh-brute] Trying username/password pair: user:tigger
4027NSE: [ssh-brute] Trying username/password pair: web:tigger
4028NSE: [ssh-brute] Trying username/password pair: test:tigger
4029NSE: [ssh-brute] Trying username/password pair: root:sunshine
4030NSE: [ssh-brute] Trying username/password pair: admin:sunshine
4031NSE: [ssh-brute] Trying username/password pair: administrator:sunshine
4032NSE: [ssh-brute] Trying username/password pair: webadmin:sunshine
4033NSE: [ssh-brute] Trying username/password pair: sysadmin:sunshine
4034NSE: [ssh-brute] Trying username/password pair: netadmin:sunshine
4035NSE: [ssh-brute] Trying username/password pair: guest:sunshine
4036NSE: [ssh-brute] Trying username/password pair: user:sunshine
4037NSE: [ssh-brute] Trying username/password pair: web:sunshine
4038NSE: [ssh-brute] Trying username/password pair: test:sunshine
4039NSE: [ssh-brute] Trying username/password pair: root:chocolate
4040NSE: [ssh-brute] Trying username/password pair: admin:chocolate
4041NSE: [ssh-brute] Trying username/password pair: administrator:chocolate
4042NSE: [ssh-brute] Trying username/password pair: webadmin:chocolate
4043NSE: [ssh-brute] Trying username/password pair: sysadmin:chocolate
4044NSE: [ssh-brute] Trying username/password pair: netadmin:chocolate
4045NSE: [ssh-brute] Trying username/password pair: guest:chocolate
4046NSE: [ssh-brute] Trying username/password pair: user:chocolate
4047NSE: [ssh-brute] Trying username/password pair: web:chocolate
4048NSE: [ssh-brute] Trying username/password pair: test:chocolate
4049NSE: [ssh-brute] Trying username/password pair: root:password1
4050NSE: [ssh-brute] Trying username/password pair: admin:password1
4051NSE: [ssh-brute] Trying username/password pair: administrator:password1
4052NSE: [ssh-brute] Trying username/password pair: webadmin:password1
4053NSE: [ssh-brute] Trying username/password pair: sysadmin:password1
4054NSE: [ssh-brute] Trying username/password pair: netadmin:password1
4055NSE: [ssh-brute] Trying username/password pair: guest:password1
4056NSE: [ssh-brute] Trying username/password pair: user:password1
4057NSE: [ssh-brute] Trying username/password pair: web:password1
4058NSE: [ssh-brute] Trying username/password pair: test:password1
4059NSE: [ssh-brute] Trying username/password pair: root:soccer
4060NSE: [ssh-brute] Trying username/password pair: admin:soccer
4061NSE: [ssh-brute] Trying username/password pair: administrator:soccer
4062NSE: [ssh-brute] Trying username/password pair: webadmin:soccer
4063NSE: [ssh-brute] Trying username/password pair: sysadmin:soccer
4064NSE: [ssh-brute] Trying username/password pair: netadmin:soccer
4065NSE: [ssh-brute] Trying username/password pair: guest:soccer
4066NSE: [ssh-brute] Trying username/password pair: user:soccer
4067NSE: [ssh-brute] Trying username/password pair: web:soccer
4068NSE: [ssh-brute] Trying username/password pair: test:soccer
4069NSE: [ssh-brute] Trying username/password pair: root:anthony
4070NSE: [ssh-brute] Trying username/password pair: admin:anthony
4071NSE: [ssh-brute] Trying username/password pair: administrator:anthony
4072NSE: [ssh-brute] Trying username/password pair: webadmin:anthony
4073NSE: [ssh-brute] Trying username/password pair: sysadmin:anthony
4074NSE: [ssh-brute] Trying username/password pair: netadmin:anthony
4075NSE: [ssh-brute] Trying username/password pair: guest:anthony
4076NSE: [ssh-brute] Trying username/password pair: user:anthony
4077NSE: [ssh-brute] Trying username/password pair: web:anthony
4078NSE: [ssh-brute] Trying username/password pair: test:anthony
4079NSE: [ssh-brute] Trying username/password pair: root:friends
4080NSE: [ssh-brute] Trying username/password pair: admin:friends
4081NSE: [ssh-brute] Trying username/password pair: administrator:friends
4082NSE: [ssh-brute] Trying username/password pair: webadmin:friends
4083NSE: [ssh-brute] Trying username/password pair: sysadmin:friends
4084NSE: [ssh-brute] Trying username/password pair: netadmin:friends
4085NSE: [ssh-brute] Trying username/password pair: guest:friends
4086Nmap scan report for teen18topic.com (37.1.201.205)
4087Host is up (0.24s latency).
4088
4089PORT STATE SERVICE VERSION
409022/tcp open ssh OpenSSH 5.3 (protocol 2.0)
4091| ssh-auth-methods:
4092| Supported authentication methods:
4093| publickey
4094| gssapi-keyex
4095| gssapi-with-mic
4096|_ password
4097| ssh-brute:
4098| Accounts: No valid accounts found
4099|_ Statistics: Performed 317 guesses in 181 seconds, average tps: 1.9
4100| ssh-hostkey:
4101| 1024 1a:b9:af:78:58:06:36:0d:65:85:15:db:15:07:e1:69 (DSA)
4102|_ 2048 e5:87:b0:ac:d3:10:71:34:19:40:d8:85:af:67:41:3e (RSA)
4103| ssh-publickey-acceptance:
4104|_ Accepted Public Keys: No public keys accepted
4105|_ssh-run: Failed to specify credentials and command to run.
4106| vulners:
4107| cpe:/a:openbsd:openssh:5.3:
4108| CVE-2014-1692 7.5 https://vulners.com/cve/CVE-2014-1692
4109| CVE-2010-4478 7.5 https://vulners.com/cve/CVE-2010-4478
4110| CVE-2017-15906 5.0 https://vulners.com/cve/CVE-2017-15906
4111| CVE-2016-10708 5.0 https://vulners.com/cve/CVE-2016-10708
4112| CVE-2010-5107 5.0 https://vulners.com/cve/CVE-2010-5107
4113| CVE-2016-0777 4.0 https://vulners.com/cve/CVE-2016-0777
4114| CVE-2010-4755 4.0 https://vulners.com/cve/CVE-2010-4755
4115| CVE-2012-0814 3.5 https://vulners.com/cve/CVE-2012-0814
4116| CVE-2011-5000 3.5 https://vulners.com/cve/CVE-2011-5000
4117|_ CVE-2011-4327 2.1 https://vulners.com/cve/CVE-2011-4327
4118| vulscan: VulDB - https://vuldb.com:
4119| [80267] OpenSSH up to 5.x/6.x/7.1p1 Forward Option roaming_common.c roaming_read/roaming_write memory corruption
4120| [80266] OpenSSH up to 5.x/6.x/7.1p1 roaming_common.c resend_bytes information disclosure
4121| [4584] OpenSSH up to 5.7 auth-options.c information disclosure
4122| [4282] OpenSSH 5.6/5.7 Legacy Certificate memory corruption
4123|
4124| MITRE CVE - https://cve.mitre.org:
4125| [CVE-2006-0883] OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.
4126| [CVE-2012-0814] The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.
4127| [CVE-2011-5000] The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.
4128| [CVE-2011-0539] The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.
4129| [CVE-2010-4755] The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
4130| [CVE-2010-4478] OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.
4131| [CVE-2009-2904] A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.
4132| [CVE-2008-3844] Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known.
4133| [CVE-2008-3259] OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.
4134|
4135| SecurityFocus - https://www.securityfocus.com/bid/:
4136| [102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities
4137| [101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
4138| [94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability
4139| [94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability
4140| [94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability
4141| [94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability
4142| [93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability
4143| [92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability
4144| [92210] OpenSSH CBC Padding Weak Encryption Security Weakness
4145| [92209] OpenSSH MAC Verification Security Bypass Vulnerability
4146| [91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability
4147| [90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability
4148| [90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability
4149| [89385] OpenSSH CVE-2005-2666 Local Security Vulnerability
4150| [88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability
4151| [88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability
4152| [88367] OpenSSH CVE-1999-1010 Local Security Vulnerability
4153| [87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability
4154| [86187] OpenSSH 'session.c' Local Security Bypass Vulnerability
4155| [86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability
4156| [84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability
4157| [84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability
4158| [84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability
4159| [81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability
4160| [80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability
4161| [80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability
4162| [76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability
4163| [76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
4164| [75990] OpenSSH Login Handling Security Bypass Weakness
4165| [75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
4166| [71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability
4167| [68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities
4168| [66459] OpenSSH Certificate Validation Security Bypass Vulnerability
4169| [66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability
4170| [65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability
4171| [65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability
4172| [63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability
4173| [61286] OpenSSH Remote Denial of Service Vulnerability
4174| [58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability
4175| [58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability
4176| [54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability
4177| [51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability
4178| [50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability
4179| [49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness
4180| [48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability
4181| [47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability
4182| [46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
4183| [45304] OpenSSH J-PAKE Security Bypass Vulnerability
4184| [36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability
4185| [32319] OpenSSH CBC Mode Information Disclosure Vulnerability
4186| [30794] Red Hat OpenSSH Backdoor Vulnerability
4187| [30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
4188| [30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability
4189| [28531] OpenSSH ForceCommand Command Execution Weakness
4190| [28444] OpenSSH X Connections Session Hijacking Vulnerability
4191| [26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness
4192| [25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
4193| [23601] OpenSSH S/Key Remote Information Disclosure Vulnerability
4194| [20956] OpenSSH Privilege Separation Key Signature Weakness
4195| [20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness
4196| [20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness
4197| [20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
4198| [20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability
4199| [16892] OpenSSH Remote PAM Denial Of Service Vulnerability
4200| [14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability
4201| [14729] OpenSSH GSSAPI Credential Disclosure Vulnerability
4202| [14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
4203| [11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability
4204| [9986] RCP, OpenSSH SCP Client File Corruption Vulnerability
4205| [9040] OpenSSH PAM Conversation Memory Scrubbing Weakness
4206| [8677] Multiple Portable OpenSSH PAM Vulnerabilities
4207| [8628] OpenSSH Buffer Mismanagement Vulnerabilities
4208| [7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability
4209| [7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness
4210| [7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability
4211| [7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness
4212| [6168] OpenSSH Visible Password Vulnerability
4213| [5374] OpenSSH Trojan Horse Vulnerability
4214| [5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities
4215| [4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
4216| [4241] OpenSSH Channel Code Off-By-One Vulnerability
4217| [3614] OpenSSH UseLogin Environment Variable Passing Vulnerability
4218| [3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability
4219| [3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability
4220| [3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability
4221| [2917] OpenSSH PAM Session Evasion Vulnerability
4222| [2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability
4223| [2356] OpenSSH Private Key Authentication Check Vulnerability
4224| [1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability
4225| [1334] OpenSSH UseLogin Vulnerability
4226|
4227| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4228| [83258] GSI-OpenSSH auth-pam.c security bypass
4229| [82781] OpenSSH time limit denial of service
4230| [82231] OpenSSH pam_ssh_agent_auth PAM code execution
4231| [74809] OpenSSH ssh_gssapi_parse_ename denial of service
4232| [72756] Debian openssh-server commands information disclosure
4233| [68339] OpenSSH pam_thread buffer overflow
4234| [67264] OpenSSH ssh-keysign unauthorized access
4235| [65910] OpenSSH remote_glob function denial of service
4236| [65163] OpenSSH certificate information disclosure
4237| [64387] OpenSSH J-PAKE security bypass
4238| [63337] Cisco Unified Videoconferencing OpenSSH weak security
4239| [46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure
4240| [45202] OpenSSH signal handler denial of service
4241| [44747] RHEL OpenSSH backdoor
4242| [44280] OpenSSH PermitRootLogin information disclosure
4243| [44279] OpenSSH sshd weak security
4244| [44037] OpenSSH sshd SELinux role unauthorized access
4245| [43940] OpenSSH X11 forwarding information disclosure
4246| [41549] OpenSSH ForceCommand directive security bypass
4247| [41438] OpenSSH sshd session hijacking
4248| [40897] OpenSSH known_hosts weak security
4249| [40587] OpenSSH username weak security
4250| [37371] OpenSSH username data manipulation
4251| [37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed
4252| [37112] RHSA update for OpenSSH signal handler race condition not installed
4253| [37107] RHSA update for OpenSSH identical block denial of service not installed
4254| [36637] OpenSSH X11 cookie privilege escalation
4255| [35167] OpenSSH packet.c newkeys[mode] denial of service
4256| [34490] OpenSSH OPIE information disclosure
4257| [33794] OpenSSH ChallengeResponseAuthentication information disclosure
4258| [32975] Apple Mac OS X OpenSSH denial of service
4259| [32387] RHSA-2006:0738 updates for openssh not installed
4260| [32359] RHSA-2006:0697 updates for openssh not installed
4261| [32230] RHSA-2006:0298 updates for openssh not installed
4262| [32132] RHSA-2006:0044 updates for openssh not installed
4263| [30120] OpenSSH privilege separation monitor authentication verification weakness
4264| [29255] OpenSSH GSSAPI user enumeration
4265| [29254] OpenSSH signal handler race condition
4266| [29158] OpenSSH identical block denial of service
4267| [28147] Apple Mac OS X OpenSSH nonexistent user login denial of service
4268| [25116] OpenSSH OpenPAM denial of service
4269| [24305] OpenSSH SCP shell expansion command execution
4270| [22665] RHSA-2005:106 updates for openssh not installed
4271| [22117] OpenSSH GSSAPI allows elevated privileges
4272| [22115] OpenSSH GatewayPorts security bypass
4273| [20930] OpenSSH sshd.c LoginGraceTime denial of service
4274| [19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service
4275| [17213] OpenSSH allows port bouncing attacks
4276| [16323] OpenSSH scp file overwrite
4277| [13797] OpenSSH PAM information leak
4278| [13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack
4279| [13264] OpenSSH PAM code could allow an attacker to gain access
4280| [13215] OpenSSH buffer management errors could allow an attacker to execute code
4281| [13214] OpenSSH memory vulnerabilities
4282| [13191] OpenSSH large packet buffer overflow
4283| [12196] OpenSSH could allow an attacker to bypass login restrictions
4284| [11970] OpenSSH could allow an attacker to obtain valid administrative account
4285| [11902] OpenSSH PAM support enabled information leak
4286| [9803] OpenSSH "
4287| [9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse
4288| [9307] OpenSSH is running on the system
4289| [9169] OpenSSH "
4290| [8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow
4291| [8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database
4292| [8383] OpenSSH off-by-one error in channel code
4293| [7647] OpenSSH UseLogin option arbitrary code execution
4294| [7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions
4295| [7598] OpenSSH with Kerberos allows attacker to gain elevated privileges
4296| [7179] OpenSSH source IP access control bypass
4297| [6757] OpenSSH "
4298| [6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files
4299| [6084] OpenSSH 2.3.1 allows remote users to bypass authentication
4300| [5517] OpenSSH allows unauthorized access to resources
4301| [4646] OpenSSH UseLogin option allows remote users to execute commands as root
4302|
4303| Exploit-DB - https://www.exploit-db.com:
4304| [21579] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2)
4305| [21578] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1)
4306| [21402] OpenSSH 2.x/3.x Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
4307| [21314] OpenSSH 2.x/3.0.1/3.0.2 Channel Code Off-By-One Vulnerability
4308| [20253] OpenSSH 1.2 scp File Create/Overwrite Vulnerability
4309| [17462] FreeBSD OpenSSH 3.5p1 - Remote Root Exploit
4310| [14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow
4311| [6094] Debian OpenSSH Remote SELinux Privilege Elevation Exploit (auth)
4312| [3303] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit
4313| [2444] OpenSSH <= 4.3 p1 (Duplicated Block) Remote Denial of Service Exploit
4314| [1572] Dropbear / OpenSSH Server (MAX_UNAUTH_CLIENTS) Denial of Service
4315| [258] glibc-2.2 and openssh-2.3.0p1 exploits glibc => 2.1.9x
4316| [26] OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh)
4317| [25] OpenSSH/PAM <= 3.6.1p1 Remote Users Discovery Tool
4318|
4319| OpenVAS (Nessus) - http://www.openvas.org:
4320| [902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability
4321| [900179] OpenSSH CBC Mode Information Disclosure Vulnerability
4322| [881183] CentOS Update for openssh CESA-2012:0884 centos6
4323| [880802] CentOS Update for openssh CESA-2009:1287 centos5 i386
4324| [880746] CentOS Update for openssh CESA-2009:1470 centos5 i386
4325| [870763] RedHat Update for openssh RHSA-2012:0884-04
4326| [870129] RedHat Update for openssh RHSA-2008:0855-01
4327| [861813] Fedora Update for openssh FEDORA-2010-5429
4328| [861319] Fedora Update for openssh FEDORA-2007-395
4329| [861170] Fedora Update for openssh FEDORA-2007-394
4330| [861012] Fedora Update for openssh FEDORA-2007-715
4331| [840345] Ubuntu Update for openssh vulnerability USN-597-1
4332| [840300] Ubuntu Update for openssh update USN-612-5
4333| [840271] Ubuntu Update for openssh vulnerability USN-612-2
4334| [840268] Ubuntu Update for openssh update USN-612-7
4335| [840259] Ubuntu Update for openssh vulnerabilities USN-649-1
4336| [840214] Ubuntu Update for openssh vulnerability USN-566-1
4337| [831074] Mandriva Update for openssh MDVA-2010:162 (openssh)
4338| [830929] Mandriva Update for openssh MDVA-2010:090 (openssh)
4339| [830807] Mandriva Update for openssh MDVA-2010:026 (openssh)
4340| [830603] Mandriva Update for openssh MDVSA-2008:098 (openssh)
4341| [830523] Mandriva Update for openssh MDVSA-2008:078 (openssh)
4342| [830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt)
4343| [830191] Mandriva Update for openssh MDKSA-2007:236 (openssh)
4344| [802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability
4345| [103503] openssh-server Forced Command Handling Information Disclosure Vulnerability
4346| [103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness
4347| [103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
4348| [100584] OpenSSH X Connections Session Hijacking Vulnerability
4349| [100153] OpenSSH CBC Mode Information Disclosure Vulnerability
4350| [66170] CentOS Security Advisory CESA-2009:1470 (openssh)
4351| [65987] SLES10: Security update for OpenSSH
4352| [65819] SLES10: Security update for OpenSSH
4353| [65514] SLES9: Security update for OpenSSH
4354| [65513] SLES9: Security update for OpenSSH
4355| [65334] SLES9: Security update for OpenSSH
4356| [65248] SLES9: Security update for OpenSSH
4357| [65218] SLES9: Security update for OpenSSH
4358| [65169] SLES9: Security update for openssh,openssh-askpass
4359| [65126] SLES9: Security update for OpenSSH
4360| [65019] SLES9: Security update for OpenSSH
4361| [65015] SLES9: Security update for OpenSSH
4362| [64931] CentOS Security Advisory CESA-2009:1287 (openssh)
4363| [61639] Debian Security Advisory DSA 1638-1 (openssh)
4364| [61030] Debian Security Advisory DSA 1576-2 (openssh)
4365| [61029] Debian Security Advisory DSA 1576-1 (openssh)
4366| [60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc)
4367| [60803] Gentoo Security Advisory GLSA 200804-03 (openssh)
4368| [60667] Slackware Advisory SSA:2008-095-01 openssh
4369| [59014] Slackware Advisory SSA:2007-255-01 openssh
4370| [58741] Gentoo Security Advisory GLSA 200711-02 (openssh)
4371| [57919] Gentoo Security Advisory GLSA 200611-06 (openssh)
4372| [57895] Gentoo Security Advisory GLSA 200609-17 (openssh)
4373| [57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))
4374| [57492] Slackware Advisory SSA:2006-272-02 openssh
4375| [57483] Debian Security Advisory DSA 1189-1 (openssh-krb5)
4376| [57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc)
4377| [57470] FreeBSD Ports: openssh
4378| [56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc)
4379| [56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH)
4380| [56294] Slackware Advisory SSA:2006-045-06 openssh
4381| [53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages
4382| [53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory
4383| [53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again
4384| [53788] Debian Security Advisory DSA 025-1 (openssh)
4385| [52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc)
4386| [52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc)
4387| [11343] OpenSSH Client Unauthorized Remote Forwarding
4388| [10954] OpenSSH AFS/Kerberos ticket/token passing
4389| [10883] OpenSSH Channel Code Off by 1
4390| [10823] OpenSSH UseLogin Environment Variables
4391|
4392| SecurityTracker - https://www.securitytracker.com:
4393| [1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code
4394| [1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information
4395| [1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code
4396| [1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges
4397| [1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users
4398| [1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges
4399| [1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases
4400| [1020891] OpenSSH on Debian Lets Remote Users Prevent Logins
4401| [1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised
4402| [1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions
4403| [1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands
4404| [1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases
4405| [1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service
4406| [1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process
4407| [1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution
4408| [1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames
4409| [1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service
4410| [1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service
4411| [1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service
4412| [1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases
4413| [1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases
4414| [1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases
4415| [1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services
4416| [1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code
4417| [1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code
4418| [1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users
4419| [1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users
4420| [1004818] OpenSSH's Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks
4421| [1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System
4422| [1004391] OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System
4423| [1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions
4424| [1003758] OpenSSH Off-by-one 'Channels' Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges
4425| [1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access
4426| [1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted
4427| [1002734] OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts
4428| [1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations
4429| [1002432] OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server
4430| [1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies
4431|
4432| OSVDB - http://www.osvdb.org:
4433| [92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass
4434| [90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation
4435| [90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS
4436| [81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS
4437| [78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure
4438| [75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure
4439| [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS
4440| [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS
4441| [72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure
4442| [70873] OpenSSH Legacy Certificates Stack Memory Disclosure
4443| [69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass
4444| [67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow
4445| [59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness
4446| [58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation
4447| [56921] OpenSSH Unspecified Remote Compromise
4448| [53021] OpenSSH on ftp.openbsd.org Trojaned Distribution
4449| [50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure
4450| [49386] OpenSSH sshd TCP Connection State Remote Account Enumeration
4451| [48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access
4452| [47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution
4453| [47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking
4454| [45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS
4455| [43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution
4456| [43745] OpenSSH X11 Forwarding Local Session Hijacking
4457| [43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass
4458| [39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection
4459| [37315] pam_usb OpenSSH Authentication Unspecified Issue
4460| [34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS
4461| [34601] OPIE w/ OpenSSH Account Enumeration
4462| [34600] OpenSSH S/KEY Authentication Account Enumeration
4463| [32721] OpenSSH Username Password Complexity Account Enumeration
4464| [30232] OpenSSH Privilege Separation Monitor Weakness
4465| [29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS
4466| [29266] OpenSSH GSSAPI Authentication Abort Username Enumeration
4467| [29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution
4468| [29152] OpenSSH Identical Block Packet DoS
4469| [27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS
4470| [23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS
4471| [22692] OpenSSH scp Command Line Filename Processing Command Injection
4472| [20216] OpenSSH with KerberosV Remote Authentication Bypass
4473| [19142] OpenSSH Multiple X11 Channel Forwarding Leaks
4474| [19141] OpenSSH GSSAPIAuthentication Credential Escalation
4475| [18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass
4476| [16567] OpenSSH Privilege Separation LoginGraceTime DoS
4477| [16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS
4478| [9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness
4479| [9550] OpenSSH scp Traversal Arbitrary File Overwrite
4480| [6601] OpenSSH *realloc() Unspecified Memory Errors
4481| [6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow
4482| [6073] OpenSSH on FreeBSD libutil Arbitrary File Read
4483| [6072] OpenSSH PAM Conversation Function Stack Modification
4484| [6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation
4485| [5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass
4486| [5408] OpenSSH echo simulation Information Disclosure
4487| [5113] OpenSSH NIS YP Netgroups Authentication Bypass
4488| [4536] OpenSSH Portable AIX linker Privilege Escalation
4489| [3938] OpenSSL and OpenSSH /dev/random Check Failure
4490| [3456] OpenSSH buffer_append_space() Heap Corruption
4491| [2557] OpenSSH Multiple Buffer Management Multiple Overflows
4492| [2140] OpenSSH w/ PAM Username Validity Timing Attack
4493| [2112] OpenSSH Reverse DNS Lookup Bypass
4494| [2109] OpenSSH sshd Root Login Timing Side-Channel Weakness
4495| [1853] OpenSSH Symbolic Link 'cookies' File Removal
4496| [839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow
4497| [781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow
4498| [730] OpenSSH Channel Code Off by One Remote Privilege Escalation
4499| [688] OpenSSH UseLogin Environment Variable Local Command Execution
4500| [642] OpenSSH Multiple Key Type ACL Bypass
4501| [504] OpenSSH SSHv2 Public Key Authentication Bypass
4502| [341] OpenSSH UseLogin Local Privilege Escalation
4503|_
4504Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
4505Aggressive OS guesses: Linux 3.10 - 4.11 (92%), Linux 3.2 - 4.9 (92%), Crestron XPanel control system (90%), Linux 3.18 (89%), Linux 3.16 (89%), ASUS RT-N56U WAP (Linux 3.4) (87%), Linux 3.1 (87%), Linux 3.2 (87%), HP P2000 G3 NAS device (87%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (87%)
4506No exact OS matches for host (test conditions non-ideal).
4507Network Distance: 13 hops
4508
4509TRACEROUTE (using port 22/tcp)
4510HOP RTT ADDRESS
45111 178.74 ms 10.252.200.1
45122 179.97 ms 213.184.122.97
45133 178.86 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
45144 173.81 ms bzq-219-189-185.dsl.bezeqint.net (62.219.189.185)
45155 223.21 ms bzq-114-65-1.cust.bezeqint.net (192.114.65.1)
45166 222.56 ms ae23-0.fra20.core-backbone.com (5.56.18.217)
45177 229.20 ms ae5-2074.ams10.core-backbone.com (81.95.2.138)
45188 235.71 ms core-backbone.serverius.nl (5.56.20.173)
45199 235.61 ms core-backbone.serverius.nl (5.56.20.170)
452010 240.26 ms 178.21.16.10
452111 244.88 ms 185.8.179.25
452212 243.20 ms 185.8.177.33
452313 235.59 ms 37.1.201.205
4524######################################################################################################################################
4525USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
4526RHOSTS => teen18topic.com
4527RHOST => teen18topic.com
4528[*] 37.1.201.205:22 - SSH - Using malformed packet technique
4529[*] 37.1.201.205:22 - SSH - Starting scan
4530[+] 37.1.201.205:22 - SSH - User 'admin' found
4531[+] 37.1.201.205:22 - SSH - User 'administrator' found
4532[+] 37.1.201.205:22 - SSH - User 'anonymous' found
4533[+] 37.1.201.205:22 - SSH - User 'backup' found
4534[+] 37.1.201.205:22 - SSH - User 'bee' found
4535[+] 37.1.201.205:22 - SSH - User 'ftp' found
4536[+] 37.1.201.205:22 - SSH - User 'guest' found
4537[+] 37.1.201.205:22 - SSH - User 'GUEST' found
4538[+] 37.1.201.205:22 - SSH - User 'info' found
4539[+] 37.1.201.205:22 - SSH - User 'mail' found
4540[+] 37.1.201.205:22 - SSH - User 'mailadmin' found
4541[+] 37.1.201.205:22 - SSH - User 'msfadmin' found
4542[+] 37.1.201.205:22 - SSH - User 'mysql' found
4543[+] 37.1.201.205:22 - SSH - User 'nobody' found
4544[+] 37.1.201.205:22 - SSH - User 'oracle' found
4545[+] 37.1.201.205:22 - SSH - User 'owaspbwa' found
4546[+] 37.1.201.205:22 - SSH - User 'postfix' found
4547[+] 37.1.201.205:22 - SSH - User 'postgres' found
4548[+] 37.1.201.205:22 - SSH - User 'private' found
4549[+] 37.1.201.205:22 - SSH - User 'proftpd' found
4550[+] 37.1.201.205:22 - SSH - User 'public' found
4551[+] 37.1.201.205:22 - SSH - User 'root' found
4552[+] 37.1.201.205:22 - SSH - User 'superadmin' found
4553[+] 37.1.201.205:22 - SSH - User 'support' found
4554[+] 37.1.201.205:22 - SSH - User 'sys' found
4555[+] 37.1.201.205:22 - SSH - User 'system' found
4556[+] 37.1.201.205:22 - SSH - User 'systemadmin' found
4557[+] 37.1.201.205:22 - SSH - User 'systemadministrator' found
4558[+] 37.1.201.205:22 - SSH - User 'test' found
4559[+] 37.1.201.205:22 - SSH - User 'tomcat' found
4560[+] 37.1.201.205:22 - SSH - User 'user' found
4561[+] 37.1.201.205:22 - SSH - User 'webmaster' found
4562[+] 37.1.201.205:22 - SSH - User 'www-data' found
4563[+] 37.1.201.205:22 - SSH - User 'Fortimanager_Access' found
4564[*] Scanned 1 of 1 hosts (100% complete)
4565[*] Auxiliary module execution completed
4566######################################################################################################################################
4567Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-20 01:19 EDT
4568Nmap scan report for teen18topic.com (37.1.201.205)
4569Host is up (0.23s latency).
4570
4571PORT STATE SERVICE VERSION
457267/udp open|filtered dhcps
4573|_dhcp-discover: ERROR: Script execution failed (use -d to debug)
4574Too many fingerprints match this host to give specific OS details
4575Network Distance: 13 hops
4576
4577TRACEROUTE (using proto 1/icmp)
4578HOP RTT ADDRESS
45791 170.94 ms 10.252.200.1
45802 172.02 ms 213.184.122.97
45813 170.99 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
45824 171.26 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
45835 222.71 ms bzq-179-124-153.cust.bezeqint.net (212.179.124.153)
45846 220.99 ms ae23-0.fra20.core-backbone.com (5.56.18.217)
45857 227.69 ms ae5-2074.ams10.core-backbone.com (81.95.2.138)
45868 233.33 ms core-backbone.serverius.nl (5.56.20.171)
45879 234.16 ms 185.8.179.21
458810 243.76 ms 185.8.179.25
458911 241.76 ms 185.8.177.35
459012 233.02 ms 5.45.66.7
459113 233.88 ms 37.1.201.205
4592#############################################################################################################################
4593Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-20 01:20 EDT
4594Nmap scan report for teen18topic.com (37.1.201.205)
4595Host is up (0.23s latency).
4596
4597PORT STATE SERVICE VERSION
459868/udp open|filtered dhcpc
4599Too many fingerprints match this host to give specific OS details
4600Network Distance: 13 hops
4601
4602TRACEROUTE (using proto 1/icmp)
4603HOP RTT ADDRESS
46041 176.92 ms 10.252.200.1
46052 178.13 ms 213.184.122.97
46063 177.04 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
46074 177.55 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
46085 228.69 ms bzq-179-124-153.cust.bezeqint.net (212.179.124.153)
46096 226.88 ms ae23-0.fra20.core-backbone.com (5.56.18.217)
46107 233.65 ms ae5-2074.ams10.core-backbone.com (81.95.2.138)
46118 233.10 ms core-backbone.serverius.nl (5.56.20.171)
46129 233.71 ms 185.8.179.21
461310 241.27 ms 185.8.179.25
461411 247.51 ms 185.8.177.35
461512 232.84 ms 5.45.66.7
461613 233.87 ms 37.1.201.205
4617#######################################################################################################################################
4618Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-20 01:22 EDT
4619Nmap scan report for teen18topic.com (37.1.201.205)
4620Host is up (0.23s latency).
4621
4622PORT STATE SERVICE VERSION
462369/udp open|filtered tftp
4624Too many fingerprints match this host to give specific OS details
4625Network Distance: 13 hops
4626
4627TRACEROUTE (using proto 1/icmp)
4628HOP RTT ADDRESS
46291 175.00 ms 10.252.200.1
46302 176.41 ms 213.184.122.97
46313 169.67 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
46324 169.93 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
46335 221.29 ms bzq-179-124-153.cust.bezeqint.net (212.179.124.153)
46346 220.33 ms ae23-0.fra20.core-backbone.com (5.56.18.217)
46357 226.53 ms ae5-2074.ams10.core-backbone.com (81.95.2.138)
46368 232.07 ms core-backbone.serverius.nl (5.56.20.171)
46379 232.77 ms 185.8.179.21
463810 237.78 ms 185.8.179.25
463911 246.11 ms 185.8.177.35
464012 237.79 ms 5.45.66.7
464113 235.08 ms 37.1.201.205
4642######################################################################################################################################
4643Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-20 01:24 EDT
4644Nmap scan report for teen18topic.com (37.1.201.205)
4645Host is up (0.24s latency).
4646
4647PORT STATE SERVICE VERSION
464880/tcp open http nginx
4649|_http-server-header: nginx
4650|_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug)
4651| vulscan: VulDB - https://vuldb.com:
4652| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
4653| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
4654| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
4655| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
4656| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
4657| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
4658| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
4659| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
4660| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
4661| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
4662| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
4663| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
4664| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
4665| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
4666| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
4667| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
4668| [67677] nginx up to 1.7.3 SSL weak authentication
4669| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls() privilege escalation
4670| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
4671| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
4672| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
4673| [65364] nginx up to 1.1.13 Default Configuration information disclosure
4674| [8671] nginx up to 1.4 proxy_pass denial of service
4675| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
4676| [7247] nginx 1.2.6 Proxy Function spoofing
4677| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
4678| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
4679| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
4680| [59645] nginx up to 0.8.9 Heap-based memory corruption
4681| [87037] nginx on Windows :$DATA privilege escalation
4682| [53592] nginx 0.8.36 memory corruption
4683| [53590] nginx up to 0.8.9 unknown vulnerability
4684| [51533] nginx 0.7.64 Terminal privilege escalation
4685| [50905] nginx up to 0.8.9 directory traversal
4686| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
4687| [50043] nginx up to 0.8.10 memory corruption
4688|
4689| MITRE CVE - https://cve.mitre.org:
4690| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
4691| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
4692| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
4693| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
4694| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
4695| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
4696| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
4697| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
4698| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
4699| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
4700| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
4701| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
4702| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
4703|
4704| SecurityFocus - https://www.securityfocus.com/bid/:
4705| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
4706| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
4707| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
4708| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
4709| [82230] nginx Multiple Denial of Service Vulnerabilities
4710| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
4711| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
4712| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
4713| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
4714| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
4715| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
4716| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
4717| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
4718| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
4719| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
4720| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
4721| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
4722| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
4723| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
4724| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
4725| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
4726| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
4727| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
4728| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
4729| [40420] nginx Directory Traversal Vulnerability
4730| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
4731| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
4732| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
4733| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
4734| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
4735|
4736| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4737| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
4738| [84172] nginx denial of service
4739| [84048] nginx buffer overflow
4740| [83923] nginx ngx_http_close_connection() integer overflow
4741| [83688] nginx null byte code execution
4742| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
4743| [82319] nginx access.log information disclosure
4744| [80952] nginx SSL spoofing
4745| [77244] nginx and Microsoft Windows request security bypass
4746| [76778] Naxsi module for Nginx nx_extract.py directory traversal
4747| [74831] nginx ngx_http_mp4_module.c buffer overflow
4748| [74191] nginx ngx_cpystrn() information disclosure
4749| [74045] nginx header response information disclosure
4750| [71355] nginx ngx_resolver_copy() buffer overflow
4751| [59370] nginx characters denial of service
4752| [59369] nginx DATA source code disclosure
4753| [59047] nginx space source code disclosure
4754| [58966] nginx unspecified directory traversal
4755| [54025] nginx ngx_http_parse.c denial of service
4756| [53431] nginx WebDAV component directory traversal
4757| [53328] Nginx CRC-32 cached domain name spoofing
4758| [53250] Nginx ngx_http_parse_complex_uri() function code execution
4759|
4760| Exploit-DB - https://www.exploit-db.com:
4761| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
4762| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
4763| [25499] nginx 1.3.9-1.4.0 DoS PoC
4764| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
4765| [14830] nginx 0.6.38 - Heap Corruption Exploit
4766| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
4767| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
4768| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
4769| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
4770| [9829] nginx 0.7.61 WebDAV directory traversal
4771|
4772| OpenVAS (Nessus) - http://www.openvas.org:
4773| [864418] Fedora Update for nginx FEDORA-2012-3846
4774| [864310] Fedora Update for nginx FEDORA-2012-6238
4775| [864209] Fedora Update for nginx FEDORA-2012-6411
4776| [864204] Fedora Update for nginx FEDORA-2012-6371
4777| [864121] Fedora Update for nginx FEDORA-2012-4006
4778| [864115] Fedora Update for nginx FEDORA-2012-3991
4779| [864065] Fedora Update for nginx FEDORA-2011-16075
4780| [863654] Fedora Update for nginx FEDORA-2011-16110
4781| [861232] Fedora Update for nginx FEDORA-2007-1158
4782| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
4783| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
4784| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
4785| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
4786| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
4787| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
4788| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
4789| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
4790| [100659] nginx Directory Traversal Vulnerability
4791| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
4792| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
4793| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
4794| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
4795| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
4796| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
4797| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
4798| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
4799| [71297] FreeBSD Ports: nginx
4800| [71276] FreeBSD Ports: nginx
4801| [71239] Debian Security Advisory DSA 2434-1 (nginx)
4802| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
4803| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
4804| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
4805| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
4806| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
4807| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
4808| [64894] FreeBSD Ports: nginx
4809| [64869] Debian Security Advisory DSA 1884-1 (nginx)
4810|
4811| SecurityTracker - https://www.securitytracker.com:
4812| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
4813| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
4814| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
4815| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
4816|
4817| OSVDB - http://www.osvdb.org:
4818| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
4819| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
4820| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
4821| [92796] nginx ngx_http_close_connection Function Crafted r->
4822| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
4823| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
4824| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
4825| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
4826| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
4827| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
4828| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
4829| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
4830| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
4831| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
4832| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
4833| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
4834| [62617] nginx Internal DNS Cache Poisoning Weakness
4835| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
4836| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
4837| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
4838| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
4839| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
4840| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
4841| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
4842| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
4843| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
4844| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
4845|_
4846Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
4847Aggressive OS guesses: Linux 3.10 - 4.11 (92%), Linux 3.2 - 4.9 (92%), Crestron XPanel control system (90%), Linux 3.18 (89%), Linux 3.16 (89%), ASUS RT-N56U WAP (Linux 3.4) (87%), Linux 3.1 (87%), Linux 3.2 (87%), HP P2000 G3 NAS device (87%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (87%)
4848No exact OS matches for host (test conditions non-ideal).
4849Network Distance: 14 hops
4850
4851TRACEROUTE (using port 80/tcp)
4852HOP RTT ADDRESS
48531 170.54 ms 10.252.200.1
48542 172.69 ms 213.184.122.97
48553 201.10 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
48564 170.75 ms bzq-219-189-185.dsl.bezeqint.net (62.219.189.185)
48575 231.30 ms bzq-179-124-82.cust.bezeqint.net (212.179.124.82)
48586 220.75 ms ae23-0.fra20.core-backbone.com (5.56.18.217)
48597 228.45 ms ae5-2074.ams10.core-backbone.com (81.95.2.138)
48608 222.17 ms bzq-161-217.pop.bezeqint.net (212.179.161.217)
48619 231.58 ms ae5-2074.ams10.core-backbone.com (81.95.2.138)
486210 228.49 ms ae5-2074.ams10.core-backbone.com (81.95.2.138)
486311 235.96 ms 185.8.177.33
486412 239.29 ms 185.8.177.35
486513 234.24 ms 5.45.66.7
486614 238.98 ms 37.1.201.205
4867#######################################################################################################################################
4868http://teen18topic.com [200 OK] Country[UKRAINE][UA], HTTPServer[nginx], IP[37.1.201.205], PHP[5.4.45], PoweredBy[phpBB], Script[text/javascript], Title[Teen Sex - Cute Teen - Naked Girls], X-Powered-By[PHP/5.4.45], X-UA-Compatible[IE=EmulateIE7], nginx, phpBB
4869#######################################################################################################################################
4870wig - WebApp Information Gatherer
4871
4872
4873Scanning http://teen18topic.com...
4874__________________________________________________________ SITE INFO __________________________________________________________
4875IP Title
487637.1.201.205 Teen Sex - Cute Teen - Naked Girls
4877
4878___________________________________________________________ VERSION ___________________________________________________________
4879Name Versions Type
4880phpMyAdmin 4.2.11 CMS
4881Apache 2.2.11 | 2.2.12 | 2.2.13 | 2.2.14 | 2.2.15 | 2.2.16 | 2.2.17 Platform
4882 2.2.18 | 2.2.19 | 2.2.20 | 2.2.21 | 2.2.22 | 2.2.23 | 2.2.24
4883 2.2.25 | 2.2.26 | 2.2.27 | 2.2.28 | 2.2.29 | 2.3.0 | 2.3.1
4884 2.3.10 | 2.3.11 | 2.3.12 | 2.3.13 | 2.3.14 | 2.3.15 | 2.3.16
4885 2.3.2 | 2.3.3 | 2.3.4 | 2.3.5 | 2.3.6 | 2.3.7 | 2.3.8
4886 2.3.9 | 2.4.0 | 2.4.1 | 2.4.2 | 2.4.3
4887PHP 5.4.45 Platform
4888nginx Platform
4889FreeBSD 10 | 11 OS
4890OpenBSD 5.9 OS
4891
4892_________________________________________________________ INTERESTING _________________________________________________________
4893URL Note Type
4894/phpmyadmin/setup/index.php PHPMyAdmin setup page Interesting
4895
4896_______________________________________________________ VULNERABILITIES _______________________________________________________
4897Affected #Vulns Link
4898phpMyAdmin 4.2.11 9 http://cvedetails.com/version/176163
4899
4900_______________________________________________________________________________________________________________________________
4901Time: 48.3 sec Urls: 414 Fingerprints: 40401
4902######################################################################################################################################
4903HTTP/1.1 200 OK
4904Server: nginx
4905Date: Sat, 20 Jul 2019 05:26:21 GMT
4906Content-Type: text/html; charset=UTF-8
4907Connection: keep-alive
4908Keep-Alive: timeout=60
4909X-Powered-By: PHP/5.4.45
4910
4911HTTP/1.1 200 OK
4912Server: nginx
4913Date: Sat, 20 Jul 2019 05:26:22 GMT
4914Content-Type: text/html; charset=UTF-8
4915Connection: keep-alive
4916Keep-Alive: timeout=60
4917X-Powered-By: PHP/5.4.45
4918#######################################################################################################################################
4919------------------------------------------------------------------------------------------------------------------------
4920
4921[ ! ] Starting SCANNER INURLBR 2.1 at [20-07-2019 01:26:49]
4922[ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
4923It is the end user's responsibility to obey all applicable local, state and federal laws.
4924Developers assume no liability and are not responsible for any misuse or damage caused by this program
4925
4926[ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/teen18topic.com/output/inurlbr-teen18topic.com ]
4927[ INFO ][ DORK ]::[ site:teen18topic.com ]
4928[ INFO ][ SEARCHING ]:: {
4929[ INFO ][ ENGINE ]::[ GOOGLE - www.google.kg ]
4930
4931[ INFO ][ SEARCHING ]::
4932-[:::]
4933[ INFO ][ ENGINE ]::[ GOOGLE API ]
4934
4935[ INFO ][ SEARCHING ]::
4936-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
4937[ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.td ID: 010479943387663786936:wjwf2xkhfmq ]
4938
4939[ INFO ][ SEARCHING ]::
4940-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
4941
4942[ INFO ][ TOTAL FOUND VALUES ]:: [ 0 ]
4943[ INFO ] Not a satisfactory result was found!
4944
4945
4946[ INFO ] [ Shutting down ]
4947[ INFO ] [ End of process INURLBR at [20-07-2019 01:27:07]
4948[ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
4949[ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/teen18topic.com/output/inurlbr-teen18topic.com ]
4950|_________________________________________________________________________________________
4951
4952\_________________________________________________________________________________________/
4953######################################################################################################################################
4954PORT STATE SERVICE VERSION
4955110/tcp open pop3 Dovecot pop3d
4956| pop3-brute:
4957| Accounts: No valid accounts found
4958|_ Statistics: Performed 212 guesses in 187 seconds, average tps: 1.1
4959|_pop3-capabilities: USER UIDL SASL(PLAIN LOGIN) PIPELINING TOP RESP-CODES CAPA STLS
4960| vulscan: VulDB - https://vuldb.com:
4961| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
4962| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
4963| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
4964| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
4965| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
4966| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
4967| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
4968| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
4969| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
4970| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
4971| [69835] Dovecot 2.2.0/2.2.1 denial of service
4972| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
4973| [65684] Dovecot up to 2.2.6 unknown vulnerability
4974| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
4975| [63692] Dovecot up to 2.0.15 spoofing
4976| [7062] Dovecot 2.1.10 mail-search.c denial of service
4977| [57517] Dovecot up to 2.0.12 Login directory traversal
4978| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
4979| [57515] Dovecot up to 2.0.12 Crash denial of service
4980| [54944] Dovecot up to 1.2.14 denial of service
4981| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
4982| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
4983| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
4984| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
4985| [53277] Dovecot up to 1.2.10 denial of service
4986| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
4987| [45256] Dovecot up to 1.1.5 directory traversal
4988| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
4989| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
4990| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
4991| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
4992| [40356] Dovecot 1.0.9 Cache unknown vulnerability
4993| [38222] Dovecot 1.0.2 directory traversal
4994| [36376] Dovecot up to 1.0.x directory traversal
4995| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
4996| [30268] Timo Sirainen Dovecot 1.0/1.0 Beta2/1.0 Beta3/1.0 Beta7 directory traversal
4997|
4998| MITRE CVE - https://cve.mitre.org:
4999| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
5000| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
5001| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
5002| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
5003| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
5004| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
5005| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
5006| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
5007| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
5008| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
5009| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
5010| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
5011| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
5012| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
5013| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
5014| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
5015| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
5016| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
5017| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
5018| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
5019| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
5020| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
5021| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
5022| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
5023| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
5024| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
5025| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
5026| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
5027| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
5028| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
5029| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
5030| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
5031| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
5032| [CVE-2002-0925] Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
5033| [CVE-2001-0143] vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
5034| [CVE-2000-1197] POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
5035| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
5036|
5037| SecurityFocus - https://www.securityfocus.com/bid/:
5038| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
5039| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
5040| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
5041| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
5042| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
5043| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
5044| [67306] Dovecot Denial of Service Vulnerability
5045| [67219] akpop3d 'pszQuery' Remote Memory Corruption Vulnerability
5046| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
5047| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
5048| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
5049| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
5050| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
5051| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
5052| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
5053| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
5054| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
5055| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
5056| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
5057| [39838] tpop3d Remote Denial of Service Vulnerability
5058| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
5059| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
5060| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
5061| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
5062| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
5063| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
5064| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
5065| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
5066| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
5067| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
5068| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
5069| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
5070| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
5071| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
5072| [17961] Dovecot Remote Information Disclosure Vulnerability
5073| [16672] Dovecot Double Free Denial of Service Vulnerability
5074| [8495] akpop3d User Name SQL Injection Vulnerability
5075| [8473] Vpop3d Remote Denial Of Service Vulnerability
5076| [3990] ZPop3D Bad Login Logging Failure Vulnerability
5077| [2781] DynFX MailServer POP3d Denial of Service Vulnerability
5078|
5079| IBM X-Force - https://exchange.xforce.ibmcloud.com:
5080| [86382] Dovecot POP3 Service denial of service
5081| [84396] Dovecot IMAP APPEND denial of service
5082| [80453] Dovecot mail-search.c denial of service
5083| [71354] Dovecot SSL Common Name (CN) weak security
5084| [67675] Dovecot script-login security bypass
5085| [67674] Dovecot script-login directory traversal
5086| [67589] Dovecot header name denial of service
5087| [63267] Apple Mac OS X Dovecot information disclosure
5088| [62340] Dovecot mailbox security bypass
5089| [62339] Dovecot IMAP or POP3 denial of service
5090| [62256] Dovecot mailbox security bypass
5091| [62255] Dovecot ACL entry security bypass
5092| [60639] Dovecot ACL plugin weak security
5093| [57267] Apple Mac OS X Dovecot Kerberos security bypass
5094| [56763] Dovecot header denial of service
5095| [54363] Dovecot base_dir privilege escalation
5096| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
5097| [46323] Dovecot dovecot.conf information disclosure
5098| [46227] Dovecot message parsing denial of service
5099| [45669] Dovecot ACL mailbox security bypass
5100| [45667] Dovecot ACL plugin rights security bypass
5101| [41085] Dovecot TAB characters authentication bypass
5102| [41009] Dovecot mail_extra_groups option unauthorized access
5103| [39342] Dovecot LDAP auth cache configuration security bypass
5104| [35767] Dovecot ACL plugin security bypass
5105| [34082] Dovecot mbox-storage.c directory traversal
5106| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
5107| [26578] Cyrus IMAP pop3d buffer overflow
5108| [26536] Dovecot IMAP LIST information disclosure
5109| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
5110| [24709] Dovecot APPEND command denial of service
5111| [13018] akpop3d authentication code SQL injection
5112| [7345] Slackware Linux imapd and ipop3d core dump
5113| [6269] imap, ipop2d and ipop3d buffer overflows
5114| [5923] Linuxconf vpop3d symbolic link
5115| [4918] IPOP3D, Buffer overflow attack
5116| [1560] IPOP3D, user login successful
5117| [1559] IPOP3D user login to remote host successful
5118| [1525] IPOP3D, user logout
5119| [1524] IPOP3D, user auto-logout
5120| [1523] IPOP3D, user login failure
5121| [1522] IPOP3D, brute force attack
5122| [1521] IPOP3D, user kiss of death logout
5123| [418] pop3d mktemp creates insecure temporary files
5124|
5125| Exploit-DB - https://www.exploit-db.com:
5126| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
5127| [23053] Vpop3d Remote Denial of Service Vulnerability
5128| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
5129| [11893] tPop3d 1.5.3 DoS
5130| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
5131| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
5132| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
5133| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
5134|
5135| OpenVAS (Nessus) - http://www.openvas.org:
5136| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
5137| [901025] Dovecot Version Detection
5138| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
5139| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
5140| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
5141| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
5142| [870607] RedHat Update for dovecot RHSA-2011:0600-01
5143| [870471] RedHat Update for dovecot RHSA-2011:1187-01
5144| [870153] RedHat Update for dovecot RHSA-2008:0297-02
5145| [863272] Fedora Update for dovecot FEDORA-2011-7612
5146| [863115] Fedora Update for dovecot FEDORA-2011-7258
5147| [861525] Fedora Update for dovecot FEDORA-2007-664
5148| [861394] Fedora Update for dovecot FEDORA-2007-493
5149| [861333] Fedora Update for dovecot FEDORA-2007-1485
5150| [860845] Fedora Update for dovecot FEDORA-2008-9202
5151| [860663] Fedora Update for dovecot FEDORA-2008-2475
5152| [860169] Fedora Update for dovecot FEDORA-2008-2464
5153| [860089] Fedora Update for dovecot FEDORA-2008-9232
5154| [840950] Ubuntu Update for dovecot USN-1295-1
5155| [840668] Ubuntu Update for dovecot USN-1143-1
5156| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
5157| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
5158| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
5159| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
5160| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
5161| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
5162| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
5163| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
5164| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
5165| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
5166| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
5167| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
5168| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
5169| [70259] FreeBSD Ports: dovecot
5170| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
5171| [66522] FreeBSD Ports: dovecot
5172| [65010] Ubuntu USN-838-1 (dovecot)
5173| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
5174| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
5175| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
5176| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
5177| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
5178| [62854] FreeBSD Ports: dovecot-managesieve
5179| [61916] FreeBSD Ports: dovecot
5180| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
5181| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
5182| [60528] FreeBSD Ports: dovecot
5183| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
5184| [60089] FreeBSD Ports: dovecot
5185| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
5186| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
5187|
5188| SecurityTracker - https://www.securitytracker.com:
5189| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
5190| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
5191| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
5192|
5193| OSVDB - http://www.osvdb.org:
5194| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
5195| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
5196| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
5197| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
5198| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
5199| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
5200| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
5201| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
5202| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
5203| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
5204| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
5205| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
5206| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
5207| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
5208| [66113] Dovecot Mail Root Directory Creation Permission Weakness
5209| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
5210| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
5211| [66110] Dovecot Multiple Unspecified Buffer Overflows
5212| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
5213| [64783] Dovecot E-mail Message Header Unspecified DoS
5214| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
5215| [62796] Dovecot mbox Format Email Header Handling DoS
5216| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
5217| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
5218| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
5219| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
5220| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
5221| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
5222| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
5223| [43137] Dovecot mail_extra_groups Symlink File Manipulation
5224| [42979] Dovecot passdbs Argument Injection Authentication Bypass
5225| [39876] Dovecot LDAP Auth Cache Security Bypass
5226| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
5227| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
5228| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
5229| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
5230| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
5231| [23281] Dovecot imap/pop3-login dovecot-auth DoS
5232| [23280] Dovecot Malformed APPEND Command DoS
5233| [14459] mmmail mmpop3d USER Command mmsyslog Function Format String
5234| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
5235| [5857] Linux pop3d Arbitrary Mail File Access
5236| [2471] akpop3d username SQL Injection
5237|_
5238Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
5239Aggressive OS guesses: Linux 3.10 - 4.11 (92%), Linux 3.2 - 4.9 (92%), Linux 3.18 (90%), Crestron XPanel control system (90%), Linux 3.16 (89%), ASUS RT-N56U WAP (Linux 3.4) (87%), Linux 3.1 (87%), Linux 3.2 (87%), HP P2000 G3 NAS device (87%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (87%)
5240No exact OS matches for host (test conditions non-ideal).
5241Network Distance: 12 hops
5242
5243TRACEROUTE (using port 80/tcp)
5244HOP RTT ADDRESS
52451 177.01 ms 10.252.200.1
52462 178.67 ms 213.184.122.97
52473 177.06 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
52484 177.26 ms bzq-219-189-185.dsl.bezeqint.net (62.219.189.185)
52495 178.73 ms bzq-114-65-2.cust.bezeqint.net (192.114.65.2)
52506 226.69 ms ae23-0.fra20.core-backbone.com (5.56.18.217)
52517 232.80 ms bzq-179-124-74.cust.bezeqint.net (212.179.124.74)
52528 232.86 ms core-backbone.serverius.nl (5.56.20.170)
52539 ...
525410 233.20 ms 185.8.179.21
525511 234.57 ms 185.8.179.27
525612 234.54 ms 37.1.201.205
5257#######################################################################################################################################
5258Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-20 01:30 EDT
5259Nmap scan report for teen18topic.com (37.1.201.205)
5260Host is up (0.24s latency).
5261
5262PORT STATE SERVICE VERSION
5263123/udp open|filtered ntp
5264Too many fingerprints match this host to give specific OS details
5265Network Distance: 13 hops
5266
5267TRACEROUTE (using proto 1/icmp)
5268HOP RTT ADDRESS
52691 177.37 ms 10.252.200.1
52702 171.54 ms 213.184.122.97
52713 170.65 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
52724 170.83 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
52735 222.45 ms bzq-179-124-153.cust.bezeqint.net (212.179.124.153)
52746 220.70 ms ae23-0.fra20.core-backbone.com (5.56.18.217)
52757 227.27 ms ae5-2074.ams10.core-backbone.com (81.95.2.138)
52768 232.96 ms core-backbone.serverius.nl (5.56.20.171)
52779 233.93 ms 185.8.179.21
527810 233.00 ms 185.8.179.25
527911 253.80 ms 185.8.177.35
528012 245.99 ms 5.45.66.7
528113 246.81 ms 37.1.201.205
5282#######################################################################################################################################
5283Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-20 01:32 EDT
5284Nmap scan report for teen18topic.com (37.1.201.205)
5285Host is up (0.24s latency).
5286
5287PORT STATE SERVICE VERSION
52885432/tcp open http Node.js Express framework
5289| vulscan: VulDB - https://vuldb.com:
5290| [105127] Express Web Framework up to 3.10/4.4 on Node.js 400 Level Response Content-Type Header cross site scripting
5291| [119217] protobufjs on Node.js proto File Regular Expression denial of service
5292| [119216] sshpk on Node.js Public Key Regular Expression denial of service
5293| [119105] mime Module on Node.js Regular Expression denial of service
5294| [119104] Debug Module on Node.js Regular Expression denial of service
5295| [119103] method-override on Node.js Regular Expression denial of service
5296| [119086] Fresh on Node.js Regular Expression Loop denial of service
5297| [119085] forwarded on Node.js Regular Expression Loop denial of service
5298| [119084] slug on Node.js Regular Expression Loop denial of service
5299| [119083] string on Node.js Regular Expression denial of service
5300| [119082] timespan on Node.js Regular Expression Loop denial of service
5301| [119081] marked on Node.js Regular Expression denial of service
5302| [119080] parsejson on Node.js Regular Expression denial of service
5303| [119079] Content module on Node.js Regular Expression denial of service
5304| [119067] no-case on Node.js Regular Expression Loop denial of service
5305| [119066] charset up to 1.0.0 on Node.js DHTTP_MAX_HEADER_SIZE Regular Expression denial of service
5306| [119055] ua-parser on Node.js Regular Expression denial of service
5307| [118919] Useragent up to 2.1.12 on Node.js Regular Expression Loop denial of service
5308| [118913] Decamelize 1.1.0/1.1.1 on Node.js Regular Expression denial of service
5309| [118440] galenframework-cli up to 2.3.0 on Node.js weak encryption
5310| [118425] Minimatch up to 3.0.1 on Node.js Regular Expression minimatch denial of service
5311| [118424] negotiator up to 0.6.0 on Node.js Regular Expression denial of service
5312| [118408] jshamcrest on Node.js Regular Expression denial of service
5313| [118407] jadedown on Node.js Regular Expression denial of service
5314| [118404] ansi2html on Node.js Regular Expression denial of service
5315| [117635] Spring Framework up to 4.3.16/5.0.5 STOMP Regular Expression denial of service
5316| [114051] Anton Myshenin aws-lambda-multipart-parser NPM Package up to 0.1.1 node.js Regular Expression denial of service
5317| [114050] Moment Module up to 2.19.2 on Node.js Regular Expression denial of service
5318| [114047] ssri Module up to 5.2.1 on Node.js Regular Expression Base64 String denial of service
5319| [107424] Tough-Cookie Module up to 2.3.2 on Node.js Regular Expression CPU Exhaustion denial of service
5320|
5321| MITRE CVE - https://cve.mitre.org:
5322| [CVE-2011-2730] VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag
5323| [CVE-2011-1484] jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application.
5324| [CVE-2011-1271] The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework JIT Optimization Vulnerability."
5325| [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
5326| [CVE-2006-7192] Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.
5327| [CVE-2013-4946] Multiple cross-site scripting (XSS) vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to inject arbitrary web script or HTML via the (1) SelTab parameter to QV_admin.aspx, the (2) CallBack parameter to QV_grid.aspx, or the (3) HelpPage parameter to commonhelp.aspx.
5328| [CVE-2013-4945] Multiple SQL injection vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to execute arbitrary SQL commands via the (1) ASPSESSIONIDASSRATTQ, (2) TABLE_WIDGET_1, (3) TABLE_WIDGET_2, (4) browserDateTimeInfo, or (5) browserNumberInfo cookie parameter to DashBoardGUI.aspx
5329| [CVE-2013-4660] The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation.
5330| [CVE-2013-3824] Unspecified vulnerability in the Oracle Agile Collaboration Framework component in Oracle Supply Chain Products Suite 9.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Manufacturing/Mfg Parts.
5331| [CVE-2013-3823] Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.
5332| [CVE-2013-3822] Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1 allows remote attackers to affect integrity via unknown vectors related to Web Client (CS).
5333| [CVE-2013-3791] Unspecified vulnerability in Enterprise Manager (EM) Base Platform 10.2.0.5 and EM DB Control 11.1.0.7 in Oracle Enterprise Manager Grid Control allows remote attackers to affect integrity via unknown vectors related to User Interface Framework.
5334| [CVE-2013-3753] Unspecified vulnerability in Oracle Solaris 11 allows remote attackers to affect availability via vectors related to Kernel/STREAMS framework.
5335| [CVE-2013-3444] The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1
5336| [CVE-2013-3443] The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 in a Central Manager (CM) configuration allows remote attackers to execute arbitrary code via a crafted POST request, aka Bug ID CSCuh26626.
5337| [CVE-2013-3438] The web framework in the server in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to bypass intended access restrictions and read unspecified web pages via crafted parameters, aka Bug ID CSCuh86385.
5338| [CVE-2013-3420] Cross-site request forgery (CSRF) vulnerability in the web framework on the Cisco Identity Services Engine (ISE) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh25506.
5339| [CVE-2013-3416] Cross-site scripting (XSS) vulnerability in the web framework in the unified-communications management implementation in Cisco Unified Operations Manager and Unified Service Monitor allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuh47574 and CSCuh95997.
5340| [CVE-2013-3398] The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance provides different responses to requests for arbitrary pathnames depending on whether the pathname exists, which allows remote attackers to enumerate directories and files via a series of crafted requests, aka Bug ID CSCuh64574.
5341| [CVE-2013-3396] Cross-site scripting (XSS) vulnerability in the web framework in Cisco Content Security Management on Security Management Appliance (SMA) devices allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh24749.
5342| [CVE-2013-3395] Cross-site request forgery (CSRF) vulnerability in the web framework on Cisco IronPort Web Security Appliance (WSA) devices, Email Security Appliance (ESA) devices, and Content Security Management Appliance (SMA) devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuh70263, CSCuh70323, and CSCuh26634.
5343| [CVE-2013-3386] The IronPort Spam Quarantine (ISQ) component in the web framework in IronPort AsyncOS on Cisco Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019 and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (service crash or hang) via a high rate of TCP connection attempts, aka Bug IDs CSCzv25573 and CSCzv81712.
5344| [CVE-2013-3385] The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602
5345| [CVE-2013-3384] The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550
5346| [CVE-2013-3383] The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL sent over IPv4, aka Bug ID CSCzv69294.
5347| [CVE-2013-3171] The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability."
5348| [CVE-2013-3134] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework application that changes array data, aka "Array Allocation Vulnerability."
5349| [CVE-2013-3133] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Anonymous Method Injection Vulnerability."
5350| [CVE-2013-3132] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Delegate Reflection Bypass Vulnerability."
5351| [CVE-2013-3131] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability."
5352| [CVE-2013-3129] Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5
5353| [CVE-2013-2494] libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266.
5354| [CVE-2013-2398] Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Open UI Client.
5355| [CVE-2013-2266] libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.
5356| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
5357| [CVE-2013-2165] ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data.
5358| [CVE-2013-1842] SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values."
5359| [CVE-2013-1543] Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Open UI Client.
5360| [CVE-2013-1519] Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.1 allows remote attackers to affect integrity via unknown vectors.
5361| [CVE-2013-1510] Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Portal Framework.
5362| [CVE-2013-1337] Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka "Authentication Bypass Vulnerability."
5363| [CVE-2013-1336] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability."
5364| [CVE-2013-1242] Memory leak in the web framework in the server in Cisco Unified Presence (CUP) allows remote attackers to cause a denial of service (memory consumption) via malformed TCP packets, aka Bug ID CSCug38080.
5365| [CVE-2013-1227] Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCug37902.
5366| [CVE-2013-1214] The scripts editor in Cisco Unified Contact Center Express (aka Unified CCX) does not properly manage privileges for anonymous logins, which allows remote attackers to read arbitrary scripts by visiting the scripts repository directory, aka Bug ID CSCuf77546.
5367| [CVE-2013-1120] Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910.
5368| [CVE-2013-1114] Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527.
5369| [CVE-2013-1093] Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the directToPage parameter.
5370| [CVE-2013-0934] EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and modify global reports via unspecified vectors.
5371| [CVE-2013-0933] Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5372| [CVE-2013-0932] EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and upload arbitrary files via unspecified vectors.
5373| [CVE-2013-0407] Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/DTrace Framework.
5374| [CVE-2013-0397] Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Diagnostics.
5375| [CVE-2013-0390] Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Bookmarkable Pages.
5376| [CVE-2013-0381] Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Application Framework.
5377| [CVE-2013-0376] Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Diagnostics.
5378| [CVE-2013-0370] Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.
5379| [CVE-2013-0354] Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5, and EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3, allows remote attackers to affect integrity via unknown vectors related to Policy Framework.
5380| [CVE-2013-0242] Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.
5381| [CVE-2013-0073] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability."
5382| [CVE-2013-0005] The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."
5383| [CVE-2013-0004] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."
5384| [CVE-2013-0003] Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability."
5385| [CVE-2013-0002] Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."
5386| [CVE-2013-0001] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability."
5387| [CVE-2012-6532] (1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack.
5388| [CVE-2012-6531] (1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack, a different vulnerability than CVE-2012-3363.
5389| [CVE-2012-6528] Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) themes/default/tile_search/index.tmpl.php, (2) login.php, (3) search.php, (4) password_reminder.php, (5) login.php/jscripts/infusion, (6) login.php/mods/_standard/flowplayer, (7) browse.php/jscripts/infusion/framework/fss, (8) registration.php/themes/default/ie_styles.css, (9) about.php, or (10) themes/default/social/basic_profile.tmpl.php.
5390| [CVE-2012-6109] lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.
5391| [CVE-2012-5795] The PayPal Express module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5392| [CVE-2012-5657] The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack.
5393| [CVE-2012-5382] ** DISPUTED ** Untrusted search path vulnerability in the installation functionality in Zend Server 5.6.0 SP4, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Zend\ZendServer\share\ZendFramework\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the choice of C:\ (and the resulting unsafe PATH) is established by an administrative action that is not a default part of the Zend Server installation.
5394| [CVE-2012-5223] The proc_deutf function in includes/functions_vbseocp_abstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the char_repl parameter, which is inserted into a regular expression that is processed by the preg_replace function with the eval switch.
5395| [CVE-2012-5109] The International Components for Unicode (ICU) functionality in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a regular expression.
5396| [CVE-2012-5062] Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect integrity via unknown vectors related to User Interface Framework.
5397| [CVE-2012-4934] TomatoCart 1.1.7, when the PayPal Express Checkout module is enabled in sandbox mode, allows remote authenticated users to bypass intended payment requirements by modifying a certain redirection URL.
5398| [CVE-2012-4855] Unspecified vulnerability in the web services framework in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to cause a denial of service (login outage) via unknown vectors.
5399| [CVE-2012-4832] Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 and InfoSphere Business Glossary 8.1.1 and 8.1.2 does not have an off autocomplete attribute for the password field on the login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
5400| [CVE-2012-4816] IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows remote attackers to bypass intended Env Gen Wizard (aka Environment Generation Wizard) access restrictions by visiting context roots in HTTP sessions on port 8080.
5401| [CVE-2012-4777] The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "WPF Reflection Optimization Vulnerability."
5402| [CVE-2012-4776] The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability."
5403| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
5404| [CVE-2012-4281] Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id parameter to pages.php, (4) fid parameter to admin/airline-edit.php, or (5) cid parameter to admin/customer-edit.php.
5405| [CVE-2012-4028] Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication.
5406| [CVE-2012-4027] Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file.
5407| [CVE-2012-3551] Cross-site scripting (XSS) vulnerability in crowbar_framework/app/views/support/index.html.haml in the Crowbar barclamp in Crowbar, possibly 1.4 and earlier, allows remote attackers to inject arbitrary web script or HTML via the file parameter to /utils.
5408| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
5409| [CVE-2012-3363] Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.
5410| [CVE-2012-3298] Unspecified vulnerability in the REST services framework in IBM WebSphere Commerce 7.0 Feature Pack 4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.
5411| [CVE-2012-3230] Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Portal Framework.
5412| [CVE-2012-3229] Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Siebel Documentation.
5413| [CVE-2012-3200] Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote authenticated users to affect confidentiality, related to ROLESPRV.
5414| [CVE-2012-3162] Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows local users to affect confidentiality, related to MDS loading.
5415| [CVE-2012-3161] Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote attackers to affect integrity via unknown vectors related to Web Client (CS).
5416| [CVE-2012-3154] Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.0 allows remote authenticated users to affect confidentiality, related to ATTACH.
5417| [CVE-2012-3025] The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive information by sniffing the network.
5418| [CVE-2012-3024] Tridium Niagara AX Framework through 3.6 uses predictable values for (1) session IDs and (2) keys, which might allow remote attackers to bypass authentication via a brute-force attack.
5419| [CVE-2012-2939] Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) airline-edit.php, (2) hotel-image-add.php, or (3) hotel-add.php.
5420| [CVE-2012-2938] Multiple cross-site scripting (XSS) vulnerabilities in Travelon Express 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the holiday name field to (1) holiday_add.php or (2) holiday_view.php.
5421| [CVE-2012-2870] libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c.
5422| [CVE-2012-2585] Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, or (4) a crafted SRC attribute of an IFRAME element, or an e-mail message subject with (5) a SCRIPT element, (6) a CSS expression property in the STYLE attribute of an arbitrary element, (7) a crafted SRC attribute of an IFRAME element, (8) a crafted CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (9) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element.
5423| [CVE-2012-2584] Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon Free 12.5.4 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) the Cascading Style Sheets (CSS) expression property in conjunction with a CSS comment within the STYLE attribute of an IMG element, (2) the CSS expression property in conjunction with multiple CSS comments within the STYLE attribute of an arbitrary element, or (3) an innerHTML attribute within an XML document.
5424| [CVE-2012-2582] Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element.
5425| [CVE-2012-2578] Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a JavaScript alert function used in conjunction with the fromCharCode method, (2) a SCRIPT element, (3) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element, or (4) an innerHTML attribute within an XML document.
5426| [CVE-2012-2573] Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, (4) an ONLOAD attribute of a BODY element, (5) a crafted SRC attribute of an IFRAME element, (6) a crafted CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (7) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element.
5427| [CVE-2012-2571] Multiple cross-site scripting (XSS) vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, (4) a crafted SRC attribute of an IFRAME element, or (5) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element.
5428| [CVE-2012-2519] Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."
5429| [CVE-2012-2330] The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information (request header contents) and possibly spoof HTTP headers via a zero length string.
5430| [CVE-2012-2294] EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page.
5431| [CVE-2012-2293] Directory traversal vulnerability in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allows remote authenticated users to upload files, and consequently execute arbitrary code, via a relative path.
5432| [CVE-2012-2292] The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 does not restrict access to the Archer application, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
5433| [CVE-2012-1896] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability."
5434| [CVE-2012-1895] The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability."
5435| [CVE-2012-1855] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability."
5436| [CVE-2012-1761] Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to UI Framework.
5437| [CVE-2012-1760] Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to UI Framework.
5438| [CVE-2012-1754] Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Framework.
5439| [CVE-2012-1742] Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to UI Framework.
5440| [CVE-2012-1740] Unspecified vulnerability in the Oracle Application Express Listener component in Oracle Application Express Listener 1.1-ea, 1.1.1, 1.1.2, and 1.1.3 allows remote attackers to affect confidentiality via unknown vectors.
5441| [CVE-2012-1732] Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Framework.
5442| [CVE-2012-1728] Unspecified vulnerability in the Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Portal Framework.
5443| [CVE-2012-1708] Unspecified vulnerability in the Application Express component in Oracle Database Server 4.0 and 4.1 allows remote attackers to affect integrity via unknown vectors.
5444| [CVE-2012-1700] Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Siebel UI Framework.
5445| [CVE-2012-1605] The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument."
5446| [CVE-2012-1314] The WAAS Express feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit traffic, aka Bug ID CSCtt45381.
5447| [CVE-2012-1247] Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and earlier, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML by leveraging support for Cascading Style Sheets (CSS) expressions.
5448| [CVE-2012-1064] Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5449| [CVE-2012-0936] Cross-site scripting (XSS) vulnerability in web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java in OpenNMS 1.8.x before 1.8.17, 1.9.93 and earlier, and 1.10.x before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via the Username field, related to login.
5450| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
5451| [CVE-2012-0712] The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression.
5452| [CVE-2012-0703] Open redirect vulnerability in Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
5453| [CVE-2012-0702] Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly determine authorization, which allows remote authenticated users to gain privileges via unspecified vectors.
5454| [CVE-2012-0662] Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input.
5455| [CVE-2012-0656] Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before 10.7.4, when the Guest account is enabled, allows physically proximate attackers to login to arbitrary accounts by entering the account name and no password.
5456| [CVE-2012-0528] Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, and 11.1.0.7, and Oracle Enterprise Manager Grid Control, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security Framework.
5457| [CVE-2012-0520] Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2, and in Oracle Enterprise Manager Grid Control 10.2.0.5 and 11.1.0.1, allows remote attackers to affect integrity via unknown vectors related to Security Framework.
5458| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
5459| [CVE-2012-0215] model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) write, (3) delete, or (4) copy rpc call.
5460| [CVE-2012-0199] Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allow remote attackers to execute arbitrary SQL commands via (1) a SOAP message to the Printer.getPrinterAgentKey function in the SoapServlet servlet, (2) the User.updateUserValue function in the register.do servlet, (3) the User.isExistingUser function in the logon.do servlet, (4) the Asset.getHWKey function in the CallHomeExec servlet, (5) the Asset.getMimeType function in the getAttachment (aka GetAttachmentServlet) servlet, (6) the addAsset.do servlet, or (7) a crafted EG2 file.
5461| [CVE-2012-0198] Stack-based buffer overflow in the RunAndUploadFile method in the Isig.isigCtl.1 ActiveX control in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allows remote attackers to execute arbitrary code via vectors related to an Asset Information file.
5462| [CVE-2012-0164] Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service (application hang) via crafted requests to a Windows Presentation Foundation (WPF) application, aka ".NET Framework Index Comparison Vulnerability."
5463| [CVE-2012-0163] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."
5464| [CVE-2012-0162] Microsoft .NET Framework 4 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Buffer Allocation Vulnerability."
5465| [CVE-2012-0161] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
5466| [CVE-2012-0160] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
5467| [CVE-2012-0124] Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors.
5468| [CVE-2012-0123] Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1498.
5469| [CVE-2012-0122] Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1393.
5470| [CVE-2012-0121] Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1392.
5471| [CVE-2012-0109] Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality and availability, related to TCP/IP.
5472| [CVE-2012-0103] Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to Kernel.
5473| [CVE-2012-0100] Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kerberos.
5474| [CVE-2012-0099] Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to sshd.
5475| [CVE-2012-0098] Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel.
5476| [CVE-2012-0097] Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect confidentiality via unknown vectors related to ksh93 Shell.
5477| [CVE-2012-0096] Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Network.
5478| [CVE-2012-0094] Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability, related to TCP/IP.
5479| [CVE-2012-0035] Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.
5480| [CVE-2012-0016] Untrusted search path vulnerability in Microsoft Expression Design
5481| [CVE-2012-0015] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability."
5482| [CVE-2012-0014] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."
5483| [CVE-2011-5174] Buffer overflow in Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules (ACM) in Intel Q67 Express, C202, C204, C206 Chipsets, and Mobile Intel QM67, and QS67 Chipset before 2nd_gen_i5_i7_SINIT_51.BIN Express
5484| [CVE-2011-5037] Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, as demonstrated by attacks against Node.js.
5485| [CVE-2011-5021] PHPIDS before 0.7 does not properly implement Regular Expression Denial of Service (ReDoS) filters, which allows remote attackers to bypass rulesets and add PHP sequences to a file via unspecified vectors.
5486| [CVE-2011-4539] dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.
5487| [CVE-2011-4314] message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.
5488| [CVE-2011-4061] Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH ELF header.
5489| [CVE-2011-3979] Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/theme_admin_setasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the setasdefault action to index.php.
5490| [CVE-2011-3874] Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand method with the wrong number of arguments, as demonstrated by zergRush to trigger a use-after-free error.
5491| [CVE-2011-3825] Zend Framework 1.11.3 in Zend Server CE 5.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Validate.php and certain other files.
5492| [CVE-2011-3734] Energine 2.3.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by core/framework/SimpleBuilder.class.php and certain other files.
5493| [CVE-2011-3543] Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to iSCSI DataMover (IDM).
5494| [CVE-2011-3542] Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to Kernel/Performance Counter BackEnd Module (pcbe).
5495| [CVE-2011-3539] Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to Zones.
5496| [CVE-2011-3537] Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel/Filesystem.
5497| [CVE-2011-3535] Unspecified vulnerability in the Solaris component in Oracle Sun Products Suite 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Remote Quota Server (rquotad).
5498| [CVE-2011-3534] Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Network Status Monitor (statd).
5499| [CVE-2011-3525] Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2 and 4.0 allows remote authenticated users to affect confidentiality, integrity, and availability, related to APEX developer user.
5500| [CVE-2011-3519] Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.2 and 12.1.3 allows remote authenticated users to affect confidentiality, related to REST Services.
5501| [CVE-2011-3515] Unspecified vulnerability in the Oracle Solaris 10 and 11 Express allows local users to affect integrity and availability via unknown vectors related to Process File System (procfs).
5502| [CVE-2011-3508] Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect confidentiality, integrity, and availability, related to LDAP library.
5503| [CVE-2011-3417] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."
5504| [CVE-2011-3416] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."
5505| [CVE-2011-3415] Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."
5506| [CVE-2011-3414] The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."
5507| [CVE-2011-3315] Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049.
5508| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
5509| [CVE-2011-2998] Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression.
5510| [CVE-2011-2894] Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.
5511| [CVE-2011-2821] Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.
5512| [CVE-2011-2728] The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.
5513| [CVE-2011-2605] CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.
5514| [CVE-2011-2583] Cisco Unified Contact Center Express (aka CCX) 8.0 and 8.5 allows remote attackers to cause a denial of service via network traffic, as demonstrated by an SEC-BE-STABLE test case, aka Bug ID CSCth33834.
5515| [CVE-2011-2564] Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth19417.
5516| [CVE-2011-2563] Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth26669.
5517| [CVE-2011-2507] libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array.
5518| [CVE-2011-2477] Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in Icinga before 1.4.1, when escape_html_tags is disabled, allow remote attackers to inject arbitrary web script or HTML via a JavaScript expression, as demonstrated by the onload attribute of a BODY element located after a check-host-alive! sequence, a different vulnerability than CVE-2011-2179.
5519| [CVE-2011-2330] Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 has an unspecified "built-in account" that is "trivially" accessed, which makes it easier for remote attackers to send requests to restricted pages via a session on TCP port 9495, a different vulnerability than CVE-2011-1220.
5520| [CVE-2011-2298] Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote attackers to affect availability, related to KSSL.
5521| [CVE-2011-2296] Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability, related to Kernel/SCTP.
5522| [CVE-2011-2295] Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability, related to Driver/USB.
5523| [CVE-2011-2294] Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote attackers to affect availability, related to SSH.
5524| [CVE-2011-2293] Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to Zones.
5525| [CVE-2011-2292] Unspecified vulnerability in Oracle Solaris 9 and 11 Express allows local users to affect confidentiality and integrity via unknown vectors related to xscreensaver.
5526| [CVE-2011-2290] Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel/sockfs.
5527| [CVE-2011-2287] Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to fingerd.
5528| [CVE-2011-2286] Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote authenticated users to affect availability, related to ZFS.
5529| [CVE-2011-2259] Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability, related to UFS.
5530| [CVE-2011-2258] Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to rksh.
5531| [CVE-2011-2244] Unspecified vulnerability in the Security Framework component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2
5532| [CVE-2011-2196] jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0
5533| [CVE-2011-1978] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability."
5534| [CVE-2011-1977] The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Control for Microsoft .NET Framework 3.5 SP1, do not properly verify functions in URIs, which allows remote attackers to read arbitrary files via special characters in a URI in an HTTP request, aka "Chart Control Information Disclosure Vulnerability."
5535| [CVE-2011-1951] lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global flag is set and when using PCRE 8.12 and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via a message that does not match a regular expression.
5536| [CVE-2011-1944] Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.
5537| [CVE-2011-1813] Google Chrome before 12.0.742.91 does not properly implement the framework for extensions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
5538| [CVE-2011-1781] SystemTap 1.4, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs stack unwinding (aka backtracing).
5539| [CVE-2011-1769] SystemTap 1.4 and earlier, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs context variable access.
5540| [CVE-2011-1715] Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to read arbitrary files via ..%2f (encoded dot dot) sequences in the file parameter.
5541| [CVE-2011-1714] Cross-site scripting (XSS) vulnerability in framework/source/resource/qx/test/jsonp_primitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter.
5542| [CVE-2011-1710] Multiple integer overflows in the HTTP server in the Novell XTier framework 3.1.8 allow remote attackers to cause a denial of service (service crash) or possibly execute arbitrary code via crafted header length variables.
5543| [CVE-2011-1367] Unspecified vulnerability in the File Load feature in IBM Rational AppScan Standard and Express 7.8.x, 7.9.x, and 8.0.x before 8.0.0.3 allows remote attackers to execute arbitrary commands via a crafted .scan file.
5544| [CVE-2011-1320] The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server (TIP/eWAS) framework is used, does not properly delete AuthCache entries upon a logout, which might allow remote attackers to access the server by leveraging an unattended workstation.
5545| [CVE-2011-1285] The regular-expression functionality in Google Chrome before 10.0.648.127 does not properly implement reentrancy, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
5546| [CVE-2011-1253] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability."
5547| [CVE-2011-1220] Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 allows remote authenticated users to execute arbitrary code via a long opts field.
5548| [CVE-2011-1056] The installer for Metasploit Framework 3.5.1, when running on Windows, uses weak inherited permissions for the Metasploit installation directory, which allows local users to gain privileges by replacing critical files with a Trojan horse.
5549| [CVE-2011-0848] Unspecified vulnerability in the Security Framework component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2
5550| [CVE-2011-0841] Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to TCP/IP.
5551| [CVE-2011-0839] Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect availability, related to LOFS.
5552| [CVE-2011-0829] Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability, related to Kernel/SPARC.
5553| [CVE-2011-0820] Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Kernel.
5554| [CVE-2011-0813] Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel.
5555| [CVE-2011-0812] Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel.
5556| [CVE-2011-0801] Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect confidentiality and integrity via unknown vectors related to cp.
5557| [CVE-2011-0800] Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration Utilities.
5558| [CVE-2011-0762] The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.
5559| [CVE-2011-0664] Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability."
5560| [CVE-2011-0418] The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command.
5561| [CVE-2011-0384] The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug ID CSCtf01253.
5562| [CVE-2011-0383] The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug IDs CSCtf42005 and CSCtf42008.
5563| [CVE-2011-0287] Unspecified vulnerability in the BlackBerry Administration API in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 5.0.1 through 5.0.3, and BlackBerry Enterprise Server Express software 5.0.1 through 5.0.3, allows remote attackers to read text files or cause a denial of service via unknown vectors.
5564| [CVE-2011-0286] Cross-site scripting (XSS) vulnerability in webdesktop/app in the BlackBerry Web Desktop Manager component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software before 5.0.2 MR5 and 5.0.3 before MR1, and BlackBerry Enterprise Server Express software 5.0.1 and 5.0.2, allows remote attackers to inject arbitrary web script or HTML via the displayErrorMessage parameter in a ManageDevices action.
5565| [CVE-2011-0201] Off-by-one error in the CoreFoundation framework in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a CFString object that triggers a buffer overflow.
5566| [CVE-2011-0063] The _list_file_get function in lib/Majordomo.pm in Majordomo 2 20110203 and earlier allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ./.../ sequence in the "extra" parameter to the help command, which causes the regular expression to produce .. (dot dot) sequences. NOTE: this vulnerability is due to an incomplete fix for CVE-2011-0049.
5567| [CVE-2011-0006] The ima_lsm_rule_init function in security/integrity/ima/ima_policy.c in the Linux kernel before 2.6.37, when the Linux Security Modules (LSM) framework is disabled, allows local users to bypass Integrity Measurement Architecture (IMA) rules in opportunistic circumstances by leveraging an administrator's addition of an IMA rule for LSM.
5568| [CVE-2011-0001] Double free vulnerability in the iscsi_rx_handler function (usr/iscsi/iscsid.c) in the tgt daemon (tgtd) in Linux SCSI target framework (tgt) before 1.0.14, aka scsi-target-utils, allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown vectors related to a buffer overflow during iscsi login. NOTE: some of these details are obtained from third party information.
5569| [CVE-2010-5143] McAfee VirusScan Enterprise before 8.8 allows local users to disable the product by leveraging administrative privileges to execute an unspecified Metasploit Framework module.
5570| [CVE-2010-5097] Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5571| [CVE-2010-4998] PHP remote file inclusion vulnerability in ardeaCore/lib/core/ardeaInit.php in ardeaCore PHP Framework 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the pathForArdeaCore parameter. NOTE: some of these details are obtained from third party information.
5572| [CVE-2010-4756] The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
5573| [CVE-2010-4755] The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
5574| [CVE-2010-4754] The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
5575| [CVE-2010-4687] STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle multiple calls to a shared line, which allows remote attackers to cause a denial of service (port hang) by simultaneously ending two calls that were controlled by CallManager Express (CME), aka Bug ID CSCtd42552.
5576| [CVE-2010-4686] CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a "peculiar" request size, which allows remote attackers to cause a denial of service (memory consumption) by sending this traffic over a long duration, aka Bug ID CSCtb47950.
5577| [CVE-2010-4589] Cross-site scripting (XSS) vulnerability in IBM ENOVIA 6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the emxFramework.FilterParameterPattern property.
5578| [CVE-2010-4534] The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series of requests containing regular expressions, as demonstrated by a created_by__password__regex parameter.
5579| [CVE-2010-4465] Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets."
5580| [CVE-2010-4459] Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to SCTP and Kernel/sockfs.
5581| [CVE-2010-4458] Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability, related to ZFS.
5582| [CVE-2010-4457] Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to SMB and CIFS.
5583| [CVE-2010-4456] Unspecified vulnerability in Oracle Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to affect integrity via unknown vectors related to Web Mail.
5584| [CVE-2010-4446] Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to RDS and Kernel/InfiniBand.
5585| [CVE-2010-4443] Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability, related to Kernel/NFS.
5586| [CVE-2010-4442] Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to the Kernel.
5587| [CVE-2010-4440] Unspecified vulnerability in Oracle 10 and 11 Express allows local users to affect availability via unknown vectors related to the Kernel.
5588| [CVE-2010-4052] Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
5589| [CVE-2010-4051] The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
5590| [CVE-2010-4008] libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.
5591| [CVE-2010-3958] The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability."
5592| [CVE-2010-3835] MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.
5593| [CVE-2010-3694] Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form.
5594| [CVE-2010-3476] Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080.
5595| [CVE-2010-3332] Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."
5596| [CVE-2010-3228] The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application that triggers memory corruption, aka ".NET Framework x64 JIT Compiler Vulnerability."
5597| [CVE-2010-3077] Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter.
5598| [CVE-2010-3076] The filter function in php/src/include.php in Simple Management for BIND (aka smbind) before 0.4.8 does not anchor a certain regular expression, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via the username parameter to the admin login page.
5599| [CVE-2010-3008] Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 on Windows allows local users to gain privileges or cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3007.
5600| [CVE-2010-3007] Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors.
5601| [CVE-2010-2632] Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames.
5602| [CVE-2010-2604] Multiple buffer overflows in the PDF Distiller in the BlackBerry Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server 4.1.3 through 5.0.2, and Enterprise Server Express 5.0.1 and 5.0.2, allow remote attackers to execute arbitrary code via a crafted PDF file.
5603| [CVE-2010-2221] Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU.
5604| [CVE-2010-2087] Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
5605| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
5606| [CVE-2010-1942] Unspecified vulnerability in the Servlet service in Fujitsu Limited Interstage Application Server 3.0 through 7.0, as used in Interstage Application Framework Suite, Interstage Business Application Server, and Interstage List Manager, allows attackers to obtain sensitive information or force invalid requests to be processed via unknown vectors related to unspecified invalid requests and settings on the load balancing device.
5607| [CVE-2010-1941] Unspecified vulnerability in NEC WebSAM DeploymentManager 5.13 and earlier, as used in SigmaSystemCenter 2.1 Update2 and earlier, BladeSystemCenter, ExpressSystemCenter, and VirtualPCCenter 2.2 and earlier, allows remote attackers to cause a denial of service (OS shutdown or restart) via unknown vectors related to Client Service for DPM and crafted packets to port 56010.
5608| [CVE-2010-1898] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability."
5609| [CVE-2010-1871] JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.
5610| [CVE-2010-1870] The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the "#" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.
5611| [CVE-2010-1804] Unspecified vulnerability in the network bridge functionality on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 allows remote attackers to cause a denial of service (networking outage) via a crafted DHCP reply.
5612| [CVE-2010-1732] Cross-site request forgery (CSRF) vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address (updateemail action).
5613| [CVE-2010-1724] Multiple cross-site scripting (XSS) vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) func parameter to index.php, or the (2) lang parameter to index.php, which is not properly handled by ZLanguage.php.
5614| [CVE-2010-1622] SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.
5615| [CVE-2010-1583] SQL injection vulnerability in the loadByKey function in the TznDbConnection class in tzn_mysql.php in Tirzen (aka TZN) Framework 1.5, as used in TaskFreak! before 0.6.3, allows remote attackers to execute arbitrary SQL commands via the username field in a login action.
5616| [CVE-2010-1571] Directory traversal vulnerability in the bootstrap service in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), unspecified 6.0 versions, and 5.0 before 5.0(2)SR3 allows remote attackers to read arbitrary files via a crafted bootstrap message to TCP port 6295.
5617| [CVE-2010-1570] The computer telephony integration (CTI) server component in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), 6.0 before 6.0(1)SR1, and 5.0 before 5.0(2)SR3 allows remote attackers to cause a denial of service (CTI server and Node Manager failure) via a malformed CTI message.
5618| [CVE-2010-1330] The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.
5619| [CVE-2010-1227] Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site request forgery (CSRF) attack involving the cmd and argv parameters to cmd.msc.
5620| [CVE-2010-1158] Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.
5621| [CVE-2010-0962] The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT command.
5622| [CVE-2010-0912] Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect integrity via unknown vectors.
5623| [CVE-2010-0909] Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote authenticated users to affect confidentiality via unknown vectors.
5624| [CVE-2010-0908] Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
5625| [CVE-2010-0892] Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2.0.00.27 allows remote attackers to affect integrity via unknown vectors.
5626| [CVE-2010-0885] Unspecified vulnerability in the Sun Java System Communications Express component in Oracle Sun Product Suite 6 2005Q4 (6.2) and and 6.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Address Book.
5627| [CVE-2010-0816] Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1
5628| [CVE-2010-0743] Multiple format string vulnerabilities in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and earlier and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16 allow remote attackers to cause a denial of service (tgtd daemon crash) or possibly have unspecified other impact via vectors that involve the isns_attr_query and qry_rsp_handle functions, and are related to (a) client appearance and (b) client disappearance messages.
5629| [CVE-2010-0600] Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not properly restrict network access to an unspecified configuration file, which allows remote attackers to read passwords and unspecified other account details via a (1) XML RPC or (2) XML RPC over HTTPS session, aka Bug ID CSCtb83512.
5630| [CVE-2010-0599] Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt XML RPC sessions from operator workstations, which allows remote attackers to discover Administrator credentials by sniffing the network, aka Bug ID CSCtb83505.
5631| [CVE-2010-0598] Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt HTTP sessions from operator workstations, which allows remote attackers to discover Administrator credentials by sniffing the network, aka Bug ID CSCtb83631.
5632| [CVE-2010-0597] Unspecified vulnerability in Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 allows remote authenticated users to read or modify the device configuration, and gain privileges or cause a denial of service (device reload), via a (1) XML RPC or (2) XML RPC over HTTPS request, aka Bug ID CSCtb83618.
5633| [CVE-2010-0596] Unspecified vulnerability in Cisco Mediator Framework 2.2 before 2.2.1.dev.1 and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 allows remote authenticated users to read or modify the device configuration, and gain privileges, via a (1) HTTP or (2) HTTPS request, aka Bug ID CSCtb83607.
5634| [CVE-2010-0595] Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 has a default password for the administrative user account and unspecified other accounts, which makes it easier for remote attackers to obtain privileged access, aka Bug ID CSCtb83495.
5635| [CVE-2010-0586] Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug ID CSCsz49741, the "SCCP Request Handling Denial of Service Vulnerability."
5636| [CVE-2010-0585] Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug ID CSCsz48614, the "SCCP Packet Processing Denial of Service Vulnerability."
5637| [CVE-2010-0557] IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials.
5638| [CVE-2010-0132] Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re input," a different vulnerability than CVE-2010-0736.
5639| [CVE-2010-0076] Unspecified vulnerability in the Application Express Application Builder component in Oracle Database 3.2.1.00.10 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
5640| [CVE-2010-0039] The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the device's IP address for arbitrary intranet TCP traffic by leveraging write access to an intranet FTP server.
5641| [CVE-2010-0019] Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability."
5642| [CVE-2010-0007] net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restrictions and configure arbitrary network-traffic filtering via a modified ebtables application.
5643| [CVE-2009-5040] CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote authenticated users to cause a denial of service (device crash) by using an extension mobility (EM) phone to interact with the menu for SNR number changes, aka Bug ID CSCta63555.
5644| [CVE-2009-4666] Multiple PHP remote file inclusion vulnerabilities in Webradev Download Protect 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[RootPath] parameter to (1) Framework/EmailTemplates.class.php, (2) Customers/PDPEmailReplaceConstants.class.php, and (3) Admin/ResellersManager.class.php in includes/DProtect/.
5645| [CVE-2009-4419] Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the SINIT Authenticated Code Module (ACM), which allows local users to bypass the Trusted Execution Technology protection mechanism and gain privileges by modifying the MCHBAR register to point to an attacker-controlled region, which prevents the SENTER instruction from properly applying VT-d protection while an MLE is being loaded.
5646| [CVE-2009-4417] The shutdown function in the Zend_Log_Writer_Mail class in Zend Framework (ZF) allows context-dependent attackers to send arbitrary e-mail messages to any recipient address via vectors related to "events not yet mailed."
5647| [CVE-2009-4363] Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via data:text/html values for the HREF attribute of an A element in an HTML e-mail message. NOTE: the vendor states that the issue is caused by "an XSS vulnerability in Firefox browsers."
5648| [CVE-2009-4261] Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0~rc2 allow (1) remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API (RAPI) and allow (2) local users to execute arbitrary programs and gain privileges via a crafted external script name supplied through a gnt-* command, related to "path sanitization errors."
5649| [CVE-2009-3853] Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, allows remote attackers to execute arbitrary code via crafted data in a TCP packet.
5650| [CVE-2009-3701] Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.
5651| [CVE-2009-3695] Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of backtracking in a regular expression.
5652| [CVE-2009-3626] Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match.
5653| [CVE-2009-3402] Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote authenticated users to affect confidentiality via unknown vectors.
5654| [CVE-2009-3372] Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.
5655| [CVE-2009-3277] DataVault.Tesla/Impl/TypeSystem/AssociationHelper.cs in datavault allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of an [ (open bracket) followed by many commas, related to a certain regular expression, aka a "ReDoS" vulnerability.
5656| [CVE-2009-3276] Zoran/WinFormsAdvansed/RegeularDataToXML/Form1.cs in WinFormsAdvansed in NASD CORE.NET Terelik (aka corenet1) allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of many alphabetic characters followed by a ! (exclamation point), related to a certain regular expression, aka a "ReDoS" vulnerability.
5657| [CVE-2009-3275] Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs in Microsoft patterns & practices Enterprise Library (aka EntLib) allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of many \ (backslash) characters followed by a " (double quote), related to a certain regular expression, aka a "ReDoS" vulnerability.
5658| [CVE-2009-3237] Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5
5659| [CVE-2009-3236] The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5
5660| [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
5661| [CVE-2009-3033] Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument.
5662| [CVE-2009-3031] Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 in AeXNSConsoleUtilities.dll in Symantec Altiris Notification Server (NS) 6.0 before R12, Deployment Server 6.8 and 6.9 in Symantec Altiris Deployment Solution 6.9 SP3, and Symantec Management Platform (SMP) 7.0 before SP3 allows remote attackers to execute arbitrary code via a long string in the second argument.
5663| [CVE-2009-3030] Cross-site scripting (XSS) vulnerability in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote attackers to inject arbitrary web script or HTML via vectors that trigger an error message in a response, related to an "HTML Injection issue."
5664| [CVE-2009-3029] Cross-site scripting (XSS) vulnerability in the console in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote authenticated users to inject arbitrary web script or HTML via "external client input" that triggers crafted error messages.
5665| [CVE-2009-3028] The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method.
5666| [CVE-2009-2911] SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to (1) cause a denial of service or gain privileges via a print operation with a large number of arguments that trigger a kernel stack overflow, (2) cause a denial of service via crafted DWARF expressions that trigger a kernel stack frame overflow, or (3) cause a denial of service (infinite loop) via vectors that trigger creation of large unwind tables, related to Common Information Entry (CIE) and Call Frame Instruction (CFI) records.
5667| [CVE-2009-2873] Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Express Forwarding feature are enabled, allows remote attackers to cause a denial of service (device reload) via malformed packets, aka Bug ID CSCsx70889.
5668| [CVE-2009-2872] Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Express Forwarding feature are enabled, allows remote attackers to cause a denial of service (device reload) via a malformed packet that is not properly handled during switching from one tunnel to a second tunnel, aka Bug IDs CSCsh97579 and CSCsq31776.
5669| [CVE-2009-2865] Buffer overflow in the login implementation in the Extension Mobility feature in the Unified Communications Manager Express (CME) component in Cisco IOS 12.4XW, 12.4XY, 12.4XZ, and 12.4YA allows remote attackers to execute arbitrary code or cause a denial of service via crafted HTTP requests, aka Bug ID CSCsq58779.
5670| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
5671| [CVE-2009-2555] Heap-based buffer overflow in src/jsregexp.cc in Google V8 before 1.1.10.14, as used in Google Chrome before 2.0.172.37, allows remote attackers to execute arbitrary code in the Chrome sandbox via a crafted JavaScript regular expression.
5672| [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
5673| [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
5674| [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
5675| [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
5676| [CVE-2009-2497] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability."
5677| [CVE-2009-2416] Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.
5678| [CVE-2009-2414] Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.
5679| [CVE-2009-2404] Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.
5680| [CVE-2009-2189] The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 does not limit the rate of (1) Router Advertisement and (2) Neighbor Discovery packets, which allows remote attackers to cause a denial of service (resource consumption and device restart) by sending many packets.
5681| [CVE-2009-2048] Cross-site scripting (XSS) vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to inject arbitrary web script or HTML into the CCX database via unspecified vectors.
5682| [CVE-2009-2047] Directory traversal vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to read, modify, or delete arbitrary files via unspecified vectors.
5683| [CVE-2009-1993] Unspecified vulnerability in the Application Express component in Oracle Database 3.0.1 allows remote authenticated users to affect confidentiality and integrity, related to FLOWS_030000.WWV_EXECUTE_IMMEDIATE.
5684| [CVE-2009-1982] Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2 and 12.0.6 allows remote attackers to affect integrity via unknown vectors.
5685| [CVE-2009-1896] The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed jar files is trusted, which allows context-dependent attackers to execute arbitrary code without the untrusted-code restrictions via a crafted application, related to NetX.
5686| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
5687| [CVE-2009-1879] Cross-site scripting (XSS) vulnerability in index.template.html in the express-install templates in the SDK in Adobe Flex before 3.4, when the installed Flash version is older than a specified requiredMajorVersion value, allows remote attackers to inject arbitrary web script or HTML via the query string.
5688| [CVE-2009-1729] Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain.
5689| [CVE-2009-1635] Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to inject arbitrary web script or HTML via (1) the User.lang parameter to the login page (aka gw/webacc), (2) style expressions in a message that contains an HTML file, or (3) vectors associated with incorrect protection mechanisms against scripting, as demonstrated using whitespace between JavaScript event names and values.
5690| [CVE-2009-1536] ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."
5691| [CVE-2009-1521] Unspecified vulnerability in the Java GUI in the IBM Tivoli Storage Manager (TSM) client 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.5, 5.4.0.0 through 5.4.2.6, and 5.5.0.0 through 5.5.1.17, and the TSM Express client 5.3.3.0 through 5.3.6.5, allows attackers to read or modify arbitrary files via unknown vectors.
5692| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
5693| [CVE-2009-1219] Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allows remote attackers to cause a denial of service (daemon crash) via multiple requests to the default URI with alphabetic characters in the tzid parameter.
5694| [CVE-2009-1218] Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via (1) the fmt-out parameter to login.wcap or (2) the date parameter to command.shtml.
5695| [CVE-2009-1190] Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540.
5696| [CVE-2009-1070] Cross-site scripting (XSS) vulnerability in system/index.php in ExpressionEngine 1.6.4 through 1.6.6, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the avatar parameter.
5697| [CVE-2009-1000] The Oracle Applications Framework component in Oracle E-Business Suite 12.0.6 and 11i10CU2 uses default passwords for unspecified "FND Applications Users (not DB users)," which has unknown impact and attack vectors.
5698| [CVE-2009-0995] Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.0.6 and 11i10CU2 allows remote attackers to affect integrity via unknown vectors.
5699| [CVE-2009-0981] Unspecified vulnerability in the Application Express component in Oracle Database 11.1.0.7 allows remote authenticated users to affect confidentiality, related to APEX. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue allows remote authenticated users to obtain APEX password hashes from the WWV_FLOW_USERS table via a SELECT statement.
5700| [CVE-2009-0932] Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
5701| [CVE-2009-0877] Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the (1) Full Name or (2) Subject field.
5702| [CVE-2009-0819] sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.
5703| [CVE-2009-0714] Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for dpwingad (dpwingad.exe) in HP Data Protector Express and Express SSE 3.x before build 47065, and Express and Express SSE 4.x before build 46537, allows remote attackers cause a denial of service (application crash) or read portions of memory via one or more crafted packets.
5704| [CVE-2009-0630] The (1) Cisco Unified Communications Manager Express
5705| [CVE-2009-0419] Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-4033.
5706| [CVE-2009-0404] Multiple cross-site scripting (XSS) vulnerabilities in Bioinformatics htmLawed 1.1.3 and 1.1.4 allow remote attackers to inject arbitrary web script or HTML via invalid Cascading Style Sheets (CSS) expressions in the style attribute, which is processed by Internet Explorer 7.
5707| [CVE-2009-0362] filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service (forced authentication failures) via a crafted reverse-resolved DNS name (rhost) entry that contains a substring that is interpreted as an IP address, a different vulnerability than CVE-2007-4321.
5708| [CVE-2009-0091] Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability."
5709| [CVE-2009-0090] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
5710| [CVE-2009-0015] Unspecified vulnerability in fseventsd in the FSEvents framework in Apple Mac OS X 10.5.6 allows local users to obtain sensitive information (filesystem activities and directory names) via unknown vectors related to "credential management."
5711| [CVE-2008-7220] Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests" via unknown vectors.
5712| [CVE-2008-7123] Static code injection vulnerability in admin/configuration/modifier.php in zKup CMS 2.0 through 2.3 allows remote attackers to inject arbitrary PHP code into fichiers/config.php via a null byte (%00) in the login parameter in an ajout action, which bypasses the regular expression check.
5713| [CVE-2008-6992] GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4, allows remote attackers to bypass the SQL injection protection mechanism via a WHERE clause containing an expression such as "x=y=z", which is successfully parsed by MySQL.
5714| [CVE-2008-6531] The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole."
5715| [CVE-2008-6428] The CGI framework in Kaya 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors.
5716| [CVE-2008-6217] Cross-site scripting (XSS) vulnerability in index.php in Extrakt Framework 0.7 allows remote attackers to inject arbitrary web script or HTML via the plugins[file][id] parameter. NOTE: the provenance of this information is unknown
5717| [CVE-2008-5917] Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes.
5718| [CVE-2008-5745] Integer overflow in quartz.dll in the DirectShow framework in Microsoft Windows Media Player (WMP) 9, 10, and 11, including 11.0.5721.5260, allows remote attackers to cause a denial of service (application crash) via a crafted (1) WAV, (2) SND, or (3) MID file. NOTE: this has been incorrectly reported as a code-execution vulnerability. NOTE: it is not clear whether this issue is related to CVE-2008-4927.
5719| [CVE-2008-5590] SQL injection vulnerability in customer.forumtopic.php in Kalptaru Infotech Product Sale Framework 0.1 beta allows remote attackers to execute arbitrary SQL commands via the forum_topic_id parameter.
5720| [CVE-2008-5551] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."
5721| [CVE-2008-5446] Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows remote authenticated users to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is related to unrestricted guest access to the "About Us Page" in the Oracle Applications Framework (OAF), which allows attackers to obtain sensitive system and application environment information.
5722| [CVE-2008-5424] The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822
5723| [CVE-2008-5402] Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."
5724| [CVE-2008-5162] The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function's return values and conduct certain attacks against the GEOM framework and various network protocols, related to the Yarrow random number generator.
5725| [CVE-2008-5100] The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.
5726| [CVE-2008-5043] Multiple cross-site scripting (XSS) vulnerabilities in the web-based interface in IBM Metrica Service Assurance Framework allow remote authenticated users to inject arbitrary web script or HTML via (1) the elementid parameter in a generatedreportresults action to the ReportTree program, (2) the jnlpname parameter to the Launch program, or (3) the :tasklabel parameter to the ReportRequest program, related to the name of a report.
5727| [CVE-2008-4828] Multiple stack-based buffer overflows in dsmagent.exe in the Remote Agent Service in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, and 5.4.0.0 through 5.4.1.96, and the TSM Express client 5.3.3.0 through 5.3.6.4, allow remote attackers to execute arbitrary code via (1) a request packet that is not properly parsed by an unspecified "generic string handling function" or (2) a crafted NodeName in a dicuGetIdentifyRequest request packet, related to the (a) Web GUI and (b) Java GUI.
5728| [CVE-2008-4630] Multiple unspecified vulnerabilities in Midgard Components (MidCOM) Framework before 8.09.1 have unknown impact and attack vectors.
5729| [CVE-2008-4563] Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value.
5730| [CVE-2008-4557] plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 (aka Strawberry) allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression.
5731| [CVE-2008-4502] Multiple PHP remote file inclusion vulnerabilities in DataFeedFile (DFF) PHP Framework API allow remote attackers to execute arbitrary PHP code via a URL in the DFF_config[dir_include] parameter to (1) DFF_affiliate_client_API.php, (2) DFF_featured_prdt.func.php, (3) DFF_mer.func.php, (4) DFF_mer_prdt.func.php, (5) DFF_paging.func.php, (6) DFF_rss.func.php, and (7) DFF_sku.func.php in include/.
5732| [CVE-2008-4471] Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to overwrite arbitrary files via "..\" sequences in the argument to the SaveAS method.
5733| [CVE-2008-4033] Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."
5734| [CVE-2008-4005] Unspecified vulnerability in the Oracle Application Express component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
5735| [CVE-2008-3993] Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2 and 12.0.4 allows remote authenticated users to affect integrity via unknown vectors.
5736| [CVE-2008-3843] Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "<~/" (less-than tilde slash) sequence followed by a crafted STYLE element.
5737| [CVE-2008-3842] Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "</" (less-than slash) sequence.
5738| [CVE-2008-3656] Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.
5739| [CVE-2008-3443] The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.
5740| [CVE-2008-3253] Cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express, Standard, and Enterprise Edition 4.1.0
5741| [CVE-2008-2930] Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests with patterns, related to a single-threaded regular-expression subsystem.
5742| [CVE-2008-2929] Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Directory Server, allow remote attackers to inject arbitrary web script or HTML via input values that use % (percent) escaping.
5743| [CVE-2008-2640] Multiple cross-site scripting (XSS) vulnerabilities in the Flex 3 History Management feature in Adobe Flex 3.0.1 SDK and Flex Builder 3, and generated applications, allow remote attackers to inject arbitrary web script or HTML via the anchor identifier to (1) client-side-detection-with-history/history/historyFrame.html, (2) express-installation-with-history/history/historyFrame.html, or (3) no-player-detection-with-history/history/historyFrame.html in templates/html-templates/. NOTE: Firefox 2.0 and possibly other browsers prevent exploitation.
5744| [CVE-2008-2371] Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches.
5745| [CVE-2008-1927] Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.
5746| [CVE-2008-1855] FrameworkService.exe in McAfee Common Management Agent (CMA) 3.6.0.574 Patch 3 and earlier, as used by ePolicy Orchestrator (ePO) and ProtectionPilot (PrP), allows remote attackers to corrupt memory and cause a denial of service (CMA Framework service crash) via a long invalid method in requests for the /spin//AVClient//AVClient.csp URI, a different vulnerability than CVE-2006-5274.
5747| [CVE-2008-1822] Unspecified vulnerability in the Oracle Application Express component in Oracle Application Express 3.0.1 has unknown impact and remote attack vectors, aka APEX02.
5748| [CVE-2008-1811] Unspecified vulnerability in Oracle Application Express 3.0.1 has unspecified impact and remote authenticated attack vectors related to flows_030000.wwv_execute_immediate, aka APEX01. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that APEX01 is for insufficient authorization checks for SQL commands in the run_ddl function in flows_030000.wwv_execute_immediate, allowing privilege escalation by certain non-DBA remote authenticated users.
5749| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
5750| [CVE-2008-1717] WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to obtain the full path via invalid (1) page and (2) form parameters, which leaks the path from an exception handler when a valid class cannot be found.
5751| [CVE-2008-1716] Cross-site scripting (XSS) vulnerability in WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the (1) page and (2) form parameters, which are not properly handled when they are reflected back in an error message.
5752| [CVE-2008-1677] Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression.
5753| [CVE-2008-1676] Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate System (aka Certificate Server or RHCS) 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended restrictions and conduct man-in-the-middle attacks by submitting a certificate signing request (CSR) and using the resulting certificate.
5754| [CVE-2008-1448] The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability."
5755| [CVE-2008-1154] The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.
5756| [CVE-2008-1026] Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflow.
5757| [CVE-2008-1010] Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows remote attackers to execute arbitrary code via crafted regular expressions in JavaScript.
5758| [CVE-2008-0985] Heap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute arbitrary code via a crafted GIF file whose logical screen height and width are different than the actual height and width.
5759| [CVE-2008-0938] Unspecified vulnerability in the dynamic tracing framework (DTrace) in Sun Solaris 10 allows local users with PRIV_DTRACE_USER or PRIV_DTRACE_PROC privileges to obtain sensitive kernel information via unspecified vectors, a different vulnerability than CVE-2007-4126.
5760| [CVE-2008-0920] SQL injection vulnerability in port/modifyportform.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 allows remote authenticated users to execute arbitrary SQL commands via the portname parameter, which is not properly handled by a validation regular expression.
5761| [CVE-2008-0903] Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL.
5762| [CVE-2008-0902] Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694.
5763| [CVE-2008-0901] BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not.
5764| [CVE-2008-0900] Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.
5765| [CVE-2008-0899] Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via URLs that are not properly handled by the Unexpected Exception Page.
5766| [CVE-2008-0895] BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers.
5767| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
5768| [CVE-2008-0863] BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service's WSDL and security policies, which allows remote attackers to obtain sensitive information and potentially launch further attacks.
5769| [CVE-2008-0674] Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255.
5770| [CVE-2008-0545] Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) uri parameter to (a) yui-menu.tpl.php, (b) simple.tpl.php, and (c) advanced.tpl.php in dispatcher/framework/
5771| [CVE-2008-0521] Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to read arbitrary files via a .. (dot dot) in the uri parameter to dispatcher.php in (1) examples/dispatcher/framework/, (2) examples/dispatcher/, (3) examples/wizard/, and (4) PHP/, different vectors than CVE-2008-0545.
5772| [CVE-2008-0247] Heap-based buffer overflow in the Express Backup Server service (dsmsvc.exe) in IBM Tivoli Storage Manager (TSM) Express 5.3 before 5.3.7.3 allows remote attackers to execute arbitrary code via a packet with a large length value.
5773| [CVE-2008-0202] CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter.
5774| [CVE-2008-0201] Cross-site scripting (XSS) vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameter.
5775| [CVE-2008-0172] The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression.
5776| [CVE-2008-0171] regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression.
5777| [CVE-2008-0107] Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE)
5778| [CVE-2008-0106] Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
5779| [CVE-2008-0086] Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
5780| [CVE-2008-0085] SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE)
5781| [CVE-2008-0047] Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions.
5782| [CVE-2007-6433] The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.
5783| [CVE-2007-6408] IBM Tivoli Provisioning Manager Express provides unspecified information in error messages when (1) attempted duplication of a username occurs when creating an account or (2) when trying to login using a valid username, which makes it easier for remote attackers to enumerate usernames.
5784| [CVE-2007-6407] Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Provisioning Manager Express allow remote attackers to inject arbitrary web script or HTML via the (1) "assess modification," (2) user-id, and other unspecified fields to the /tpmx URI
5785| [CVE-2007-6345] SQL injection vulnerability in aurora framework before 20071208 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the value parameter to the pack_var function in module/db.lib/db_mysql.lib. NOTE: some of these details are obtained from third party information.
5786| [CVE-2007-6321] Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands.
5787| [CVE-2007-6067] Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.
5788| [CVE-2007-6018] IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.
5789| [CVE-2007-5715] DenyHosts 2.6 processes OpenSSH sshd "not listed in AllowUsers" log messages with an incorrect regular expression that does not match an IP address, which might allow remote attackers to avoid detection and blocking when making invalid login attempts with a username not present in AllowUsers, as demonstrated by the root username, a different vulnerability than CVE-2007-4323.
5790| [CVE-2007-5712] The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers.
5791| [CVE-2007-5470] Microsoft Expression Media stores the catalog password in cleartext in the catalog IVC file, which allows local users to obtain sensitive information and gain access to the catalog by reading the IVC file.
5792| [CVE-2007-5116] Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.
5793| [CVE-2007-4772] The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.
5794| [CVE-2007-4771] Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information.
5795| [CVE-2007-4769] The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.
5796| [CVE-2007-4768] Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.
5797| [CVE-2007-4767] Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code.
5798| [CVE-2007-4766] Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences.
5799| [CVE-2007-4763] PHP remote file inclusion vulnerability in dbmodules/DB_adodb.class.php in PHP Object Framework (PHPOF) 20040226 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHPOF_INCLUDE_PATH parameter.
5800| [CVE-2007-4607] Buffer overflow in the EasyMailSMTPObj ActiveX control in emsmtp.dll 6.0.1 in the Quiksoft EasyMail SMTP Object, as used in Postcast Server Pro 3.0.61, allows remote attackers to execute arbitrary code via a long argument to the SubmitToExpress method, a different vulnerability than CVE-2007-1029.
5801| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
5802| [CVE-2007-4472] Multiple buffer overflows in the Broderbund Expressit 3DGreetings Player ActiveX control could allow remote attackers to execute arbitrary code via unspecified vectors.
5803| [CVE-2007-4430] Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows context-dependent attackers to cause a denial of service (device restart and BGP routing table rebuild) via certain regular expressions in a "show ip bgp regexp" command. NOTE: unauthenticated remote attacks are possible in environments with anonymous telnet and Looking Glass access.
5804| [CVE-2007-4126] Unspecified vulnerability in the dynamic tracing framework (DTrace) on Sun Solaris 10 before 20070730 allows local users with PRIV_DTRACE_USER privileges to cause a denial of service (panic or hang) via unspecified use of certain DTrace programs.
5805| [CVE-2007-4040] Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.
5806| [CVE-2007-4026] epesi framework before 0.8.6 does not properly verify file extensions, which allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving the gallery images upload feature. NOTE: some of these details are obtained from third party information.
5807| [CVE-2007-3992] SQL injection vulnerability in vir_login.asp in iExpress Property Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the Username parameter is covered by CVE-2006-6029. NOTE: the provenance of this information is unknown
5808| [CVE-2007-3944] Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier.
5809| [CVE-2007-3902] Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability."
5810| [CVE-2007-3897] Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.
5811| [CVE-2007-3860] Unspecified vulnerability in Oracle Application Express (formerly Oracle HTML DB) 2.2.0.00.32 up to 3.0.0.00.20 allows developers to have an unknown impact via unknown attack vectors, aka APEX01. NOTE: a reliable researcher states that this is SQL injection in the wwv_flow_security.check_db_password function due to insufficient checks for '"' characters.
5812| [CVE-2007-3627] Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) login.php, (2) auth.php, and (3) subscribe.php. NOTE: the month.php, year.php, week.php, and day.php vectors are already covered by CVE-2005-4009. NOTE: the provenance of this information is unknown
5813| [CVE-2007-3578] PHPIDS before 20070703 does not properly handle (1) arithmetic expressions and (2) unclosed comments, which allows remote attackers to inject arbitrary web script.
5814| [CVE-2007-3555] Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424.
5815| [CVE-2007-3495] Multiple cross-site scripting (XSS) vulnerabilities in the SAP Internet Communication Framework (BC-MID-ICF) in the SAP Basis component 700 before SP12, and 640 before SP20, allow remote attackers to inject arbitrary web script or HTML via certain parameters associated with the default login error page.
5816| [CVE-2007-3025] Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular expressions.
5817| [CVE-2007-2836] Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout.
5818| [CVE-2007-2765] blockhosts.py in BlockHosts before 2.0.3 does not properly parse daemon log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by logging in through ssh using a login name containing certain strings with an IP address, which is not properly handled by a regular expression, a related issue to CVE-2006-6301.
5819| [CVE-2007-2700] The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain, which allows remote authenticated users to obtain sensitive information.
5820| [CVE-2007-2699] The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files.
5821| [CVE-2007-2697] The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7.0 through SP6, 8.1 through SP5, 9.0, and 9.1, when in certain configurations, does not limit or audit failed authentication attempts, which allows remote attackers to more easily conduct brute-force attacks against the administrator password, or flood the server with login attempts and cause a denial of service.
5822| [CVE-2007-2695] The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0, and 9.1, when SecureProxy is enabled, may process "external requests on behalf of a system identity," which allows remote attackers to access administrative data or functionality.
5823| [CVE-2007-2694] Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0 GA, and 9.1 GA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5824| [CVE-2007-2636] Unspecified vulnerability in phpTodo before 0.8.1 allows remote attackers to have an unknown impact via newlines in regular expressions to (1) index.php, (2) feed.php, (3) prefs.php, and (4) todolist.php
5825| [CVE-2007-2592] Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files.
5826| [CVE-2007-2591] usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to modify user account details and cause a denial of service (account deactivation) via the userid parameter in an update action.
5827| [CVE-2007-2590] Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1) usrmgr/userList.asp or (2) usrmgr/userStatusList.asp.
5828| [CVE-2007-2555] Unspecified vulnerability in Default.aspx in Podium CMS allows remote attackers to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to "cookie manipulation." NOTE: this issue might be cross-site scripting (XSS).
5829| [CVE-2007-2385] The Yahoo! UI framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
5830| [CVE-2007-2384] The Script.aculo.us framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
5831| [CVE-2007-2383] The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
5832| [CVE-2007-2382] The Moo.fx framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
5833| [CVE-2007-2381] The MochiKit framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
5834| [CVE-2007-2380] The Microsoft Atlas framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
5835| [CVE-2007-2379] The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
5836| [CVE-2007-2378] The Google Web Toolkit (GWT) framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
5837| [CVE-2007-2377] The Getahead Direct Web Remoting (DWR) framework 1.1.4 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
5838| [CVE-2007-2376] The Dojo framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
5839| [CVE-2007-2227] The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability."
5840| [CVE-2007-2225] A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."
5841| [CVE-2007-2164] Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or abort) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
5842| [CVE-2007-2163] Apple Safari allows remote attackers to cause a denial of service (browser crash) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
5843| [CVE-2007-2162] (1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service (browser crash or system hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
5844| [CVE-2007-2161] Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (browser hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
5845| [CVE-2007-2137] Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express 6.1.0 before Fix Pack 2, as used in Tivoli Universal Agent, Windows OS Monitoring agent, and Enterprise Portal Server, allows remote attackers to execute arbitrary code by sending a long string to a certain TCP port.
5846| [CVE-2007-2109] Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) Rules Manager and Expression Filter components (DB02) and (2) Oracle Streams (DB06). Note: as of 20070424, Oracle has not disputed reliable claims that DB02 is for a race condition in the RLMGR_TRUNCATE_MAINT trigger in the Rules Manager and Expression Filter components changing the AUTHID of a package from DEFINER to CURRENT_USER after a TRUNCATE call, and DB06 is for SQL injection in the DBMS_APPLY_USER_AGENT.SET_REGISTRATION_HANDLER procedure, which is later passed to the DBMS_APPLY_ADM_INTERNAL.ALTER_APPLY procedure, aka "Oracle Streams".
5847| [CVE-2007-2026] The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS.
5848| [CVE-2007-1982] Multiple PHP remote file inclusion vulnerabilities in Really Simple PHP and Ajax (RSPA) 2007-03-23 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) __IncludeFilePHPClass, (2) __ClassPath, and (3) __class parameters to (a) rspa/framework/Controller_v5.php, and (b) rspa/framework/Controller_v4.php.
5849| [CVE-2007-1900] CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address string.
5850| [CVE-2007-1662] Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references.
5851| [CVE-2007-1661] Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.
5852| [CVE-2007-1660] Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code.
5853| [CVE-2007-1659] Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes.
5854| [CVE-2007-1622] Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.
5855| [CVE-2007-1493] nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172.
5856| [CVE-2007-1474] Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames.
5857| [CVE-2007-1473] Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php.
5858| [CVE-2007-1467] Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form.
5859| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
5860| [CVE-2007-1003] Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption.
5861| [CVE-2007-0995] Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.
5862| [CVE-2007-0988] The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.
5863| [CVE-2007-0918] The ATOMIC.TCP signature engine in the Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service (IPS crash and traffic loss) via unspecified manipulations that are not properly handled by the regular expression feature, as demonstrated using the 3123.0 (Netbus Pro Traffic) signature.
5864| [CVE-2007-0917] The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets.
5865| [CVE-2007-0746] Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference".
5866| [CVE-2007-0742] The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier allows subdomain cookies to be accessed by the parent domain, which allows remote attackers to obtain sensitive information.
5867| [CVE-2007-0677] PHP remote file inclusion vulnerability in fw/class.Quick_Config_Browser.php in Cadre PHP Framework 20020724 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][framework_path] parameter.
5868| [CVE-2007-0614] The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (persistent application crash) via a crafted phsh hash attribute in a TXT key.
5869| [CVE-2007-0613] The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 does not check for duplicate entries when adding newly discovered available contacts, which allows remote attackers to cause a denial of service (disrupted communication) via a flood of duplicate _presence._tcp mDNS queries.
5870| [CVE-2007-0584] PHP remote file inclusion vulnerability in membres/membreManager.php in PhP Generic Library & Framework for comm (g-neric) allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
5871| [CVE-2007-0516] Yana Framework before 2.8.5a allows remote authenticated users with permissions to modify a guestbook profile to modify or delete arbitrary guestbook profiles via unspecified vectors. NOTE: The provenance of this information is unknown
5872| [CVE-2007-0162] Unsanity Application Enhancer (APE) 2.0.2 installs with insecure permissions for the (1) ApplicationEnhancer binary and the (2) /Library/Frameworks/ApplicationEnhancer.framework directory, which allows local users to gain privileges by modifying or replacing the binary or library files.
5873| [CVE-2007-0117] DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation.
5874| [CVE-2007-0043] The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".
5875| [CVE-2007-0042] Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."
5876| [CVE-2007-0041] The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.
5877| [CVE-2006-7230] Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions.
5878| [CVE-2006-7228] Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
5879| [CVE-2006-7227] Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
5880| [CVE-2006-7226] Perl-Compatible Regular Expression (PCRE) library before 6.7 does not properly calculate the compiled memory allocation for regular expressions that involve a quantified "subpattern containing a named recursion or subroutine reference," which allows context-dependent attackers to cause a denial of service (error or crash).
5881| [CVE-2006-7225] Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or crash) via a regular expression that involves a "malformed POSIX character class", as demonstrated via an invalid character after a [[ sequence.
5882| [CVE-2006-7158] Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_MSG parameter. NOTE: it is likely that this issue overlaps one of the identifiers in CVE-2006-5351.
5883| [CVE-2006-6957] PHP remote file inclusion vulnerability in addons/mod_media/body.php in Docebo 3.0.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_framework] parameter. NOTE: this issue might be resultant from a global overwrite vulnerability. This issue is similar to CVE-2006-2576 and CVE-2006-3107, but the vectors are different.
5884| [CVE-2006-6749] Buffer overflow in the parse_expression function in parse_config in OpenSER 1.1.0 allows attackers to have an unknown impact via a long str parameter.
5885| [CVE-2006-6707] Stack-based buffer overflow in the NeoTraceExplorer.NeoTraceLoader ActiveX control (NeoTraceExplorer.dll) in NeoTrace Express 3.25 and NeoTrace Pro (aka McAfee Visual Trace) 3.25 allows remote attackers to execute arbitrary code via a long argument string to the TraceTarget method. NOTE: The provenance of this information is unknown
5886| [CVE-2006-6629] lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl.
5887| [CVE-2006-6301] DenyHosts 2.5 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain strings with an IP address, which is not properly handled by a regular expression.
5888| [CVE-2006-6015] Buffer overflow in the JavaScript implementation in Safari on Apple Mac OS X 10.4 allows remote attackers to cause a denial of service (application crash) via a long argument to the exec method of a regular expression.
5889| [CVE-2006-5936] SQL injection vulnerability in dept.asp in SiteXpress E-Commerce System allows remote attackers to execute arbitrary SQL commands via the id parameter.
5890| [CVE-2006-5900] Cross-site scripting (XSS) vulnerability in the incubator/tests/Zend/Http/_files/testRedirections.php sample code in Zend Framework Preview 0.2.0 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters.
5891| [CVE-2006-5712] Cross-site scripting (XSS) vulnerability in Mirapoint WebMail allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated using the width style for an IMG element.
5892| [CVE-2006-5653] Cross-site scripting (XSS) vulnerability in the errorHTML function in the index script in Sun Java System Messenger Express 6 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers a new CVE was assigned.
5893| [CVE-2006-5652] Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an IMG element. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers, it has been assigned a new CVE.
5894| [CVE-2006-5599] Cross-site scripting (XSS) vulnerability in Oracle Application Express (formerly HTML DB) before 2.2.1 allows remote attackers to inject arbitrary HTML or web script via the WWV_FLOW_ITEM_HELP package. NOTE: it is likely that this issue overlaps one of the Oracle VulnIDs covered by CVE-2006-5351. Oracle has not publicly disputed claims by a reliable researcher that this has been fixed by the October 2006 CPU.
5895| [CVE-2006-5367] Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.7 up to 11.5.10CU2 have unknown impact and remote authenticated attack vectors, aka Vuln# (1) APPS03 in Oracle Applications Framework, (2) APPS04 in Oracle Applications Technology Stack, and (3) APPS05 in Oracle Balanced Scorecard, (4) APPS09 in Oracle Scripting, and (5) APPS10 in Oracle Trading Community.
5896| [CVE-2006-5352] Multiple unspecified vulnerabilities in Oracle Application Express 1.5 up to 1.6.1 have unknown impact and remote attack vectors, aka Vuln# (1) APEX04, (2) APEX20, and (3) APEX21.
5897| [CVE-2006-5351] Multiple unspecified vulnerabilities in Oracle Application Express (formerly Oracle HTML DB) 1.5 up to 2.0 have unknown impact and remote attack vectors, aka Vuln# (1) APEX01, (2) APEX02, (3) APEX03, (4) APEX05, (5) APEX06, (6) APEX07, (7) APEX08, (8) APEX09, (9) APEX10, (10) APEX11, (11) APEX12, (12) APEX13, (13) APEX14, (14) APEX15, (15) APEX16, (16) APEX17, (17) APEX18, (18) APEX19, (19) APEX22, (20) APEX23, (21) APEX24, (22) APEX25, (23) APEX26, (24) APEX27, (25) APEX28, (26) APEX29, (27) APEX30, (28) APEX31, (29) APEX32, (30) APEX33, (31) APEX34, and (32) APEX35. NOTE: as of 20061027, it is likely that some of these identifiers are associated with cross-site scripting (XSS) in WWV_FLOW_ITEM_HELP and NOTIFICATION_MSG, but these have been provided separate identifiers.
5898| [CVE-2006-5274] Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 allows remote attackers to cause a denial of service (CMA Framework service crash) and possibly execute arbitrary code via unspecified vectors.
5899| [CVE-2006-4859] Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contact_attach parameter in a contact option in index.php, which bypasses an insufficiently restrictive regular expression.
5900| [CVE-2006-4566] Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set ("[\\"), which leads to a buffer over-read.
5901| [CVE-2006-4565] Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a "minimal quantifier."
5902| [CVE-2006-4527] includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file inclusion attacks.
5903| [CVE-2006-4410] The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists (CRL), which allows remote attackers to access systems by using revoked certificates.
5904| [CVE-2006-4409] The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked.
5905| [CVE-2006-4408] The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification. NOTE: this issue may be similar to CVE-2006-2940.
5906| [CVE-2006-4407] The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic.
5907| [CVE-2006-4256] index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS.
5908| [CVE-2006-4032] Unspecified vulnerability in Cisco IOS CallManager Express (CME) allows remote attackers to gain sensitive information (user names) from the Session Initiation Protocol (SIP) user directory via certain SIP messages, aka bug CSCse92417.
5909| [CVE-2006-3676] admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote attackers to execute arbitrary PHP code by uploading files with a double extension and directly accessing the file in the images directory, which bypasses a regular expression check for safe file types.
5910| [CVE-2006-3623] Directory traversal vulnerability in Framework Service component in McAfee ePolicy Orchestrator agent 3.5.0.x and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the directory and filename in a PropsResponse (PackageType) request.
5911| [CVE-2006-3549] services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server.
5912| [CVE-2006-3548] Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen).
5913| [CVE-2006-3436] Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
5914| [CVE-2006-3107] Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) GLOBALS[where_framework] to (a) admin/modules/news/news_class.php and (b) admin/modules/content/content_class.php, and (2) GLOBALS[where_cms] to (c) admin/modules/block_media/util.media.php. NOTE: this issue might be resultant from a global overwrite vulnerability. This issue is similar to CVE-2006-2576, but the vectors are different.
5915| [CVE-2006-2973] Multiple SQL injection vulnerabilities in month.php in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) catid and (2) cid parameter. NOTE: this might be a duplicate of CVE-2005-4009.c.
5916| [CVE-2006-2878] The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by preg_replace with the /e (executable) modifier.
5917| [CVE-2006-2864] Multiple PHP remote file inclusion vulnerabilities in BlueShoes Framework 4.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) APP[path][applications] parameter to (a) Bs_Faq.class.php, (2) APP[path][core] parameter to (b) fileBrowserInner.php, (c) file.php, and (d) viewer.php, and (e) Bs_ImageArchive.class.php, (3) GLOBALS[APP][path][core] parameter to (f) Bs_Ml_User.class.php, or (4) APP[path][plugins] parameter to (g) Bs_Wse_Profile.class.php.
5918| [CVE-2006-2766] Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file.
5919| [CVE-2006-2576] Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) GLOBALS[where_framework] to (a) lib.simplesel.php, (b) lib.filelist.php, (c) tree.documents.php, (d) lib.repo.php, and (e) lib.php, and (2) GLOBALS[where_scs] to (f) lib.teleskill.php. NOTE: this issue might be resultant from a global overwrite vulnerability.
5920| [CVE-2006-2386] Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file.
5921| [CVE-2006-2228] Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) 4.2.0 allows remote attackers to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript event name followed by whitespace before the '=' (equals) character, which bypasses a restrictive regular expression that attempts to remove onmouseover and other events.
5922| [CVE-2006-2168] FileProtection Express 1.0.1 and earlier allows remote attackers to bypass authentication via a cookie with an Admin value of 1.
5923| [CVE-2006-2166] Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password.
5924| [CVE-2006-2111] A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability."
5925| [CVE-2006-2059] action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a "#e" (execute) modifier.
5926| [CVE-2006-1961] Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the "show" command in the application's command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE). NOTE: other issues might be addressed by the Cisco advisory.
5927| [CVE-2006-1960] Cross-site scripting (XSS) vulnerability in the appliance web user interface in Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13 allows remote attackers to inject arbitrary web script or HTML, possibly via the displayMsg parameter to archiveApplyDisplay.jsp, aka bug ID CSCsc01095.
5928| [CVE-2006-1909] Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "../" sequences.
5929| [CVE-2006-1895] Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose ".*" regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl.
5930| [CVE-2006-1885] Multiple unspecified vulnerabilities in the Reporting Framework component in Oracle Enterprise Manager 9.0.1.5 and 9.2.0.7 have unknown impact and attack vectors, aka Vuln# (1) EM01 and (2) EM02.
5931| [CVE-2006-1737] Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression.
5932| [CVE-2006-1526] Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a "&" instead of a "*" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue.
5933| [CVE-2006-1520] Format string vulnerability in ANSI C Sender Policy Framework library (libspf) before 1.0.0-p5, when debugging is enabled, allows remote attackers to execute arbitrary code via format string specifiers, possibly in an e-mail address.
5934| [CVE-2006-1511] Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and 1.1 Framework might allow user-assisted attackers to execute arbitrary code via a .il file that calls a function with a long name.
5935| [CVE-2006-1491] Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer.
5936| [CVE-2006-1401] Multiple cross-site scripting (XSS) vulnerabilities in search.php in Calendar Express 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) allwords or (2) oneword parameter. NOTE: the provenance of this information is unknown
5937| [CVE-2006-1352] BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and WebLogic Server 6.1 SP7 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via crafted non-canonicalized XML documents.
5938| [CVE-2006-1300] Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."
5939| [CVE-2006-1260] Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check.
5940| [CVE-2006-1244] Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.
5941| [CVE-2006-0907] SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows remote attackers to execute arbitrary SQL commands via encoded /%2a (/*) sequences in the query string, which bypasses regular expressions that are intended to protect against SQL injection, as demonstrated via the kala parameter.
5942| [CVE-2006-0860] Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer Guestbox 0.6, and other versions before 0.8, allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags that follow a "http://" string, which bypasses a regular expression check, and (2) other unspecified attack vectors.
5943| [CVE-2006-0758] Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via a URL encoded expression in the query string in (1) index.php and (2) possibly certain other scripts, which is not properly cleansed when accessed from the $_SERVER['PHP_SELF'] variable.
5944| [CVE-2006-0635] Tiny C Compiler (TCC) 0.9.23 (aka TinyCC) evaluates the "i>sizeof(int)" expression to false when i equals -1, which might introduce integer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.
5945| [CVE-2006-0634] Borland C++Builder 6 (BCB6) with Update Pack 4 Enterprise edition (ent_upd4) evaluates the "i>sizeof(int)" expression to false when i equals -1, which might introduce integer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.
5946| [CVE-2006-0461] Cross-site scripting (XSS) vulnerability in core.input.php in ExpressionEngine 1.4.1 allows remote attackers to inject arbitrary web script or HTML via HTTP_REFERER (referer).
5947| [CVE-2006-0432] Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0, when an Administrator uses the WebLogic Administration Console to add custom security policies, causes incorrect policies to be created, which prevents the server from properly protecting JNDI resources.
5948| [CVE-2006-0431] Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP5 allows untrusted applications to obtain the server's SSL identity via unknown attack vectors.
5949| [CVE-2006-0430] Certain configurations of BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6, when connection filters are enabled, cause the server to run more slowly, which makes it easier for remote attackers to cause a denial of service (server slowdown).
5950| [CVE-2006-0429] BEA WebLogic Server and WebLogic Express 9.0 causes new security providers to appear active even if they have not been activated by a server reboot, which could cause an administrator to perform inappropriate, security-relevant actions.
5951| [CVE-2006-0427] Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should have been restricted.
5952| [CVE-2006-0426] BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configuration auditing is enabled and a password change occurs, stores the old and new passwords in cleartext in the DefaultAuditRecorder.log file, which could allow attackers to gain privileges.
5953| [CVE-2006-0424] BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allows remote authenticated guest users to read the server log and obtain sensitive configuration information.
5954| [CVE-2006-0422] Multiple unspecified vulnerabilities in BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allow remote attackers to access MBean attributes or cause an unspecified denial of service via unknown attack vectors.
5955| [CVE-2006-0421] By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to access other created domains, which could allow administrators to gain privileges that were not intended.
5956| [CVE-2006-0420] BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 through SP6 does not properly handle when servlets use relative forwarding, which allows remote attackers to cause a denial of service (slowdown) via unknown attack vectors that cause "looping stack overflow errors."
5957| [CVE-2006-0419] BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6 allows anonymous binds to the embedded LDAP server, which allows remote attackers to read user entries or cause a denial of service (unspecified) via a large number of connections.
5958| [CVE-2006-0391] Directory traversal vulnerability in the BOM framework in Mac OS X 10.x before 10.3.9 and 10.4 before 10.4.5 allows user-assisted attackers to overwrite or create arbitrary files via an archive that is handled by BOMArchiveHelper.
5959| [CVE-2006-0301] Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.
5960| [CVE-2006-0046] squid_redirect script in adzapper before 2006-01-29 allows remote attackers to cause a denial of service (CPU consumption) via a URL with a large number of trailing / (forward slashes), which might produce inefficient regular expressions.
5961| [CVE-2006-0014] Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.
5962| [CVE-2005-4872] Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of named capturing subpatterns, which allows context-dependent attackers to cause a denial of service (crash) via a regular expression with a large number of named subpatterns, which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
5963| [CVE-2005-4840] The Outlook Express Address Book control, when using Internet Explorer 6, allows remote attackers to cause a denial of service (NULL dereference and browser crash) by creating the OutlookExpress.AddressBook COM object, which is not intended for use within Internet Explorer.
5964| [CVE-2005-4794] Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and Subscriber Edge Services Manager (SESM) allows remote attackers to cause a denial of service (crash or instability) via a compressed DNS packet with a label length byte with an incorrect offset.
5965| [CVE-2005-4767] BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote attackers to guess the password.
5966| [CVE-2005-4766] BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not encrypt multicast traffic, which might allow remote attackers to read sensitive cluster synchronization messages by sniffing the multicast traffic.
5967| [CVE-2005-4765] BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier and 7.0 SP6 and earlier, when using the weblogic.Deployer command with the t3 protocol, does not use the secure t3s protocol even when an Administration port is enabled on the Administration server, which might allow remote attackers to sniff the connection.
5968| [CVE-2005-4764] BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out the admin user account after multiple incorrect password guesses, which allows remote attackers who know or guess the admin account name to cause a denial of service (blocked admin logins).
5969| [CVE-2005-4763] BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier, when Internet Inter-ORB Protocol (IIOP) is used, sometimes include a password in an exception message that is sent to a client or stored in a log file, which might allow remote attackers to perform unauthorized actions.
5970| [CVE-2005-4762] BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier sometimes stores the boot password in the registry in cleartext, which might allow local users to gain administrative privileges.
5971| [CVE-2005-4761] BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier log the Java command line at server startup, which might include sensitive information (passwords or keyphrases) in the server log file when the -D option is used.
5972| [CVE-2005-4760] BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, when fullyDelegatedAuthorization is enabled for a servlet, does not cause servlet deployment to fail when failures occur in authorization or role providers, which might prevent the servlet from being "fully protected."
5973| [CVE-2005-4759] BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a migration across operating system platforms, do not warn the administrative user about platform differences in URLResource case sensitivity, which might cause local users to inadvertently lose protection of Web Application pages.
5974| [CVE-2005-4758] Unspecified vulnerability in the Administration server in BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allows remote authenticated Admin users to read arbitrary files via unknown attack vectors related to an "internal servlet" accessed through HTTP.
5975| [CVE-2005-4757] BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, do not properly "constrain" a "/" (slash) servlet root URL pattern, which might allow remote attackers to bypass intended servlet protections.
5976| [CVE-2005-4756] BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not properly validate derived Principals with multiple PrincipalValidators, which might allow attackers to gain privileges.
5977| [CVE-2005-4755] BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nodemanager.config
5978| [CVE-2005-4754] BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allow remote attackers to obtain sensitive information (intranet IP addresses) via unknown attack vectors involving "network address translation."
5979| [CVE-2005-4753] BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, in certain "heavy usage" scenarios, report incorrect severity levels for an audit event, which might allow attackers to perform unauthorized actions and avoid detection.
5980| [CVE-2005-4752] BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, might allow local users to gain privileges by using the run-as deployment descriptor element to change the privileges of a web application or EJB from the Deployer security role to the Admin security role.
5981| [CVE-2005-4751] Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and WebLogic Express 9.0, 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allow remote attackers to inject arbitrary web script or HTML and gain administrative privileges via unknown attack vectors.
5982| [CVE-2005-4750] BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier allow remote attackers to cause a denial of service (server thread hang) via unknown attack vectors.
5983| [CVE-2005-4749] HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allows remote attackers to inject arbitrary HTTP headers via unspecified attack vectors.
5984| [CVE-2005-4705] BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7, when a Java client application creates an SSL connection to the server after it has already created an insecure connection, will use the insecure connection, which allows remote attackers to sniff the connection.
5985| [CVE-2005-4704] Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through SP6, and 6.1 through SP7, when SSL is intended to be used, causes an unencrypted protocol to be used in certain unspecified circumstances, which causes user credentials to be sent across the network in cleartext and allows remote attackers to gain privileges.
5986| [CVE-2005-4373] Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to obtain the full path of the application via an invalid mode parameter to community.html, which leaks the path in an error message.
5987| [CVE-2005-4372] Cross-site scripting (XSS) vulnerability in account.html in Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter.
5988| [CVE-2005-4260] Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers
5989| [CVE-2005-4190] Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag.
5990| [CVE-2005-4178] Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations.
5991| [CVE-2005-4155] registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via an e-mail address that ends in a NULL character, which bypasses the PHP regular expression check. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a vulnerability in ATutor.
5992| [CVE-2005-4010] SQL injection vulnerability in KBase Express 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to category.php and (2) search parameters to search.php.
5993| [CVE-2005-4009] Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid and (2) catid parameters to (a) day.php, (b) week.php, (c) month.php, and (d) year.php.
5994| [CVE-2005-3714] The network interface for Apple AirPort Express 6.x before Firmware Update 6.3, and AirPort Extreme 5.x before Firmware Update 5.7, allows remote attackers to cause a denial of service (unresponsive interface) via malformed packets.
5995| [CVE-2005-3472] Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files.
5996| [CVE-2005-3431] Absolute path traversal vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to read arbitrary files via a full pathname in the AttachPath field of a mail message under composition.
5997| [CVE-2005-3430] Incomplete blacklist vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions, such as (1) .unk, (2) .asa, and possibly (3) .htr and (4) .aspx, which are not filtered like the .asp extension.
5998| [CVE-2005-3429] Rockliffe MailSite Express before 6.1.22, with the option to save login information enabled, saves user passwords in plaintext in cookies, which allows local users to obtain passwords by reading the cookie file, or remote attackers to obtain the cookies via cross-site scripting (XSS) vulnerabilities.
5999| [CVE-2005-3428] Cross-site scripting (XSS) vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to inject arbitrary web script or HTML via a message body.
6000| [CVE-2005-3420] usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an "e" modifier into a preg_replace statement.
6001| [CVE-2005-3288] Mailsite Express allows remote attackers to upload and execute files with executable extensions such as ASP by attaching the file using the "compose page" feature, then accessing the file from the cache directory before saving or sending the message.
6002| [CVE-2005-3287] Incomplete blacklist vulnerability in Mailsite Express allows remote attackers to upload and possibly execute files via attachments with executable extensions such as ASPX, which are not converted to .TXT like other dangerous extensions, and which can be directly requested from the cache directory.
6003| [CVE-2005-3153] login.php in myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a whitelist regular expression and conduct SQL injection attacks via a username parameter with SQL after a null character, which causes the whitelist check to succeed but injects the SQL into a query string, a different vulnerability than CVE-2005-2838. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a myBloggie vulnerability.
6004| [CVE-2005-2554] The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) uses insecure permissions for the "Common Framework\Db" folder, which allows local users to read arbitrary files by creating a subfolder in the EPO agent web root directory.
6005| [CVE-2005-2491] Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
6006| [CVE-2005-2482] The StateToOptions function in msfweb in Metasploit Framework 2.4 and earlier, when running with the -D option (defanged mode), allows attackers to modify temporary environment variables before the "_Defanged" environment option is checked when processing the Exploit command.
6007| [CVE-2005-2368] vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels.
6008| [CVE-2005-2226] Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information.
6009| [CVE-2005-2170] The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint allows remote attackers to cause a denial of service (process exit and connection loss) by connecting to LCF and ending the connection without sending any data.
6010| [CVE-2005-2169] Directory traversal vulnerability in source.php in Quick & Dirty PHPSource Printer 1.1 and earlier allows remote attackers to read arbitrary files via ".../...//" sequences in the file parameter, which are reduced to "../" when PHPSource Printer uses a regular expression to remove "../" sequences.
6011| [CVE-2005-2151] spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption.
6012| [CVE-2005-1749] Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attackers to cause a denial of service (CPU consumption from thread looping).
6013| [CVE-2005-1748] The embedded LDAP server in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 5, allows remote anonymous binds, which may allow remote attackers to view user entries or cause a denial of service.
6014| [CVE-2005-1747] Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password.
6015| [CVE-2005-1744] BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings.
6016| [CVE-2005-1743] BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 and 7.0 through Service Pack 5 does not properly handle when a security provider throws an exception, which may cause WebLogic to use incorrect identity for the thread, or to fail to audit security exceptions.
6017| [CVE-2005-1742] BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to "shrink or reset JDBC connection pools."
6018| [CVE-2005-1336] Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows local users to execute arbitrary code via a long environment variable.
6019| [CVE-2005-1213] Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.
6020| [CVE-2005-1061] The secure script in LogWatch before 2.6-2 allows attackers to prevent LogWatch from detecting malicious activity via certain strings in the secure file that are later used as part of a regular expression, which causes the parser to crash, aka "logwatch log processing regular expression DoS."
6021| [CVE-2005-0603] viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message.
6022| [CVE-2005-0576] Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files.
6023| [CVE-2005-0289] Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, configured as a Wireless Data Service (WDS), allows remote attackers to cause a denial of service (device freeze) by connecting to UDP port 161 and before link-state change occurs.
6024| [CVE-2005-0202] Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences.
6025| [CVE-2005-0186] Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote attackers to cause a denial of service (device reboot) via a malformed packet to the SCCP port.
6026| [CVE-2004-2741] Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters.
6027| [CVE-2004-2696] BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call.
6028| [CVE-2004-2694] Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top".
6029| [CVE-2004-2629] Multiple vulnerabilities in the H.323 protocol implementation for First Virtual Communications Click to Meet Express (when used with H.323 conferencing endpoints), Click to Meet Premier, Conference Server, and V-Gate allow remote attackers to cause a denial of service, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
6030| [CVE-2004-2590] Unspecified vulnerability in meindlSOFT Cute PHP Library (aka cphplib) 0.46 has unknown impact and attack vectors, related to regular expressions.
6031| [CVE-2004-2452] Unknown vulnerability in Hitachi Cosminexus Portal Framework 01-00, 01-01, 01-02, 02-01, 02-02, 02-03, and other versions allows remote attackers to obtain sensitive information in the <ut:cache> tag library.
6032| [CVE-2004-2424] BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow remote attackers to cause a denial of service (network port comsumption) via unknown actions in HTTPS sessions, which prevents the server from releasing the network port when the session ends.
6033| [CVE-2004-2401] Stack-based buffer overflow in Ipswitch IMail Express Web Messaging before 8.05 might allow remote attackers to execute arbitrary code via an HTML message with long "tag text."
6034| [CVE-2004-2321] BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including (1) ServerStartMBean.Password and (2) NodeManagerMBean.CertificatePassword.
6035| [CVE-2004-2320] The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.
6036| [CVE-2004-2210] Multiple cross-site scripting (XSS) vulnerabilities in Express-Web Content Management System (CMS) allow remote attackers to steal cookie-based authentication information and possibly perform other exploits via the (1) n, (2) b, (3) e, or (4) a parameters to default.asp, (5) the Referer header in an HTTP request to login.asp, or (6) the email parameter to subscribe/default.asp.
6037| [CVE-2004-2137] Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow remote attackers to obtain sensitive information.
6038| [CVE-2004-2067] SQL injection vulnerability in controlpanel.php in Jaws Framework and Content Management System 0.4 allows remote attackers to execute arbitrary SQL and bypass authentication via the (1) user, (2) password, or (3) crypted_password parameters.
6039| [CVE-2004-1758] BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges.
6040| [CVE-2004-1757] BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges.
6041| [CVE-2004-1756] BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote attackers to spoof other users or servers.
6042| [CVE-2004-1755] The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after the first connection, which could allow users to gain privileges.
6043| [CVE-2004-1182] hfaxd in HylaFAX before 4.2.1, when installed with a "weak" hosts.hfaxd file, allows remote attackers to authenticate and bypass intended access restrictions via a crafted (1) username or (2) hostname that satisfies a regular expression that is matched against a hosts.hfaxd entry without a password.
6044| [CVE-2004-1081] The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and 10.3.6 does not properly restrict access to a secure text input field, which allows local users to read keyboard input from other applications within the same window session.
6045| [CVE-2004-0822] Buffer overflow in The Core Foundation framework (CoreFoundation.framework) in Mac OS X 10.2.8, 10.3.4, and 10.3.5 allows local users to execute arbitrary code via a certain environment variable.
6046| [CVE-2004-0821] The CFPlugIn in Core Foundation framework in Mac OS X allows user supplied libraries to be loaded, which could allow local users to gain privileges.
6047| [CVE-2004-0715] The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges.
6048| [CVE-2004-0713] The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remove EJB objects from remote views before the security exception is thrown.
6049| [CVE-2004-0672] Multiple cross-site scripting (XSS) vulnerabilities in the primary and management web interfaces in Netegrity IdentityMinder Web Edition 5.6 allows remote attackers to execute script as other users via (1) script that starts with %00 in the numOfExpressions parameter or (2) the mobjtype parameter.
6050| [CVE-2004-0652] BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods.
6051| [CVE-2004-0471] BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown).
6052| [CVE-2004-0470] BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name tag, which can remove intended access restrictions for the associated web application.
6053| [CVE-2004-0380] The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."
6054| [CVE-2004-0215] Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.
6055| [CVE-2003-1572] Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned applets to cause a denial of service (JVM crash) and read or write unauthorized memory locations via the ReadEnv class, as demonstrated by reading environment variables using modified .data and .size fields.
6056| [CVE-2003-1440] SpamProbe 0.8a allows remote attackers to cause a denial of service (crash) via HTML e-mail with newline characters within an href tag, which is not properly handled by certain regular expressions.
6057| [CVE-2003-1438] Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user.
6058| [CVE-2003-1437] BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access.
6059| [CVE-2003-1419] Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function.
6060| [CVE-2003-1378] Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
6061| [CVE-2003-1290] BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI).
6062| [CVE-2003-1226] BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords.
6063| [CVE-2003-1225] The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords.
6064| [CVE-2003-1224] Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing ("shoulder surfing") the screen.
6065| [CVE-2003-1223] The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (Node Manager crash) via malformed data to the Node Manager's port, as demonstrated by nmap.
6066| [CVE-2003-1222] BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow attackers to obtain the password.
6067| [CVE-2003-1221] BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions.
6068| [CVE-2003-1220] BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (proxy plugin crash) via a malformed URL.
6069| [CVE-2003-1113] The Session Initiation Protocol (SIP) implementation in IPTel SIP Express Router 0.8.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
6070| [CVE-2003-1105] Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered.
6071| [CVE-2003-1095] BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate.
6072| [CVE-2003-1094] BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user, such as in the frequent use of JNDI initial contexts, which could allow remote authenticated users to gain privileges.
6073| [CVE-2003-0733] Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application.
6074| [CVE-2003-0640] BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges.
6075| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
6076| [CVE-2003-0301] The IMAP Client for Outlook Express 6.00.2800.1106 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.
6077| [CVE-2003-0151] BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code.
6078| [CVE-2002-2202] Outlook Express 6.0 does not delete messages from dbx files, even when a user empties the Deleted items folder, which allows local users to read other users email.
6079| [CVE-2002-2177] BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two different HTTP requests, which could allow remote attackers to obtain sensitive information that was intended for other users.
6080| [CVE-2002-2175] phpSquidPass before 0.2 uses an incomplete regular expression to find a matching username in its database, which allows remote authenticated attackers to effectively delete other usernames via a short username that matches the end of the targeted username.
6081| [CVE-2002-2164] Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a long <A HREF> link.
6082| [CVE-2002-2142] An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 through 7.0.0.1, does not prepend a "/" character in certain URL patterns, which prevents the proper enforcement of role mappings and policies in applications that use the extension.
6083| [CVE-2002-2141] BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets and Enterprise JavaBeans (EJB) on more than one server, will remove the security constraints and roles on all servers for any Servlets or EJB that are used by an application that is undeployed on one server, which could allow remote attackers to conduct unauthorized activities in violation of the intended restrictions.
6084| [CVE-2002-1527] emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine the full pathname for emumail.cgi via a malformed string containing script, which generates a regular expression matching error that includes the pathname in the resulting error message.
6085| [CVE-2002-1179] Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message.
6086| [CVE-2002-1169] IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash.
6087| [CVE-2002-1168] Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response.
6088| [CVE-2002-1167] Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request.
6089| [CVE-2002-1121] SMTP content filter engines, including (1) GFI MailSecurity for Exchange/SMTP before 7.2, (2) InterScan VirusWall before 3.52 build 1494, (3) the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046 ("Message Fragmentation and Reassembly") and supported in such products as Outlook Express, which allows remote attackers to bypass content filtering, including virus checking, via fragmented emails of the message/partial content type.
6090| [CVE-2002-1030] Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections.
6091| [CVE-2002-1012] Buffer overflow in web server for Tivoli Management Framework (TMF) ManagedNode 3.6.x through 3.7.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request.
6092| [CVE-2002-1011] Buffer overflow in web server for Tivoli Management Framework (TMF) Endpoint 3.6.x through 3.7.1, before Fixpack 2, allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request.
6093| [CVE-2002-0896] The throttle capability in Swatch may fail to report certain events if (1) the same type of event occurs after the throttle period, or (2) when multiple events matching the same "watchfor" expression do not occur after the throttle period, which could allow attackers to avoid detection.
6094| [CVE-2002-0862] The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.
6095| [CVE-2002-0637] InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass virus protection via e-mail messages with headers that violate RFC specifications by having (or missing) space characters in unexpected places (aka "space gap"), such as (1) Content-Type :", (2) "Content-Transfer-Encoding :", (3) no space before a boundary declaration, or (4) "boundary= ", which is processed by Outlook Express.
6096| [CVE-2002-0505] Memory leak in the Call Telephony Integration (CTI) Framework authentication for Cisco CallManager 3.0 and 3.1 before 3.1(3) allows remote attackers to cause a denial of service (crash and reload) via a series of authentication failures, e.g. via incorrect passwords.
6097| [CVE-2002-0339] Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) enabled includes portions of previous packets in the padding of a MAC level packet when the MAC packet's length is less than the IP level packet length.
6098| [CVE-2002-0285] Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers.
6099| [CVE-2002-0233] Directory traversal vulnerability in eshare Expressions 4 Web server allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request.
6100| [CVE-2002-0152] Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.
6101| [CVE-2001-1547] Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be a virus" enabled, does not block email attachments from forwarded messages, which could allow remote attackers to execute arbitrary code.
6102| [CVE-2001-1325] Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host (WSH).
6103| [CVE-2001-1088] Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.
6104| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
6105| [CVE-2001-0999] Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script.
6106| [CVE-2001-0945] Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-mail message that contains a long line.
6107| [CVE-2001-0472] Hursley Software Laboratories Consumer Transaction Framework (HSLCTF) HTTP object allows remote attackers to cause a denial of service (crash) via an extremely long HTTP request.
6108| [CVE-2001-0145] Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook Express 5.x, allows an attacker to execute arbitrary commands via a malformed vCard birthday field.
6109| [CVE-2000-1239] The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM Tivoli Management Framework 3.7.1 sets http_disable to zero at install time, which allows remote authenticated users to bypass file permissions on Tivoli Endpoint Configuration data files via an unspecified manipulation of log files.
6110| [CVE-2000-1238] BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages.
6111| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
6112| [CVE-2000-0882] Intel Express 500 series switches allow a remote attacker to cause a denial of service via a malformed ICMP packet, which causes the CPU to crash.
6113| [CVE-2000-0764] Intel Express 500 series switches allow a remote attacker to cause a denial of service via a malformed IP packet.
6114| [CVE-2000-0653] Microsoft Outlook Express allows remote attackers to monitor a user's email by creating a persistent browser link to the Outlook Express windows, aka the "Persistent Mail-Browser Link" vulnerability.
6115| [CVE-2000-0621] Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.
6116| [CVE-2000-0567] Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date field in an email header, aka the "Malformed E-mail Header" vulnerability.
6117| [CVE-2000-0524] Microsoft Outlook and Outlook Express allow remote attackers to cause a denial of service by sending email messages with blank fields such as BCC, Reply-To, Return-Path, or From.
6118| [CVE-2000-0451] The Intel express 8100 ISDN router allows remote attackers to cause a denial of service via oversized or fragmented ICMP packets.
6119| [CVE-2000-0415] Buffer overflow in Outlook Express 4.x allows attackers to cause a denial of service via a mail or news message that has a .jpg or .bmp attachment with a long file name.
6120| [CVE-2000-0115] IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page.
6121| [CVE-2000-0105] Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers to view a user's email messages via a script that accesses a variable that references subsequent email messages that are read by the client.
6122| [CVE-2000-0036] Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability.
6123| [CVE-1999-1514] Buffer overflow in Celtech ExpressFS FTP server 2.x allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long USER command.
6124| [CVE-1999-1033] Microsoft Outlook Express before 4.72.3612.1700 allows a malicious user to send a message that contains a .., which can inadvertently cause Outlook to re-enter POP3 command mode and cause the POP3 session to hang.
6125| [CVE-1999-1016] Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell.
6126| [CVE-1999-1009] The Disney Go Express Search allows remote attackers to access and modify search information for users by connecting to an HTTP server on the user's system.
6127| [CVE-1999-0967] Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol.
6128| [CVE-1999-0477] The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly.
6129| [CVE-1999-0455] The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly.
6130|
6131| SecurityFocus - https://www.securityfocus.com/bid/:
6132| [49543] Spring Framework Expression Language JSP Attributes Handling Information Disclosure Vulnerability
6133| [104521] Cisco TelePresence Video Communication Server Expressway Denial of Service Vulnerability
6134| [104468] Node.js CVE-2018-7162 Denial of Service Vulnerability
6135| [104463] Node.js CVE-2018-7164 Denial of Service Vulnerability
6136| [104427] Node.js 'Forwarded' Module CVE-2017-16118 Denial of Service Vulnerability
6137| [104260] Spring Framework CVE-2018-1257 Denial-Of-Service Vulnerability
6138| [104222] Spring Security and Spring Framework CVE-2018-1258 Authorization Bypass Vulnerability
6139| [104072] Microsoft .NET Framework Device Guard CVE-2018-1039 Local Security Bypass Vulnerability
6140| [103771] Pivotal Spring Framework CVE-2018-1275 Incomplete Fix Remote Code Execution Vulnerability
6141| [103701] SAP Control Center and Cockpit Framework XML External Entity Injection Vulnerability
6142| [103699] Pivotal Spring Framework CVE-2018-1271 Directory Traversal Vulnerability
6143| [103697] Pivotal Spring Framework CVE-2018-1272 Remote Privilege Escalation Vulnerability
6144| [103696] Pivotal Spring Framework CVE-2018-1270 Remote Code Execution Vulnerability
6145| [103255] Google Android Media framework Multiple Remote Code Execution Vulnerabilities
6146| [103131] Cisco Data Center Analytics Framework CVE-2018-0145 Cross Site Scripting Vulnerability
6147| [103122] Cisco Data Center Analytics Framework CVE-2018-0146 Cross Site Request Forgery Vulnerability
6148| [103017] Google Android Media Framework CVE-2017-13241 Information Disclosure Vulnerability
6149| [103016] Google Android Media Framework CVE-2017-13229 Multiple Remote Code Execution Vulnerabilities
6150| [103012] Google Android Media Framework CVE-2017-13239 Information Disclosure Vulnerability
6151| [103011] Google Android Media Framework CVE-2017-13240 Information Disclosure Vulnerability
6152| [102976] Google Android Media Framework Component Multiple Security Vulnerabilities
6153| [102960] Cisco Data Center Analytics Framework CVE-2018-0128 HTML Injection Vulnerability
6154| [102959] Cisco Data Center Analytics Framework CVE-2018-0129 Cross Site Scripting Vulnerability
6155| [102839] Google Android Framework CVE-2017-0846 Information Disclosure Vulnerability
6156| [102761] Google Android Media Framework CVE-2017-13187 Information Disclosure Vulnerability
6157| [102683] Oracle Financial Services Analytical Applications Reconciliation Framework Security Vulnerability
6158| [102563] Oracle Application Express CVE-2018-2699 Remote Security Vulnerability
6159| [102529] Google Android Media Framework CVE-2017-13201 Information Disclosure Vulnerability
6160| [102526] Google Android Media Framework CVE-2017-13207 Information Disclosure Vulnerability
6161| [102524] Google Android Media Framework Denial of Service and Information Disclosure Vulnerabilities
6162| [102523] Google Android Media Framework CVE-2017-13206 Information Disclosure Vulnerability
6163| [102522] Google Android Media Framework Denial of Service and Information Disclosure Vulnerabilities
6164| [102521] Google Android Media Framework CVE-2017-13202 Information Disclosure Vulnerability
6165| [102421] Google Android Media Framework Component CVE-2017-13183 Local Privilege Escalation Vulnerability
6166| [102414] Google Android Media Framework Component Multiple Security Vulnerabilities
6167| [102387] Microsoft .NET Framework CVE-2018-0764 Remote Denial of Service Vulnerability
6168| [102380] Microsoft .NET Framework CVE-2018-0786 Security Bypass Vulnerability
6169| [102131] Google Android Framework Multiple Privilege Escalation Vulnerabilities
6170| [102126] Google Android Media Framework Components Multiple Security Vulnerabilities
6171| [101897] Node.js ejs Package 'ejs.renderFile()' Function Remote Code Execution Vulnerability
6172| [101893] Node.js ejs Package 'ejs.renderFile()' function Denial of Service Vulnerability
6173| [101889] Node.js ejs Package 'ejs.renderFile()' function Cross Site Scripting Vulnerability
6174| [101881] Node.js CVE-2017-14919 Denial of Service Vulnerability
6175| [101775] Google Android Framework Multiple Privilege Escalation Vulnerabilities
6176| [101717] Google Android Media Framework Multiple Security Vulnerabilities
6177| [101627] HP ArcSight ESM and ArcSight ESM Express CVE-2017-14356 SQL Injection Vulnerability
6178| [101525] Cisco Expressway Series and Cisco TelePresence VCS CVE-2017-12287 Denial of Service Vulnerability
6179| [101514] Cisco Unified Contact Center Express CVE-2017-12288 Cross Site Scripting Vulnerability
6180| [101260] Node.js CVE-2015-7384 Unspecified Denial of Service Vulnerability
6181| [101190] Google Android Media Framework Multiple Security Vulnerabilities
6182| [101185] Node.js 'tough-cookie' Module CVE-2017-15010 Denial of Service Vulnerability
6183| [101151] Google Android Media Framework Multiple Security Vulnerabilities
6184| [101088] Google Android Media Framework Components Multiple Security Vulnerabilities
6185| [101086] Google Android Framework CVE-2017-0806 Security Bypass Vulnerability
6186| [101056] Node.js CVE-2017-14849 Security Bypass Vulnerability
6187| [100935] HP ArcSight ESM and ArcSight ESM Express Multiple Security Vulnerabilities
6188| [100742] Microsoft Windows .NET Framework CVE-2017-8759 Remote Code Execution Vulnerability
6189| [100691] Node.js 'qs' Module CVE-2017-1000048 Denial of Service Vulnerability
6190| [100673] Google Android Framework CVE-2017-0752 Privilege Escalation Vulnerability
6191| [100649] Google Android Media Framework Multiple Security Vulnerabilities
6192| [100385] Cisco Ultra Services Framework CVE-2017-6771 Information Disclosure Vulnerability
6193| [100220] Google Android Framework CVE-2017-0712 Privilege Escalation Vulnerability
6194| [100204] Google Android Media Framework Multiple Security Vulnerabilities
6195| [100090] Microsoft Windows Express Compressed Fonts CVE-2017-8691 Remote Code Execution Vulnerability
6196| [100083] IBM Worklight Framework CVE-2017-1500 Cross Site Scripting Vulnerability
6197| [99959] Node.js CVE-2017-11499 Denial of Service Vulnerability
6198| [99512] Cisco Ultra Services Framework AutoVNF Symbolic Link Handling Information Disclosure Vulnerability
6199| [99478] Google Android Media Framework Multiple Security Vulnerabilities
6200| [99470] Google Android Framework Multiple Remote Code Execution Vulnerabilities
6201| [99440] Cisco Ultra Services Framework CVE-2017-6711 Unauthorized Access Vulnerability
6202| [99436] Cisco Ultra Services Framework Staging Server Arbitrary Command Execution Vulnerability
6203| [99242] ExpressionEngine CVE-2017-0897 Insufficient Entropy Weakness
6204| [99201] Cisco Unified Contact Center Express CVE-2017-6722 Access Bypass Vulnerability
6205| [99033] SAP NetWeaver Composite Application Framework and Business Cross Site Scripting Vulnerability
6206| [99001] Cisco Ultra Services Framework CVE-2017-6680 Remote Security Bypass Vulnerability
6207| [98990] Cisco Ultra Services Framework Staging Server Default Credentials Security Bypass Vulnerability
6208| [98988] Cisco Ultra Services Framework CVE-2017-6686 Default Credentials Security Bypass Vulnerability
6209| [98981] Cisco Ultra Services Framework Element Manager CVE-2017-6687 Insecure Default Password Vulnerability
6210| [98980] Cisco Ultra Services Framework CVE-2017-6692 Insecure Default Password Vulnerability
6211| [98977] Cisco Ultra Services Framework CVE-2017-6681 Information Disclosure Vulnerability
6212| [98868] Google Android Media Framework Multiple Memory Corruption Vulnerabilities
6213| [98133] Google Android Framework Apis CVE-2017-0598 Information Disclosure Vulnerability
6214| [98126] Google Android Framework Apis CVE-2017-0593 Privilege Escalation Vulnerability
6215| [98117] Microsoft .NET Framework CVE-2017-0248 Security Bypass Vulnerability
6216| [97576] SAP Composite Application Framework Authorization Tool XML External Entity Injection Vulnerability
6217| [97565] SAP NetWeaver Java Archiving Framework Unspecified Cross Site Scripting Vulnerability
6218| [97469] Cisco Mobility Express 2800 and 3800 Series CVE-2016-9197 Local Security Bypass Vulnerability
6219| [97447] Microsoft Windows .NET Framework CVE-2017-0160 Remote Code Execution Vulnerability
6220| [97422] Cisco Mobility Express Software CVE-2017-3834 Default Credentials Security Bypass Vulnerability
6221| [97167] Yii framework CVE-2017-7271 Cross Site Scripting Vulnerability
6222| [97102] Node.js CVE-2014-9772 Cross Site Scripting Vulnerability
6223| [97014] Cisco Application-Hosting Framework CVE-2017-3852 Arbitrary File Creation Vulnerability
6224| [97013] Cisco Application-Hosting Framework CVE-2017-3851 Directory Traversal Vulnerability
6225| [96909] Cisco Mobility Express 1800 Access Point Series CVE-2017-3831 Authentication Bypass Vulnerability
6226| [96496] Node.js Minimatch Package 'pattern' Parameter Denial of Service Vulnerability
6227| [96436] Node.js mustache.js Package CVE-2015-8862 Cross Site Scripting Vulnerability
6228| [96435] Node.js send Package CVE-2015-8859 Information Disclosure Vulnerability
6229| [96434] Node.js handlebars.js Package CVE-2015-8861 Cross Site Scripting Vulnerability
6230| [96410] Node.js uglify-js Package CVE-2015-8857 Security Bypass Vulnerability
6231| [96409] Node.js uglify-js Package CVE-2015-8858 Denial of Service Vulnerability
6232| [96392] Node.js CVE-2015-8856 Cross Site Scripting Vulnerability
6233| [96389] Node.js ms Package CVE-2015-8315 Denial of Service Vulnerability
6234| [96225] Node-serialize Package For Node.js 'unserialize()' Function Remote Code Execution Vulnerability
6235| [96223] Serialize-to-js For Node.js 'deserialize()' Function Arbitrary Code Execution Vulnerability
6236| [96096] Google Android Framework APIs CVE-2017-0421 Information Disclosure Vulnerability
6237| [96056] Google Android Framework APIs Multiple Privilege Escalation Vulnerabilities
6238| [95786] Cisco Expressway Series and Cisco TelePresence VCS CVE-2017-3790 Denial of Service Vulnerability
6239| [95633] Cisco Mobility Express 2800 and 3800 Access Points CVE-2016-9220 Denial of Service Vulnerability
6240| [95631] Cisco Mobility Express 2800 and 3800 Access Points CVE-2016-9221 Denial of Service Vulnerability
6241| [95243] Google Android Framework APIs CVE-2017-0383 Remote Privilege Escalation Vulnerability
6242| [95144] Zend Framework 'zend-mail' Component Remote Code Execution Vulnerability
6243| [95072] Spring Framework CVE-2016-9878 Directory Traversal Vulnerability
6244| [95069] NetApp Snap Creator Framework CVE-2016-7172 Local Information Disclosure Vulnerability
6245| [94741] Microsoft .NET Framework CVE-2016-7270 Information Disclosure Vulnerability
6246| [94702] Google Android Framework APIs CVE-2016-6770 Remote Privilege Escalation Vulnerability
6247| [94255] Teradata Studio Express CVE-2016-7490 Insecure Temporary File Creation Vulnerability
6248| [94173] Google Android Framework APIs CVE-2016-6715 Privilege Escalation Vulnerability
6249| [93483] Node.js CVE-2016-5325 CRLF Injection Vulnerability
6250| [93307] Google Android Framework Listener CVE-2016-3921 Privilege Escalation Vulnerability
6251| [93302] Google Android Framework APIs CVE-2016-3912 Privilege Escalation Vulnerability
6252| [93191] Node.js CVE-2016-7099 Security Bypass Vulnerability
6253| [92993] Zend Framework CVE-2016-4861 Multiple SQL Injection Vulnerabilities
6254| [92402] WebNMS Framework Multiple Security Vulnerabilities
6255| [92274] Cisco TelePresence Video Communication Server Expressway Command Injection Vulnerability
6256| [92249] Google Android Framework APIs CVE-2016-2497 Remote Privilege Escalation Vulnerability
6257| [91994] Oracle Siebel UI Framework CVE-2016-5464 Remote Security Vulnerability
6258| [91988] Oracle Siebel UI Framework CVE-2016-5463 Remote Security Vulnerability
6259| [91981] Oracle Siebel UI Framework CVE-2016-5450 Remote Security Vulnerability
6260| [91973] Oracle Siebel UI Framework CVE-2016-5468 Remote Security Vulnerability
6261| [91954] Oracle Siebel UI Framework CVE-2016-5451 Remote Security Vulnerability
6262| [91894] Oracle Application Express CVE-2016-3467 Remote Security Vulnerability
6263| [91885] Oracle Application Express CVE-2016-3448 Remote Security Vulnerability
6264| [91802] Zend Framework 'Zend_Db_Select' Multiple SQL Injection Vulnerabilities
6265| [91769] KDE Frameworks CVE-2016-3100 Weak Permissions Local Privilege Escalation Vulnerability
6266| [91753] IBM SDK for Node.js CVE-2014-9748 Local Denial of Service Vulnerability
6267| [91687] Spring Security and Spring Framework CVE-2016-5007 Security Bypass Vulnerability
6268| [91669] Cisco Video Communication Server and Expressway CVE-2016-1444 Authentication Bypass Vulnerability
6269| [91655] Google Android Framework APIs CVE-2016-3759 Remote Privilege Escalation Vulnerability
6270| [91644] Google Android Parcels Framework APIs CVE-2016-3750 Privilege Escalation Vulnerability
6271| [91601] Microsoft .NET Framework CVE-2016-3255 XML External Entity Information Disclosure Vulnerability
6272| [91388] NetApp Snap Creator Framework CVE-2016-5372 Unspecified Cross-Site Request Forgery Vulnerability
6273| [91385] NetApp Snap Creator Framework CVE-2016-5710 Clickjacking Vulnerability
6274| [91246] Play Framework Cross Site Request Forgery Vulnerability
6275| [91070] TERASOLUNA Server Framework for Java CVE-2016-1183 Information Disclosure Vulnerability
6276| [90853] Spring Framework CVE-2015-3192 Denial-Of-Service Vulnerability
6277| [90852] Spring Framework CVE-2015-5211 Arbitrary Command Execution Vulnerability
6278| [90644] IBM SDK for Node.js CVE-2015-8860 Insecure Temporary File Creation Vulnerability
6279| [90339] Outlook Express CVE-2004-2694 Security Bypass Vulnerability
6280| [90026] Microsoft .NET Framework CVE-2016-0149 Information Disclosure Vulnerability
6281| [89856] Node.js CVE-2016-3956 Security Bypass Vulnerability
6282| [89599] Outlook Express CVE-2002-2202 Local Security Vulnerability
6283| [89248] MailSite Express CVE-2005-3288 Remote Security Vulnerability
6284| [89246] MailSite Express CVE-2005-3287 Remote Security Vulnerability
6285| [88692] .NET Framework CVE-2002-0409 Remote Security Vulnerability
6286| [88602] Outlook Express Book Control CVE-2005-4840 Denial-Of-Service Vulnerability
6287| [88431] MailSite Express CVE-2005-3428 Cross-Site Scripting Vulnerability
6288| [88427] MailSite Express CVE-2005-3429 Cross-Site Scripting Vulnerability
6289| [88359] Go Express Search CVE-1999-1009 Remote Security Vulnerability
6290| [87999] Calendar Express CVE-2005-4009 SQL-Injection Vulnerability
6291| [87512] Tivoli Storage Manager Express CVE-2009-3854 Remote Security Vulnerability
6292| [87300] Tivoli Storage Manager Express CVE-2006-6309 Denial-Of-Service Vulnerability
6293| [87122] Microsoft Outlook Express CVE-2003-0301 Denial-Of-Service Vulnerability
6294| [86957] Semver CVE-2015-8855 Regular Expression Denial of Service Vulnerability
6295| [86956] Node.js Marked Package CVE-2015-8854 Denial of Service Vulnerability
6296| [86716] Yana Framework CVE-2007-0516 Remote Security Vulnerability
6297| [86526] Zend Framework Multiple Insufficient Entropy Vulnerabilities
6298| [86214] Microsoft Atlas framework CVE-2007-2380 Denial-Of-Service Vulnerability
6299| [86201] Prototype Framework CVE-2007-2383 Denial-Of-Service Vulnerability
6300| [86200] Mochikit Framework CVE-2007-2381 Denial-Of-Service Vulnerability
6301| [85842] Google Android Framework CVE-2016-2426 Information Disclosure Vulnerability
6302| [85699] WordPress Titan Framework Plugin CVE-2014-6444 Multiple Cross Site Scripting Vulnerabilities
6303| [85515] Outlook Express CVE-2007-4040 Remote Security Vulnerability
6304| [84743] .NET Framework CVE-2008-5100 Security Bypass Vulnerability
6305| [84596] HP ArcSight ESM and ESM Express CVE-2016-1990 Unspecified Local Privilege Escalation Vulnerability
6306| [84492] HP ArcSight ESM and ArcSight ESM Express CVE-2016-1992 Information Disclosure Vulnerability
6307| [84357] HP ArcSight ESM and ArcSight ESM Express CVE-2016-1991 Arbitrary File Download Vulnerability
6308| [84075] Microsoft .NET Framework CVE-2016-0132 Security Bypass Vulnerability
6309| [83697] Application Framework CVE-2006-4256 Cross-Site Scripting Vulnerability
6310| [83619] Zend Framework Preview CVE-2006-5900 Cross-Site Scripting Vulnerability
6311| [83282] Node.js CVE-2016-2086 HTTP Request Smuggling Vulnerability
6312| [83141] Node.js CVE-2016-2216 HTTP Response Splitting Vulnerability
6313| [83046] Outlook Express CVE-1999-0967 Remote Security Vulnerability
6314| [82918] Outlook Express CVE-2001-1547 Remote Security Vulnerability
6315| [82738] Microsoft .NET Framework CVE-2016-0047 Information Disclosure Vulnerability
6316| [82717] Microsoft .NET Framework CVE-2016-0033 Stack Overflow Denial of Service Vulnerability
6317| [82421] .NET Framework CVE-2005-0509 Cross-Site Scripting Vulnerability
6318| [82400] Cisco Finesse Desktop and Unified Contact Center Express Unauthorized Access Vulnerability
6319| [82334] Tivoli Storage Manager Express CVE-2009-3854 Remote Security Vulnerability
6320| [82242] EXPRESSCLUSTER X CVE-2016-1145 Directory Traversal Vulnerability
6321| [82008] Cisco Unity Connection Web Framework CVE-2016-1300 Cross Site Scripting Vulnerability
6322| [81798] Cisco Unified Contact Center Express CVE-2016-1298 Cross Site Scripting Vulnerability
6323| [81525] Tivoli Provisioning Manager Express CVE-2007-6407 Cross-Site Scripting Vulnerability
6324| [80955] .NET Framework CVE-2008-3842 Cross-Site Scripting Vulnerability
6325| [80929] .NET Framework CVE-2008-3843 Cross-Site Scripting Vulnerability
6326| [80625] Java System Communications Express CVE-2009-0877 Cross-Site Scripting Vulnerability
6327| [80462] Horde Application Framework CVE-2009-3237 Cross-Site Scripting Vulnerability
6328| [80247] Tivoli Storage Manager Express CVE-2010-4604 Local Security Vulnerability
6329| [79312] Tivoli Storage Manager Express CVE-2009-3855 Remote Security Vulnerability
6330| [79197] Joomla! Framework Session Package CVE-2015-8566 Remote Code Execution Vulnerability
6331| [79185] Framework CVE-2009-4417 Remote Security Vulnerability
6332| [79088] Cisco TelePresence Video Communication Server Expressway Unauthorized Access Vulnerability
6333| [78817] Cisco Emergency Responder Web Framework CVE-2015-6407 Arbitrary File Upload Vulnerability
6334| [78701] Google Android Media Framework CVE-2015-6628 Remote Privilege Escalation Vulnerability
6335| [78698] Google Android Native Frameworks Library CVE-2015-6622 Multiple Privilege Escalation Vulnerabilities
6336| [78589] Metasploit Framework CVE-2011-1056 Local Security Vulnerability
6337| [78476] Unified Contact Center Express (CCX) CVE-2011-2583 Denial-Of-Service Vulnerability
6338| [78464] Tivoli Management Framework CVE-2011-2330 Remote Security Vulnerability
6339| [78209] Node.js CVE-2015-6764 Out of Bounds Denial of Service Vulnerability
6340| [78207] Node.js CVE-2015-8027 Unspecified Denial of Service Vulnerability
6341| [78090] Payflow Pro Express Checkout CVE-2012-5798 Remote Security Vulnerability
6342| [78088] Paypal Express Module CVE-2012-5795 Remote Security Vulnerability
6343| [77998] Spring Framework CVE-2013-7315 Denial-Of-Service Vulnerability
6344| [77975] Spring Framework CVE-2014-3625 Directory Traversal Vulnerability
6345| [77690] Zend Framework CAPTCHA Challenge Insufficient Entropy Vulnerability
6346| [77688] Zend Framework CVE-2015-7503 Information Disclosure Vulnerability
6347| [77482] Microsoft .NET Framework CVE-2015-6115 ASLR Security Bypass Vulnerability
6348| [77479] Microsoft .NET Framework CVE-2015-6099 Cross Site Scripting Vulnerability
6349| [77474] Microsoft .NET Framework CVE-2015-6096 XML Handling Information Disclosure Vulnerability
6350| [77056] Cisco TelePresence Video Communication Server Expressway Local Security Bypass Vulnerability
6351| [77054] Cisco TelePresence Video Communication Server Expressway Local Privilege Escalation Vulnerability
6352| [76901] TYPO3 Zend Framework Integration Extension File Disclosure Vulnerability
6353| [76784] Zend Framework MsSql and SQLite Multiple SQL Injection Vulnerabilities
6354| [76777] VBox Satellite Express CVE-2015-6923 Arbitrary Memory Write Privilege Escalation Vulnerability
6355| [76567] Microsoft .NET Framework Model View Controller CVE-2015-2526 Remote Denial of Service Vulnerability
6356| [76560] Microsoft .NET Framework CVE-2015-2504 Remote Privilege Escalation Vulnerability
6357| [76534] Cisco TelePresence Video Communication Server Expressway Local Command Injection Vulnerability
6358| [76481] Cisco TelePresence Video Communication Server Expressway Information Disclosure Vulnerability
6359| [76408] Cisco TelePresence Video Communication Server Expressway Arbitrary Code Execution Vulnerability
6360| [76399] Cisco TelePresence Video Communication Server Expressway Command Execution Vulnerability
6361| [76395] Cisco TelePresence Video Communication Server Expressway Command Injection Vulnerability
6362| [76366] Cisco TelePresence Video Communication Server Expressway Unauthorized Access Vulnerability
6363| [76353] Cisco TelePresence Video Communication Server Expressway Unauthorized Access Vulnerability
6364| [76352] Cisco TelePresence Video Communication Server Expressway Denial of Service Vulnerability
6365| [76351] Cisco TelePresence Video Communication Server Expressway Denial of Service Vulnerability
6366| [76350] Cisco TelePresence Video Communication Server Expressway Information Disclosure Vulnerability
6367| [76347] Cisco TelePresence Video Communication Server Expressway Denial of Service Vulnerability
6368| [76326] Cisco TelePresence Video Communication Server Expressway Information Disclosure Vulnerability
6369| [76270] Microsoft .NET Framework CVE-2015-2481 Privilege Escalation Vulnerability
6370| [76269] Microsoft .NET Framework CVE-2015-2480 Privilege Escalation Vulnerability
6371| [76268] Microsoft .NET Framework CVE-2015-2479 Privilege Escalation Vulnerability
6372| [76187] PCRE Regular Expression Handling Heap Buffer Overflow Vulnerability
6373| [76063] RETIRED: Microsoft .NET Framework Integer Overflow Vulnerability
6374| [75891] Oracle Agile PLM Framework CVE-2015-2644 Remote Security Vulnerability
6375| [75876] Oracle Siebel UI Framework CVE-2015-2587 Remote Security Vulnerability
6376| [75875] Oracle Siebel UI Framework CVE-2015-2649 Remote Security Vulnerability
6377| [75865] Oracle Application Express CVE-2015-2586 Remote Security Vulnerability
6378| [75864] Oracle Application Express CVE-2015-2655 HTML Injection Vulnerability
6379| [75845] Oracle Application Express CVE-2015-2585 Remote Security Vulnerability
6380| [75556] Node.js 'unicode.cc' Denial of Service Vulnerability
6381| [75349] Cisco Data Center Analytics Framework CVE-2015-4189 Cross Site Request Forgery Vulnerability
6382| [74704] Netty and Play Framework CVE-2015-2156 Session Hijacking Vulnerability
6383| [74663] Yii framework CVE-2015-3397 Cross Site Scripting Vulnerability
6384| [74626] SAP Business Rules Framework CVE-2015-3979 Unspecified Arbitrary Code Execution Vulnerability
6385| [74487] Microsoft .NET Framework CVE-2015-1673 Remote Privilege Escalation Vulnerability
6386| [74482] Microsoft .NET Framework CVE-2015-1672 Remote Denial of Service Vulnerability
6387| [74205] HotspotExpress HotExBilling Manager CVE-2015-3319 Information Disclosure Vulnerability
6388| [74054] HP Support Solution Framework CVE-2015-2114 Unspecified Remote Information Disclosure Vulnerability
6389| [74010] Microsoft .NET Framework CVE-2015-1648 Information Disclosure Vulnerability
6390| [73941] HotspotExpress HotExBilling Manager 'hotspotlogin.cgi' Cross Site Scripting Vulnerability
6391| [73036] Spring Framework CVE-2015-0201 Predictable Session ID Generation Weakness
6392| [72807] Drupal SMS Framework Module Cross Site Scripting Vulnerability
6393| [72270] Zend Framework Session Validators Security Bypass Vulnerability
6394| [72211] Oracle Siebel CVE-2015-0417 Remote Siebel UI Framework Vulnerability
6395| [72209] Oracle Siebel CVE-2015-0388 Remote Siebel UI Framework Vulnerability
6396| [72197] Oracle Siebel CVE-2015-0419 Remote Siebel UI Framework Vulnerability
6397| [72195] Oracle Siebel CVE-2014-6596 Remote Siebel UI Framework Vulnerability
6398| [72192] Oracle Siebel CVE-2015-0369 Remote Siebel UI Framework Vulnerability
6399| [72064] Node.js 'serve-static' Module Open Redirection Vulnerability
6400| [72057] Cisco TelePresence Video Communication Server and Expressway Remote Denial of Service Vulnerability
6401| [71431] Yii framework CmsInput Extension 'CmsInput.php' Cross Site Scripting Vulnerability
6402| [71054] Node.js dns-sync Library Arbitrary Command Execution Vulnerability
6403| [70979] Microsoft .NET Framework CVE-2014-4149 Remote Privilege Escalation Vulnerability
6404| [70875] EllisLab ExpressionEngine Core CVE-2014-5387 Multiple SQL Injection Vulnerabilities
6405| [70592] Cisco TelePresence VCS and Expressway CVE-2014-3370 Denial of Service Vulnerability
6406| [70590] Cisco TelePresence VCS and Expressway CVE-2014-3369 Remote Denial of Service Vulnerability
6407| [70589] Cisco TelePresence Video Communication Server (VCS) and Expressway Denial of Service Vulnerability
6408| [70378] Zend Framework CVE-2014-8088 Authentication Bypass Vulnerability
6409| [70351] Microsoft .NET Framework 'iriParsing' Remote Code Execution Vulnerability
6410| [70313] Microsoft .NET Framework ClickOnce CVE-2014-4073 Remote Privilege Escalation Vulnerability
6411| [70312] Microsoft .NET Framework CVE-2014-4122 ASLR Security Bypass Vulnerability
6412| [70115] Node.js qs Module Denial of Service Vulnerability
6413| [70113] Node.js qs Module Denial of Service Vulnerability
6414| [70105] Node.js syntax-error module 'eval()' Function Arbitrary Code Execution Vulnerability
6415| [70100] Node.js 'lib/send.js' Directory Traversal Vulnerability
6416| [70087] Slim PHP Framework 'SessionCookie.php' PHP Object Injection Vulnerability
6417| [70011] Zend Framework Sqlsrv Driver Multiple SQL Injection Vulnerabilities
6418| [69739] Cisco Unified Communications Manager Web Framework Cross Site Scripting Vulnerability
6419| [69659] Python robotframework-pabot Insecure Temporary File Creation Vulnerability
6420| [69603] Microsoft .NET Framework CVE-2014-4072 Remote Denial of Service Vulnerability
6421| [69462] RETIRED: IBM SDK for Node.js CVE-2014-5256 Remote Denial of Service Vulnerability
6422| [69145] Microsoft .NET Framework CVE-2014-4062 ASLR Security Bypass Vulnerability
6423| [68877] Cisco Security Manager Web Framework CVE-2014-3326 SQL Injection Vulnerability
6424| [68625] Oracle Siebel UI Framework CVE-2014-2491 Remote Security Vulnerability
6425| [68614] Oracle Siebel UI Framework CVE-2014-4205 Remote Security Vulnerability
6426| [68604] Oracle Siebel UI Framework CVE-2014-4230 Remote Security Vulnerability
6427| [68395] Yii Framework 'CDetailView' Attribute Arbitrary PHP Code Execution Vulnerability
6428| [68095] Spring Framework CVE-2014-0225 Remote Information Disclosure Vulnerability
6429| [68042] Spring Framework Unspecified Directory Traversal Vulnerability
6430| [68031] Zend Framework 'Zend_Db_Select::order()' Function SQL Injection Vulnerability
6431| [67902] DevExpress ASP.NET File Manager CVE-2014-2575 Directory Traversal Vulnerability
6432| [67677] NICE Recording eXpress Multiple Security Vulnerabilities
6433| [67624] TYPO3 Extbase Framework Information Disclosure Vulnerability
6434| [67569] Cisco Security Manager Web Framework Cross Site Scripting Vulnerability
6435| [67555] Cisco Identity Services Engine Web Framework CVE-2014-3275 SQL Injection Vulnerability
6436| [67286] Microsoft .NET Framework TypeFilterLevel CVE-2014-1806 Remote Privilege Escalation Vulnerability
6437| [67269] Red Hat JBoss Web Framework Kit Multiple Cross Site Scripting Vulnerabilities
6438| [67102] Cisco Unified Contact Center Express CVE-2014-2180 Arbitrary File Upload Vulnerability
6439| [67011] SAP Business Object Processing Framework for ABAP Security Bypass Vulnerability
6440| [66971] Zend Framework HTML Attributes Multiple Cross Site Scripting Vulnerabilities
6441| [66869] Oracle Agile PLM Framework CVE-2014-2445 Remote Security Vulnerability
6442| [66867] Oracle Agile PLM Framework CVE-2014-2464 Remote Security Vulnerability
6443| [66861] Oracle Agile PLM Framework CVE-2014-2466 Remote Security Vulnerability
6444| [66855] Oracle Agile PLM Framework CVE-2014-2467 Remote Security Vulnerability
6445| [66848] Oracle Siebel UI Framework CVE-2014-2468 Remote Security Vulnerability
6446| [66834] Oracle Agile PLM Framework CVE-2014-2465 Remote Security Vulnerability
6447| [66362] IBM Cognos Express CVE-2013-5444 Local Information Disclosure Vulnerability
6448| [66361] IBM Cognos Express CVE-2013-5445 Information Disclosure Vulnerability
6449| [66358] Zend Framework Multiple Information Disclosure and Security Bypass Vulnerabilities
6450| [66357] IBM Cognos Express CVE-2013-5443 Cross Site Request Forgery Vulnerability
6451| [66148] Spring Framework CVE-2014-0054 Multiple XML External Entity Injection Vulnerabilities
6452| [66137] Spring Framework 'FormTag.java' Cross Site Scripting Vulnerability
6453| [65802] Cisco Unified Contact Center Express CVE-2014-0746 Information Disclosure Vulnerability
6454| [65798] Cisco Unified Contact Center Express CVE-2014-0745 Cross Site Request Forgery Vulnerability
6455| [65797] Cisco Unified Contact Center Express CVE-2014-2102 Information Disclosure Vulnerability
6456| [65617] IBM WebSphere Dashboard Framework Security Bypass Vulnerability
6457| [65574] Restlet Framework XML Entity Expansion Denial of Service Vulnerability
6458| [65418] Microsoft .NET Framework CVE-2014-0295 ASLR Security Bypass Vulnerability
6459| [65417] Microsoft .NET Framework CVE-2014-0257 Remote Privilege Escalation Vulnerability
6460| [65415] Microsoft .NET Framework CVE-2014-0253 Remote Denial of Service Vulnerability
6461| [65101] Cisco TelePresence Video Communication Server Expressway Man in the Middle Vulnerability
6462| [65062] NCH Software Express Burn Plus '.EBP' File Handling Buffer Overflow Vulnerability
6463| [65051] Red Hat JBoss Web Framework Kit Information Disclosure Vulnerability
6464| [65049] Red Hat JBoss Web Framework Kit XML External Entity Information Disclosure Vulnerability
6465| [64948] Spring Framework 'JavaScriptUtils.javaScriptEscape()' Method Cross Site Scripting Vulnerability
6466| [64947] Spring Framework CVE-2013-6429 Multiple XML External Entity Injection Vulnerabilities
6467| [64417] IBM FileNet Business Process Framework XML Entity Parsing Information Disclosure Vulnerability
6468| [64208] Google Android Framework Fragment Injection Local Security Bypass Vulnerability
6469| [64028] Spring Framework 'JavaScriptUtils.javaScriptEscape()' Function Security Bypass Vulnerability
6470| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
6471| [63771] Limonade framework 'limonade.php' Local File Disclosure Vulnerability
6472| [63747] ZK Framework CVE-2013-5966 Cross Site Scripting Vulnerability
6473| [63486] Zend Framework IP Address Spoofing Multiple Security Vulnerabilities
6474| [63440] Horde Application Framework Cross Site Request Forgery Vulnerability
6475| [63229] Node.js CVE-2013-4450 Denial of Service Vulnerability
6476| [63186] Zikula Application Framework CVE-2013-6168 'returnpage' Parameter Cross Site Scripting Vulnerability
6477| [63045] Oracle Siebel CRM Siebel UI Framework CVE-2013-5768 Remote Security Vulnerability
6478| [63042] Oracle Siebel CRM Siebel UI Framework CVE-2013-5835 Remote Security Vulnerability
6479| [62820] Microsoft .NET Framework CVE-2013-3860 Remote Denial of Service Vulnerability
6480| [62807] Microsoft .NET Framework CVE-2013-3861 Remote Denial of Service Vulnerability
6481| [62785] McAfee Managed Agent 'FrameworkService.exe' Remote Denial of Service Vulnerability
6482| [62352] Play Framework XML External Entities Information Disclosure Vulnerability
6483| [62000] Restlet Framework Object Deserialization Remote Code Execution Vulnerability
6484| [61951] Spring Framework CVE-2013-4152 Multiple XML External Entity Injection Vulnerabilities
6485| [61787] Play Framework Session Encoding Spoofing Security Vulnerability
6486| [61741] Tridium Niagara AX Framework CVE-2012-3025 Information Disclosure Vulnerability
6487| [61694] Restlet Framework XML Deserialization Remote Code Execution Vulnerability
6488| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
6489| [61237] Oracle Agile PLM Framework CVE-2013-3823 Remote Security Vulnerability
6490| [61216] Oracle Agile Collaboration Framework CVE-2013-3824 Remote Security Vulnerability
6491| [61208] Oracle Agile PLM Framework CVE-2013-3822 Remote Security Vulnerability
6492| [61147] BMC Service Desk Express (SDE) Multiple SQL Injection and Cross Site Scripting Vulnerabilities
6493| [60937] Microsoft .NET Framework CVE-2013-3171 Remote Privilege Escalation Vulnerability
6494| [60935] Microsoft .NET Framework CVE-2013-3134 Remote Code Execution Vulnerability
6495| [60934] Microsoft .NET Framework CVE-2013-3133 Remote Privilege Escalation Vulnerability
6496| [60933] Microsoft .NET Framework CVE-2013-3132 Remote Privilege Escalation Vulnerability
6497| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
6498| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
6499| [59790] Microsoft .NET Framework CVE-2013-1337 Authentication Bypass Vulnerability
6500| [59789] Microsoft .NET Framework XML Digital Signature CVE-2013-1336 Security Bypass Vulnerability
6501| [59358] Cisco Unified Contact Center Express CVE-2013-1214 Information Disclosure Vulnerability
6502| [59134] Oracle Siebel CRM Siebel UI Framework CVE-2013-1510 Remote Vulnerability
6503| [59117] Oracle Siebel CRM Siebel UI Framework CVE-2013-2398 Remote Security Vulnerability
6504| [59098] Oracle Siebel CRM Siebel UI Framework CVE-2013-1543 Remote Security Vulnerability
6505| [59041] Hero Framework CVE-2013-2649 Multiple Cross-Site Scripting Vulnerabilities
6506| [58530] Zend Framework Multiple Security Vulnerabilities
6507| [57980] Zend Framework CVE-2012-6531 Multiple Remote Arbitrary File Access Vulnerabilities
6508| [57977] Zend Framework CVE-2012-6532 Multiple Remote Denial of Service Vulnerabilities
6509| [57847] Microsoft .NET Framework CVE-2013-0073 Remote Privilege Escalation Vulnerability
6510| [57678] Cisco Unity Express CVE-2013-1120 Cross Site Request Forgery Vulnerability
6511| [57677] Cisco Unity Express CVE-2013-1114 Cross Site Scripting Vulnerability
6512| [57656] SAP NetWeaver J2EE AdapterFramework Servlet Information Disclosure Vulnerability
6513| [57409] Oracle Agile PLM Framework CVE-2013-0370 Remote Security Vulnerability
6514| [57126] Microsoft .NET Framework CVE-2013-0002 Remote Privilege Escalation Vulnerability
6515| [57124] Microsoft .NET Framework CVE-2013-0001 Information Disclosure Vulnerability
6516| [57114] Microsoft .NET Framework CVE-2013-0003 Remote Privilege Escalation Vulnerability
6517| [57113] Microsoft .NET Framework CVE-2013-0004 Remote Privilege Escalation Vulnerability
6518| [57035] Hero Framework Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
6519| [57008] IBM Rational Automation Framework Security Bypass Vulnerability
6520| [56982] Zend Framework 'Zend_Feed' Component Information Disclosure Vulnerabilities
6521| [56881] Smartphone Pentest Framework Multiple Remote Command Execution Vulnerabilities
6522| [56707] Smartphone Pentest Framework CVE-2012-5697 Local Insecure File Permissions Vulnerability
6523| [56705] Smartphone Pentest Framework Multiple Security Vulnerabilities
6524| [56620] Yii Framework 'Search' Form Field SQL Injection Vulnerability
6525| [56464] Microsoft .NET Framework CVE-2012-4777 Remote Privilege Escalation Vulnerability
6526| [56463] Microsoft .NET Framework CVE-2012-4776 Remote Code Execution Vulnerability
6527| [56462] Microsoft .NET Framework CVE-2012-2519 DLL Loading Arbitrary Code Execution Vulnerability
6528| [56456] Microsoft .NET Framework CVE-2012-1896 Information Disclosure Vulnerability
6529| [56455] Microsoft .NET Framework CVE-2012-1895 Security Bypass Vulnerability
6530| [56333] TomatoCart PayPal Express Checkout Module Security Bypass Vulnerability
6531| [56030] Oracle Siebel UI Framework CVE-2012-3230 Remote Security Vulnerability
6532| [56014] Oracle Siebel UI Framework CVE-2012-3229 Remote Security Vulnerability
6533| [55978] Oracle E-Business Suite CVE-2012-3162 Local Oracle Applications Framework Vulnerability
6534| [55976] Oracle Agile PLM Framework CVE-2012-3154 Remote Security Vulnerability
6535| [55971] Oracle Agile PLM Framework CVE-2012-3161 Remote Security Vulnerability
6536| [55636] Zend Framework Multiple Cross Site Scripting Vulnerabilities
6537| [55254] Atlassian Bamboo OGNL Expression Injection Vulnerability
6538| [55242] Express Burn Project File Heap Based Buffer Overflow Vulnerability
6539| [55108] Atlassian JIRA FishEye and Crucible Plugins 'Third Party Frameworks' Security Bypass Vulnerability
6540| [55042] Niagara Framework Session Hijacking Vulnerability
6541| [54498] Oracle Application Express CVE-2012-1740 Remote Security Vulnerability
6542| [54472] MetaSploit Framework 'pcap_log' Plugin Local Privilege Escalation Vulnerability
6543| [54454] Niagara Framework Directory Traversal Vulnerability
6544| [54192] Zend Framework 'Zend_XmlRpc' Class Information Disclosure Vulnerability
6545| [53861] Microsoft .NET Framework Function Pointer Execution Remote Code Execution Vulnerability
6546| [53713] Restlet Framework XML External Entity Information Disclosure Vulnerability
6547| [53674] Yellow Duck Framework Local File Disclosure Vulnerability
6548| [53500] Travelon Express CMS Multiple Remote Vulnerabilities
6549| [53416] Node.js HTTP Parser Information Disclosure Vulnerability
6550| [53363] Microsoft .NET Framework Index Comparison Denial Of Service Vulnerability
6551| [53358] Microsoft .NET Framework Serialization CVE-2012-0162 Remote Code Execution Vulnerability
6552| [53357] Microsoft .NET Framework Serialization CVE-2012-0161 Remote Code Execution Vulnerability
6553| [53356] Microsoft .NET Framework Input Serialization CVE-2012-0160 Remote Code Execution Vulnerability
6554| [53204] Microsoft .NET Framework Parameter Validation Remote Integer Overflow Vulnerability
6555| [53104] Oracle Database Server CVE-2012-1708 Remote Application Express Vulnerability
6556| [53039] Joomla! JA T3 Framework Component Directory Traversal Vulnerability
6557| [52921] Microsoft .NET Framework Parameter Validation Remote Code Execution Vulnerability
6558| [52431] HP Data Protector Express Multiple Remote Code Execution Vulnerabilities
6559| [52375] Microsoft Expression 'wintab32.dll' DLL Loading Arbitrary Code Execution Vulnerability
6560| [52252] IBM Tivoli Provisioning Manager Express ActiveX Control Remote Code Execution Vulnerability
6561| [52248] Tivoli Provisioning Manager Express for Software Distribution Multiple SQL Injection Vulnerabilities
6562| [52121] SystemTap DWARF Expression Local Denial of Service Vulnerability
6563| [51940] Microsoft Silverlight & .NET Framework Heap Corruption Remote Code Execution Vulnerability
6564| [51938] Microsoft Silverlight & .NET Framework Unmanaged Objects Remote Code Execution Vulnerability
6565| [51762] FishEye and Crucible Webwork 2 Framework Remote Code Injection Vulnerability
6566| [51367] ExpressView Browser Plug-in Multiple Integer Overflow and Remote Code Execution Vulnerabilities
6567| [51203] Microsoft .NET Framework ASP.NET Forms CVE-2011-3417 Security Bypass Vulnerability
6568| [51202] Microsoft .NET Framework CVE-2011-3415 Form Authentication URI Open Redirection Vulnerability
6569| [51201] Microsoft .NET Framework CVE-2011-3416 ASP.NET Forms Authentication Bypass Vulnerability
6570| [50971] ISC DHCP Regular Expressions Denial of Service Vulnerability
6571| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
6572| [50846] Oracle Mojarra EL Expression Evaluation Security Bypass Vulnerability
6573| [50799] IBM System Storage TS3100 and TS3200 Tape Library Express Security Bypass Vulnerability
6574| [50714] JRuby Regular Expression Engine Cross Site Scripting Vulnerability
6575| [50363] Novell XTier Framework HTTP Header Remote Integer Overflow Vulnerability
6576| [50315] MetaSploit Framework 'project[name]' Field HTML Injection Vulnerability
6577| [50233] Oracle E-Business Suite CVE-2011-3519 Remote Oracle Applications Framework Vulnerability
6578| [50197] Oracle Database CVE-2011-3525 Remote Application Express Vulnerability
6579| [50110] Microsoft .NET Framework 'SaveAs()' Function Security Bypass Vulnerability
6580| [49999] Microsoft Silverlight & .NET Framework Inheritance Restriction Remote Code Execution Vulnerability
6581| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
6582| [49637] Microsoft .NET Framework ASP.NET '__VIEWSTATE' Replay Security Bypass Vulnerability
6583| [49536] Spring Framework and Spring Security Remote Security Bypass Vulnerability
6584| [49518] Microsoft Excel Conditional Expression CVE-2011-1989 Remote Code Execution Vulnerability
6585| [49491] Zikula Application Framework 'themename' Parameter Cross Site Scripting Vulnerability
6586| [48991] Microsoft .NET Framework 'System.Net.Sockets' Namespace Security Bypass Vulnerability
6587| [48985] Microsoft .NET Framework Chart Control Information Disclosure Vulnerability
6588| [48742] Oracle Database Server and Enterprise Manager Grid CVE-2011-2244 Security Framework Vulnerability
6589| [48739] Oracle Enterprise Manager Grid Control Security Framework Session Modification Vulnerability
6590| [48716] JBoss Seam Expression Language (EL) CVE-2011-2196 Remote Code Execution Vulnerability
6591| [48212] Microsoft Silverlight & .NET Framework Invalid Array Offset Remote Code Execution Vulnerability
6592| [48191] Horde Authentication Framework Composite Driver Authentication Bypass Vulnerability
6593| [48049] IBM Tivoli Management Framework 'opts' Argument Stack Buffer Overflow Vulnerability
6594| [47934] SystemTap DWARF Expression Handling Two Divide-By-Zero Denial of Service Vulnerabilities
6595| [47919] Zend Framework 'PDO_MySql' Security Bypass Vulnerability
6596| [47902] CiscoWorks Common Services Framework Help Servlet Cross Site Scripting Vulnerability
6597| [47834] Microsoft .NET Framework JIT Compiler Optimization NULL String Remote Code Execution Vulnerability
6598| [47783] Kay Framework Attribute Exchange Remote Security Bypass Vulnerability
6599| [47516] JBoss Seam Expression Language (EL) Remote Code Execution Vulnerability
6600| [47444] Oracle Sun Solaris 11 Express CVE-2011-0841 Remote Vulnerability
6601| [47223] Microsoft .NET Framework x86 JIT compiler Stack Corruption Remote Code Execution Vulnerability
6602| [46848] Zend Framework 'Zend_Tool_Project_Context_Zf_ViewScriptFile' Cross Site Scripting Vulnerability
6603| [46300] MetaSploit Framework Inherited Permission File Overwrite Local Privilege Escalation Vulnerability
6604| [45896] Oracle Sun Java System Communications Express CVE-2010-4456 Remote Web Mail Vulnerability
6605| [45864] Oracle Solaris 11 Express CVE-2010-4457 Remote CIFS Vulnerability
6606| [45830] SmoothWall Express 'ipinfo.cgi' Cross Site Scripting Vulnerability
6607| [45765] Cisco IOS CallManager Express (CME) (CVE-2009-5040) Denial of Service Vulnerability
6608| [45740] Macro Express Pro '.mxe' File Buffer Overflow Vulnerability
6609| [45617] libxml2 'XPATH' Expressions Memory Corruption Vulnerability
6610| [45391] IBM ENOVIA 'emxFramework.FilterParameterPattern' Cross Site Scripting Vulnerability
6611| [44799] Apple Mobile OfficeImport Framework Excel Record Memory Corruption Vulnerability
6612| [43910] Backbone Technology Expression Cross Site Scripting Vulnerabilities
6613| [43880] WebNMS Framework 'ReportViewAction.do' Cross Site Scripting Vulnerability
6614| [43781] Microsoft .NET Framework JIT Compiler Optimization Remote Code Execution Vulnerability
6615| [43316] Microsoft .NET Framework ASP.NET Padding Oracle Information Disclosure Vulnerability
6616| [43113] HP Data Protector Express (CVE-2010-3008) Local Privilege Escalation Vulnerability
6617| [43105] HP Data Protector Express Local Privilege Escalation Vulnerability
6618| [43017] RocketTheme Gantry Joomla! Framework 'moduleid' Parameter SQL Injection Vulnerability
6619| [43001] Horde Application Framework 'icon_browser.php' Cross-Site Scripting Vulnerability
6620| [42340] Play! Framework Directory Traversal Vulnerability
6621| [42295] Microsoft Silverlight & .NET Framework CLR Virtual Method Delegate Code Execution Vulnerability
6622| [42042] WebKit Regular Expression Handling Remote Memory Corruption Vulnerability
6623| [41994] JBoss Seam Parameterized EL Expressions Remote Code Execution Vulnerability
6624| [41887] EasyMail Objects 'SubmitToExpress()' Method Remote Stack Buffer Overflow Vulnerability
6625| [41625] Oracle E-Business Suite CVE-2010-0909 Remote Oracle Applications Framework Vulnerability
6626| [41621] Oracle Application Express CVE-2010-0892 Remote Vulnerability
6627| [41605] Oracle E-Business Suite CVE-2010-0908 Remote Oracle Applications Framework Vulnerability
6628| [41604] Oracle E-Business Suite CVE-2010-0912 Remote Oracle Applications Framework Vulnerability
6629| [41340] Open Text ECM 'Expression Builder' Cross Site Scripting Vulnerability
6630| [40954] Spring Framework 'class.classLoader' Code Injection Vulnerability
6631| [40684] Cisco Unified Contact Center Express CTI Messages Denial of Service Vulnerability
6632| [40680] Cisco Unified Contact Center Express Bootstrap Service Directory Traversal Vulnerability
6633| [40487] Microsoft Internet Explorer CSS 'expression' Remote Denial of Service Vulnerability
6634| [40052] RETIRED: Microsoft Windows Outlook Express and Windows Mail Integer Overflow Vulnerability
6635| [39974] PCRE Regular Expression Compiling Workspace Buffer Overflow Vulnerability
6636| [39927] Microsoft Outlook Express And Windows Mail Common Library Integer Overflow Vulnerability
6637| [39793] TaskFreak! Tirzen Framework 'LoadByKey()' SQL Injection Vulnerability
6638| [39717] Zikula Application Framework 'lang' Parameter Cross Site Scripting Vulnerability
6639| [39461] Oracle Sun Java System Communications Express CVE-2010-0885 Remote Address Book Vulnerability
6640| [39053] ViewVC Regular Expression Search Cross Site Scripting Vulnerability
6641| [38940] Cisco IOS For Communication Manager Express SCCP (CVE-2010-0586) Denial of Service Vulnerability
6642| [38936] Cisco IOS For Communication Manager Express SCCP (CVE-2010-0585) Denial of Service Vulnerability
6643| [38786] PostNuke FormExpress Module 'form_id' Parameter SQL Injection Vulnerability
6644| [38765] Trouble Ticket Express File Attachment Module Arbitrary Command Execution Vulnerability
6645| [38434] Website Baker 'framework/class.wb.php' Security Bypass Vulnerability
6646| [38084] IBM Cognos Express Hardcoded Credentials Security Bypass Vulnerability
6647| [37809] Zend Framework Multiple Input Validation Vulnerabilities and Security Bypass Weakness
6648| [37735] Oracle Application Express CVE-2010-0076 Remote Application Express Application Builder Vulnerabilit
6649| [37490] Calendar Express 'catid' Parameter SQL Injection Vulnerability
6650| [37351] Horde Application Framework Administration Interface 'PHP_SELF' Cross-Site Scripting Vulnerability
6651| [36926] Prototype JavaScript Framework Cross-Site Ajax Request Vulnerability
6652| [36812] Perl UTF-8 Regular Expression Processing Remote Denial of Service Vulnerability
6653| [36764] Oracle E-Business Suite CVE-2009-3402 Remote Oracle Applications Framework Vulnerability
6654| [36759] Oracle Database CVE-2009-1993 Application Express Unspecified Vulnerability
6655| [36648] Microsoft GDI+ .NET Framework Remote Code Execution Vulnerability
6656| [36618] Microsoft Silverlight and .NET Framework CLR Interface Handling Remote Code Execution Vulnerability
6657| [36617] Microsoft .NET Framework Type Verification Remote Code Execution Vulnerability
6658| [36611] Microsoft .NET Framework Pointer Verification Remote Code Execution Vulnerability
6659| [36571] Symantec SecurityExpressions Audit and Compliance Server Error Message HTML Injection Vulnerability
6660| [36570] Symantec SecurityExpressions Audit and Compliance Server Cross Site Scripting Vulnerability
6661| [36562] Sun Solaris IP(7P) Module and STREAMS Framework Local Denial Of Service Vulnerability
6662| [36498] Cisco Unified Communications Manager Express Extension Mobility Buffer Overflow Vulnerability
6663| [36346] Symantec Altiris eXpress NS SC Download ActiveX Control Arbitrary File Download Vulnerability
6664| [35924] PHP Fuzzer Framework Default Location Insecure Temporary File Creation Vulnerability
6665| [35891] Mozilla Firefox and Seamonkey Regular Expression Parsing Heap Buffer Overflow Vulnerability
6666| [35722] Google Chrome JavaScript Regular Expression Handling Remote Code Execution Vulnerability
6667| [35706] Cisco Unified Contact Center Express CRS Administration Interface Directory Traversal Vulnerability
6668| [35705] Cisco Unified Contact Center Express (CCX) Arbitrary Script Injection Vulnerability
6669| [35693] Oracle E-Business Suite CVE-2009-1982 Remote Oracle Applications Framework Vulnerability
6670| [35393] Zend Framework 'Zend_View::render()' Directory Traversal Vulnerability
6671| [34955] HP Data Protector Express 'dpwinsup.dll' Privilege Escalation Vulnerability
6672| [34702] Scorpio Framework 'baseAdminSite' Security Bypass Vulnerability
6673| [34314] Hitachi uCosminexus Portal Framework Multiple Vulnerabilities
6674| [34193] ExpressionEngine Avtaar Name HTML Injection Vulnerability
6675| [34155] Sun Java System Communications Express 'UWCMain' Cross Site Scripting Vulnerability
6676| [34154] Sun Java System Communications Express 'search.xml' Cross Site Scripting Vulnerability
6677| [34140] Sun Java System Messenger Express 'error' Parameter Cross-Site Scripting Vulnerability
6678| [34083] Sun Java System Communications Express Multiple HTML Injection Vulnerabilities
6679| [34077] IBM Tivoli Storage Manager Express and Enterprise Server Remote Buffer Overflow Vulnerability
6680| [33972] MySQL XPath Expression Remote Denial Of Service Vulnerability
6681| [33631] htmLawed CSS Expressions Unspecified Cross-Site Scripting Vulnerability
6682| [32780] Internet Explorer 8 CSS 'expression' Property Cross Site Scripting Filter Bypass Weakness
6683| [32702] Microsoft Outlook Express Malformed MIME Message Denial Of Service Vulnerability
6684| [32672] Kalptaru Infotech Product Sale Framework 'forum_topic_id' Parameter SQL Injection Vulnerability
6685| [31971] Extrakt Framework 'index.php' Cross Site Scripting Vulnerability
6686| [31829] Midgard Components Framework Multiple Unspecified Vulnerabilities
6687| [31644] DFFFrameworkAPI 'DFF_config[dir_include]' Parameter Multiple Remote File Include Vulnerabilities
6688| [31107] Horde Application Framework Forward Slash Insufficient Filtering Cross-Site Scripting Vulnerability
6689| [30585] Microsoft Outlook Express And Windows Mail MHTML Handler Information Disclosure Vulnerability
6690| [30263] Spring Framework Multiple Remote Vulnerabilities
6691| [30087] PCRE Regular Expression Heap Based Buffer Overflow Vulnerability
6692| [29476] Kaya CGI Framework HTTP Header Cross Site Scripting Vulnerability
6693| [28928] Perl Unicode '\Q...\E' Quoting Construct Regular Expression Buffer Overflow Vulnerability
6694| [28815] Apple Safari WebKit JavaScript Regular Expression Repetition Counts Buffer Overflow Vulnerability
6695| [28692] Wayport CyberCenter Express Authentication Bypass Vulnerability
6696| [28649] Sun Java System Messenger Express 'sid' Cross-Site Scripting Vulnerability
6697| [28591] Cisco Unified Communications Disaster Recovery Framework Remote Command Execution Vulnerability
6698| [28573] McAfee Common Management Agent 'FrameworkService.exe' Remote Denial of Service Vulnerability
6699| [28338] Apple Safari WebKit JavaScript Regular Expression Handling Buffer Overflow Vulnerability
6700| [28228] McAfee Framework ePolicy Orchestrator '_naimcomn_Log' Remote Format String Vulnerability
6701| [28153] Horde Framework Theme File Include Vulnerability
6702| [27942] Sun Solaris DTrace Dynamic Tracing Framework Information Disclosure Vulnerability
6703| [27325] Boost Library Regular Expression Remote Denial of Service Vulnerabilities
6704| [27235] IBM Tivoli Storage Manager Express Remote Heap Overflow Vulnerability
6705| [27128] ExpressionEngine HTTP Response Splitting and Cross Site Scripting Vulnerabilities
6706| [26898] PHP Security Framework Multiple Input Validation Vulnerabilities
6707| [26829] aurora framework Db_mysql.LIB SQL Injection Vulnerability
6708| [26800] Roundcube Webmail CSS Expression Input Validation Vulnerability
6709| [26727] PCRE Perl Compatible Regular Expression Subpattern Memory Allocation Denial Of Service Vulnerability
6710| [26725] PCRE Perl Compatible Regular Expressions Library POSIX Denial Of Service Vulnerability
6711| [26724] IBM Tivoli Provisioning Manager Express Username User Enumeration Weakness
6712| [26715] IBM Tivoli Provisioning Manager Express Multiple Cross Site Scripting Vulnerabilities
6713| [26550] PCRE Regular Expression Library UTF-8 Options Multiple Remote Denial of Service Vulnerabilities
6714| [26462] PCRE Regular Expression Library Multiple Integer and Buffer Overflow Vulnerabilities
6715| [26350] Perl Unicode Regular Expression Buffer Overflow Vulnerability
6716| [26346] PCRE Regular Expression Library Multiple Security Vulnerabilities
6717| [26194] Phpbasic basicFramework Includes.PHP Remote File Include Vulnerability
6718| [25996] Microsoft Expression Media Plaintext Password Storage Weakness
6719| [25908] Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability
6720| [24993] iExpress Munch Pro Login SQL Injection Vulnerability
6721| [24992] iExpress Property Pro Vir_Login.ASP SQL Injection Vulnerability
6722| [24811] Microsoft .NET Framework JIT Compiler Remote Buffer Overflow Vulnerability
6723| [24791] Microsoft .Net Framework Multiple Null Byte Injection Vulnerabilities
6724| [24778] Microsoft .NET Framework PE Loader Remote Buffer Overflow Vulnerability
6725| [24674] SAP Internet Communication Framework Multiple Cross-Site Scripting Vulnerabilities
6726| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
6727| [24444] Microsoft Windows CE .NET Compact Framework Components Multiple Vulnerabilities
6728| [24410] Microsoft Outlook Express Content Disposition Parsing Information Disclosure Vulnerability
6729| [24392] Microsoft Outlook Express MHTML URL Parsing Information Disclosure Vulnerability
6730| [23928] PHP Todo List Manager Regular Expressions Multiple Security Bypass Vulnerabilities
6731| [23558] IBM Tivoli Monitoring Express Universal Agent Multiple Heap Buffer Overflow Vulnerabilities
6732| [22985] Horde Framework and IMP Cleanup Cron Script Arbitrary File Deletion Vulnerability
6733| [22984] Horde Framework Login.PHP Cross-Site Scripting Vulnerability
6734| [22578] Calendar Express Search.PHP Cross-Site Scripting Vulnerability
6735| [22178] Yana Framework Guestbook Unspecified Security Bypass Vulnerability
6736| [21899] Apple DiskManagement Framework BOM Local Privilege Escalation Vulnerability
6737| [21706] OpenSER Parse_Expression Remote Buffer Overflow Vulnerability
6738| [21501] Microsoft Outlook Express Windows Address Book Contact Record Remote Code Execution Vulnerability
6739| [21059] SiteXpress E-Commerce System Dept.ASP SQL Injection Vulnerability
6740| [21053] Apple Safari JavaScript Regular Expression Match Remote Denial of Service Vulnerability
6741| [20840] Mirapoint Web Mail Expression() HTML Injection Vulnerability
6742| [20838] iPlanet Messaging Server Messenger Express Expression() HTML Injection Vulnerability
6743| [20832] Sun Java System Messenger Express Cross-Site Scripting Vulnerability
6744| [20753] Microsoft .NET Framework Request Filtering Bypass Vulnerability
6745| [20450] BlueShoes Framework GoogleSearch.PHP Remote File Include Vulnerability
6746| [19309] Cisco CallManager Express SIP User Directory Information Disclosure Vulnerability
6747| [19302] G3 Content Management Framework HTML Injection Vulnerability
6748| [18979] McAfee EPolicy Orchestrator Framework Service Directory Traversal Vulnerability
6749| [18845] Horde Application Framework Services Multiple Cross-Site Scripting Vulnerabilities
6750| [18771] Microsoft Internet Explorer OutlookExpress.AddressBook Denial of Service Vulnerability
6751| [18436] Horde Application Framework Multiple Cross-Site Scripting Vulnerabilities
6752| [18386] Adaptive Website Framework Remote File Include Vulnerability
6753| [18314] Calendar Express Month.PHP SQL Injection Vulnerability
6754| [18261] BlueShoes Framework Multiple Remote File Include Vulnerabilities
6755| [17786] FileProtection Express Authentication Bypass Vulnerability
6756| [17775] Cisco Unity Express Expired Password Privilege Escalation Vulnerability
6757| [17717] Outlook Express/Windows Mail MHTML URI Handler Information Disclosure Vulnerability
6758| [17459] Microsoft Outlook Express Windows Address Book File Parsing Buffer Overflow Vulnerability
6759| [17243] Microsoft .NET Framework SDK MSIL Tools Buffer Overflow Vulnerabilities
6760| [17240] Calendar Express Multiple Cross-Site Scripting Vulnerabilities
6761| [17168] WebLogic Server and WebLogic Express Invalid Login Attempts Weakness
6762| [17163] BEA WebLogic Server and WebLogic Express HTTP Response Splitting Vulnerability
6763| [17117] Horde Application Framework Go.PHP Information Disclosure Vulnerability
6764| [17085] IBM Tivoli Lightweight Client Framework Information Disclosure Vulnerability
6765| [16377] PMachine ExpressionEngine HTTP Referrer HTML Injection Vulnerability
6766| [16215] BEA WebLogic Server and WebLogic Express MBean Remote Information Disclosure Vulnerability
6767| [15937] Adaptive Website Framework Cross-Site Scripting Vulnerability
6768| [15810] Horde Application Framework CSV File Upload Code Execution Vulnerability
6769| [15806] Horde Application Framework Input Validation Vulnerabilities
6770| [15635] KBase Express Multiple SQL Injection Vulnerabilities
6771| [15271] Sun Java System Communications Express Information Disclosure Vulnerability
6772| [15231] Rockliffe MailSite Express Information Disclosure Vulnerability
6773| [15230] Rockliffe MailSite Express Arbitrary Script File Upload Vulnerability
6774| [15229] Rockliffe MailSite Express Message Body HTML Injection Vulnerability
6775| [15129] Rockliffe MailSite Express Arbitrary File Upload Vulnerability
6776| [15052] BEA WebLogic Server and WebLogic Express Multiple Vulnerabilities
6777| [14620] PCRE Regular Expression Heap Overflow Vulnerability
6778| [14505] Calendar Express Search.PHP Cross-Site Scripting Vulnerability
6779| [14504] Calendar Express Multiple SQL Injection Vulnerabilities
6780| [14455] Metasploit Framework MSFWeb Defanged Mode Restriction Bypass Vulnerability
6781| [14225] Microsoft Outlook Express Multiple Vulnerabilities
6782| [14194] IBM Tivoli Management Framework Endpoint Remote Denial Of Service Vulnerability
6783| [14075] Adobe Acrobat/Adobe Reader Safari Frameworks Folder Permission Escalation Vulnerability
6784| [13951] Microsoft Outlook Express NNTP Response Parsing Buffer Overflow Vulnerability
6785| [13837] Microsoft Outlook Express Attachment Processing File Extension Obfuscation Vulnerability
6786| [13717] BEA WebLogic Server and WebLogic Express Multiple Remote Vulnerabilities
6787| [13400] BEA WebLogic Server And WebLogic Express Administration Console Cross-Site Scripting Vulnerability
6788| [13202] Apple WebCore Framework XMLHttpRequests Remote Code Execution Vulnerability
6789| [12943] Horde Application Framework Parent Page Title Cross-Site Scripting Vulnerability
6790| [12548] BEA WebLogic Server And WebLogic Express Authentication Failure Information Disclosure Weakness
6791| [11546] Horde Application Framework Help Window Unspecified Cross-Site Scripting Vulnerability
6792| [11447] Microsoft Outlook Express Plaintext Email Security Policy Bypass Vulnerability
6793| [11426] Express-Web Content Management System Unspecified Cross-Site Scripting Vulnerability
6794| [11128] Cosminexus Portal Framework Information Disclosure Vulnerability
6795| [11040] Microsoft Outlook Express BCC Field Information Disclosure Vulnerability
6796| [10711] Microsoft Outlook Express Malformed Email Header Denial Of Service Vulnerability
6797| [10692] Microsoft Outlook Express Message Window Script Execution Vulnerability
6798| [10624] BEA WebLogic Server And WebLogic Express Application Role Unauthorized Access Vulnerability
6799| [10545] BEA WebLogic Server And WebLogic Express Java RMI Incorrect Session Inheritance Vulnerability
6800| [10544] BEA WebLogic Server And WebLogic Express Remote Denial of Service Vulnerability
6801| [10345] Microsoft Outlook Express URI Obfuscation Vulnerability
6802| [10328] BEA WebLogic Server And WebLogic Express Lowered Security Settings Vulnerability
6803| [10327] BEA WebLogic Server and WebLogic Express Denial of Service Vulnerability
6804| [10188] BEA WebLogic Server And WebLogic Express Configuration Log Files Plain Text Password Vulnerability
6805| [10185] BEA WebLogic Server/Express EJB Object Removal Denial Of Service Vulnerability
6806| [10184] BEA WebLogic Server and WebLogic Express Illegal URI Pattern Potential Bypass Vulnerability
6807| [10144] Microsoft Outlook/Outlook Express Remote Denial Of Service Vulnerability
6808| [10132] BEA WebLogic Server and WebLogic Express Certificate Chain User Impersonation Vulnerability
6809| [10131] BEA WebLogic Server/Express Potential Password Disclosure Weakness
6810| [10106] Ipswitch IMail Express Web Messaging Buffer Overrun Vulnerability
6811| [10098] Microsoft Outlook Express Malformed EML File Denial of Service Vulnerability
6812| [9709] Multiple Outlook/Outlook Express Predictable File Location Weaknesses
6813| [9673] Microsoft Outlook Express Arbitrary Program Execution Vulnerability
6814| [9506] WebLogic Server and Express HTTP TRACE Credential Theft Vulnerability
6815| [9503] BEA WebLogic Server/Express Potential Administrator Password Disclosure Weakness
6816| [9502] BEA WebLogic Server and Express SSL Client Privilege Escalation Vulnerability
6817| [9107] Microsoft Outlook Express MHTML Redirection Local File Parsing Vulnerability
6818| [9105] Microsoft Outlook Express MHTML Forced File Execution Vulnerability
6819| [9034] Multiple BEA WebLogic Server/Express Denial of Service and Information Disclosure Vulnerabilities
6820| [8760] SquirrelMail CSS JavaScript Expression MSIE Script Code Injection Vulnerability
6821| [8399] Horde Application Framework Account Hijacking Vulnerability
6822| [8320] BEA WebLogic Server and WebLogic Express User Impersonation Vulnerability
6823| [8281] Microsoft Outlook Express Script Execution Weakness
6824| [8143] Multiple BEA WebLogic Server/Express Vulnerabilities
6825| [8056] Zope Error-Handling Framework Cross-Site Scripting Vulnerability
6826| [7612] Sun Java Media Framework Unspecified Denial of Service Vulnerability
6827| [6959] Netscape JavaScript Regular Expression Denial Of Service Vulnerability
6828| [6923] Microsoft Outlook and Outlook Express Arbitrary Program Execution Vulnerability
6829| [6717] BEA Systems WebLogic Server and Express Session Sharing Vulnerability
6830| [5971] BEA WebLogic Server/Express/Integration Application Migration Security Policy Weakness
6831| [5944] Microsoft Outlook Express S/MIME Buffer Overflow Vulnerability
6832| [5846] BEA WebLogic Server and Express Inadvertent Security Removal Weakness
6833| [5819] BEA WebLogic Server and Express HTTP Response Information Disclosure Vulnerability
6834| [5682] Alleged Outlook Express Link Denial of Service Vulnerability
6835| [5473] Microsoft Outlook Express MHTML URL Handler File Rendering Vulnerability
6836| [5350] Microsoft Outlook Express XML File Attachment Script Execution Vulnerability
6837| [5277] Microsoft Outlook Express Spoofable File Extensions Vulnerability
6838| [5274] Microsoft Outlook Express SMTP Over TLS Information Disclosure Vulnerability
6839| [5235] IBM Tivoli Management Framework Endpoint Buffer Overflow Vulnerability
6840| [5233] IBM Tivoli Management Framework ManagedNode Buffer Overrun Vulnerability
6841| [5224] Pingtel Expressa Arbitrary Application Installation Vulnerability
6842| [5223] Pingtel Expressa Arbitrary Firmware Upgrade Vulnerability
6843| [5221] Pingtel Expressa Admin Account Login Session Timeout Vulnerability
6844| [5220] Pingtel Expressa Web Server Cross-Site Scripting Vulnerability
6845| [5214] Pingtel Expressa Default Blank Administrator Password Vulnerability
6846| [5159] BEA Systems WebLogic Server and Express Race Condition Denial of Service Vulnerability
6847| [4734] BEA WebLogic Server and Express File Disclosure Vulnerability
6848| [4733] BEA Systems WebLogic Server and Express Password Disclosure Vulnerability
6849| [4653] Microsoft Internet Explorer/Outlook Express XBM Handling DoS Vulnerability
6850| [4646] BEA Systems WebLogic Server and Express Null Character DOS Device Denial of Service Vulnerability
6851| [4645] BEA Systems WebLogic Server and Express URL Parsing Source Code Disclosure Vulnerability
6852| [4643] BEA Systems WebLogic Server and Express URL Parsing Path Disclosure Vulnerability
6853| [4584] Microsoft Outlook Express DOS Device Denial of Service Vulnerability
6854| [4191] Cisco IOS Cisco Express Forwarding Session Information Leakage Vulnerability
6855| [4092] Outlook Express Attachment Carriage Return/Linefeed Encapsulation Filtering Bypass Vulnerability
6856| [4029] eshare Expressions Directory Traversal Vulnerability
6857| [3611] Microsoft Outlook Express for Macintosh Buffer Overflow Vulnerability
6858| [3334] Microsoft Outlook Express 6 Plain Text Message Script Execution Vulnerability
6859| [3271] Outlook Express 6 Attachment Security Bypass Vulnerability
6860| [2823] Microsoft Outlook Express Address Book Spoofing Vulnerability
6861| [1647] Intel Express Switch 500 Series Malformed ICMP Packet DoS Vulnerability
6862| [1609] Intel Express Switch 500 series DoS
6863| [1502] Microsoft Outlook Express Persistent Mail-Browser Link Vulnerability
6864| [1501] Microsoft Outlook / Outlook Express Cache Bypass Vulnerability
6865| [1481] Microsoft Outlook / Outlook Express GMT Field Buffer Overflow Vulnerability
6866| [1394] Microsoft Internet Explorer and Outlook/Outlook Express Remote File Write Vulnerability
6867| [1378] BEA Systems WebLogic Server and Express Source Code Disclosure Vulnerability
6868| [1228] Intel Express 8100 ISDN Router Fragmented ICMP Vulnerability
6869| [1195] Microsoft Outlook 98 / Outlook Express 4.x Long Filename Vulnerability
6870| [962] MS Outlook Express 5 Javascript Email Access Vulnerability
6871| [883] Microsoft Outlook Express for MacOS HTML Attachment Automatic Download Vulnerability
6872| [800] Microsoft Outlook Express For Mac Download Vulnerability
6873| [749] Celtech ExpressFS USER Buffer Overflow Vulnerability
6874| [533] Microsoft Outlook Express for MacOS Change Current User Vulnerability
6875| [252] Outlook Express POP Denial of Service Vulnerability
6876|
6877| IBM X-Force - https://exchange.xforce.ibmcloud.com:
6878| [69688] Spring Framework expression information disclosure
6879| [86322] Restlet Framework XML deserialization code execution
6880| [86122] Multiple Cisco content network and video delivery products framework command execution
6881| [86121] Cisco Wide Area Application Services framework code execution
6882| [85756] Apache Struts OGNL expression command execution
6883| [85690] Oracle Solaris Kernel/STREAMS framework denial of service
6884| [85677] Oracle Agile PLM Framework Security information disclosure
6885| [85676] Oracle Agile Product Framework Folders & Files Attachment information disclosure
6886| [85675] Oracle Agile Collaboration Framework Manufacturing/Mfg Parts unspecified
6887| [85674] Oracle Agile PLM Framework Web Client (CS) unspecified
6888| [85666] Oracle Enterprise Manager Grid Control User Interface Framework unspecified
6889| [85635] BMC Service Desk Express multiple cross-site scripting
6890| [85634] BMC Service Desk Express multiple SQL injection
6891| [85242] Microsoft .NET Framework and Microsoft Silverlight privilege escalation
6892| [85241] Microsoft .NET Framework and Microsoft Silverlight code execution
6893| [85240] Microsoft .NET Framework and Microsoft Silverlight code execution
6894| [85239] Microsoft .NET Framework and Microsoft Silverlight privilege escalation
6895| [85238] Microsoft .NET Framework and Microsoft Silverlight privilege escalation
6896| [85237] Microsoft .NET Framework and Microsoft Silverlight code execution
6897| [84725] Horde Application Framework unspecified cross-site scripting
6898| [83879] Microsoft .NET Framework security bypass
6899| [83878] Microsoft .NET Framework spoofing
6900| [83685] Cisco Unified Contact Center Express information disclosure
6901| [83488] Oracle Siebel CRM Siebel UI Framework information disclosure
6902| [83484] Oracle Siebel CRM Siebel UI Framework information disclosure
6903| [83483] Oracle Siebel CRM Siebel UI Framework unspecified
6904| [83442] Oracle Database Application Express unspecified
6905| [83401] Hero Framework login and forgot_password pages cross-site scripting
6906| [82894] Zend Framework Zend\Db SQL injection
6907| [82893] Zend Framework Zend\Validate\Csrf component information disclosure
6908| [82892] Zend Framework Zend\Mvc data manipulation
6909| [82216] Fluid Extbase Development Framework extension for TYPO3 unserialize() code execution
6910| [82215] Fluid Extbase Development Framework extension for TYPO3 unspecified command execution
6911| [82103] Zend Framework SimpleXMLElement classes information disclosure
6912| [82102] Zend Framework circular references denial of service
6913| [81806] Cisco Unity Express unspecified cross-site request forgery
6914| [81805] Cisco Unity Express unspecified cross-site scripting
6915| [81751] Vaadin Framework Map parameter cross-site scripting
6916| [81667] Microsoft .NET Framework WinForms privilege escalation
6917| [81587] Kohana Framework Filebrowser.php directory traversal
6918| [81300] Oracle Siebel CRM Siebel UI Framework information disclosure
6919| [81277] Oracle Agile PLM Framework Security information disclosure
6920| [81276] Oracle E-Business Applications Framework unspecified
6921| [81273] Oracle E-Business Applications Framework unspecified
6922| [81268] Oracle E-Business Applications Framework security bypass
6923| [81267] Oracle Enterprise Manager User Interface Framework unspecified
6924| [81264] Oracle Enterprise Manager Policy Framework unspecified
6925| [80871] Microsoft .NET Framework permission privilege escalation
6926| [80870] Microsoft .NET Framework S.D.S.P. privilege escalation
6927| [80869] Microsoft .NET Framework Windows Forms privilege escalation
6928| [80868] Microsoft .NET Framework information disclosure
6929| [80866] Microsoft .NET Framework OData denial of service
6930| [80797] Hero Framework unspecified cross-site request forgery
6931| [80796] Hero Framework login and search pages cross-site scripting
6932| [80718] Zend Framework Zend_Feed information disclosure
6933| [80605] Smartphone Pentest Framework command execution
6934| [80315] Smartphone Pentest Framework btinstall privilege escalation
6935| [80314] Smartphone Pentest Framework config information disclosure
6936| [80313] Smartphone Pentest Framework guessPassword.pl cross-site request forgery
6937| [80312] Smartphone Pentest Framework multiple SQL injections
6938| [80311] Smartphone Pentest Framework frameworkgui command execution
6939| [80277] JRuby expression engine cross-site scripting
6940| [80266] Prado PHP Framework functional_tests.php directory traversal
6941| [80265] Yii Framework search form SQL injection
6942| [79956] PayPal Express module in osCommerce SSL spoofing
6943| [79735] IBM WebSphere Commerce Web Services framework denial of service
6944| [79692] Microsoft .NET Framework reflection privilege escalation
6945| [79691] Microsoft .NET Framework Web proxy code execution
6946| [79690] Microsoft .NET Framework DLL code execution
6947| [79689] Microsoft .NET Framework output information disclosure
6948| [79688] Microsoft .NET Framework reflection privilege escalation
6949| [79346] Oracle Siebel UI Framework Siebel Documentation information disclosure
6950| [79345] Oracle Siebel UI Framework Portal Framework information disclosure
6951| [79332] Oracle Agile PLM Framework ROLESPRV information disclosure
6952| [79331] Oracle Agile PLM Framework ATTACH information disclosure
6953| [79330] Oracle Agile PLM Framework Web Client (CS) unspecified
6954| [79326] Oracle E-Business Applications Framework information disclosure
6955| [79202] vOlk-Botnet Framework multiple cross-site scripting
6956| [79200] vOlk Botnet Framework pag and pais parameter SQL injection
6957| [78761] Zend Framework multiple scripts cross-site scripting
6958| [78379] IBM Rational Automation Framework Environment Wizard security bypass
6959| [78056] Express Burn .ebp file buffer overflow
6960| [77877] FishEye and Crucible third-party frameworks security bypass
6961| [77789] Niagara Framework information disclosure
6962| [77294] IBM WebSphere Commerce REST services framework security bypass
6963| [77149] Tridium Niagara AX Framework security bypass
6964| [77039] Oracle Siebel CRM UI Framework information disclosure
6965| [77038] Oracle Siebel CRM UI Framework information disclosure
6966| [77037] Oracle Siebel CRM UI Framework unspecified
6967| [77036] Oracle Siebel CRM UI Framework denial of service
6968| [77035] Oracle Siebel CRM UI Framework denial of service
6969| [77034] Oracle Siebel CRM Portal Framework unspecified
6970| [76992] Oracle Application Express APEX Listener information disclosure
6971| [76969] Metasploit Framework pcap_log privilege escalation
6972| [76947] Niagara Framework URL directory traversal
6973| [76743] Microsoft .NET Framework tilde denial of service
6974| [76533] Zend Framework Zend_XmlRpc class information disclosure
6975| [75941] Microsoft .NET Framework function code execution
6976| [75935] Restlet Framework XML entities unspecified
6977| [75865] Yellow Duck Framework index.php information disclosure
6978| [75674] WEB MART Internet Explorer CSS expressions cross-site scripting
6979| [75542] Travelon Express multiple file upload
6980| [75541] Travelon Express holiday_add.php and holiday_view.php cross-site scripting
6981| [75540] Travelon Express multiple scripts SQL injection
6982| [75493] Apple Mac OS X Security framework integer overflow
6983| [75487] Apple Mac OS X LoginUIFramework security bypass
6984| [75437] Node.js HTTP parser information disclosure
6985| [75339] Cisco Unified Contact Center Express network traffic denial of service
6986| [75134] Microsoft .NET Framework index denial of service
6987| [75133] Microsoft .NET Framework buffer code execution
6988| [75098] Microsoft .NET Framework EncoderParameter buffer overflow
6989| [74942] Oracle Database Application Express unspecified
6990| [74909] JA T3-Framework component for Joomla! index.php directory traversal
6991| [74527] TYPO3 Extbase framework unserialize() code execution
6992| [74377] Microsoft .NET Framework parameter code execution
6993| [74376] Microsoft .NET Framework input code execution
6994| [74375] Microsoft .NET Framework serialization code execution
6995| [73948] HP Data Protector Express code execution
6996| [73947] HP Data Protector Express code execution
6997| [73946] HP Data Protector Express code execution
6998| [73945] HP Data Protector Express code execution
6999| [73905] Jam Trax Express DLL code execution
7000| [73535] Microsoft Expression Design code execution
7001| [73034] IBM Tivoli Provisioning Manager Express for Software Distribution multiple SQL injection
7002| [73033] IBM Tivoli Provisioning Manager Express for Software Distribution ActiveX control (Isig.isigCtl.1) buffer overflow
7003| [72878] FishEye and Crucible Webwork 2 framework code injection
7004| [72848] Microsoft .NET Framework buffer overflow
7005| [72847] Microsoft .NET Framework and Microsoft Silverlight unmanaged objects code execution
7006| [72395] ExpressView Browser Plug-in SID file code execution
7007| [72394] ExpressView Browser Plug-in npexview.dll buffer overflow
7008| [71808] Microsoft .NET Framework SaveAs() security bypass
7009| [71711] Apache Struts OGNL expression code execution
7010| [71587] Hero Framework events script cross-site scripting
7011| [71577] CodeIgniter and ExpressionEngine xss_clean() cross-site scripting
7012| [71026] IBM TS3100 and TS3200 Tape Library Express Web management console authentication bypass
7013| [70976] Novell XTier Framework HTTP Header integer overflow
7014| [70799] Oracle Database Server Application Express APEX developer user unspecified
7015| [70795] Oracle E-Business Suite Oracle Applications Framework REST Services unspecified
7016| [70309] Zend Framework in Zend Server CE Validate.php path disclosure
7017| [70136] Mozilla Firefox, Thunderbird, and SeaMonkey YARR regular expression library denial of service
7018| [69687] Spring Framework and Spring Security object security bypass
7019| [69644] Zikula Application Framework index.php cross-site scripting
7020| [69496] Microsoft Excel expression code execution
7021| [68828] Microsoft .NET Framework socket information disclosure
7022| [68732] JBoss Seam Expression Language code execution
7023| [68212] Apple Mac OS X CoreFoundation framework buffer overflow
7024| [67959] Horde_Auth Framework composite authentication driver security bypass
7025| [67896] Google Chrome extension framework code execution
7026| [67858] IBM Tivoli Management Framework Tivoli Endpoint code execution
7027| [67752] Microsoft .NET Framework and Microsoft Silverlight XAML code execution
7028| [67539] Zend Framework MySQL PDO security bypass
7029| [67523] Cisco Unified Operations Manager Common Services Framework Help Servlet cross-site scripting
7030| [67411] Microsoft .NET Framework JIT compiler code execution
7031| [67360] Kay Framework Attribute Exchange (AX) security bypass
7032| [67269] Horde Application Framework Sql.php security bypass
7033| [67268] Horde Application Framework xss.php cross-site scripting
7034| [66951] Oracle Solaris Express TCP/IP unspecified
7035| [66949] Oracle Solaris Express LOFS unspecified
7036| [66944] Oracle Solaris Express Kernel/SPARC unspecified
7037| [66936] Oracle Solaris Express Kernel unspecified
7038| [66933] Oracle Solaris Express Kernel unspecified
7039| [66932] Oracle Solaris Express Kernel unspecified
7040| [66088] Zend Framework view script cross-site scripting
7041| [66010] Linux SCSI target framework (tgt) iscsi_rx_handler() denial of service
7042| [65171] Qcodo Development Framework unspecified path disclosure
7043| [64908] Microsoft .NET Framework JIT code execution
7044| [64815] Sun Java System Communications Express Web Mail unauthorized access
7045| [64729] SmoothWall Express reboot cross-site request forgery
7046| [64728] SmoothWall Express ipinfo.cgi cross-site scripting
7047| [64681] Cisco IOS CallManager Express denial of service
7048| [64562] Macro Express MXE buffer overflow
7049| [64311] Dassault Systemes ENOVIA emxFramework.FilterParameterPattern cross-site scripting
7050| [62493] Backbone Technology Expression section_copy_id parameter cross-site scripting
7051| [62265] MySQL expression values denial of service
7052| [62146] Microsoft .NET Framework JIT compiler code execution
7053| [62100] Horde Application Framework icon_browser.php cross-site request forgery
7054| [62099] Horde Application Framework icon_browser.php cross-site scripting
7055| [61869] OTRS regular expression denial of service
7056| [61711] HP Data Protector Express and HP Data Protector Express Single Server Edition DtbClsLogin buffer overflow
7057| [61710] HP Data Protector Express and HP Data Protector Express Single Server Edition PrvRecvRqu() denial of service
7058| [61625] Horde Application Framework subdir cross-site scripting
7059| [61470] Seagull PHP Framework multiple file include
7060| [61469] Seagull PHP Framework index.php SQL injection
7061| [61038] Play! Framework public directory traversal
7062| [60794] JBoss Seam expressions code execution
7063| [60766] Apple Safari regular expressions code execution
7064| [60735] Microsoft .NET Framework CLR code execution
7065| [60366] Diem Content Management Framework article_form_filter[name][text] parameter cross-site scripting
7066| [60364] Diem Content Management Framework value parameter cross-site scripting
7067| [60363] Diem Content Management Framework text parameter cross-site scripting
7068| [60319] Oracle E-Business Suite Oracle Applications Framework component unspecified
7069| [60316] Oracle E-Business Suite Oracle Applications Framework component unspecified
7070| [60314] Oracle E-Business Suite Oracle Applications Framework component unspecified
7071| [60298] Oracle Database Server Application Express component unspecified
7072| [60159] Open Text ECM Expression Builder cross-site scripting
7073| [59573] Spring Framework WebappClassLoader code execution
7074| [59415] ardeaCore PHP Framework ardeaInit.php file include
7075| [59277] Cisco Unified Contact Center Express bootstrap directory traversal
7076| [59276] Cisco Unified Contact Center Express CTI denial of service
7077| [59069] Microsoft Internet Explorer CSS expression denial of service
7078| [58334] Zikula Application Framework index.php cross-site request forgery
7079| [58224] Zikula Application Framework index.php cross-site scripting
7080| [58172] Microsoft Outlook Express and Windows Mail client integer overflow
7081| [58045] Perl regular expression engine integer overflow
7082| [57987] Sun Java System Communications Express subject cross-site request forgery
7083| [57749] Oracle Sun Product Suite Sun Java System Communications Express unspecified
7084| [57496] Linux SCSI Target Framework isns.c format string
7085| [57402] ViewVC regular expression search cross-site scripting
7086| [57054] Trouble Ticket Express ttx.cgi directory traversal
7087| [56989] ContentExpress module for PHP-Nuke index.php SQL injection
7088| [56884] Trouble Ticket Express ttx.cgi code execution
7089| [56883] Trouble Ticket Express ttx.cgi directory traversal
7090| [56549] Hitachi Cosminexus products Portal Framework cross-site scripting
7091| [56401] IBM Cognos Express Tomcat default password
7092| [56086] IBM Cognos Express Tomcat Manager default password
7093| [55782] SAP BusinessObjects framework cross-site scripting
7094| [55656] Zend Framework Zend_Json_Encoder cross-site scripting
7095| [55655] Zend Framework Zend_Json_Encoder cross-site scripting
7096| [55654] Zend Framework Zend_Service_ReCaptcha_MailHide cross-site scripting
7097| [55653] Zend Framework Zend_File_Transfer weak security
7098| [55646] Zend Framework Zend_Filter_StripTags cross-site scripting
7099| [55644] Zend Framework Zend_Dojo_View_Helper_Editor cross-site scripting
7100| [55643] Zend Framework multiple components cross-site scripting
7101| [55592] Oracle Database Application Express Application Builder information disclosure
7102| [55558] Calendar Express search.php cross-site scripting
7103| [55312] My Book express.php path disclosure
7104| [55187] Zend Framework Zend_Log_Writer_Mail weak security
7105| [55083] Calendar Express year.php SQL injection
7106| [53939] Perl UTF-8 expressions denial of service
7107| [53861] Oracle E-Business Suite Applications Framework component unspecified
7108| [53842] Oracle Database Application Express component unspecified
7109| [53669] Symantec SecurityExpressions Audit and Compliance Server error response cross-site scripting
7110| [53668] Symantec SecurityExpressions Audit and Compliance Server console cross-site scripting
7111| [53652] Prototype JavaScript framework (prototypejs) AJAX unspecified
7112| [53529] Microsoft Windows GDI+ .NET Framework API code execution
7113| [53448] Cisco IOS Communications Manager Express (CME) extension buffer overflow
7114| [53202] Horde Application Framework form library file overwrite
7115| [53179] Altirix eXpress NS SC Download ActiveX control code execution
7116| [53106] obophix FrameWork fonctions_racine.php file include
7117| [52784] Simple CMS FrameWork index.php SQL injection
7118| [52780] Microsoft .NET Framework CLR code execution
7119| [52254] PHP Fuzzer Framework output file code execution
7120| [52113] ASP.NET Framework component of Microsoft Windows HTTP denial of service
7121| [51890] Credit Card Number Pattern Found (American Express)
7122| [51765] Oracle E-Business Suite Applications Framework component unspecified
7123| [51731] Cisco Unified Contact Center Express (Cisco Unified CCX) server administration interface directory traversal
7124| [51730] Cisco Unified Contact Center Express (Cisco Unified CCX) server administrative interface cross-site scripting
7125| [51306] Zend Framework Zend_View::render() directory traversal
7126| [51250] WebNMS Framework report/ReportViewAction.do cross-site scripting
7127| [50965] IBM FileNet Content Manager Web Services Extensible Authentication Framework (WSEAF) security bypass
7128| [50689] Novell GroupWise WebAccess style expressions cross-site scripting
7129| [50658] Sun Java System Communications Express search.html and UWCMain cross-site scripting
7130| [50114] Scorpio Framework baseAdminSite security bypass
7131| [50083] Spring Framework data denial of service
7132| [50043] Oracle E-Business Suite Applications Framework unspecified system integrity
7133| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
7134| [49359] ExpressionEngine avatar cross-site scripting
7135| [49287] Sun Java System Messenger Express error cross-site scripting
7136| [49197] Sun Java System Communications Express message cross-site scripting
7137| [49188] IBM Tivoli Storage Manager Express adsmdll.dll buffer overflow
7138| [48517] htmLawed CSS expressions cross-site scripting
7139| [48294] Microsoft .NET Framework Type check code execution
7140| [48293] Microsoft .NET Framework CAS verification code execution
7141| [47992] Oracle E-Business Suite Applications Framework About Us Page information disclosure
7142| [47277] Microsoft Internet Explorer CSS expression property XSS filter bypass
7143| [47144] Product Sale Framework customer.forumtopic.php SQL injection
7144| [46695] Microsoft .NET Framework SN weak security
7145| [46499] IBM Metrica Service Assurance Framework ReportRequest cross-site scripting
7146| [46495] IBM Metrica Service Assurance Framework ReportTree and Launch cross-site scripting
7147| [46186] Extrakt Framework index.php cross-site scripting
7148| [45962] Midgard Components Framework multiple unspecified vulnerabilities
7149| [45907] Oracle Database Application Express component privilege escalation
7150| [45897] Oracle E-Business Suite Applications Framework component unspecified
7151| [45764] DFFFrameworkAPI DFF_config[dir_include] file include
7152| [44737] Red Hat Directory Server Directory Server Administration Express and Directory Server Gateway cross-site scripting
7153| [44281] BEA WebLogic Server and WebLogic Express LDAP denial of service
7154| [43778] Firebird expression denial of service
7155| [43411] Seagull PHP Framework config.php file upload
7156| [42774] Kaya CGI framework header injection
7157| [42679] Microsoft Outlook Express MHTML information disclosure
7158| [42332] Red Hat Directory Server and Fedora Directory Server regular expression buffer overflow
7159| [42054] Oracle E-Business Suite Applications Framework component unspecified information disclosure
7160| [42041] Oracle Application Express unspecified unauthorized access
7161| [41988] Oracle Application Express privilege escalation
7162| [41714] WoltLab Burning Board WoltLab Community Framework page and form parameters cross-site scripting
7163| [41713] WoltLab Burning Board WoltLab Community Framework exception handling information disclosure
7164| [41632] Multiple Cisco Devices Disaster Recovery Framework (DRF) command execution
7165| [41597] McAfee Common Management Agent FrameworkService.exe denial of service
7166| [41321] Apple Safari WebKit JavaScript regular expressions buffer overflow
7167| [41178] McAfee ePolicy Orchestrator Framework Service format string
7168| [40992] WebKit regular expression code execution
7169| [40772] Sun Solaris DTrace dynamic tracing framework information disclosure
7170| [40707] BEA WebLogic Server and WebLogic Express WSDL information disclosure
7171| [40702] BEA WebLogic and WebLogic Express servlet unauthorized access
7172| [40700] BEA WebLogic Server and WebLogic Express JMS messages security bypass
7173| [40697] BEA WebLogic Server and WebLogic Express login page session hijacking
7174| [40696] BEA WebLogic Server and WebLogic Express administration console cross-site scripting
7175| [40695] BEA WebLogic Server and WebLogic Express account lockout security bypass
7176| [40694] BEA WebLogic Server and WebLogic Express HttpClusterServlet and HttpProxyServlet privilege escalation
7177| [40692] BEA WebLogic Server and WebLogic Express proxy plugin denial of service
7178| [39663] ExpressionEngine index.php CRLF header injection
7179| [39604] IBM Tivoli Storage Manager (TSM) Express server buffer overflow
7180| [39498] PostgreSQL complex regular expressions denial of service
7181| [39497] PostgreSQL regular expressions denial of service
7182| [39442] ExpressionEngine index.php cross-site scripting
7183| [39084] PHPSecurityFramework multiple SQL injection
7184| [39083] PHPSecurityFramework base.inc.php remote file include
7185| [38999] aurora framework db_mysql.lib SQL injection
7186| [38866] IBM Tivoli Provisioning Manager Express username information disclosure
7187| [38864] IBM Tivoli Provisioning Manager Express multiple cross-site scripting
7188| [38713] Microsoft Internet Explorer ActiveX setExpression code execution
7189| [38582] PCRE regular expressions UTF-8 denial of service
7190| [38581] PCRE malformed regular expression multiple integer overflows
7191| [38426] PCRE malformed regular expression multiple integer overflows
7192| [38324] Microsoft Outlook and Outlook Express URI handling command execution
7193| [38274] PCRE non-UTF-8 regular expressions denial of service
7194| [38272] PCRE \Q\E regular expressions code execution
7195| [38270] Perl Unicode regular expressions buffer overflow
7196| [37396] php basic basicFramework id SQL injection
7197| [37395] php basic basicFramework includes file include
7198| [37044] Microsoft Expression Media password information disclosure
7199| [36811] Microsoft Outlook Express and Windows Mail NNTP response code execution
7200| [36472] Broderbund Expressit 3DGreetings Player ActiveX control buffer overflow
7201| [36321] BEA Weblogic Server and WebLogic Express headers denial of service
7202| [36319] BEA Weblogic Server and WebLogic Express unspecified denial of service
7203| [36307] Quiksoft EasyMail Objects ActiveX SubmitToExpress buffer overflow
7204| [35596] epesi framework upload feature file upload
7205| [35519] PHPIDS arithmetic expression and unclosed comment cross-site scripting
7206| [35499] Oracle Application Express CHECK_DB_PASSWORD SQL injection
7207| [35107] SAP Internet Communication Framework multiple cross-site scripting
7208| [34755] Microsoft Internet Explorer Outlook Express Address Book object denial of service
7209| [34639] Microsoft .NET Framework JIT Compiler service buffer overflow
7210| [34638] Microsoft .NET Framework NULL byte termination information disclosure
7211| [34637] Microsoft .NET Framework PE Loader service buffer overflow
7212| [34365] BEA Weblogic Server and WebLogic Express unspecified cross-site scripting
7213| [34291] BEA Weblogic Server and WebLogic Express LDAP brute force
7214| [34289] BEA WebLogic Server and WebLogic Express Administration Console insecure permissions
7215| [34288] BEA Weblogic Server and WebLogic Express configToScript information disclosure
7216| [34286] BEA WebLogic Server and WebLogic Express configuration information disclosure
7217| [34282] BEA WebLogic Server and WebLogic Express HttpProxyServlet and HttpClusterServlet unauthorized access
7218| [34278] BEA WebLogic Server and WebLogic Express SSL port denial of service
7219| [34275] phpTodo multiple .php scripts regular expressions security bypass
7220| [33800] Apple Mac OS X VideoConference framework buffer overflow
7221| [33013] Horde Application Framework login.php cross-site scripting
7222| [32005] Cadre PHP Web Framework class.Quick_Config_Browser.php file include
7223| [31895] PhP Generic Library and Framework membreManager.php file include
7224| [31837] Apple Mac OS X CFNetwork framework denial of service
7225| [31671] Yana Framework Guestbook unspecified security bypass
7226| [31603] BEA WebLogic Server and WebLogic Express proxy plug-in for Netscape Enterprise Server denial of service
7227| [31596] BEA WebLogic Server, WebLogic Express, WebLogic Platform, and BEA JRockit return address buffer overflow
7228| [31588] BEA WebLogic Server and WebLogic Express on Solaris 9 socket denial of service
7229| [31586] BEA WebLogic Server and WebLogic Express malformed header denial of service
7230| [31585] BEA WebLogic Server and WebLogic Express HTTP request information disclosure
7231| [31579] BEA WebLogic Server and WebLogic Express EJB security bypass
7232| [31578] BEA WebLogic Server and WebLogic Express EJB privilege escalation
7233| [31577] BEA WebLogic Server and WebLogic Express WSEE runtime security bypass
7234| [31576] BEA WebLogic Server and WebLogic Express jar update privilege escalation
7235| [31574] BEA WebLogic Server and WebLogic Express web.xml denial of service
7236| [31571] BEA WebLogic Server and WebLogic Express config.xml weak security
7237| [31569] BEA WebLogic Server and WebLogic Express .ear information disclosure
7238| [31563] BEA WebLogic Server and WebLogic Express WS-Security man-in-the-middle
7239| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
7240| [31035] OpenSER parse_expression buffer overflow
7241| [30770] Publicera Php5 Framework InputFilter::getString() function cross-site scripting
7242| [30769] Publicera Php5 Framework database classes SQL injection
7243| [30632] Apple Mac OS X Security Framework X.509 public key denial of service
7244| [30630] Apple Mac OS X Security Framework Secure Transport weak security
7245| [30265] SiteXpress E-commerce System dept.asp SQL injection
7246| [30108] Oracle Application Express WWV_FLOW_ITEM_HELP cross-site scripting
7247| [30107] Oracle Application Express NOTIFICATION_MSG cross-site scripting
7248| [30106] Oracle Application Express WWV_FLOW_UTILITIES SQL injection
7249| [30071] Zend Framework Preview testRedirections.php cross-site scripting
7250| [29929] Sun iPlanet Messaging Server Messenger Express expression cross-site scripting
7251| [29928] Mirapoint Web Mail expression() cross-site scripting
7252| [29860] Microsoft .NET Framework request filtering insecure
7253| [29429] BlueShoes Framework GoogleSearch.php file include
7254| [29227] Microsoft Outlook Express Windows Address Book (WAB) buffer overflow
7255| [28955] Mozilla Firefox, Thunderbird, and SeaMonkey JavaScript expression buffer overflow
7256| [28878] AIM Express detected
7257| [28658] Microsoft ASP.NET Framework HTTP cross-site scripting
7258| [28411] Horde Application Framework and Horde IMP index.php cross-site scripting
7259| [28409] Horde Application Framework and Horde IMP search.php cross-site scripting
7260| [28185] Cisco CallManager Express SIP information disclosure
7261| [27738] McAfee ePolicy Orchestrator EPO Framework service directory traversal
7262| [27599] Microsoft Internet Explorer OutlookExpress.AddressBook ActiveX object denial of service
7263| [27590] Horde Application Framework HTTP GET request tunneling cross-site scripting
7264| [27589] Horde Application Framework dereferrer, help, and problem reporting functions cross-site scripting
7265| [27586] BEA WebLogic Server or BEA WebLogic Express is running
7266| [27168] Horde Application Framework test.php and problem.inc cross-site scripting
7267| [26908] BlueShoes Framework multiple scripts file include
7268| [26802] Microsoft ASP.NET Framework App_Code folder information disclosure
7269| [26225] FileProtection Express authentication bypass
7270| [26165] Cisco Unity Express (CUE) expired account privilege escalation
7271| [26056] Oracle Enterprise Manager Reporting Framework unauthorized access
7272| [25808] Multiple Mozilla products JavaScript regular expression memory corruption
7273| [25535] Microsoft Outlook Express Windows Address Book file buffer overflow
7274| [25516] Horde Application Framework help viewer command execution
7275| [25467] Calendar Express search.php cross-site scripting
7276| [25348] BEA WebLogic Server and Express XML parser denial of service
7277| [25239] Horde Application Framework services/go.php information disclosure
7278| [24302] BEA WebLogic Server and Express SSL identity exposure
7279| [24301] BEA WebLogic Server and Express connection filter denial of service
7280| [24296] ExpressionEngine core.input.php cross-site scripting
7281| [24295] BEA WebLogic Server and Express log file information disclosure
7282| [24294] BEA WebLogic Server and Express Java MBean unauthorized access
7283| [24290] BEA WebLogic Server and Express password information disclosure
7284| [24011] Apple AirPort Express and Extreme network interface denial of service
7285| [23309] KBase Express multiple scripts allow SQL injection
7286| [23205] Horde Application Framework MIME viewer cross-site scripting
7287| [23129] Microsoft Outlook Express news server information disclosure
7288| [23061] Horde Application Framework error message cross-site scripting
7289| [22941] Sun Java Communications Express configuration file information disclosure
7290| [22908] Rockliffe`s MailSite Express AttachPath obtain information
7291| [22907] Rockliffe`s MailSite Express attachment script execution
7292| [22906] Rockliffe`s MailSite Express cookie plaintext password
7293| [22770] MailSite Express allows attached file to be uploaded
7294| [22719] BEA WebLogic Server and Express invalid login brute force
7295| [22718] BEA WebLogic Server and Express servlet relative forwarding denial of service
7296| [22716] BEA WebLogic Server and Express HTTP request smuggling
7297| [22595] BEA WebLogic Server and Express MBean file audits may fail
7298| [22593] BEA WebLogic Server and Express multicast message information disclosure
7299| [22592] BEA WebLogic Server and Express weblogic.Deployer information disclosure
7300| [22591] BEA WebLogic Server and Express allows admin user to be locked out
7301| [22590] BEA WebLogic Server and Express IIOP protocol information disclosure
7302| [22588] BEA WebLogic Server and Express password disclosure
7303| [22586] BEA WebLogic Server and Express system properties disclosure
7304| [22584] BEA WebLogic Server and Express fullyDelegateAuthorization could allow access to servlet
7305| [22582] BEA WebLogic Server and Express Configuration Wizard information disclosure
7306| [22579] BEA WebLogic Server and Express security policy import
7307| [22577] BEA WebLogic Server and Express restriction of servlet allows access to files
7308| [22575] BEA WebLogic Server and Express internal servlet allows unauthorized access
7309| [22574] BEA WebLogic Server and Express privilege escalation
7310| [22573] BEA WebLogic Server and Express passphrase in plain text
7311| [22572] BEA WebLogic Server and Express IP address disclosure
7312| [22571] BEA WebLogic Server and Express audit events allow security bypass
7313| [22569] BEA WebLogic Server and Express Deployer allows elevated privileges
7314| [22568] BEA WebLogic Server and Express connection disclosure
7315| [22567] BEA WebLogic Server and Express SSL password disclosure
7316| [22563] BEA WebLogic Server and Express thread handling denial of service
7317| [22041] BEA WebLogic Server and Express LDAP anonymous bind information disclosure
7318| [21984] BEA WebLogic Server and Express View Error Log cross-site scripting
7319| [21744] Calendar Express allwords parameter cross-site scripting
7320| [21741] PHP Lite Calendar Express multiple scripts SQL injection
7321| [21351] IBM Tivoli Management Framework endpoint denial of service
7322| [20830] Microsoft Outlook Express NNTP Response Parsing buffer overflow
7323| [20802] BEA WebLogic Server and Express login page cross-site scripting
7324| [20793] BEA WebLogic Server and Express Web application allows unauthorized access
7325| [20769] BEA WebLogic Server and Express loop denial of service
7326| [20708] BEA WebLogic Server and Express error page cross-site scripting
7327| [20706] BEA WebLogic Server and Express incorrect cookie parsing
7328| [20704] BEA WebLogic Server and Express identity thread manipulation
7329| [20703] BEA WebLogic Server and Express JDBC pool modification
7330| [20693] Microsoft ASP.NET Framework SQL injection
7331| [20692] Microsoft ASP.NET Framework full path disclosure
7332| [20409] Microsoft ASP.NET Framework ViewState replay
7333| [20408] Microsoft ASP.NET Framework _VIEWSTATE denial of service
7334| [20390] Apple Mac OS X Foundation Framework buffer overflow
7335| [19539] BEA WebLogic Server and Express banner has been enabled
7336| [19373] Microsoft Internet Explorer and Outlook Express status bar spoofing
7337| [19321] BEA Web Logic Server and Express authentication disclosure
7338| [19190] PhxStudent15.ocx ActiveX control can be used to modify Outlook Express accounts
7339| [18865] Apple AirPort Extreme and Express WDS denial of service
7340| [17881] Horde Application Framework help window cross-site scripting
7341| [17737] Express-Web cross-site scripting
7342| [17644] Microsoft ASP.NET Framework bypass security
7343| [17360] BEA WebLogic Server and Express allow access to restricted URLs
7344| [17359] BEA WebLogic Server and Express RMI admin command execute
7345| [17358] BEA WebLogic Server and Express utilities and tasks plaintext password
7346| [17357] BEA WebLogic Server and Express password disclosure
7347| [17356] BEA WebLogic Server and Express HTTP version disclosure
7348| [17354] BEA WebLogic Server and Express errors result in incomplete security
7349| [17352] BEA WebLogic Server and Express Active Directory LDAP fails to remove admin privileges
7350| [17350] BEA WebLogic Server and Express JNDI unbinding objects to obtain information
7351| [17348] BEA WebLogic Server and Express administration port plaintext information
7352| [17278] Hitachi Cosminexus Portal Framework information disclosure
7353| [17098] Microsoft Outlook Express address information disclosure
7354| [16708] Microsoft Outlook Express code execution
7355| [16585] Microsoft Outlook Express malformed email header denial of service
7356| [16534] BEA WebLogic Server and Express bypass asterisk role
7357| [16421] BEA WebLogic Server and Express allows unexpected user identity
7358| [16419] BEA WebLogic Server and Express SSL denial of service
7359| [16168] Microsoft Outlook Express SMTP usernames and passwords disclosure
7360| [16123] BEA WebLogic Server and Express unauthorized access to Web applications
7361| [16121] BEA WebLogic Server and Express bypass server policy
7362| [16102] Microsoft Internet Explorer and Outlook Express A HREF URL spoofing
7363| [15928] BEA WebLogic Server and Express allows EJB object deletion
7364| [15927] BEA WebLogic Server and Express URL pattern syntax information disclosure
7365| [15865] BEA WebLogic Server and Express allows administrator or operator privileges
7366| [15862] BEA WebLogic Server and Express custom trust manager certificate spoofing
7367| [15861] BEA WebLogic Server and Express Authentication provider allows elevated privileges
7368| [15860] BEA WebLogic Server and Express config.xml files stores usernames and passwords in plain text
7369| [15841] Ipswitch IMail Express HTML message buffer overflow
7370| [15809] Microsoft Outlook Express MS04-013 patch is not installed
7371| [15705] Microsoft Outlook Express MHTML URL allows execution of code
7372| [15698] Microsoft Internet Explorer and Outlook Express URL FORM spoofing
7373| [14962] BEA WebLogic Server and Express users with Operator permissions information disclosure
7374| [14961] BEA WebLogic Server and Express config.xml file stores password in plain text
7375| [14959] BEA WebLogic Server and Express HTTP TRACE cross-site scripting
7376| [14957] BEA WebLogic Server and Express managed server password disclosure
7377| [14364] HelpExpress opens advertisements and obtains information
7378| [14142] SIP Express Router REGISTERs denial of service
7379| [13747] BEA WebLogic Server and Express using the T3S protocol allows network monitoring to obtain information
7380| [12947] Horde Application Framework could disclose session ID
7381| [12920] BEA WebLogic Server and Express, WebLogic Integration, and Liquid Data console application cross-site scripting
7382| [12799] BEA WebLogic Server and Express could allow an attacker to gain elevated privileges
7383| [12020] Sun Java Media Framework Java Virtual Machine could allow unauthorized privileges
7384| [11632] MyTaxexpress .ret file could allow an attacker to obtain sensitive information
7385| [10947] monopd messaging framework buffer overflow
7386| [10500] Microsoft Outlook Express fails to delete messages from dbx files
7387| [10454] IBM Web Traffic Express (WTE) HTTP header injection cross-site scripting
7388| [10453] IBM Web Traffic Express (WTE) HTML tag cross-site scripting
7389| [10452] IBM Web Traffic Express (WTE) /cgi-bin/helpout.exe denial of service
7390| [10338] Microsoft Outlook Express S/MIME certificate buffer overflow
7391| [10067] Microsoft Outlook Express "
7392| [10033] Microsoft Outlook Express S/MIME spoofed CA certificate man-in-the-middle attack
7393| [9724] Microsoft Outlook Express could allow the execution of XML files within the Temporary Internet File (TIF) directory
7394| [9643] Microsoft Outlook Express malformed MIME headers could allow file type, size, and icon spoofing
7395| [9556] IBM Tivoli Management Framework TMR ManagedNode buffer overflow
7396| [9555] IBM Tivoli Management Framework TMR Endpoint buffer overflow
7397| [9089] Microsoft Internet Explorer and Outlook Express BGSOUND tag could allow an attacker to obtain sensitive information
7398| [9088] Microsoft Internet Explorer and Outlook Express IFRAME tag could allow attacker to send data to a DOS device
7399| [9087] Microsoft Internet Explorer and Outlook Express BGSOUND DOS device reference could cause a denial of service
7400| [8969] Microsoft Internet Explorer and Outlook Express malformed XBM file denial of service
7401| [8926] Microsoft Outlook Express POP3 message containing two "
7402| [8808] Microsoft Outlook Express allows attacker to create false attachment by changing icon
7403| [8296] Cisco IOS using Cisco Express Forwarding could allow an attacker to obtain sensitive information
7404| [8198] Microsoft Outlook Express <
7405| [8079] eShare Expressions "
7406| [7670] Microsoft Outlook Express allows blocked attachments to be opened when the message is forwarded
7407| [7648] Microsoft Outlook Express for Macintosh long message line buffer overflow
7408| [7118] Microsoft Outlook Express "
7409| [7052] Microsoft Outlook Express 6 file attachment security feature bypass
7410| [6655] Microsoft Outlook and Outlook Express Address Book allows attacker to spoof emails
7411| [5588] BEA WebLogic Server and Express could allow users to bypass authentication
7412| [5490] Intel Express Switch 500 series malformed ICMP packet denial of service
7413| [5175] Microsoft Outlook and Outlook Express vCards buffer overflow
7414| [5154] Intel Express Switch 550F malformed IP header denial of service
7415| [5013] Microsoft Outlook and Outlook Express cache bypass
7416| [4818] Intel Express 8100 ISDN Router remote denial of service
7417| [4446] Microsoft Outlook Express filename overflow could allow attacker to execute files
7418| [3955] Disney`s Go Express search program could expose the user`s privacy
7419| [2685] Microsoft Outlook Express long file name patch not applied
7420| [1740] ColdFusion Expression Evaluator allows remote file manipulation
7421| [1627] Squid regular expression ACLs can be bypassed
7422|
7423| Exploit-DB - https://www.exploit-db.com:
7424| [30983] ExpressionEngine 1.2.1 HTTP Response Splitting and Cross Site Scripting Vulnerabilities
7425| [30893] PHP Security Framework Multiple Input Validation Vulnerabilities
7426| [30877] Roundcube Webmail 0.1 CSS Expression Input Validation Vulnerability
7427| [30707] Phpbasic basicFramework 1.0 Includes.PHP Remote File Include Vulnerability
7428| [30281] Microsoft .Net Framework <= 2.0 - Multiple Null Byte Injection Vulnerabilities
7429| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
7430| [29921] Zend-Framework - Full Info Disclosure
7431| [29746] Horde Framework and IMP 2.x/3.x Cleanup Cron Script Arbitrary File Deletion Vulnerability
7432| [29745] Horde Framework <= 3.1.3 Login.PHP Cross-Site Scripting Vulnerability
7433| [29606] Calendar Express Search.PHP Cross-Site Scripting Vulnerability
7434| [29010] SiteXpress E-Commerce System Dept.ASP SQL Injection Vulnerability
7435| [29007] Apple Safari 2.0.4 JavaScript Regular Expression Match Remote Denial of Service Vulnerability
7436| [28891] Mirapoint Web Mail Expression() HTML Injection Vulnerability
7437| [28890] iPlanet Messaging Server Messenger Express Expression() HTML Injection Vulnerability
7438| [28887] Sun Java System 6.x Messenger Express Cross-Site Scripting Vulnerability
7439| [28781] BlueShoes Framework 4.6 GoogleSearch.PHP Remote File Include Vulnerability
7440| [28144] Microsoft Internet Explorer 6.0 OutlookExpress.AddressBook Denial of Service Vulnerability
7441| [28008] Adaptive Website Framework 1.11 Remote File Include Vulnerability
7442| [27990] Calendar Express 2.2 Month.PHP SQL Injection Vulnerability
7443| [27745] Outlook Express 5.5/6.0,Windows Mail MHTML URI Handler Information Disclosure Vulnerability
7444| [27476] Microsoft .NET Framework SDK 1.0/1.1 MSIL Tools Buffer Overflow Vulnerabilities
7445| [27127] PMachine ExpressionEngine 1.4.1 HTTP Referrer HTML Injection Vulnerability
7446| [26806] BMC Service Desk Express 10.2.1.95 - Multiple Vulnerabilities
7447| [26654] KBase Express 1.0 - Multiple SQL Injection Vulnerabilities
7448| [26115] Calendar Express 2.2 Search.PHP Cross-Site Scripting Vulnerability
7449| [26114] PHP Lite Calendar Express 2.2 subscribe.php cid Parameter SQL Injection
7450| [26113] PHP Lite Calendar Express 2.2 auth.php cid Parameter SQL Injection
7451| [26112] PHP Lite Calendar Express 2.2 login.php cid Parameter SQL Injection
7452| [25784] Microsoft Outlook Express 4.x/5.x/6.0 Attachment Processing File Extension Obfuscation Vulnerability
7453| [25546] BEA WebLogic Server 8.1 And WebLogic Express Administration Console Cross-Site Scripting Vulnerability
7454| [24687] Microsoft Outlook Express 4.x/5.x/6.0 Plaintext Email Security Policy Bypass Vulnerability
7455| [24449] Cisco Unity Express Multiple Vulnerabilities
7456| [24436] Kohana Framework 2.3.3 - Directory Traversal Vulnerability
7457| [24158] Oracle Application Framework Diagnostic Mode Bypass Vulnerability
7458| [24118] Microsoft Outlook Express 6.0 URI Obfuscation Vulnerability
7459| [24002] Microsoft Outlook Express 6.0 - Remote Denial of Service Vulnerability
7460| [23401] Microsoft Outlook Express 6.0 MHTML Forced File Execution Vulnerability (2)
7461| [23400] Microsoft Outlook Express 6.0 MHTML Forced File Execution Vulnerability (1)
7462| [22959] Microsoft Outlook Express 5/6 Script Execution Weakness
7463| [22937] PRADO PHP Framework 3.2.0 Arbitrary File Read Vulnerability
7464| [22877] Yii Framework 1.1.8 Search SQL Injection Vulnerability
7465| [22287] Netscape 7.0 JavaScript Regular Expression Denial of Service Vulnerability
7466| [22280] Microsoft Outlook2000/Express 6.0 Arbitrary Program Execution Vulnerability
7467| [21932] Microsoft Outlook Express 5.5/6.0 S/MIME Buffer Overflow Vulnerability
7468| [21891] vOlk Botnet Framework 4.0 - Multiple Vulnerabilities
7469| [21789] Alleged Outlook Express 5/6 Link Denial of Service Vulnerability
7470| [21711] Microsoft Outlook Express 5/6 MHTML URL Handler File Rendering Vulnerability
7471| [21662] Microsoft Outlook Express 6 XML File Attachment Script Execution Vulnerability
7472| [21631] Microsoft Outlook Express 5/6 Spoofable File Extensions Vulnerability
7473| [21432] BEA Systems WebLogic Server and Express 7.0 Null Character DoS
7474| [21419] Microsoft Outlook Express 5.5 DoS Device Denial of Service Vulnerability
7475| [21096] Outlook Express 6 Attachment Security Bypass Vulnerability
7476| [20870] Express Burn Plus 4.58 - EBP Project File Handling Buffer Overflow PoC
7477| [20571] Microsoft Outlook 2000 0/98 0/Express 5.5 Concealed Attachment Vulnerability
7478| [20079] Microsoft Outlook 97/98/2000, Outlook Express 4.0/5.0 GMT Field Buffer Overflow (2)
7479| [20078] Microsoft Outlook 97/98/2000, Outlook Express 4.0/5.0 GMT Field Buffer Overflow (1)
7480| [20027] BEA Systems WebLogic Express 3.1.8/4/5 Source Code Disclosure
7481| [19951] QuickCommerce 2.5/3.0,Cart32 2.5 a/3.0,Shop Express 1.0,StoreCreator 3.0 Web Shopping Cart Hidden Form Field Vulnerability
7482| [19943] Intel Corporation Express 8100 ISDN Router Fragmented ICMP Vulnerability
7483| [19738] MS Outlook Express 5 Javascript Email Access Vulnerability
7484| [19603] MS IE 4.x/5.0,Outlook 2000 0/98 0/Express 4.x ActiveX CAB File Execution
7485| [19575] .Net Framework Tilde Character DoS
7486| [19408] Zend Framework Local File Disclosure
7487| [19207] Microsoft Outlook Express 4.27.3110/4.72.3120 POP Denial of Service Vulnerability
7488| [18871] Travelon Express CMS 6.2.2 - Multiple Vulnerabilities
7489| [18777] .NET Framework EncoderParameter Integer Overflow Vulnerability
7490| [18727] IBM Tivoli Provisioning Manager Express for Software Distribution Isig.isigCtl.1 ActiveX RunAndUploadFile() Method Overflow
7491| [17995] NoNumber Framework Joomla! Plugin Multiple Vulnerabilities
7492| [16764] IBM Tivoli Storage Manager Express CAD Service Buffer Overflow
7493| [16428] IBM Tivoli Storage Manager Express RCA Service Buffer Overflow
7494| [16421] IBM Tivoli Storage Manager Express CAD Service Buffer Overflow
7495| [16379] Microsoft Outlook Express NNTP Response Parsing Buffer Overflow
7496| [16116] Qcodo Development Framework 0.3.3 Full Info Disclosure
7497| [16006] SmoothWall Express 3.0 - Multiple Vulnerabilities
7498| [15959] Macro Express Pro 4.2.2.1 MXE File Syntactic Analysis Buffer Overflow PoC
7499| [15840] ardeaCore 2.25 - PHP Framework Remote File Inclusion
7500| [15544] Web Wiz NewsPad Express Edition 1.03 Database File Disclosure Vulnerability
7501| [14911] Gantry Framework 3.0.10 (Joomla) Blind SQL Injection Exploit
7502| [14602] Play! Framework <= 1.0.3.1 Directory Transversal Vulnerability
7503| [13918] Spring Framework arbitrary code execution
7504| [12564] Microsoft Windows Outlook Express and Windows Mail Integer Overflow
7505| [11784] PostNuke FormExpress Module Blind SQL Injection
7506| [11723] Trouble Ticket Express <= 3.01 Remote Code Execution/Directory Traversal
7507| [10902] Nero Express 7.9.6.4 - Local Heap PoC
7508| [10758] Calendar Express 2.0 - SQL Injection Vulnerability
7509| [9627] Enlightenment - Linux Null PTR Dereference Exploit Framework
7510| [9527] Simple CMS FrameWork <= 1.0 (page) Remote SQL Injection Vuln
7511| [8333] Sun Calendar Express Web Server - (DoS/XSS) Multiple Remote Vulns
7512| [7368] Product Sale Framework 0.1b (forum_topic_id) SQL Injection Vulnerability
7513| [6700] DFF PHP Framework API (Data Feed File) RFI Vulnerabilities
7514| [5945] Seagull PHP Framework <= 0.6.4 (fckeditor) Arbitrary File Upload Exploit
7515| [5643] Ajax framework (lang) Local File Inclusion Vulnerability
7516| [5343] Mcafee EPO 4.0 FrameworkService.exe Remote Denial of Service Exploit
7517| [4573] IBM Tivoli Storage Manager 5.3 Express CAD Service BoF Exploit
7518| [3237] Cadre PHP Framework Remote File Include Vulnerability
7519| [3217] PhP Generic library & framework (include_path) RFI Vulnerability
7520| [1870] BlueShoes Framework <= 4.6 - Remote File Include Vulnerabilities
7521| [1066] MS Outlook Express NNTP Buffer Overflow Exploit (MS05-030)
7522| [315] MS Outlook Express Javascript Execution Vulnerability
7523| [313] MS Outlook Express Window Opener Vulnerability
7524|
7525| OpenVAS (Nessus) - http://www.openvas.org:
7526| [903000] Microsoft Expression Design Remote Code Execution Vulnerability (2651018)
7527| [902934] Microsoft .NET Framework Remote Code Execution Vulnerability (2745030)
7528| [902841] Microsoft .NET Framework Remote Code Execution Vulnerability (2706726)
7529| [902833] Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)
7530| [902832] MS Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578)
7531| [902828] Microsoft .NET Framework Remote Code Execution Vulnerability (2671605)
7532| [902811] Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vulnerabilities (2651026)
7533| [902806] Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420)
7534| [902672] Joomla! JA T3 Framework Component Directory Traversal Vulnerability
7535| [902581] Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2604930)
7536| [902552] Microsoft .NET Framework Chart Control Information Disclosure Vulnerability (2567943)
7537| [902551] Microsoft .NET Framework Information Disclosure Vulnerability (2567951)
7538| [902523] Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2514842)
7539| [902522] Microsoft .NET Framework Remote Code Execution Vulnerability (2538814)
7540| [902518] Microsoft .NET Framework Security Bypass Vulnerability
7541| [902502] Microsoft .NET Framework Remote Code Execution Vulnerability (2484015)
7542| [902294] Metasploit Framework Local Privilege Escalation Vulnerability
7543| [902293] Metasploit Framework Version Detection (Windows)
7544| [902193] Microsoft .NET Framework XML HMAC Truncation Vulnerability (981343)
7545| [900241] Microsoft Outlook Express and Windows Mail Remote Code Execution Vulnerability (978542)
7546| [900031] Security Update for Outlook Express (951066)
7547| [864539] Fedora Update for php-ZendFramework FEDORA-2012-9979
7548| [864533] Fedora Update for php-ZendFramework FEDORA-2012-9978
7549| [863119] Fedora Update for php-ZendFramework FEDORA-2011-7388
7550| [863118] Fedora Update for php-ZendFramework FEDORA-2011-7409
7551| [862903] Fedora Update for php-ZendFramework FEDORA-2011-2678
7552| [862890] Fedora Update for php-ZendFramework FEDORA-2011-2689
7553| [861950] Fedora Update for php-ZendFramework FEDORA-2010-8495
7554| [861941] Fedora Update for php-ZendFramework FEDORA-2010-8498
7555| [861735] Fedora Update for php-ZendFramework FEDORA-2010-0601
7556| [861712] Fedora Update for php-ZendFramework FEDORA-2010-0652
7557| [855581] Solaris Update for USB and Audio Framework 109896-37
7558| [855502] Solaris Update for Solaris Crypto Framework 118919-21
7559| [855395] Solaris Update for USB Drivers and Framework 115553-29
7560| [855234] Solaris Update for Solaris Crypto Framework 118918-24
7561| [855200] Solaris Update for USB and Audio Framework 109897-20
7562| [855006] Solaris Update for USB Drivers and Framework 115554-25
7563| [831061] Mandriva Update for kolab-horde-framework MDVSA-2010:108 (kolab-horde-framework)
7564| [803116] PRADO PHP Framework 'sr' Parameter Multiple Directory Traversal Vulnerabilities
7565| [801716] Microsoft Outlook Express/Windows Mail MHTML URI Handler Information Disclosure Vulnerability (929123)
7566| [801713] Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability (941202)
7567| [800967] Perl UTF-8 Regular Expression Processing DoS Vulnerability (Windows)
7568| [800263] ExpressionEngine CMS Cross Site Scripting Vulnerability
7569| [800262] ExpressionEngine CMS Version Detection
7570| [800083] Microsoft Outlook Express Malformed MIME Message DoS Vulnerability
7571| [103251] Zikula Application Framework 'themename' Parameter Cross Site Scripting Vulnerability
7572| [100787] Horde Application Framework 'icon_browser.php' Cross-Site Scripting Vulnerability
7573| [100757] Play! Framework Directory Traversal Vulnerability
7574| [100562] ViewVC Regular Expression Search Cross Site Scripting Vulnerability
7575| [72503] FreeBSD Ports: ZendFramework
7576| [71484] Debian Security Advisory DSA 2505-1 (zendframework)
7577| [69768] FreeBSD Ports: ZendFramework
7578| [67296] FreeBSD Ports: ZendFramework
7579| [66821] FreeBSD Ports: ZendFramework
7580| [64235] Fedora Core 10 FEDORA-2009-2823 (php-ZendFramework)
7581| [63430] FreeBSD Ports: ZendFramework
7582| [58523] Debian Security Advisory DSA 1352-1 (pdfkit.framework)
7583| [56284] Debian Security Advisory DSA 979-1 (pdfkit.framework)
7584| [56282] Debian Security Advisory DSA 972-1 (pdfkit.framework)
7585| [56220] Debian Security Advisory DSA 961-1 (pdfkit.framework)
7586| [19749] Calendar Express Multiple Flaws
7587| [11965] SIP Express Router Register Buffer Overflow
7588| [11964] SIP Express Router Missing To in ACK DoS
7589|
7590| SecurityTracker - https://www.securitytracker.com:
7591| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
7592| [1028851] Cisco Wide Area Application Services Web Service Framework Bug Lets Remote Users Execute Arbitrary Code
7593| [1028537] Cisco Unified Presence Web Framework Bug Lets Remote Users Deny Service
7594| [1028075] Cisco Unity Express Input Validation Hole Permits Cross-Site Request Forgery Attacks
7595| [1028074] Cisco Unity Express Input Validation Hole Permits Cross-Site Scripting Attacks
7596| [1027553] Zend Framework Input Validation Flaws Permit Cross-Site Scripting Attacks
7597| [1027270] Oracle Application Express Listener Discloses Data to Remote Users
7598| [1027208] Zend Framework XML Entity Processing Flaw Lets Remote Users View Files
7599| [1027036] Microsoft .NET Framework Serialization Bugs Let Remote Users Execute Arbitrary Code
7600| [1027009] Cisco Unified Contact Center Express Unspecified Flaw Lets Remote Users Deny Service
7601| [1026796] HP Data Protector Express Bugs Let Remote Users Deny Service and Execute Arbitrary Code
7602| [1026791] Microsoft Expression Design DLL Loading Error Lets Remote Users Execute Arbitrary Code
7603| [1026393] ISC DHCP Regular Expressions Bug Lets Remote Users Deny Service
7604| [1025581] IBM Tivoli Management Framework Buffer Overflow in 'lcfd.exe' Lets Remote Authenticated Users Execute Arbitrary Code
7605| [1024777] Horde Application Framework Input Validation Flaw in Displaying vCard Attachments Permits Cross-Site Scripting Attacks
7606| [1024543] Microsoft .NET Framework JIT Compiler Memory Access Error Lets Remote Users Execute Arbitrary Code
7607| [1024410] HP Data Protector Express Bugs Let Local Users Deny Service or Execute Arbitrary Code
7608| [1024409] HP Data Protector Express Bugs Let Local Users Deny Service or Execute Arbitrary Code
7609| [1024399] Horde Application Framework Input Validation Flaw in 'icon_browser.php' Permits Cross-Site Scripting Attacks
7610| [1024305] Microsoft .NET Framework Virtual Method Delegate Processing Error Lets Remote Users Execute Arbitrary Code
7611| [1024253] JBoss Seam Input Validation Flaw in Processing JBoss Expression Language Expressions Lets Remote Users Execute Arbitrary Code
7612| [1024082] Cisco Unified Contact Center Express Directory Traversal Flaw Lets Remote Users View Arbitrary Files on the Target System
7613| [1024081] Cisco Unified Contact Center Express CTI Server Bug Lets Remote Users Deny Service
7614| [1023972] Microsoft Outlook Express Integer Overflow in Processing POP3/IMAP Responses Lets Remote Users Execute Arbitrary Code
7615| [1023879] Sun Java System Communications Express Address Book Access Control Flaw Lets Remote Users View Files on the Target System
7616| [1023636] IBM Cognos Express Default Management Account Lets Remote User Access the System
7617| [1023365] Horde Application Framework Input Validation Flaw in Administrator Scripts Permits Cross-Site Scripting Attacks
7618| [1022989] Symantec SecurityExpressions Audit and Compliance Server Input Validation Hole Permits Cross-Site Scripting Attacks
7619| [1022973] Solaris Bug in Solaris IP(7P) Module and STREAMS Framework Lets Local Users Deny Service
7620| [1022932] Cisco Unified Communications Manager Express Buffer Overflow Lets Remote Users Execute Arbitrary Code
7621| [1022921] Horde Application Framework 'Horde_Form_Type_image' Bug May Let Remote Users Overwrite Files
7622| [1022633] Network Security Services Library Heap Overflow in Regular Expression Parser Lets Remote Users Execute Arbitrary Code
7623| [1022569] Cisco Unified Contact Center Express Express Administration Pages Permit Script Injection and Directory Traversal Attacks
7624| [1022266] Sun Java System Communications Express Input Validation Flaw in 'search.xml' and 'UWCMain' Permits Cross-Site Scripting Attacks
7625| [1022220] HP Data Protector Express Lets Local Users Gain Elevated Privileges and Deny Service
7626| [1021837] IBM Tivoli Storage Manager Express Heap Overflow in 'adsmdll.dll' Lets Remote Users Execute Arbitrary Code
7627| [1021786] MySQL Bug in ExtractValue()/UpdateXML() in Processing XPath Expressions Lets Remote Authenticated Users Deny Service
7628| [1021724] Mac OS X FSEvents Framework Bug Discloses Filesystem Activity to Local Users
7629| [1020772] Red Hat Directory Server Administration Express and Directory Server Gateway Input Validation Hole Permits Cross-Site Scripting Attacks
7630| [1020679] Microsoft Outlook Express MTHML Redirect Bug Lets Remote Users Obtain Information
7631| [1020566] Horde Application Framework Input Validation Hole in Contact Names Permits Cross-Site Scripting Attacks
7632| [1019870] Safari WebKit Bug in Processing JavaScript Regular Expressions Lets Remote Users Execute Arbitrary Code
7633| [1019768] Cisco Unified Communications Disaster Recovery Framework Lets Remote Users Execute Arbitrary Commadns
7634| [1019439] WebLogic Server and WebLogic Express Session Security Bug Lets Remote Authenticated Users Gain Elevated Privileges
7635| [1019269] ICU Regular Expression Processing Bug May Let Users Execute Arbitrary Code
7636| [1019182] IBM Tivoli Storage Manager Express Server Heap Overflow Lets Remote Users Execute Arbitrary Code
7637| [1019045] IBM Tivoli Provisioning Manager Express Input Validation Hole Permits Cross-Site Scripting Attacks
7638| [1018786] Microsoft Outlook Express Bug in Processing NNTP Responses Lets Remote Users Execute Arbitrary Code
7639| [1018233] Outlook Express MHTML Protocol Handler Content-Disposition Bug Lets Remote Users Obtain Information
7640| [1018231] Outlook Express MHTML Protocol Handler Redirect Bug Lets Remote Users Obtain Information
7641| [1017933] IBM Tivoli Monitoring Express Heap Overflow in Universal Agent Lets Remote Users Execute Arbitrary Code
7642| [1017785] Horde Application Framework Cleanup Script Lets Local Users Delete Files
7643| [1017775] Horde Application Framework Input Validation Flaw in 'NLS.php' Permits Cross-Site Scripting Attacks
7644| [1017369] Microsoft Outlook Express Buffer Overflow in Processing Windows Address Book Files Let Remote Users Execute Arbitrary Code
7645| [1017298] Mac OS X Security Framework May Use Weaker or No Encryption, Fail to Check CRLs, and Let Remote Users Deny Service
7646| [1016713] Horde Application Framework Input Validation Holes in 'index.php' and IMP's 'search.php' Permit Cross-Site Scripting Attacks
7647| [1016654] Microsoft Outlook Express MHTML Parsing Error Lets Remote Users Execute Arbitrary Code
7648| [1016627] Cisco CallManager Express Lets Remote Users Determine SIP User Names
7649| [1016442] Horde Application Framework Input Validation Hole Permits Cross-Site Scripting Attacks
7650| [1016310] Horde Application Framework Multiple Input Validation Holes Permit Cross-Site Scripting Attacks
7651| [1016259] Docebo Include File Flaw in GLOBALS['where_framework'] and GLOBALS['where_cms'] Parameters Let Remote Users Execute Arbitrary Code
7652| [1016015] Cisco Unity Express Lets Remote Authenticated Users Gain Administrative Privileges
7653| [1016005] Microsoft Outlook Express 'mhtml:' Redirect URL Processing Lets Remote Users Bypass Security Domains
7654| [1015898] Microsoft Outlook Express Buffer Overflow in Processing Windows Address Books Lets Remote Users Execute Arbitrary Code
7655| [1015841] Horde Application Framework Bug Lets Remote Users Execute Arbitrary Code
7656| [1015509] F-Secure Personal Express Overflow in Processing ZIP Archives Lets Remote Users Execute Arbitrary Code
7657| [1015135] Sun Java System Communications Express Discloses Configuration File to Remote Users
7658| [1015117] RockLiffe MailSite Express WebMail Discloses WebMail Files to Remote Users and Permits Cross-Site Scripting Attacks
7659| [1015063] MailSite Express Lets Remote Users Upload Scripting Files and Execute Them
7660| [1014424] Tivoli Management Framework Endpoint Service (lcfd) Lets Remote Users Deny Service
7661| [1014200] Microsoft Outlook Express Buffer Overflow in NNTP Response Parser Lets Remote Users Execute Arbitrary Code
7662| [1014045] Cisco Unity Express Can Be Crashed With Specially Crafted Compressed DNS Data
7663| [1013763] LogWatch Regular Expression Error May Let Users Deny Service to Avoid Detection
7664| [1013594] Horde Application Framework Input Validation in Page Title Lets Remote Users Conduct Cross-Site Scripting Attacks
7665| [1013140] F-Secure Personal Express Buffer Overflow in Processing ARJ Archives Lets Remote Users Execute Arbitrary Code
7666| [1011959] Horde Application Framework Input Validation Bug in Help Window Lets Remote Users Conduct Cross-Site Scripting
7667| [1011550] Express-Web Input Validation Error Lets Remote Users Conduct Cross-Site Scripting Attacks
7668| [1011171] Cosminexus Portal Framework May Disclose Cached Content to the Wrong User
7669| [1011067] Microsoft Outlook Express May Disclose 'bcc:' Recipient Addresses
7670| [1010166] Microsoft Outlook Express Mail Troubleshooting Function May Disclose SMTP Password to Local Users
7671| [1009743] Microsoft Outlook Express Can Be Crashed By Remote Users With Specially Crafted EML File
7672| [1009603] Microsoft Outlook Express Does Not Correctly Display Links With Embedded FORM Data
7673| [1009014] Vim Folding Expression Modeline Lets Remote Users Execute Arbitrary Shell Commands on the Target User's System
7674| [1008866] WebLogic Server and Express Input Validation Flaw in Processing HTTP TRACE Requests Permits Cross-Site Scripting
7675| [1008813] Cisco IP Call Center Express Default Configuration on IBM Servers Grants Administrative Access to Remote Users
7676| [1008682] BEA WebLogic Server and Express Ant Tasks May Disclose the Administrator Password
7677| [1007306] Microsoft Outlook Express Again Executes Scripting Code in Plain Text E-mail Messages
7678| [1007131] BEA WebLogic Server and Express May Disclose 'Admin' Password to 'Operator' Users
7679| [1007130] Rockliffe MailSite Express Discloses Attachments to Remote Users
7680| [1006809] Microsoft Outlook Express Lets Remote Users Silently Install Arbitrary Code Using Audio and Media Files
7681| [1006808] Microsoft Outlook Express May Be Affected by W32/Palyh@MM Mass-Mailing Worm
7682| [1006777] Java Media Framework Bug May Let Remote Applets Crash the Java Virtual Machine or Gain Unauthorized Privileges
7683| [1006771] Microsoft Outlook Express Integer Overflow Lets Remote IMAP Servers Cause the Client to Crash
7684| [1006748] Microsoft Outlook Express May Be Affected by W32.Fizzer.A@mm Mass-Mailing Worm
7685| [1006310] BEA WebLogic Server and Express Access Control Bug Lets Remote Authenticated Users Delete Empty Sub-Contexts
7686| [1006306] WebLogic Server and Express Authentication Flaw May Let Remote Users Access Administrative Functions
7687| [1006148] Microsoft Outlook Express Security Domain Flaw Lets Remote Users Silently Install and Execute Arbitrary Code
7688| [1006141] iptel.org SIP Express Router SIP Protocol Bugs Let Remote Users Deny Service
7689| [1006017] BEA WebLogic Server and Express Access Control Error May Disclose Passwords to Local Users
7690| [1005511] Prometheus Web Application Framework Include Path Bug Lets Remote Users Execute Arbitrary PHP Commands
7691| [1005489] Microsoft Outlook Express May Fail to Delete E-mail Messages from Local Storage
7692| [1005472] IBM Web Traffic Express Caching Proxy Server Allows Cross-Site Scripting Attacks
7693| [1005471] IBM Web Traffic Express Caching Proxy Server Can Be Crashed By Remote Users
7694| [1005405] Microsoft Outlook Express Buffer Overflow in Parsing S/MIME Messages Lets Remote Users Execute Arbitrary Code
7695| [1005310] BEA Systems WebLogic Server and Express May Return a Response to the Wrong Remote User
7696| [1005207] Microsoft Outlook Express Can Be Crashed By Remote Users Sending HTML Mail With Long Links Embedded
7697| [1004862] Microsoft Outlook Express Flaw in Parsing XML Using Internet Explorer Allows a Remote User to Silently Deliver and Install an Executable on a Target User's Computer
7698| [1004805] Microsoft Outlook Express (and Possibly Outlook) Has File Attachment Name Bugs That Let Remote Users Send Malicious Mail to Bypass Attachment Type Filters and Modify the Apparent File Name and File Size
7699| [1004778] IBM's Tivoli Management Framework Endpoint and ManagedNode Component Buffer Overflows Let Remote Users Crash the Service and Execute Arbitrary Code with High Privileges
7700| [1004278] BEA Systems WebLogic Server and Express May Disclose an Administrative Password to Local Users
7701| [1004051] Microsoft Outlook Express for Mac OS Has Buffer Overflow in Processing the 'file://' URL That Allows Remote Users to Cause Arbitrary Code to Be Executed
7702| [1003677] Cisco IOS-based Devices That Use Cisco Express Forwarding (CEF) May Leak Data from One Packet into Another Packet in Certain Situations
7703| [1003463] eshare Expressions Web Site Software Discloses Files on the Hard Drive to Remote Users
7704| [1003434] Microsoft ASP.NET Web Application Framework Allows Cross Site Scritping Attacks and Discloses Path Information to Remote Users
7705| [1002890] Outlook Express for Macintosh May Crash While Downloading POP3 Mail Containing a Long Line
7706| [1002808] Outlook Express Secure Password Authentication Method is Vulnerable to Man-in-the-Middle Attacks
7707| [1002413] Microsoft Outlook Express Will Execute Active Scripting in Plain Text E-mail Messages, Circumventing Some Scripting Controls
7708| [1002348] Outlook Express Lets Remote Users Send Malicious Attachments That Will Bypass Security Features
7709| [1001687] Microsoft Outlook Express May Allow A Remote User to Obtain E-mail Destined for a Different User
7710| [1001380] Microsoft Internet Explorer and Outlook Express May Execute Arbitrary Code Without User Authorization or Intervention
7711| [1001209] Microsoft Telnet Can Be Crashed Locally, Causing Other Applications Including Outlook Express To Crash
7712| [1001147] Microsoft Outlook Express Crashes When Reading Certain E-mail Messages
7713| [1001134] IBM's Consumer Transaction Framework Can Be Crashed By Remote Users
7714|
7715| OSVDB - http://www.osvdb.org:
7716| [75264] Spring Framework Expression Language (EL) MVC Tag Parsing Information Disclosure
7717| [96003] Atlassian Confluence OGNL Expression Handling Double Evaluation Error Remote Code Execution
7718| [95878] Cisco Multiple Content Network / Video Delivery Products Web Framework Command Line Interface Remote Command Execution
7719| [95877] Cisco Wide Area Application Services (WAAS) Web Service Framework Crafted Request Handling Remote Code Execution
7720| [95827] 389 Directory Server Search Filter Expression Evaluation Crafted Query Handling Information Disclosure
7721| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
7722| [95303] Oracle Solaris Kernel/STREAMS framework Subcomponent Unspecified Remote DoS
7723| [95290] Oracle Agile PLM Framework Security Subcomponent Unspecified Remote Information Disclosure
7724| [95288] Oracle Agile Collaboration Framework Manufacturing/Mfg Parts Subcomponent Unspecified Remote Issue
7725| [95287] Oracle Agile PLM Framework Web Client (CS) Subcomponent Unspecified Remote Issue
7726| [95279] Oracle Enterprise Manager Grid Control Enterprise Manager Base Platform Component User Interface Framework Subcomponent Unspecified Remote Issue
7727| [95277] Oracle Hyperion BI+ Intelligence Service Subcomponent raframework/ihtml/GetResource ResourceName Parameter Traversal Arbitrary File Access
7728| [95185] BMC Service Desk Express /SDE/QV_admin.aspx SelTab Parameter XSS
7729| [95184] BMC Service Desk Express /SDE/QV_grid.aspx CallBack Parameter XSS
7730| [95183] BMC Service Desk Express /SDE/commonhelp.aspx Helppage Parameter XSS
7731| [95182] BMC Service Desk Express /SDE/DashBoardGUI.aspx Multiple Parameter SQL Injection
7732| [95181] BMC Service Desk Express /SDE/login.aspx UID Parameter SQL Injection
7733| [94959] Microsoft .NET Framework / Silverlight Multidimensional Arrays Small Structure Handling Arbitrary Code Execution
7734| [94957] Microsoft .NET Framework Delegate Object Serialization Permission Validation Privilege Escalation
7735| [94956] Microsoft .NET Framework Small Structure Array Allocation Remote Code Execution
7736| [94955] Microsoft .NET Framework Anonymous Method Injection Reflection Objection Permission Validation Privilege Escalation
7737| [94954] Microsoft .NET Framework Delegate Reflection Bypass Reflection Objection Permission Validation Privilege Escalation
7738| [94656] JS-YAML Module for Node.js !!js/function Tag Handling Arbitrary Code Execution
7739| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
7740| [94609] Cisco Multiple Product Web Framework GUI HTTP / HTTPS Request Handling Remote DoS
7741| [94605] Cisco Multiple Product Web Framework Crafted URL Handling Remote Command Execution
7742| [94604] Cisco Multiple Product Web Framework IronPort Spam Quarantine (ISQ) Function TCP Connection Request Saturation Remote DoS
7743| [94603] Cisco Web Security Appliance Web Framework Crafted URL Handling Remote Command Execution
7744| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
7745| [93876] Novell ZENworks Configuration Management zcc-framework.jar fwdToURL Parameter Arbitrary Site Redirect
7746| [93763] Horde Application Framework Smartphone Portal XSS
7747| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
7748| [93302] Microsoft .NET Framework WCF Endpoint Authentication Unspecified Policy Requirement Weakness Authentication Bypass
7749| [93301] Microsoft .NET Framework XML File Signature Validation Spoofing Weakness
7750| [93185] Cisco Unified Presence (CUP) Web Framework Malformed TCP Packet Handling Memory Exhaustion Remote DoS
7751| [92632] Cisco Unified Contact Center Express (CCX) Editor Script Repository Disclosure
7752| [92419] Oracle Application Express Unspecified Remote Issue
7753| [92418] Oracle Siebel CRM Siebel UI Framework Component Open UI Client Subcomponent Unspecified Remote Issue
7754| [92415] Oracle Siebel CRM Siebel UI Framework Component Open UI Client Subcomponent Unspecified Remote Information Disclosure
7755| [92411] Oracle Siebel CRM Siebel UI Framework Component Portal Framework Subcomponent Unspecified Remote Information Disclosure
7756| [92229] Hero Framework /users/forgot_password error Parameter XSS
7757| [91712] ISC BIND Crafted Regular Expression Handling Memory Exhaustion Remote DoS
7758| [91616] Hero Framework /users/login username Parameter XSS
7759| [91614] Zend Framework Zend\View\Helper\ServerUrl Helper URL Generation Weakness
7760| [91613] Zend Framework Multiple Class HTTP Header Proxy Information Handling Spoofing Weakness
7761| [91612] Zend Framework Zend\Session\Validator\RemoteAddr Proxy URL Detection Weakness
7762| [91608] Libxslt xsltCompileLocationPathPattern Invalid XPath Expression Processing Double-free DoS Weakness
7763| [91480] Zend Framework Zend\Mvc RouteMatch Captured Routing Parameter Manipulation
7764| [91479] Zend Framework Zend\Validate\Csrf mt_rand() Predictable CSRF Token Generation
7765| [91478] Zend Framework Zend\Db\Adapter\Platform Multiple Method Unspecified SQL Injection
7766| [91020] Intel SOA Expressway XSLT Processor Malformed XML Handling DoS
7767| [90836] IBM WebSphere Commerce Web Services Framework Unspecified Remote DoS
7768| [90412] Fluid Extbase Development Framework (fed) Extension for TYPO3 Unserialize() Function Unspecified Remote Command Execution
7769| [90261] Zend Framework DOCTYPE XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
7770| [90130] Microsoft .NET Framework Windows Form Object Creation Callback Function Arbitrary Code Execution
7771| [89936] Adobe Flash Player / AIR SWF Content Regular Expression Parsing Heap Overflow
7772| [89841] Cisco Unity Express /Web/SA3/AddHoliday.do holiday.description Parameter XSS
7773| [89837] Cisco Unity Express /Web/SA2/ScriptList.do gui_pagenotableData Parameter XSS
7774| [89836] Cisco Unity Express /Web/SA/SaveConfiguration.do Multiple Action CSRF
7775| [89694] SAP NetWeaver Web Application Server (WAS) AdapterFramework Servlet Information Disclosure
7776| [89636] IBM InfoSphere Information Services Framework (ISF) Insecure Authorization Controls Remote Privilege Escalation
7777| [89607] Kohana Framework /master/classes/Kohana/Filebrowser.php path Parameter Traversal Arbitrary File Access
7778| [89317] Rack Regular Expressions Engine Content-Disposition Header Parsing Infinite Loop Remote DoS
7779| [89245] Oracle Solaris Kernel/DTrace Framework Subcomponent Unspecified Local DoS
7780| [89240] Oracle Siebel CRM Siebel UI Framework Subcomponent Unspecified Remote Information Disclosure
7781| [89217] Oracle Agile PLM Framework Security Subcomponent Unspecified Remote Information Disclosure
7782| [89216] Oracle E-Business Suite Oracle Applications Framework Component Bookmarkable Pages Subcomponent Unspecified Remote Issue
7783| [89213] Oracle E-Business Suite Oracle Applications Framework Component Diagnostics Subcomponent Unspecified Remote Issue
7784| [89209] Oracle E-Business Suite Oracle CRM Technical Foundation Component Application Framework Subcomponent Unspecified Remote Issue
7785| [89208] Oracle E-Business Suite Oracle Applications Framework Component Diagnostics Subcomponent /OA_HTML/RF.jsp Unauthorized Diagnostic Mode Manipulation
7786| [89207] Oracle Enterprise Manager Grid Control Enterprise Manager Base Platform Component User Interface Framework Subcomponent Unspecified Remote Issue
7787| [89204] Oracle Enterprise Manager Grid Control Enterprise Manager Base Platform Component Policy Framework Subcomponent /em/console/ecm/policy/policyViewSettings pagename Parameter HTTP Response Splitting
7788| [88968] Microsoft .NET Framework Replace() Function Open Data Protocol (OData) HTTP Request Parsing Remote DoS
7789| [88965] Microsoft .NET Framework Double Construction Privilege Escalation
7790| [88964] Microsoft .NET Framework System.DirectoryServices.Protocols.SortRequestControl.GetValue() Method this.keys.Length Parameter Heap Buffer Overflow
7791| [88963] Microsoft .NET Framework Windows Forms (WinForms) Component System.Drawing.Imaging.EncoderParameters.ConvertToMemory() Method this.param.Length Parameter Multiple Application Handling Heap Buffer Overflow
7792| [88962] Microsoft .NET Framework System Drawing Memory Pointer Handling CAS Bypass Information Disclosure
7793| [88733] Hero Framework Name Manipulation CSRF
7794| [88732] Hero Framework search q Parameter XSS
7795| [88731] Hero Framework users/login username Parameter XSS
7796| [88553] IBM Rational Automation Framework (RAF) Web UI Authentication Bypass
7797| [88522] Zend Framework Zend_Feed_Rss / Zend_Feed_Atom XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
7798| [88521] Zend Framework Zend_Feed::import() Factory Method XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
7799| [88457] Smartphone Pentest Framework directdownload.pl Remote Command Execution
7800| [88456] Smartphone Pentest Framework androidwebkit.pl Remote Command Execution
7801| [88280] ExpressionEngine swfupload_f9.swf movieName Parameter XSS
7802| [88087] Fortinet FortiWeb /waf/pcre_expression/validate Multiple Parameter XSS
7803| [88041] ExpressionEngine Arbitrary String Parsing Unspecified Issue
7804| [88035] ExpressionEngine Arbitrary Private Message Attachment Deletion
7805| [88032] ExpressionEngine register_globals Unspecified PHP Global Variable Manipulation
7806| [88030] ExpressionEngine Session Class Unspecified SQL Injection
7807| [88029] ExpressionEngine Post-delivery Private Message Content Manipulation
7808| [88028] ExpressionEngine Plugin Manager Unspecified Issue
7809| [88027] ExpressionEngine Private Message / Forum Attachment Predictable URL Weakness
7810| [88026] ExpressionEngine XML-RPC Library Unspecified Issue
7811| [88022] ExpressionEngine CP Home page Unauthorized Entry Title Disclosure
7812| [87964] IBM Rational Automation Framework was_common_configure_create_ssl_certs SSL Certificate Creation Unencrypted Password Weakness
7813| [87852] Smartphone Pentest Framework (SPF) /frameworkgui/getDatabase.pl Multiple Parameter SQL Injection
7814| [87851] Smartphone Pentest Framework (SPF) /frameworkgui/SEAttack.pl modemNoDD Parameter SQL Injection
7815| [87850] Smartphone Pentest Framework (SPF) /frameworkgui/sendSMS.pl Multiple Parameter SQL Injection
7816| [87849] Smartphone Pentest Framework (SPF) /frameworkgui/takePic.pl Multiple Parameter SQL Injection
7817| [87848] Smartphone Pentest Framework (SPF) /frameworkgui/CSAttack.pl modemNoDD2 Parameter SQL Injection
7818| [87847] Smartphone Pentest Framework (SPF) /frameworkgui/escalatePrivileges.pl Multiple Parameter SQL Injection
7819| [87846] Smartphone Pentest Framework (SPF) /frameworkgui/getContacts.pl Multiple Parameter SQL Injection
7820| [87828] Yii Framework Search Form SQL Injection
7821| [87770] ExpressionEngine Template Manager Unspecified Issue
7822| [87769] ExpressionEngine Forgot Password Functionality Error Message Email Address Enumeration
7823| [87768] ExpressionEngine Multiple Authentication Field Autocomplete Weakness Authentication Bypass
7824| [87751] ExpressionEngine Edit Only Group New Entry Creation Restriction Bypass
7825| [87750] ExpressionEngine Member Module Unspecified XSS
7826| [87746] ExpressionEngine Unspecified XSS
7827| [87745] ExpressionEngine redirect Function Unspecified CRLF Injection
7828| [87727] ExpressionEngine Mail List Subscriber Mass Unsubscribe Weakness
7829| [87711] ExpressionEngine Unprivileged User Super Admin Account Manipulation
7830| [87710] ExpressionEngine Unspecified XSS
7831| [87709] ExpressionEngine Unspecified CSRF
7832| [87699] ExpressionEngine Pending Member Privilege Escalation
7833| [87698] ExpressionEngine Discussion Forum Module mod.forum_core.php IP Restriction Bypass
7834| [87697] ExpressionEngine Malformed Request Search Function DoS
7835| [87689] ExpressionEngine Comment Preview Unspecified Issue
7836| [87688] ExpressionEngine Unspecified XSS
7837| [87687] ExpressionEngine Unspecified Email Module Recipient Parameter Manipulation
7838| [87685] ExpressionEngine File Upload Unspecified XSS
7839| [87682] ExpressionEngine Unspecified Arbitrary Code Execution
7840| [87674] ExpressionEngine Guest User Unspecified Privilege Escalation
7841| [87673] ExpressionEngine Private Message Attachment Upload SQL Error Message Path Disclosure
7842| [87667] Premier Election Solutions (Diebold) ExpressPoll Operating System Unauthorized Upgrade
7843| [87663] ExpressionEngine Content Edit Page Access Privilege Bypass
7844| [87662] ExpressionEngine Member Groups Access Role Unprivileged File Manager Directory Access
7845| [87661] ExpressionEngine Themes Folder Permission Weakness Arbitrary Theme Manipulation
7846| [87660] ExpressionEngine Info Accessory SSL Error Message Path Disclosure
7847| [87659] ExpressionEngine Unspecified Privilege Escalation
7848| [87502] Zend Framework Development Environment Error View (error/error.phtml) Request Parameters XSS
7849| [87479] Zend Framework Zend_Filter_StripTags Whitespace / Newline Injection XSS Filter Bypass
7850| [87356] Oracle MySQL do_div_mod DIV Expression Handling Remote DoS
7851| [87328] Smartphone Pentest Framework (SPF) /frameworkgui/ Permission Weakness Local Arbitrary File Manipulation
7852| [87327] Smartphone Pentest Framework (SPF) Multiple Function CSRF
7853| [87326] Smartphone Pentest Framework (SPF) frameworkgui/config Configuration File Direct Request Remote Information Disclosure
7854| [87325] Smartphone Pentest Framework (SPF) /frameworkgui/attachMobileModem.pl Multiple Parameter SQL Injection
7855| [87324] Smartphone Pentest Framework (SPF) /frameworkgui/attach2Agents.pl Multiple Parameter SQL Injection
7856| [87323] Smartphone Pentest Framework (SPF) /frameworkgui/attach2agents.pl Multiple Parameter Remote Command Execution
7857| [87322] Smartphone Pentest Framework (SPF) /frameworkgui/attachMobileModem.pl Multiple Parameter Remote Command Execution
7858| [87321] Smartphone Pentest Framework (SPF) /frameworkgui/guessPassword.pl ipAddressTB Parameter Remote Command Execution
7859| [87320] Smartphone Pentest Framework (SPF) /frameworkgui/CSAttack.pl Multiple Parameter Remote Command Execution
7860| [87319] Smartphone Pentest Framework (SPF) /frameworkgui/SEAttack.pl Multiple Parameter Remote Command Execution
7861| [87267] Microsoft .NET Framework WPF Reflection Optimization Object Permission Handling Arbitrary Code Execution
7862| [87266] Microsoft .NET Framework Web Proxy Setting Auto-Discovery (WPAD) Handling Remote Code Execution
7863| [87265] Microsoft .NET Framework Path Subversion Arbitrary DLL Injection Code Execution
7864| [87264] Microsoft .NET Framework Partially Trusted Code Function Handling Information Disclosure
7865| [87263] Microsoft .NET Framework Reflection Object Permission Handling Arbitrary Code Execution
7866| [87245] Zend Framework Multiple Class XML DOCTYPE Declaration Handling XEE Injection DoS
7867| [86991] Archin Theme for WordPress /wordpress/wp-content/themes/archin/hades_framework/option_panel/ajax.php Configuration Option Manipulation
7868| [86988] WPsc-MijnPress Plugin for WordPress mijnpress_plugin_framework.php rwflush Parameter XSS
7869| [86883] TomatoCart PayPal Express Checkout Module Redirection URL Modification Payment Requirement Bypass
7870| [86670] Android vold Daemon Crafted FrameworkCommand Local Privilege Escalation (zergRush)
7871| [86383] Oracle Siebel CRM Siebel UI Framework Component Portal Framework Subcomponent Unspecified Remote Information Disclosure
7872| [86382] Oracle Siebel CRM Siebel UI Framework Component Siebel Documentation Subcomponent Unspecified Remote Information Disclosure
7873| [86326] Oracle Agile PLM Framework ROLESPRV Subcomponent Unspecified Remote Information Disclosure
7874| [86325] Oracle Agile PLM Framework Web Client (CS) Subcomponent Unspecified Remote Issue
7875| [86324] Oracle Agile PLM Framework ATTACH Subcomponent Unspecified Remote Information Disclosure
7876| [86318] Oracle E-Business Suite Oracle Applications Framework Component MDS loading Subcomponent Unspecified Local Information Disclosure
7877| [86249] Condor condor_history Constraint Expression Handling Overflow
7878| [85873] Smartphone Pentest Framework (SPF) remoteAttack.pl ipAddressTB Parameter Remote Code Execution
7879| [85741] IBM WebSphere Commerce Enterprise REST Services Framework Unspecified Access Restriction Bypass
7880| [85689] Zend Framework Zend\Tag\Cloud\Decorator Unspecified XSS
7881| [85688] Zend Framework Zend\Uri Unspecified XSS
7882| [85687] Zend Framework Zend\View\Helper\HeadStyle Unspecified XSS
7883| [85686] Zend Framework Zend\View\Helper\Navigation\Sitemap Unspecified XSS
7884| [85685] Zend Framework Zend\View\Helper\Placeholder\Container\AbstractStandalone Unspecified XSS
7885| [85684] Zend Framework Zend\Log\Formatter\Xml Unspecified XSS
7886| [85683] Zend Framework Zend\Feed\PubSubHubbub Unspecified XSS
7887| [85049] Atlassian Bamboo Struts / Freemarker Templates OGNL Expression Parsing Remote Command Execution
7888| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
7889| [84981] Oracle Java SE / JRE java.beans.Expression Class Privileged Class Reflection Handling Remote Code Execution
7890| [84966] Express Burn EBP File Handling Overflow
7891| [84809] Atlassian FishEye / Crucible Third-Party Framework Anonymous Signup / Access Enabling
7892| [84753] Tridium NiagaraAX Framework Plaintext Credential Storage
7893| [84752] Tridium NiagaraAX Framework Predictable Session ID Generation Brute Force Weakness
7894| [84478] Android Framework Zero Permission Android Application Multiple Function Information Disclosure
7895| [84477] Android Framework Zero Permission Android Application URI ACTION_VIEW Intent Data Exfiltration
7896| [84359] Django Authentication Framework Multiple View Redirection Functionality data: Scheme URL XSS
7897| [84087] FreePBX admin/modules/framework/bin/gen_amp_conf.php Direct Request Plaintext Admin Credential Disclosure
7898| [83950] Oracle Application Express Listener Unspecified Remote Information Disclosure
7899| [83923] Oracle Siebel CRM UI Framework Subcomponent Unspecified Remote Issue
7900| [83922] Oracle Siebel CRM UI Framework Subcomponent Unspecified Remote DoS (2012-1742)
7901| [83921] Oracle Siebel CRM Portal Framework Subcomponent Unspecified Remote Issue
7902| [83920] Oracle Siebel CRM UI Framework Subcomponent Unspecified Remote Information Disclosure (2012-1754)
7903| [83919] Oracle Siebel CRM UI Framework Subcomponent Unspecified Remote Information Disclosure (2012-1732)
7904| [83918] Oracle Siebel CRM UI Framework Subcomponent Unspecified Remote DoS (2012-1760)
7905| [83816] Tridium NiagaraAX Framework Unspecified Traversal Arbitrary File Access
7906| [83815] Tridium NiagaraAX Framework Insecure Credential Storage Information Disclosure
7907| [83720] Microsoft .NET Framework Crafted Tilde (~) Request Resource Consumption Remote DoS
7908| [83529] Docebo class.dashboard_lms.php where_framework Parameter Remote File Inclusion
7909| [83493] Magix CMS framework/js/ckeditor/plugins/pdw_file_browser/swfupload/upload.php Multiple File Extension Upload Arbitrary Code Execution
7910| [83492] Magix CMS framework/js/tiny_mce/plugins/pdw_file_browser/swfupload/upload.php Multiple File Extension Upload Arbitrary Code Execution
7911| [83221] Zend Framework SimpleXMLElement Class External Entity XML (XXE) Data Parsing Arbitrary File Disclosure
7912| [82902] User Meta Plugin for WordPress framework/helper/uploader.php File Upload PHP Code Execution
7913| [82859] Microsoft .NET Framework Memory Access Function Pointer Handling Memory Corruption
7914| [82574] Yellow Duck Framework index.php id Parameter Arbitrary File Access
7915| [82571] Perl-Compatible Regular Expression (PCRE) String Minimum Length Calculation Overflow
7916| [82570] Perl-Compatible Regular Expression (PCRE) pcregrep Long Line Handling Overflow
7917| [82569] Perl-Compatible Regular Expression (PCRE) Non-UTF-8 Repeated Unicode Property Match DoS
7918| [82568] Perl-Compatible Regular Expression (PCRE) Conditional Group Handling Infinite Loop DoS
7919| [82567] Perl-Compatible Regular Expression (PCRE) pcre_study() Function Group Zero Qualifier Handling DoS
7920| [82480] Perl-Compatible Regular Expression (PCRE) Recursive Subpattern Handling Infinite Loop DoS
7921| [82397] Restlet Framework XML External Entity Parsing (XXE) Unspecified Remote Issue
7922| [82225] Apple Mac OS X Security Framework Unspecified Remote Memory Corruption
7923| [82223] Apple Mac OS X LoginUIFramework Race Condition Guest User Login Handling Authentication Bypass
7924| [81889] Travelon Express Multiple Script Arbitrary File Upload
7925| [81888] Travelon Express admin/holiday-view.php holiday name Field XSS
7926| [81887] Travelon Express admin/holiday-add.php holiday name Field XSS
7927| [81886] Travelon Express admin/customer-edit.php cid Parameter SQL Injection
7928| [81885] Travelon Express admin/airline-edit.php fid Parameter SQL Injection
7929| [81884] Travelon Express holiday_book.php hid Parameter SQL Injection
7930| [81883] Travelon Express pages.php id Parameter SQL Injection
7931| [81882] Travelon Express holiday.php hid Parameter SQL Injection
7932| [81842] Cisco Unified Contact Center Express (CCX) Network Traffic Parsing Remote DoS
7933| [81737] Node.js HTTP Parser String Parsing HTTP Header Disclosure
7934| [81734] Microsoft .NET Framework Untrusted User Input Serialization Remote Code Execution
7935| [81733] Microsoft .NET Framework Partially Trusted Assembly Object Serialization Remote Code Execution
7936| [81722] Microsoft .NET Framework Buffer Allocation XBAP / .NET Application Handling Remote Code Execution
7937| [81721] Microsoft .NET Framework WPF Application Index Value Comparison Request Parsing Remote DoS
7938| [81394] Oracle Database Server Application Express Component Unspecified Remote Issue
7939| [81180] JA T3 Framework Component for Joomla! index.php file Parameter Traversal Arbitrary File Access
7940| [81133] Microsoft .NET Framework CRL (Common Language Runtime) Function Parameter Parsing Remote Code Execution
7941| [80759] TYPO3 Extbase Framework Missing HMAC Arbitrary Object Unserialization Weakness
7942| [80702] Cisco IOS Wide Area Application Services (WAAS) Express Feature Message Parsing Remote DoS
7943| [80105] HP Data Protector Express dpwindtb.dll Folder Creation Remote Overflow
7944| [80104] HP Data Protector Express Unspecified Remote Code Execution (2012-0123)
7945| [80103] HP Data Protector Express dpwinsdr.exe Opcode 0x330 Parsing Remote Overflow
7946| [80102] HP Data Protector Express dpwinsdr.exe Opcode 0x320 Parsing Remote Overflow
7947| [80001] Microsoft Expression Design Path Subversion Arbitrary DLL Injection Code Execution
7948| [79735] IBM Tivoli Provisioning Manager Express for Software Distribution Isig.isigCtl.1 ActiveX RunAndUploadFile() Method Boundary Error Remote Overflow
7949| [79734] IBM Tivoli Provisioning Manager Express for Software Distribution getAttachment Servlet Asset.getMimeType() Function SQL Injection
7950| [79733] IBM Tivoli Provisioning Manager Express for Software Distribution CallHomeExec Servlet Asset.getHWKey() Function SQL Injection
7951| [79732] IBM Tivoli Provisioning Manager Express for Software Distribution logon.do Servlet User.isExistingUser() Function SQL Injection
7952| [79731] IBM Tivoli Provisioning Manager Express for Software Distribution register.do Servlet User.updateUserValue() Function SQL Injection
7953| [79730] IBM Tivoli Provisioning Manager Express for Software Distribution SoapServlet Servlet Printer.getPrinterAgentKey SQL Injection
7954| [79673] SystemTap Invalid Pointer DWARF Expression Parsing Local DoS
7955| [79261] Microsoft .NET Framework / Silverlight Buffer Length Calculation XAML Browser Application Handling Remote Memory Corruption
7956| [79260] Microsoft .NET Framework / Silverlight Unmanaged Object XAML Browser Application Handling Remote Code Execution
7957| [78693] Barracuda Backup Expressions Module Unspecified XSS
7958| [78665] Android libsysutils FrameworkListener::dispatchCommand Method Application Handling Buffer Overflow
7959| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
7960| [78454] OpenNMS web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java Username Field XSS
7961| [78250] ExpressView Browser Plug-In (MrSID) Multiple Uninitialized Object Pointer SID Image File Handling Remote Code Execution
7962| [78249] ExpressView Browser Plug-In (MrSID) Multiple SID Image File Handling Remote Overflow
7963| [78076] PHPIDS Regular Expression Denial of Service (ReDoS) Filter Weakness PHP Sequence File Manipulation
7964| [78057] Microsoft .NET Framework ASP.NET Hash Collision Web Form Post Parsing Remote DoS
7965| [78056] Microsoft .NET Framework Forms Authentication Sliding Expiry Cached Content Parsing Remote Code Execution
7966| [78055] Microsoft .NET Framework ASP.NET Username Parsing Authentication Bypass
7967| [78054] Microsoft .NET Framework Forms Authentication Return URL Handling Arbitrary Site Redirect
7968| [77951] Mozilla Multiple Products YARR Regular Expression Library Javascript Parsing Remote Code Execution
7969| [77593] Apache Struts Conversion Error OGNL Expression Injection
7970| [77584] ISC DHCP Regular Expressions dhcpd.conf DHCP Request Packet Parsing Remote DoS
7971| [77490] Novell XTier Framework HTTP Server Component Header Parsing Remote Overflow
7972| [77462] Hero Framework Template File Events month Parameter XSS
7973| [77414] ExpressionEngine Unspecified XSS
7974| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
7975| [77373] Oracle Mojarra Java Bean includeViewParameters Parsing EL Expression Security Weakness
7976| [77315] IBM System Storage TS3100 / TS3200 Tape Library Express Library Admin Authentication Bypass
7977| [77297] JBoss Enterprise SOA Platform JRuby scripting_chain Application Regular Expressions XSS
7978| [77071] Atlassian Confluence Seraph Web Framework HTTP Header Injection
7979| [76527] Oracle E-Business Suite REST Services Component Unspecified Remote Applications Framework Data Disclosure
7980| [76516] Oracle Database Application Express Component Unspecified Remote Code Execution
7981| [76214] Microsoft .NET Framework / Silverlight Class Inheritance Restriction Web Page Handling Remote Code Execution
7982| [76160] Elastix PBX admin/modules/framework/bin/generate_hints.php Extension Enumeration
7983| [75914] Zend Framework / Server Multiple Script Direct Request Path Disclosure
7984| [75837] Mozilla Firefox Regular Expression Unspecified Underflow
7985| [75560] Libxml2 xmlXPathCompOpEval Invalid XPath Expression Error Handling Double-free Issue
7986| [75386] Microsoft Office Excel Unspecified Conditional Expression Parsing Excel File Handling Memory Corruption
7987| [75263] Spring Framework Multiple Unspecified Object Deserialization Arbitrary Command Execution
7988| [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS
7989| [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS
7990| [75226] Zikula Application Framework index.php themename Parameter XSS
7991| [75008] GNU C Library (glibc) glob Expression Pathname Matching Remote DoS (2010-4756)
7992| [75007] GNU C Library (glibc) glob Expression Pathname Matching Remote DoS (2010-4754)
7993| [74916] Linux SCSI Target Framework (tgt) tgt daemon (tgtd) iscsi_rx_handler() Function Double-free
7994| [74777] Cisco Unified Communications Manager Service Advertisement Framework (SAF) Packet Parsing Remote DoS (2011-2564)
7995| [74776] Cisco Unified Communications Manager Service Advertisement Framework (SAF) Packet Parsing Remote DoS (2011-2563)
7996| [74695] Libxml2 xmlXPathCompOpEvalPositionalPredicate Invalid XPath Expression Error Handling Double Free Issue
7997| [74404] Microsoft .NET Framework System.Net.Sockets Code Access Security Bypass Information Disclosure
7998| [74403] Microsoft .NET Framework Chart Control Special URI Character GET Request Parsing Remote Information Disclosure
7999| [74277] JBoss Seam jboss-seam.jar FacesMessages Expression Language Statement Remote Java Code Execution
8000| [73932] Oracle Enterprise Manager Grid Control Security Framework Authentication Unspecified Remote Issue
8001| [73929] Oracle Enterprise Manager Grid Control Security Framework User Model Unspecified Remote Issue
8002| [73741] Kay Framework Attribute Exchange Signature Verification Failure AX Information Manipulation
8003| [73387] Zend Framework PDO_MySql Character Set Security Bypass
8004| [73381] IBM WebSphere Application Server (WAS) Security Component TIP/eWAS Framework AuthCache Entry Remote Access Bypass
8005| [73340] vsftpd ls.c vsf_filename_passes_filter STAT Command glob Expression Remote DoS
8006| [73223] IBM Tivoli Management Framework Endpoint Built-in Account Default HTTP Password Remote Restricted Page Access
8007| [72957] Horde_Auth Framework Composite Driver Authentication Bypass
8008| [72932] Microsoft .NET Framework JIT Object Validation Arbitrary Code Execution
8009| [72931] Microsoft .NET Framework / Silverlight Array Offset Remote Code Execution
8010| [72783] Google Chrome Extension Framework Stale Pointer Unspecified Issue
8011| [72713] IBM Tivoli Management Framework Endpoint lcfd.exe opts Field Overflow
8012| [72599] Cisco TelePresence Java Servlet Framework Crafted Request Unauthenticated Command Execution (2011-0384)
8013| [72598] Cisco TelePresence Java Servlet Framework Crafted Request Unauthenticated Command Execution (2011-0383)
8014| [72493] Google Chrome Regular-Expression Reentry Implementation Memory Corruption
8015| [72413] CiscoWorks Common Services Framework Help Servlet cwhp/device.center.do device Parameter XSS
8016| [72242] Exponent CMS framework/modules/pixidou/download.php file Parameter Traversal Arbitrary File Access
8017| [72123] Horde framework/Text_Filter/lib/Horde/Text/Filter/Xss.php Unspecified XSS
8018| [72122] Horde framework/Share/lib/Horde/Share/Object/Sql.php Guest User Access Restriction Bypass
8019| [71782] Microsoft .NET Framework x86 JIT Compiler XAML Browser Application (XBAP) Processing Stack Corruption
8020| [71721] qooxdoo framework/source/resource/qx/test/part/delay.php file Parameter Traversal Arbitrary File Access
8021| [71720] qooxdoo framework/source/resource/qx/test/jsonp_primitive.php callback Parameter XSS
8022| [71719] eyeOS framework/source/resource/qx/test/part/delay.php file Parameter Traversal Arbitrary File Access
8023| [71718] eyeOS framework/source/resource/qx/test/jsonp_primitive.php callback Parameter XSS
8024| [71665] Microsoft .NET Framework on XP KB982671 Persistent Firewall Disablement
8025| [71013] .NET Framework Runtime Optimization Service Insecure File Permissions Privilege Escalation
8026| [70857] Metasploit Framework on Windows Insecure Filesystem Permissions Local Privilege Escalation
8027| [70751] Zikula Application Framework User Permissions Modification CSRF
8028| [70586] Oracle Sun Products Suite Sun Java System Communications Express Component Web Mail Unspecified Remote Issue
8029| [70497] SmoothWall Express shutdown.cgi System Reboot CSRF
8030| [70496] SmoothWall Express cgi-bin/ipinfo.cgi IP Parameter XSS
8031| [70348] Cisco IOS CallManager Express (CME) SIP TRUNK Traffic Rate Burst Request Size Remote DoS
8032| [70341] Cisco IOS CallManager Express (CME) Extension Mobility Phone SNR Number Change Remote DoS
8033| [70086] Embedthis Appweb Ejscript Web Framework XSS
8034| [70023] IBM ENOVIA emxFramework.FilterParameterPattern Property XSS
8035| [69861] Expression CMS Multiple Parameter XSS
8036| [69394] MySQL Temporary Table Expression Re-Evaluation DoS
8037| [69159] Horde Application Framework Preference Form CSRF
8038| [68791] Camtasia Studio ExpressShow SWF Files Unspecified XSS
8039| [68556] Microsoft .NET Framework x64 JIT Compiler Unprivileged Application Remote Code Execution
8040| [68064] OTRS (Open Ticket Request System) Crafted Email Regular Expression Processing DoS
8041| [67975] HP Data Protector Express dpwinsup PrvRecvRqu() Function NULL Dereference Remote DoS
8042| [67974] HP Data Protector Express on Linux libdplindtb.so DtbClsLogin() Function Overflow
8043| [67973] HP Data Protector Express on Windows dpwindtb.dll DtbClsLogin() Function Overflow
8044| [67839] Horde Application Framework util/icon_browser.php subdir Parameter XSS
8045| [67804] Seagull PHP Framework fog/lib/pear/Config/Container.php includeFile Parameter Remote File Inclusion
8046| [67783] Microsoft Windows SDK for Windows 7 / .NET Framework 4 GraphEdit Path Subversion Arbitrary DLL Injection Code Execution
8047| [67689] Seagull PHP Framework index.php/user/password frmQuestion Parameter SQL Injection
8048| [67503] Microsoft Outlook Express Path Subversion Arbitrary DLL Injection Code Execution
8049| [67028] Play Framework public/ Traversal Arbitrary File Access
8050| [66993] Microsoft .NET Framework / Silverlight CLR Virtual Delegate Handling Remote Code Execution
8051| [66881] JBoss Seam 2 JBoss Expression Language Crafted URL Arbitrary Code Execution
8052| [66856] WebKit emitDisjunction Regular Expression Interpretation Memory Corruption
8053| [66346] Oracle E-Business Suite Applications Framework Component Unspecified Remote Issue (2010-0912)
8054| [66343] Oracle E-Business Suite Applications Framework Unspecified Remote Information Disclosure (2010-0909)
8055| [66342] Oracle E-Business Suite Applications Framework Unspecified Remote Issue (2010-0908)
8056| [66331] Oracle Database Server Application Express Component Unspecified Remote Issue (2010-0892)
8057| [66253] Diem Content Management Framework Blog Items Filter Module article_form_filter[name][text] Parameter XSS
8058| [66252] Diem Content Management Framework dmCore Script text Parameter XSS
8059| [66251] Diem Content Management Framework Page Metas Managing Script value Parameter XSS
8060| [65993] Open Text ECM Expression Builder Unspecified XSS
8061| [65991] Linux SCSI Target Framework (tgt) iSNS Message Remote Overflow
8062| [65661] Spring Framework class.classLoader.URLs[0]=jar: Crafted JAR File HTTP Request Arbitrary Code Execution
8063| [65430] Oracle Mojarra Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
8064| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
8065| [65376] MS IE Style Expression Handling Unspecified DoS
8066| [65285] Cisco Unified Contact Center Express (CCX) Traversal Arbitrary File Access
8067| [65284] Cisco Unified Contact Center Express (CCX) CTI Server Component Malformed Message Remote DoS
8068| [64799] Oracle Sun Products Suite Sun Java System Communications Express Component cmd.msc Message Box Deletion CSRF
8069| [64530] Microsoft Outlook Express / Windows Mail STAT Response Overflow
8070| [64447] Tirzen Framework (TZN) tzn_mysql.php Username Parameter SQL Injection Authentication Bypass
8071| [64397] Perl-Compatible Regular Expression (PCRE) pcre_compile.c. compile_branch() Function Overflow
8072| [64269] Zikula Application Framework Users Module CSRF
8073| [64096] Zikula Application Framework index.php func Parameter XSS
8074| [64095] Zikula Application Framework ZLanguage.php lang Parameter XSS
8075| [64071] Oracle Sun Product Suite Sun Java System Communications Express Component Address Book Unspecified Remote Information Disclosure
8076| [63520] Oracle Sun Products Suite Sun Java System Communications Express Component Message Subject Field XSS
8077| [63418] Linux SCSI Target Framework (tgt) usr/iscsi/isns.c Multiple Function Format String
8078| [63313] ViewVC Regular Expression Search Functionality XSS
8079| [63177] Cisco IOS Unified Communications Manager Express SCCP Message Handling Unspecified Remote DoS (CSCsz49741)
8080| [63176] Cisco IOS Unified Communications Manager Express SCCP Message Handling Unspecified Remote DoS (CSCsz48614)
8081| [63172] Mime Mail Module for Drupal PCRE Regular Expression Engine Arbitrary PHP Code Execution
8082| [62997] Trouble Ticket Express ttx.cgi fid Parameter Arbitrary Command Execution
8083| [62788] Download Protect Framework/EmailTemplates.class.php GLOBALS[RootPath] Parameter Remote File Inclusion
8084| [62585] Hitachi Multiple Products uCosminexus Portal Framework Unspecified XSS
8085| [62581] WebsiteBaker framework/class.wb.php print_error() Function Security Bypass
8086| [62118] IBM Cognos Express Tomcat Manager Hardcoded Credentials
8087| [62027] PHP Fuzzer Framework Insecure File Creation Local Privilege Escalation
8088| [61959] SAP BusinessObjects AdminTools/querybuilder/logonform.jsp framework Parameter XSS
8089| [61958] SAP BusinessObjects AdminTools/querybuilder/ie.jsp framework Parameter XSS
8090| [61731] Oracle Database Application Express Application Builder HTTP Unspecified Remote Issue
8091| [61707] Zend Framework Zend_Service_ReCaptcha_MailHide Function email Argument XSS
8092| [61706] Zend Framework Zend_Json_Encoder Forward Slash XSS
8093| [61705] Zend Framework Zend_Dojo_View_Helper_Editor Function HTML DIV Tag XSS
8094| [61704] Zend Framework Zend_Filter_StripTags Function Whitelisted HTML Comment Bypass XSS
8095| [61703] Zend Framework Zend_File_Transfer Function MIME Type Unspecified Weakness
8096| [61702] Zend Framework Multiple Function Encoded Request XSS
8097| [61340] Zend Framework Zend_Log_Writer_Mail Class shutdown Function Arbitrary Mail Relay
8098| [59502] Microsoft IE / Outlook Express Crafted XML Stylesheet (XSL) Arbitrary Script Execution
8099| [59394] Mozilla Multiple Browsers Proxy Auto-configuration (PAC) File Regular Expression Parsing Arbitrary Code Execution
8100| [59128] Oracle E-Business Suite Applications Framework Unspecified Remote Information Disclosure
8101| [59108] Oracle Database Application Express FLOWS_030000. WWV_EXECUTE_IMMEDIATE Unspecified Remote Issue
8102| [58851] Microsoft .NET Framework / Silverlight Crafted Application Memory Manipulation Arbitrary Code Execution
8103| [58850] Microsoft .NET Framework Object Casting Manipulation Arbitrary Code Execution
8104| [58849] Microsoft .NET Framework Crafted Application Managed Pointer Access Arbitrary Code Execution
8105| [58651] Symantec SecurityExpressions Audit and Compliance Server Unspecified XSS
8106| [58650] Symantec SecurityExpressions Audit and Compliance Server Unspecified HTML Injection
8107| [58564] Premier Election Solutions (Diebold) ExpressPoll Audit Log Voter Privacy Violation
8108| [58563] Premier Election Solutions (Diebold) ExpressPoll DB3 Database Unauthorized Manipulation
8109| [58562] Premier Election Solutions (Diebold) ExpressPoll Boot Loader / OS Unauthorized Upgrade
8110| [58552] Premier Election Solutions (Diebold) EMP / ExpressPoll Server Log Integrity Weakness
8111| [58450] Solaris STREAMS Framework Unspecified Local DoS
8112| [58335] Cisco IOS Unified Communications Manager Express (CME) Extension Mobility Feature Login Component Remote Overflow
8113| [58334] Cisco IOS Cisco Express Forwarding Malformed Packet Handling Remote DoS (2009-2873)
8114| [58333] Cisco IOS Cisco Express Forwarding Malformed Packet Handling Remote DoS (2009-2872)
8115| [58228] ipMonitor Malformed Regular Expression Backreference Handling DoS
8116| [58109] Horde Application Framework Numeric Preference Type XSS
8117| [58108] Horde Application Framework MIME Viewer Text Part Rendering XSS
8118| [58107] Horde Application Framework Form Library Image Form Field Arbitrary File Overwrite
8119| [57893] Symantec Altiris eXpress NS SC Download Altiris.AeXNSPkgDL.1 ActiveX (AeXNSPkgDLLib.dll) DownloadAndInstall() Method Arbitrary Code Execution
8120| [57638] Microsoft Outlook Express IMAP Client literal_size Remote Overflow
8121| [57340] Adobe Flex SDK express-install Templates index.template.html Query String XSS
8122| [57062] Microsoft IE STYLE Element / CSS Expression Property Double Content Injection XSS Filter Bypass
8123| [56972] OpenJDK IcedTea Java Web Start Framework JAR File Trust Weakness Privilege Escalation
8124| [56905] Microsoft .NET Framework Request Scheduling Crafted HTTP Request Remote DoS
8125| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
8126| [55939] Google Chrome JavaScript Regular Expressions Evaluation Memory Corruption
8127| [55937] Cisco Unified Contact Center Express (CCX) Database Unspecified XSS
8128| [55936] Cisco Unified Contact Center Express (CCX) Customer Response Solutions (CRS) Administration Interface Traversal Arbitrary File Manipulation
8129| [55900] Oracle E-Business Suite Applications Framework /OA_HTML/OA.jsp Multiple Parameter XSS
8130| [55198] Zend Framework Zend_View::render() Function Traversal Local File Inclusion
8131| [54641] Novell GroupWise WebAccess Unfiltered Style Expressions XSS
8132| [54610] Sun Java System Communications Express uwc/abs/search.xml abperson_displayName Parameter XSS
8133| [54609] Sun Java System Communications Express uwc/base/UWCMain URL Parameter XSS
8134| [54509] HP Data Protector Express dpwinsup Module Crafted Traffic Remote Memory Disclosure
8135| [53941] Scorpio Framework baseAdminSite Implementation view Action Object Restriction Bypass
8136| [53940] Spring Framework RegEx Serialized Data Handling CPU Consumption DoS
8137| [53754] Oracle E-Business Suite Applications Framework Unspecified Remote Issue
8138| [53738] Oracle Database Application Express (APEX) FLOWS_030000.WWV_FLOW_USER User Password Hash Disclosure
8139| [53540] Horde Application Framework framework/Text_Filter/Filter/xss.php Style Attributes XSS
8140| [52930] Benjile PHP Security Framework lib/common/SecureHttpRequest.class.php SQL Injection Protection Bypass
8141| [52929] Benjile PHP Security Framework lib/control/AuthentificationController.class.php SQL Injection
8142| [52928] Benjile PHP Security Framework lib/base.inc.php Multiple Parameter Remote File Inclusion
8143| [52845] ExpressionEngine system/index.php avatar Parameter XSS
8144| [52718] Sun Java System Communications Express Multiple Field XSS
8145| [52707] Atlassian JIRA Enterprise Edition Webwork 1 Framework Dynamic URL Transformation Security Bypass
8146| [52617] IBM Tivoli Storage Manager (TSM) Express adsmdll.dll Length Value Handling Remote Overflow
8147| [52282] Extrakt Framework index.php plugins[file][id] Parameter XSS
8148| [51973] Apple Mac OS X FSEvents Framework fseventsd Credential Management Local Information Disclosure
8149| [51887] Horde Multiple Products framework/Image/Image.php Horde_ImageDriver Name Traversal Local File Inclusion
8150| [51650] htmLawed Crafted CSS Expressions XSS
8151| [51329] Oracle E-Business Suite Applications Framework System Configuration Remote Information Disclosure
8152| [51314] Oracle BEA WebLogic Server / Express Console Unspecified Privilege Escalation
8153| [51313] Oracle BEA WebLogic Server / Express JSP Servlets Unspecified Information Disclosure
8154| [51312] Oracle BEA WebLogic Server / Express Web Services Unspecified Policy Bypass
8155| [50974] Microsoft Outlook Express InetComm.dll MimeOleClearDirtyTree Function Malformed Email Header Handling Infinite Loop DoS
8156| [50851] Product Sale Framework customer.forumtopic.php forum_topic_id Parameter SQL Injection
8157| [50620] ColdFusion Application Server Expression Evaluator openfile.cfm Arbitrary File Upload
8158| [50302] Microsoft .NET Framework Strong Name Implementation DLL File Public Key Token Subversion Multiple Mechanism Authentication Bypass
8159| [49843] IBM Metrica Service Assurance Framework ReportRequest :tasklabel Parameter XSS
8160| [49842] IBM Metrica Service Assurance Framework Launch jnlpname Parameter XSS
8161| [49841] IBM Metrica Service Assurance Framework ReportTree elementid Parameter XSS
8162| [49732] XWork ParameterInterceptor OGNL Expression Arbitrary SSO Modification
8163| [49442] IBM Tivoli Storage Manager (TSM) Express for Microsoft SQL SQL CAD Data Protection (dsmcat.exe) Remote Overflow
8164| [49329] Oracle Database Application Express (APEX) Session Creation Unspecified Remote Issue
8165| [49308] Oracle E-Business Suite Applications Framework Unspecified Remote Issue
8166| [49176] Midgard Components Framework Multiple Unspecified Issues
8167| [48962] DataFeedFile (DFF) PHP Framework API DFF_sku.func.php DFF_config[dir_include] Parameter Remote File Inclusion
8168| [48961] DataFeedFile (DFF) PHP Framework API DFF_rss.func.php DFF_config[dir_include] Parameter Remote File Inclusion
8169| [48960] DataFeedFile (DFF) PHP Framework API DFF_paging.func.php DFF_config[dir_include] Parameter Remote File Inclusion
8170| [48959] DataFeedFile (DFF) PHP Framework API DFF_mer_prdt.func.php DFF_config[dir_include] Parameter Remote File Inclusion
8171| [48958] DataFeedFile (DFF) PHP Framework API DFF_mer.func.php DFF_config[dir_include] Parameter Remote File Inclusion
8172| [48957] DataFeedFile (DFF) PHP Framework API DFF_featured_prdt.func.php DFF_config[dir_include] Parameter Remote File Inclusion
8173| [48956] DataFeedFile (DFF) PHP Framework API DFF_affiliate_client_API.php DFF_config[dir_include] Parameter Remote File Inclusion
8174| [48174] Red Hat Directory Server Directory Server Administration Express Interface adminutil Library Unspecified XSS
8175| [47292] Firebird 2 Crafted Expression Handling Unspecified Memory Corruption
8176| [46931] Microsoft Outlook/Express Unspecified URI Handling Arbitrary Command Injection
8177| [46690] Perl-Compatible Regular Expression (PCRE) pcre_compile.c Crafted Pattern Handling Overflow
8178| [46312] Prototype JavaScript Framework prototype.js Cross-site Ajax Request Unspecified Issue
8179| [46311] Prototype JavaScript Framework prototype.js script Tag Cross-site JSON String Information Disclosure
8180| [45882] Kaya CGI Framework HTTP Header XSS
8181| [45757] PHPIDS Arithmetic Expressions Handling XSS
8182| [44978] Red Hat Directory Server slapd LDAP Search Regular Expression Handler Overflow
8183| [44501] Oracle Application Express HTTP Unspecified Remote Issue
8184| [44500] Oracle Application Express flows_030000.wwv_execute_immediate Unspecified Remote Issue
8185| [44489] Oracle Applications Framework HTTP Unspecified Remote Information Disclosure
8186| [44266] WoltLab Community Framework (WCF) Multiple Parameter XSS
8187| [44265] WoltLab Community Framework (WCF) Multiple Variable Path Disclosure
8188| [44161] McAfee Common Management Agent (CMA) Framework Service Crafted Request Remote DoS
8189| [44117] RoundCube Webmail Style Sheet Expression Commands XSS
8190| [44053] Sympa wwsympa/wwsympa.fcgi arcsearch Malformed Expression Remote DoS
8191| [44032] Cisco Unified Communications Disaster Recovery Framework (DRF) Arbitrary Remote Command Execution
8192| [43697] IBM Tivoli Provisioning Manager Express Login Error Username Enumeration
8193| [43696] IBM Tivoli Provisioning Manager Express Account Creation Username Enumeration
8194| [43693] IBM Tivoli Provisioning Manager Express assess modification Unspecified XSS
8195| [43419] ExpressionEngine index.php URL Parameter CLRF Injection HTTP Response Splitting
8196| [43376] CUPS CGI Backend IPP Request Search Expression Handling (cgiCompileSearch) Remote Overflow
8197| [43328] Prototype (prototypejs) Framework JavaScript Object Notation (JSON) Crafted HTML Remote Data Disclosure
8198| [43327] Moo.fx Framework JavaScript Object Notation (JSON) Crafted HTML Remote Data Disclosure
8199| [43326] MochiKit Framework JavaScript Object Notation (JSON) Crafted HTML Remote Data Disclosure
8200| [43325] Microsoft Atlas Framework JavaScript Object Notation (JSON) Crafted HTML Remote Data Disclosure
8201| [43324] Yahoo! UI Framework JavaScript Object Notation (JSON) Crafted HTML Remote Data Disclosure
8202| [43323] Dojo Framework JavaScript Object Notation (JSON) Crafted HTML Remote Data Disclosure
8203| [43322] Direct Web Remoting (DWR) Framework JavaScript Object Notation (JSON) Crafted HTML Remote Data Disclosure
8204| [43321] Google Web Toolkit (GWT) Framework JavaScript Object Notation (JSON) Crafted HTML Remote Data Disclosure
8205| [43320] jQuery Framework JavaScript Object Notation (JSON) Crafted HTML Remote Data Disclosure
8206| [43319] Script.aculo.us Framework JavaScript Object Notation (JSON) Crafted HTML Remote Data Disclosure
8207| [43182] Google Android SDK WebKit Framework GIF Library GIF Handling Overflow
8208| [42853] McAfee ePolicy Orchestrator Framework Service Crafted UDP Packet Handling Format String
8209| [42631] JBoss Seam org.jboss.seam.framework.Query Class getRenderedEjbql Method order Variable Arbitrary Arbitrary EJBQL Command Execution
8210| [42101] MVEL set-expression Compiler Virtual Objects (Maps) Unspecified Code Injection
8211| [42021] Solaris 10 DTrace Dynamic Tracing Framework Kernel Tracing Information Disclosure
8212| [41989] Perl-Compatible Regular Expression (PCRE) Character Class Handling Remote Overflow
8213| [41585] ExpressionEngine index.php URL Parameter XSS
8214| [41417] Bubbling Library examples/dispatcher/framework/dispatcher.php uri Parameter Traversal Arbitrary File Access
8215| [41313] Oracle Application Express (APEX) NOTIFICATION_MSG Parameter XSS
8216| [40902] TCL in PostgreSQL Regular Expression Parser Crafted Doubly-nested State Regexp Parsing DoS
8217| [40766] Perl-Compatible Regular Expression (PCRE) Singleton Unicode Sequence Handling Overflow
8218| [40765] Perl-Compatible Regular Expression (PCRE) Unmatched Brackets / Parentheses Search Crafted Regexp DoS
8219| [40764] Perl-Compatible Regular Expression (PCRE) Character Class Calculation overflow
8220| [40763] Perl-Compatible Regular Expression (PCRE) Unmatched "
8221| [40761] Perl-Compatible Regular Expression (PCRE) Non-UTF-8 Mode Pattern Matching Information Disclosure
8222| [40760] Perl-Compatible Regular Expression (PCRE) \P Sequence DoS
8223| [40759] Perl-Compatible Regular Expression (PCRE) Unspecified Escape (backslash) Sequence DoS
8224| [40758] Perl-Compatible Regular Expression (PCRE) Compiled UTF-8 Options Pattern DoS
8225| [40757] Perl-Compatible Regular Expression (PCRE) Malformed POSIX Character Class Regexp DoS
8226| [40756] Perl-Compatible Regular Expression (PCRE) Regexp Subpattern Handling Overflow
8227| [40755] Perl-Compatible Regular Expression (PCRE) Compiled Memory Allocation Miscalculation Failure DoS
8228| [40754] Perl-Compatible Regular Expression (PCRE) Crafted Regexp Parsing Overflow
8229| [40753] Perl-Compatible Regular Expression (PCRE) Named Capturing Subpatterns Counting DoS
8230| [40752] Perl-Compatible Regular Expression (PCRE) Subpattern Recursive Reference DoS
8231| [40751] Perl-Compatible Regular Expression (PCRE) Subpattern Unlimited Repeat DoS
8232| [40527] Seagull PHP Framework optimizer.php files Parameter Traversal Arbitrary File Access
8233| [40409] Perl Regular Expression Engine (regcomp.c) Polymorphic opcode Support UTF Regexp Handling Remote Overflow
8234| [40353] IBM Tivoli Storage Manager (TSM) Express Backup Server service (dsmsvc.exe) Packet Handling Remote Overflow
8235| [40286] Oracle E-Business Suite Applications Framework Unspecified Remote Information Disclosure
8236| [39970] Oracle Application Express wwv_flow_security.check_db_password Function SQL Injection
8237| [39925] Oracle Database Rules Manager Expression Filter RLMGR_TRUNCATE_MAINT Trigger Race Condition
8238| [39145] aurora framework db_mysql.lib pack_var() value Parameter SQL Injection
8239| [39118] Microsoft IE Object setExpression Function Memory Corruption
8240| [38943] PHP Lite Calendar Express subscribe.php cid Parameter SQL Injection
8241| [38942] PHP Lite Calendar Express auth.php cid Parameter SQL Injection
8242| [38941] PHP Lite Calendar Express login.php cid Parameter SQL Injection
8243| [38905] Django Internationalization Framework USE_I18N Option Multiple HTTP Request Remote DoS
8244| [38600] epesi framework Gallery Image Unrestricted File Upload
8245| [38495] Microsoft IE Outlook Express Address Book Activex DoS
8246| [38486] Microsoft Expression Media IVC File Cleartext Catalog Password Disclosure
8247| [38418] PHP Object Framework dbmodules/DB_adodb.class.php PHPOF_INCLUDE_PATH Parameter Remote File Inclusion
8248| [38335] EasyMail Objects EasyMailSMTPObj ActiveX (emsmtp.dll) SubmitToExpress Method Arbitrary Code Execution
8249| [38154] phpBasic basicFramework includes.php root Parameter Remote File Inclusion
8250| [37779] Broderbund Expressit 3DGreetings Player ActiveX Multiple Unspecified Overflows
8251| [37749] SAP Internet Communication Framework (BC-MID-ICF) Default Login Error Page XSS
8252| [37104] Cisco IOS Regular Expressions (Regexp) Processing DoS
8253| [36453] Apple Safari / iPhone WebKit Perl-Compatible Regular Expressions (PCRE) Multiple Overflows
8254| [36101] McAfee Multiple Products ePolicy Orchestrator CMA Framework Service Remote Overflow
8255| [35956] Microsoft .NET Framework Just In Time (JIT) Compiler Service Unspecified Arbitrary Code Execution
8256| [35955] Microsoft .NET Framework NULL Byte URL Arbitrary File Access
8257| [35954] Microsoft .NET Framework PE Loader Service Unspecified Arbitrary Code Execution
8258| [35346] Microsoft Outlook Express / Windows Mail MHTML Content Disposition Parsing Cross Domain Information Disclosure
8259| [35345] Microsoft Outlook Express / Windows Mail URL Parsing Cross Domain Information Disclosure
8260| [35284] phpTodo Unspecified Regular Expression Newline Injection
8261| [35269] Microsoft ASP .NET Framework Comment Enclosure Handling Request Weakness
8262| [35020] IBM Tivoli Monitoring Express kde.dll Remote Overflow
8263| [34870] Apple Mac OS X VideoConference Framework Crafted SIP Packet Remote Overflow
8264| [34866] Apple Mac OS X WebFoundation Framework Subdomain Cookie Information Disclosure
8265| [34656] RSPA rspa/framework/Controller_v4.php Multiple Parameter Remote File Inclusion
8266| [34655] RSPA rspa/framework/Controller_v5.php Multiple Parameter Remote File Inclusion
8267| [34180] Calendar Express search.php allwords Parameter XSS
8268| [33820] Mirapoint WebMail expression CSS XSS
8269| [33631] Cadre PHP Framework fw/class.Quick_Config_Browser.php GLOBALS[config][framework_path] Parameter Remote File Inclusion
8270| [33320] OpenSER parse_config parse_expression Function Overflow
8271| [32620] Sun iPlanet Messaging Server Expression CSS XSS
8272| [32399] NeoTrace Express/Pro NeoTraceExplorer.NeoTraceLoader ActiveX TraceTarget Method Overflow
8273| [31615] Yana Framework Guestbook Unspecified Authorization Bypass
8274| [31503] Oracle Application Express Authenticated Unspecified Remote Information Disclosure
8275| [31502] Oracle Application Express Authenticated Unspecified Issue (APEX34)
8276| [31501] Oracle Application Express Unauthenticated Complex Unspecified Issue (APEX33)
8277| [31500] Oracle Application Express Unauthenticated Complex Unspecified Issue (APEX32)
8278| [31499] Oracle Application Express Unauthenticated Complex Unspecified Issue (APEX31)
8279| [31498] Oracle Application Express Authenticated Unspecified Issue (APEX30)
8280| [31497] Oracle Application Express Authenticated Unspecified Issue (APEX29)
8281| [31496] Oracle Application Express Unauthenticated Unspecified Issue (APEX28)
8282| [31495] Oracle Application Express Unauthenticated Unspecified Issue (APEX27)
8283| [31494] Oracle Application Express Unauthenticated Unspecified Issue (APEX26)
8284| [31493] Oracle Application Express Unspecified Unauthenticated Remote Partial DoS
8285| [31492] Oracle Application Express Unauthenticated Unspecified Issue (APEX24)
8286| [31491] Oracle Application Express Unauthenticated Unspecified Issue (APEX23)
8287| [31490] Oracle Application Express Unauthenticated Unspecified Issue (APEX22)
8288| [31489] Oracle Application Express Unauthenticated Unspecified Issue (APEX21)
8289| [31488] Oracle Application Express Unauthenticated Unspecified Issue (APEX20)
8290| [31487] Oracle Application Express Simple Unspecified Issue (APEX19)
8291| [31486] Oracle Application Express Simple Unspecified Issue (APEX18)
8292| [31485] Oracle Application Express Unspecified Unauthenticated Remote Complete DoS
8293| [31484] Oracle Application Express Developer SQL Workshop Unspecified Issue (APEX16)
8294| [31483] Oracle Application Express Developer SQL Workshop Unspecified Issue (APEX15)
8295| [31482] Oracle Application Express Unauthenticated Complex Unspecified Issue (APEX14)
8296| [31481] Oracle Application Express Unauthenticated Complex Unspecified Issue (APEX13)
8297| [31480] Oracle Application Express Unauthenticated Complex Unspecified Issue (APEX12)
8298| [31479] Oracle Application Express synonym Creation Unspecified Authenticated Issue
8299| [31478] Oracle Application Express htmldb_plsql_job Unspecified Authenticated Issue
8300| [31477] Oracle Application Express Unauthenticated Simple Unspecified Issue (APEX09)
8301| [31476] Oracle Application Express Unauthenticated Simple Unspecified Issue (APEX08)
8302| [31475] Oracle Application Express Unauthenticated Simple Unspecified Issue (APEX07)
8303| [31474] Oracle Application Express Unauthenticated Simple Unspecified Issue (APEX06)
8304| [31473] Oracle Application Express Unauthenticated Simple Unspecified Issue (APEX05)
8305| [31472] Oracle Application Express Unauthenticated Complex Unspecified Issue (APEX04)
8306| [31471] Oracle Application Express Unauthenticated Complex Unspecified Issue (APEX03)
8307| [31470] Oracle Application Express Unauthenticated Complex Unspecified Issue (APEX02)
8308| [31469] Oracle Application Express Unauthenticated Simple Unspecified Issue (APEX01)
8309| [31416] Oracle E-Business Suite Applications Framework HTTP Unspecified Issue
8310| [31218] Zend Framework Preview testRedirections.php XSS
8311| [30821] Microsoft Outlook Express Windows Address Book Contact Record Code Execution
8312| [30731] Apple Mac OS X Security Framework Secure Transport Cipher Negotiation Weakness
8313| [30730] Apple Mac OS X Security Framework Crafted X.509 Certificate Handling Remote DoS
8314| [30729] Apple Mac OS X Security Framework Online Certificate Status Protocol (OCSP) Revoked Certificate Weakness
8315| [30728] Apple Mac OS X Security Framework Certificate Revocation List (CRL) Search Weakness
8316| [30425] SiteXpress E-Commerce System dept.asp id Parameter SQL Injection
8317| [30151] Sun Java System Messenger Express errorHTML Function XSS
8318| [29431] Microsoft .NET Framework AutoPostBack Property Unspecified XSS
8319| [28458] IBM Tivoli Lightweight Client Framework HTTP http_disable Default Setting Weakness
8320| [27760] Cisco CallManager Express SIP Message User Enumeration
8321| [27153] Microsoft .NET Framework Crafted Request Access Restriction Bypass
8322| [26836] Microsoft IE OutlookExpress.AddressBook COM Object NULL Dereference
8323| [26711] Docebo CMS lib.php GLOBALS[where_framework] Parameter Remote File Inclusion
8324| [26710] Docebo CMS body.php GLOBALS[where_framework] Parameter Remote File Inclusion
8325| [26708] Docebo CMS content_class.php GLOBALS[where_framework] Parameter Remote File Inclusion
8326| [26707] Docebo CMS news_class.php GLOBALS[where_framework] Parameter Remote File Inclusion
8327| [26640] PHP Lite Calendar Express month.php Multiple Parameter SQL Injection
8328| [26002] BlueShoes Framework websearchengine/Bs_Wse_Profile.class.php APP[path][plugins] Parameter Remote File Inclusion
8329| [26001] BlueShoes Framework mailinglist/Bs_Ml_User.class.php GLOBALS[APP][path][core] Parameter Remote File Inclusion
8330| [26000] BlueShoes Framework imagearchive/Bs_ImageArchive.class.php?APP[path][core] Parameter Remote File Inclusion
8331| [25999] BlueShoes Framework filemanager/viewer.php?APP[path][core] Parameter Remote File Inclusion
8332| [25998] BlueShoes Framework filemanager/file.php?APP[path][core] Parameter Remote File Inclusion
8333| [25997] BlueShoes Framework filebrowser/fileBrowserInner.php?APP[path][core] Parameter Remote File Inclusion
8334| [25996] BlueShoes Framework faq/Bs_Faq.class.php?APP[path][applications] Parameter Remote File Inclusion
8335| [25613] FileProtection Express Crafted Cookie Authentication Bypass
8336| [25165] Cisco Unity Express Arbitrary User Expired Password Modification
8337| [24830] Oracle Enterprise Manager CORE: Reporting Framework Unspecified HTTP Information Disclosure
8338| [24829] Oracle Enterprise Manager CORE: Reporting Framework Unspecified HTTP Issue
8339| [24661] Mozilla Multiple Products Javascript Regular Expression Parsing Overflow
8340| [24519] Microsoft Outlook Express Windows Address Book (.wab) Processing Overflow
8341| [24208] Microsoft .NET Framework ILDASM Overflow
8342| [24207] Microsoft .NET Framework ILASM .il File Processing Overflow
8343| [24161] Calendar Express search.php Multiple Parameter XSS
8344| [23675] enTrac ExpressPay SLE4442 Chip Card Authentication Bypass
8345| [22724] ExpressionEngine index.php $_SERVER['HTTP_REFERER'] XSS
8346| [22682] Rockliffe MailSite Express Cookie Plaintext Password Storage
8347| [22606] Oracle E-Business Suite/Applications Applications Framework HTTP Unspecified Authenticated Issue
8348| [21915] Adaptive Website Framework (AWF) Unspecified Script mode Variable Path Disclosure
8349| [21914] Adaptive Website Framework (AWF) Multiple Templates page Parameter XSS
8350| [21607] Horde Framework CSV Import Multiple Field Arbitrary Script Execution
8351| [21606] Horde Framework Multiple Field XSS
8352| [21405] PHP Lite Calendar Express year.php Multiple Parameter SQL Injection
8353| [21404] PHP Lite Calendar Express month.php Multiple Parameter SQL Injection
8354| [21403] PHP Lite Calendar Express week.php Multiple Parameter SQL Injection
8355| [21402] PHP Lite Calendar Express day.php Multiple Parameter SQL Injection
8356| [21341] Omnistar KBase Express category.php id Parameter SQL Injection
8357| [21340] Omnistar KBase Express search.php search Parameter SQL Injection
8358| [20490] Rockliffe MailSite Express WebMail AttachPath Arbitrary Attachment Access
8359| [20489] Rockliffe MailSite Express WebMail File Upload Arbitrary Command Execution
8360| [20488] Rockliffe MailSite Express WebMail Email Message Body XSS
8361| [20448] Sun Java System Communications Express Remote Configuration File Disclosure
8362| [20083] Hitachi Cosminexus Portal Framework Cached Content Manipulation
8363| [20064] Rockliffe MailSite Express Attachment Arbitrary File Upload
8364| [19654] mwcollect Perl-Compatible Regular Expression (PCRE) Usage Unspecified DoS
8365| [19200] Express-Web Content Management System default.asp email Parameter XSS
8366| [19199] Express-Web Content Management System login.asp referer XSS
8367| [18906] Perl-Compatible Regular Expression (PCRE) Quantifier Value Processing Overflow
8368| [18780] Apple Mac OS X Server CoreFoundation Framework Command Line Overflow
8369| [18779] Apple Mac OS X CoreFoundation Framework Gregorian Date Processing Algorithmic Complexity DoS
8370| [18638] PHP Lite Calendar Express search.php allwords Parameter XSS
8371| [18495] Metasploit Framework msfweb Defanged Mode Remote Bypass
8372| [18241] Microsoft Outlook Express begin Keyword Message Handling DoS
8373| [18019] Oracle Express Server Unauthenticated Trivial Remote DoS
8374| [17778] IBM Tivoli Management Framework Endpoint lcfd Process Connection Saturation DoS
8375| [17606] Adobe Reader/Acrobat for Mac OS Updater Safari Frameworks Privilege Escalation
8376| [17472] mwcollect HoD Bind Crafted Perl-Compatible Regular Expression (PCRE) Request DoS
8377| [17306] Microsoft Outlook Express NNTP LIST Command Remote Overflow
8378| [16077] Apple Mac OS X Foundation Framework Environment Variable Overflow
8379| [16014] IBM Web Traffic Express Caching Proxy Server HTTP GET Request XSS
8380| [13884] Hursley Software Laboratories Consumer Transaction Framework Long HTTP Request DoS
8381| [13550] Celtech ExpressFS FTP Server Long USER Command Overflow
8382| [12864] Apple AirPort Express/Extreme WDS UDP DoS
8383| [11957] Microsoft Outlook Express Troubleshooting Feature SMTP Auth Credential Disclosure
8384| [11956] Microsoft Outlook/Express Message body NUL Character DoS
8385| [11954] Microsoft Outlook Express .dbx Deleted E-mail Persistence
8386| [11953] Microsoft Outlook Express A HREF Link Overflow DoS
8387| [11952] Microsoft Outlook Express S/MIME CA Certificate Spoofing
8388| [11950] Microsoft Outlook Express MIME Header Manipulation File Extension Spoofing Weakness
8389| [11948] Microsoft IE/Outlook Express IFRAME Tag Parsing Remote DoS
8390| [11942] Microsoft Outlook Express Email Forward Blocked Attachment Access
8391| [11941] Microsoft Outlook Express HTML Frame base64 Attachment Security Bypass
8392| [11938] Microsoft Outlook Express Attachment Filename Overflow
8393| [11422] Microsoft Outlook Express S/MIME Parsing Routine Remote Overflow
8394| [11419] Microsoft Outlook Express Header Carriage Return Filter Bypass
8395| [11418] Microsoft Outlook Express text/plain MIME Content Embedded SCRIPT Tag Command Execution
8396| [11417] Microsoft Outlook/Express VCard Handler Remote Overflow
8397| [11416] Microsoft Outlook/Express Blank Header DoS
8398| [11415] Microsoft Outlook Express Forced POP3 Command Mode DoS
8399| [11164] Horde Application Framework Help Window Multiple Parameter XSS
8400| [10865] Intel Express 500 Series Switches Malformed ICMP DoS
8401| [10765] Express-Web Content Management System default.asp Multiple Parameter XSS
8402| [9904] Squid Internet Object Cache Regular Expression ACL Bypass
8403| [9825] Disney Go Express Search HTTP Information Disclosure
8404| [9739] Cosminexus Portal Framework Cached Content Modification
8405| [9225] IBM Web Traffic Express Caching Proxy Server Location: Header XSS
8406| [9224] Cute PHP Library Unspecified Regular Expressions Issue
8407| [9167] Microsoft Outlook Express BCC: Recipient Information Disclosure
8408| [8662] eshare Expressions Unspecified Traversal Arbitrary File Access
8409| [7902] Microsoft IE / Outlook Express Active Scripting Arbitrary E-mail Message Access
8410| [7793] Microsoft Outlook Express Header Validation DoS
8411| [7096] Microsoft Outlook Express Mac OS Auto HTML Download
8412| [7055] Microsoft Outlook Express for Mac OS E-mail Long Line DoS
8413| [6768] IBM Tivoli Management Framework ManagedNode Web Server GET Request Remote Overflow
8414| [6767] IBM Tivoli Management Framework Endpoint Web Server GET Request Remote Overflow
8415| [6121] Microsoft Outlook Express BASE HREF Web Content Loading
8416| [5795] HP Web JetAdmin Framework:CheckPassword Authentication Bypass
8417| [5792] HP Web JetAdmin framework.ini Password Disclosure
8418| [5791] HP Web JetAdmin framework.ini Path Disclosure
8419| [5243] Ipswitch IMail Express Web Messaging Buffer Overflow
8420| [2213] Java Media Framework Unsigned Applet Privilege Escalation
8421| [2048] PCexpress BBS Backdoor Password
8422| [1528] Intel Express Switch 500 Series Malformed IP Packet Remote DoS
8423| [1475] Microsoft Outlook/Express Cache Bypass
8424| [1467] Microsoft Outlook/Express GMT Field Buffer Overflow
8425| [1414] BEA WebLogic Server/Express file Servlet Source Code Disclosure
8426| [1344] Intel Express 8100 ISDN Router Fragmented ICMP Parsing Remote DoS
8427| [806] Cisco IOS Cisco Express Forwarding (CEF) Previous Packet Information Disclosure
8428|_
8429Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
8430Aggressive OS guesses: Linux 3.10 - 4.11 (92%), Linux 3.2 - 4.9 (92%), Linux 3.18 (90%), Crestron XPanel control system (90%), Linux 3.16 (89%), ASUS RT-N56U WAP (Linux 3.4) (87%), Linux 3.1 (87%), Linux 3.2 (87%), HP P2000 G3 NAS device (87%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (87%)
8431No exact OS matches for host (test conditions non-ideal).
8432Network Distance: 13 hops
8433
8434TRACEROUTE (using port 5432/tcp)
8435HOP RTT ADDRESS
84361 171.88 ms 10.252.200.1
84372 173.21 ms 213.184.122.97
84383 171.95 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
84394 172.21 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
84405 222.88 ms bzq-114-65-1.cust.bezeqint.net (192.114.65.1)
84416 219.37 ms bzq-219-189-78.dsl.bezeqint.net (62.219.189.78)
84427 228.88 ms ae5-2074.ams10.core-backbone.com (81.95.2.138)
84438 222.06 ms ae23-0.fra20.core-backbone.com (5.56.18.217)
84449 234.95 ms 185.8.179.21
844510 234.96 ms 185.8.179.21
844611 231.81 ms 185.8.179.27
844712 236.33 ms 185.8.179.25
844813 232.45 ms 37.1.201.205
8449#######################################################################################################################################
8450+----------------------+------------------------------------+--------------------------------------------------+-----------+-----------+
8451| App Name | URL to Application | Potential Exploit | Username | Password |
8452+----------------------+------------------------------------+--------------------------------------------------+-----------+-----------+
8453| phpMyAdmin | http://37.1.201.205:80/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | Not Found | Not Found |
8454| JBoss Status Servlet | http://37.1.201.205:5432/status | ./auxiliary/scanner/http/jboss_status.rb | None | None |
8455#######################################################################################################################################
8456Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-20 01:37 EDT
8457NSE: Loaded 45 scripts for scanning.
8458NSE: Script Pre-scanning.
8459NSE: Starting runlevel 1 (of 2) scan.
8460Initiating NSE at 01:37
8461Completed NSE at 01:37, 0.00s elapsed
8462NSE: Starting runlevel 2 (of 2) scan.
8463Initiating NSE at 01:37
8464Completed NSE at 01:37, 0.00s elapsed
8465Initiating Ping Scan at 01:37
8466Scanning teen18topic.com (37.1.201.205) [4 ports]
8467Completed Ping Scan at 01:37, 0.27s elapsed (1 total hosts)
8468Initiating Parallel DNS resolution of 1 host. at 01:37
8469Completed Parallel DNS resolution of 1 host. at 01:37, 0.03s elapsed
8470Initiating Connect Scan at 01:37
8471Scanning teen18topic.com (37.1.201.205) [65535 ports]
8472Discovered open port 143/tcp on 37.1.201.205
8473Discovered open port 110/tcp on 37.1.201.205
8474Discovered open port 587/tcp on 37.1.201.205
8475Discovered open port 22/tcp on 37.1.201.205
8476Discovered open port 3306/tcp on 37.1.201.205
8477Discovered open port 995/tcp on 37.1.201.205
8478Discovered open port 21/tcp on 37.1.201.205
8479Discovered open port 993/tcp on 37.1.201.205
8480Discovered open port 80/tcp on 37.1.201.205
8481Connect Scan Timing: About 8.31% done; ETC: 01:44 (0:05:42 remaining)
8482Discovered open port 2525/tcp on 37.1.201.205
8483Discovered open port 8083/tcp on 37.1.201.205
8484Connect Scan Timing: About 22.18% done; ETC: 01:42 (0:03:34 remaining)
8485Connect Scan Timing: About 39.59% done; ETC: 01:41 (0:02:19 remaining)
8486Connect Scan Timing: About 59.47% done; ETC: 01:41 (0:01:22 remaining)
8487Discovered open port 5432/tcp on 37.1.201.205
8488Connect Scan Timing: About 81.70% done; ETC: 01:41 (0:00:34 remaining)
8489Discovered open port 465/tcp on 37.1.201.205
8490Completed Connect Scan at 01:41, 184.16s elapsed (65535 total ports)
8491Initiating Service scan at 01:41
8492Scanning 13 services on teen18topic.com (37.1.201.205)
8493Completed Service scan at 01:41, 14.48s elapsed (13 services on 1 host)
8494Initiating OS detection (try #1) against teen18topic.com (37.1.201.205)
8495Retrying OS detection (try #2) against teen18topic.com (37.1.201.205)
8496Initiating Traceroute at 01:41
8497Completed Traceroute at 01:41, 0.42s elapsed
8498Initiating Parallel DNS resolution of 13 hosts. at 01:41
8499Completed Parallel DNS resolution of 13 hosts. at 01:41, 0.30s elapsed
8500NSE: Script scanning 37.1.201.205.
8501NSE: Starting runlevel 1 (of 2) scan.
8502Initiating NSE at 01:41
8503NSE Timing: About 96.85% done; ETC: 01:41 (0:00:01 remaining)
8504Completed NSE at 01:42, 36.15s elapsed
8505NSE: Starting runlevel 2 (of 2) scan.
8506Initiating NSE at 01:42
8507Completed NSE at 01:42, 0.49s elapsed
8508Nmap scan report for teen18topic.com (37.1.201.205)
8509Host is up, received reset ttl 53 (0.22s latency).
8510Scanned at 2019-07-20 01:37:58 EDT for 243s
8511Not shown: 65518 filtered ports
8512Reason: 65518 no-responses
8513PORT STATE SERVICE REASON VERSION
851421/tcp open ftp syn-ack vsftpd 2.2.2
8515| vulscan: VulDB - https://vuldb.com:
8516| [43110] vsftpd up to 2.0.4 Memory Leak denial of service
8517|
8518| MITRE CVE - https://cve.mitre.org:
8519| [CVE-2011-2189] net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd.
8520| [CVE-2011-0762] The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.
8521| [CVE-2009-5029] Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd.
8522| [CVE-2008-4969] ltp-network-test 20060918 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/vsftpd.conf, (b) /tmp/udp/2/*, (c) /tmp/tcp/2/*, (d) /tmp/udp/3/*, (e) /tmp/tcp/3/*, (f) /tmp/nfs_fsstress.udp.2.log, (g) /tmp/nfs_fsstress.udp.3.log, (h) /tmp/nfs_fsstress.tcp.2.log, (i) /tmp/nfs_fsstress.tcp.3.log, and (j) /tmp/nfs_fsstress.sardata temporary files, related to the (1) ftp_setup_vsftp_conf and (2) nfs_fsstress.sh scripts.
8523| [CVE-2008-2375] Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962.
8524| [CVE-2007-5962] Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option.
8525| [CVE-2007-4322] BlockHosts before 2.0.4 does not properly parse (1) sshd and (2) vsftpd log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by connecting through ssh with a client protocol version identification containing an IP address string, or connecting through ftp with a username containing an IP address string, different vectors than CVE-2007-2765.
8526|
8527| SecurityFocus - https://www.securityfocus.com/bid/:
8528| [82285] Vsftpd CVE-2004-0042 Remote Security Vulnerability
8529| [72451] vsftpd CVE-2015-1419 Security Bypass Vulnerability
8530| [51013] vsftpd '__tzfile_read()' Function Heap Based Buffer Overflow Vulnerability
8531| [48539] vsftpd Compromised Source Packages Backdoor Vulnerability
8532| [46617] vsftpd FTP Server 'ls.c' Remote Denial of Service Vulnerability
8533| [41443] Vsftpd Webmin Module Multiple Unspecified Vulnerabilities
8534| [30364] vsftpd FTP Server Pluggable Authentication Module (PAM) Remote Denial of Service Vulnerability
8535| [29322] vsftpd FTP Server 'deny_file' Option Remote Denial of Service Vulnerability
8536| [10394] Vsftpd Listener Denial of Service Vulnerability
8537| [7253] Red Hat Linux 9 vsftpd Compiling Error Weakness
8538|
8539| IBM X-Force - https://exchange.xforce.ibmcloud.com:
8540| [68366] vsftpd package backdoor
8541| [65873] vsftpd vsf_filename_passes_filter denial of service
8542| [55148] VSFTPD-WEBMIN-MODULE unknown unspecified
8543| [43685] vsftpd authentication attempts denial of service
8544| [42593] vsftpd deny_file denial of service
8545| [16222] vsftpd connection denial of service
8546| [14844] vsftpd message allows attacker to obtain username
8547| [11729] Red Hat Linux vsftpd FTP daemon tcp_wrapper could allow an attacker to gain access to server
8548|
8549| Exploit-DB - https://www.exploit-db.com:
8550| [17491] VSFTPD 2.3.4 - Backdoor Command Execution
8551| [16270] vsftpd 2.3.2 - Denial of Service Vulnerability
8552| [5814] vsftpd 2.0.5 (CWD) Remote Memory Consumption Exploit (post auth)
8553|
8554| OpenVAS (Nessus) - http://www.openvas.org:
8555| [70770] Gentoo Security Advisory GLSA 201110-07 (vsftpd)
8556| [70399] Debian Security Advisory DSA 2305-1 (vsftpd)
8557|
8558| SecurityTracker - https://www.securitytracker.com:
8559| [1025186] vsftpd vsf_filename_passes_filter() Bug Lets Remote Authenticated Users Deny Service
8560| [1020546] vsftpd Memory Leak When Invalid Authentication Attempts Occur Lets Remote Authenticated Users Deny Service
8561| [1020079] vsftpd Memory Leak in 'deny_file' Option Lets Remote Authenticated Users Deny Service
8562| [1008628] vsftpd Discloses Whether Usernames are Valid or Not
8563|
8564| OSVDB - http://www.osvdb.org:
8565| [73573] vsftpd on vsftpd.beasts.org Trojaned Distribution
8566| [73340] vsftpd ls.c vsf_filename_passes_filter STAT Command glob Expression Remote DoS
8567| [61362] Vsftpd Webmin Module Unspecified Issues
8568| [46930] Red Hat Linux vsftpd w/ PAM Memory Exhaustion Remote DoS
8569| [45626] vsftpd deny_file Option Crafted FTP Data Remote Memory Exhaustion DoS
8570| [36515] BlockHosts sshd/vsftpd hosts.allow Arbitrary Deny Entry Manipulation
8571| [28610] vsftpd SIGURG Handler Unspecified Issue
8572| [28609] vsftpd tunable_chroot_local_user Filesystem Root Access
8573| [6861] vsftpd Login Error Message Username Enumeration
8574| [6306] vsftpd Connection Handling DoS
8575| [4564] vsftpd on Red Hat Linux Restricted Access Failure
8576|_
857722/tcp open ssh syn-ack OpenSSH 5.3 (protocol 2.0)
8578| vulners:
8579| cpe:/a:openbsd:openssh:5.3:
8580| CVE-2014-1692 7.5 https://vulners.com/cve/CVE-2014-1692
8581| CVE-2010-4478 7.5 https://vulners.com/cve/CVE-2010-4478
8582| CVE-2017-15906 5.0 https://vulners.com/cve/CVE-2017-15906
8583| CVE-2016-10708 5.0 https://vulners.com/cve/CVE-2016-10708
8584| CVE-2010-5107 5.0 https://vulners.com/cve/CVE-2010-5107
8585| CVE-2016-0777 4.0 https://vulners.com/cve/CVE-2016-0777
8586| CVE-2010-4755 4.0 https://vulners.com/cve/CVE-2010-4755
8587| CVE-2012-0814 3.5 https://vulners.com/cve/CVE-2012-0814
8588| CVE-2011-5000 3.5 https://vulners.com/cve/CVE-2011-5000
8589|_ CVE-2011-4327 2.1 https://vulners.com/cve/CVE-2011-4327
8590| vulscan: VulDB - https://vuldb.com:
8591| [80267] OpenSSH up to 5.x/6.x/7.1p1 Forward Option roaming_common.c roaming_read/roaming_write memory corruption
8592| [80266] OpenSSH up to 5.x/6.x/7.1p1 roaming_common.c resend_bytes information disclosure
8593| [4584] OpenSSH up to 5.7 auth-options.c information disclosure
8594| [4282] OpenSSH 5.6/5.7 Legacy Certificate memory corruption
8595|
8596| MITRE CVE - https://cve.mitre.org:
8597| [CVE-2006-0883] OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.
8598| [CVE-2012-0814] The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.
8599| [CVE-2011-5000] The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.
8600| [CVE-2011-0539] The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.
8601| [CVE-2010-4755] The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
8602| [CVE-2010-4478] OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.
8603| [CVE-2009-2904] A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.
8604| [CVE-2008-3844] Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known.
8605| [CVE-2008-3259] OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.
8606|
8607| SecurityFocus - https://www.securityfocus.com/bid/:
8608| [102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities
8609| [101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
8610| [94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability
8611| [94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability
8612| [94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability
8613| [94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability
8614| [93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability
8615| [92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability
8616| [92210] OpenSSH CBC Padding Weak Encryption Security Weakness
8617| [92209] OpenSSH MAC Verification Security Bypass Vulnerability
8618| [91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability
8619| [90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability
8620| [90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability
8621| [89385] OpenSSH CVE-2005-2666 Local Security Vulnerability
8622| [88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability
8623| [88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability
8624| [88367] OpenSSH CVE-1999-1010 Local Security Vulnerability
8625| [87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability
8626| [86187] OpenSSH 'session.c' Local Security Bypass Vulnerability
8627| [86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability
8628| [84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability
8629| [84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability
8630| [84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability
8631| [81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability
8632| [80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability
8633| [80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability
8634| [76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability
8635| [76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
8636| [75990] OpenSSH Login Handling Security Bypass Weakness
8637| [75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
8638| [71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability
8639| [68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities
8640| [66459] OpenSSH Certificate Validation Security Bypass Vulnerability
8641| [66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability
8642| [65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability
8643| [65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability
8644| [63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability
8645| [61286] OpenSSH Remote Denial of Service Vulnerability
8646| [58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability
8647| [58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability
8648| [54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability
8649| [51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability
8650| [50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability
8651| [49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness
8652| [48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability
8653| [47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability
8654| [46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
8655| [45304] OpenSSH J-PAKE Security Bypass Vulnerability
8656| [36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability
8657| [32319] OpenSSH CBC Mode Information Disclosure Vulnerability
8658| [30794] Red Hat OpenSSH Backdoor Vulnerability
8659| [30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
8660| [30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability
8661| [28531] OpenSSH ForceCommand Command Execution Weakness
8662| [28444] OpenSSH X Connections Session Hijacking Vulnerability
8663| [26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness
8664| [25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
8665| [23601] OpenSSH S/Key Remote Information Disclosure Vulnerability
8666| [20956] OpenSSH Privilege Separation Key Signature Weakness
8667| [20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness
8668| [20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness
8669| [20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
8670| [20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability
8671| [16892] OpenSSH Remote PAM Denial Of Service Vulnerability
8672| [14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability
8673| [14729] OpenSSH GSSAPI Credential Disclosure Vulnerability
8674| [14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
8675| [11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability
8676| [9986] RCP, OpenSSH SCP Client File Corruption Vulnerability
8677| [9040] OpenSSH PAM Conversation Memory Scrubbing Weakness
8678| [8677] Multiple Portable OpenSSH PAM Vulnerabilities
8679| [8628] OpenSSH Buffer Mismanagement Vulnerabilities
8680| [7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability
8681| [7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness
8682| [7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability
8683| [7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness
8684| [6168] OpenSSH Visible Password Vulnerability
8685| [5374] OpenSSH Trojan Horse Vulnerability
8686| [5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities
8687| [4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
8688| [4241] OpenSSH Channel Code Off-By-One Vulnerability
8689| [3614] OpenSSH UseLogin Environment Variable Passing Vulnerability
8690| [3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability
8691| [3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability
8692| [3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability
8693| [2917] OpenSSH PAM Session Evasion Vulnerability
8694| [2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability
8695| [2356] OpenSSH Private Key Authentication Check Vulnerability
8696| [1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability
8697| [1334] OpenSSH UseLogin Vulnerability
8698|
8699| IBM X-Force - https://exchange.xforce.ibmcloud.com:
8700| [83258] GSI-OpenSSH auth-pam.c security bypass
8701| [82781] OpenSSH time limit denial of service
8702| [82231] OpenSSH pam_ssh_agent_auth PAM code execution
8703| [74809] OpenSSH ssh_gssapi_parse_ename denial of service
8704| [72756] Debian openssh-server commands information disclosure
8705| [68339] OpenSSH pam_thread buffer overflow
8706| [67264] OpenSSH ssh-keysign unauthorized access
8707| [65910] OpenSSH remote_glob function denial of service
8708| [65163] OpenSSH certificate information disclosure
8709| [64387] OpenSSH J-PAKE security bypass
8710| [63337] Cisco Unified Videoconferencing OpenSSH weak security
8711| [46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure
8712| [45202] OpenSSH signal handler denial of service
8713| [44747] RHEL OpenSSH backdoor
8714| [44280] OpenSSH PermitRootLogin information disclosure
8715| [44279] OpenSSH sshd weak security
8716| [44037] OpenSSH sshd SELinux role unauthorized access
8717| [43940] OpenSSH X11 forwarding information disclosure
8718| [41549] OpenSSH ForceCommand directive security bypass
8719| [41438] OpenSSH sshd session hijacking
8720| [40897] OpenSSH known_hosts weak security
8721| [40587] OpenSSH username weak security
8722| [37371] OpenSSH username data manipulation
8723| [37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed
8724| [37112] RHSA update for OpenSSH signal handler race condition not installed
8725| [37107] RHSA update for OpenSSH identical block denial of service not installed
8726| [36637] OpenSSH X11 cookie privilege escalation
8727| [35167] OpenSSH packet.c newkeys[mode] denial of service
8728| [34490] OpenSSH OPIE information disclosure
8729| [33794] OpenSSH ChallengeResponseAuthentication information disclosure
8730| [32975] Apple Mac OS X OpenSSH denial of service
8731| [32387] RHSA-2006:0738 updates for openssh not installed
8732| [32359] RHSA-2006:0697 updates for openssh not installed
8733| [32230] RHSA-2006:0298 updates for openssh not installed
8734| [32132] RHSA-2006:0044 updates for openssh not installed
8735| [30120] OpenSSH privilege separation monitor authentication verification weakness
8736| [29255] OpenSSH GSSAPI user enumeration
8737| [29254] OpenSSH signal handler race condition
8738| [29158] OpenSSH identical block denial of service
8739| [28147] Apple Mac OS X OpenSSH nonexistent user login denial of service
8740| [25116] OpenSSH OpenPAM denial of service
8741| [24305] OpenSSH SCP shell expansion command execution
8742| [22665] RHSA-2005:106 updates for openssh not installed
8743| [22117] OpenSSH GSSAPI allows elevated privileges
8744| [22115] OpenSSH GatewayPorts security bypass
8745| [20930] OpenSSH sshd.c LoginGraceTime denial of service
8746| [19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service
8747| [17213] OpenSSH allows port bouncing attacks
8748| [16323] OpenSSH scp file overwrite
8749| [13797] OpenSSH PAM information leak
8750| [13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack
8751| [13264] OpenSSH PAM code could allow an attacker to gain access
8752| [13215] OpenSSH buffer management errors could allow an attacker to execute code
8753| [13214] OpenSSH memory vulnerabilities
8754| [13191] OpenSSH large packet buffer overflow
8755| [12196] OpenSSH could allow an attacker to bypass login restrictions
8756| [11970] OpenSSH could allow an attacker to obtain valid administrative account
8757| [11902] OpenSSH PAM support enabled information leak
8758| [9803] OpenSSH "
8759| [9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse
8760| [9307] OpenSSH is running on the system
8761| [9169] OpenSSH "
8762| [8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow
8763| [8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database
8764| [8383] OpenSSH off-by-one error in channel code
8765| [7647] OpenSSH UseLogin option arbitrary code execution
8766| [7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions
8767| [7598] OpenSSH with Kerberos allows attacker to gain elevated privileges
8768| [7179] OpenSSH source IP access control bypass
8769| [6757] OpenSSH "
8770| [6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files
8771| [6084] OpenSSH 2.3.1 allows remote users to bypass authentication
8772| [5517] OpenSSH allows unauthorized access to resources
8773| [4646] OpenSSH UseLogin option allows remote users to execute commands as root
8774|
8775| Exploit-DB - https://www.exploit-db.com:
8776| [21579] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2)
8777| [21578] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1)
8778| [21402] OpenSSH 2.x/3.x Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
8779| [21314] OpenSSH 2.x/3.0.1/3.0.2 Channel Code Off-By-One Vulnerability
8780| [20253] OpenSSH 1.2 scp File Create/Overwrite Vulnerability
8781| [17462] FreeBSD OpenSSH 3.5p1 - Remote Root Exploit
8782| [14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow
8783| [6094] Debian OpenSSH Remote SELinux Privilege Elevation Exploit (auth)
8784| [3303] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit
8785| [2444] OpenSSH <= 4.3 p1 (Duplicated Block) Remote Denial of Service Exploit
8786| [1572] Dropbear / OpenSSH Server (MAX_UNAUTH_CLIENTS) Denial of Service
8787| [258] glibc-2.2 and openssh-2.3.0p1 exploits glibc => 2.1.9x
8788| [26] OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh)
8789| [25] OpenSSH/PAM <= 3.6.1p1 Remote Users Discovery Tool
8790|
8791| OpenVAS (Nessus) - http://www.openvas.org:
8792| [902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability
8793| [900179] OpenSSH CBC Mode Information Disclosure Vulnerability
8794| [881183] CentOS Update for openssh CESA-2012:0884 centos6
8795| [880802] CentOS Update for openssh CESA-2009:1287 centos5 i386
8796| [880746] CentOS Update for openssh CESA-2009:1470 centos5 i386
8797| [870763] RedHat Update for openssh RHSA-2012:0884-04
8798| [870129] RedHat Update for openssh RHSA-2008:0855-01
8799| [861813] Fedora Update for openssh FEDORA-2010-5429
8800| [861319] Fedora Update for openssh FEDORA-2007-395
8801| [861170] Fedora Update for openssh FEDORA-2007-394
8802| [861012] Fedora Update for openssh FEDORA-2007-715
8803| [840345] Ubuntu Update for openssh vulnerability USN-597-1
8804| [840300] Ubuntu Update for openssh update USN-612-5
8805| [840271] Ubuntu Update for openssh vulnerability USN-612-2
8806| [840268] Ubuntu Update for openssh update USN-612-7
8807| [840259] Ubuntu Update for openssh vulnerabilities USN-649-1
8808| [840214] Ubuntu Update for openssh vulnerability USN-566-1
8809| [831074] Mandriva Update for openssh MDVA-2010:162 (openssh)
8810| [830929] Mandriva Update for openssh MDVA-2010:090 (openssh)
8811| [830807] Mandriva Update for openssh MDVA-2010:026 (openssh)
8812| [830603] Mandriva Update for openssh MDVSA-2008:098 (openssh)
8813| [830523] Mandriva Update for openssh MDVSA-2008:078 (openssh)
8814| [830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt)
8815| [830191] Mandriva Update for openssh MDKSA-2007:236 (openssh)
8816| [802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability
8817| [103503] openssh-server Forced Command Handling Information Disclosure Vulnerability
8818| [103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness
8819| [103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
8820| [100584] OpenSSH X Connections Session Hijacking Vulnerability
8821| [100153] OpenSSH CBC Mode Information Disclosure Vulnerability
8822| [66170] CentOS Security Advisory CESA-2009:1470 (openssh)
8823| [65987] SLES10: Security update for OpenSSH
8824| [65819] SLES10: Security update for OpenSSH
8825| [65514] SLES9: Security update for OpenSSH
8826| [65513] SLES9: Security update for OpenSSH
8827| [65334] SLES9: Security update for OpenSSH
8828| [65248] SLES9: Security update for OpenSSH
8829| [65218] SLES9: Security update for OpenSSH
8830| [65169] SLES9: Security update for openssh,openssh-askpass
8831| [65126] SLES9: Security update for OpenSSH
8832| [65019] SLES9: Security update for OpenSSH
8833| [65015] SLES9: Security update for OpenSSH
8834| [64931] CentOS Security Advisory CESA-2009:1287 (openssh)
8835| [61639] Debian Security Advisory DSA 1638-1 (openssh)
8836| [61030] Debian Security Advisory DSA 1576-2 (openssh)
8837| [61029] Debian Security Advisory DSA 1576-1 (openssh)
8838| [60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc)
8839| [60803] Gentoo Security Advisory GLSA 200804-03 (openssh)
8840| [60667] Slackware Advisory SSA:2008-095-01 openssh
8841| [59014] Slackware Advisory SSA:2007-255-01 openssh
8842| [58741] Gentoo Security Advisory GLSA 200711-02 (openssh)
8843| [57919] Gentoo Security Advisory GLSA 200611-06 (openssh)
8844| [57895] Gentoo Security Advisory GLSA 200609-17 (openssh)
8845| [57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))
8846| [57492] Slackware Advisory SSA:2006-272-02 openssh
8847| [57483] Debian Security Advisory DSA 1189-1 (openssh-krb5)
8848| [57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc)
8849| [57470] FreeBSD Ports: openssh
8850| [56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc)
8851| [56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH)
8852| [56294] Slackware Advisory SSA:2006-045-06 openssh
8853| [53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages
8854| [53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory
8855| [53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again
8856| [53788] Debian Security Advisory DSA 025-1 (openssh)
8857| [52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc)
8858| [52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc)
8859| [11343] OpenSSH Client Unauthorized Remote Forwarding
8860| [10954] OpenSSH AFS/Kerberos ticket/token passing
8861| [10883] OpenSSH Channel Code Off by 1
8862| [10823] OpenSSH UseLogin Environment Variables
8863|
8864| SecurityTracker - https://www.securitytracker.com:
8865| [1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code
8866| [1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information
8867| [1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code
8868| [1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges
8869| [1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users
8870| [1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges
8871| [1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases
8872| [1020891] OpenSSH on Debian Lets Remote Users Prevent Logins
8873| [1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised
8874| [1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions
8875| [1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands
8876| [1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases
8877| [1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service
8878| [1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process
8879| [1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution
8880| [1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames
8881| [1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service
8882| [1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service
8883| [1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service
8884| [1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases
8885| [1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases
8886| [1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases
8887| [1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services
8888| [1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code
8889| [1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code
8890| [1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users
8891| [1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users
8892| [1004818] OpenSSH's Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks
8893| [1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System
8894| [1004391] OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System
8895| [1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions
8896| [1003758] OpenSSH Off-by-one 'Channels' Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges
8897| [1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access
8898| [1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted
8899| [1002734] OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts
8900| [1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations
8901| [1002432] OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server
8902| [1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies
8903|
8904| OSVDB - http://www.osvdb.org:
8905| [92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass
8906| [90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation
8907| [90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS
8908| [81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS
8909| [78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure
8910| [75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure
8911| [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS
8912| [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS
8913| [72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure
8914| [70873] OpenSSH Legacy Certificates Stack Memory Disclosure
8915| [69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass
8916| [67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow
8917| [59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness
8918| [58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation
8919| [56921] OpenSSH Unspecified Remote Compromise
8920| [53021] OpenSSH on ftp.openbsd.org Trojaned Distribution
8921| [50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure
8922| [49386] OpenSSH sshd TCP Connection State Remote Account Enumeration
8923| [48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access
8924| [47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution
8925| [47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking
8926| [45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS
8927| [43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution
8928| [43745] OpenSSH X11 Forwarding Local Session Hijacking
8929| [43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass
8930| [39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection
8931| [37315] pam_usb OpenSSH Authentication Unspecified Issue
8932| [34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS
8933| [34601] OPIE w/ OpenSSH Account Enumeration
8934| [34600] OpenSSH S/KEY Authentication Account Enumeration
8935| [32721] OpenSSH Username Password Complexity Account Enumeration
8936| [30232] OpenSSH Privilege Separation Monitor Weakness
8937| [29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS
8938| [29266] OpenSSH GSSAPI Authentication Abort Username Enumeration
8939| [29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution
8940| [29152] OpenSSH Identical Block Packet DoS
8941| [27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS
8942| [23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS
8943| [22692] OpenSSH scp Command Line Filename Processing Command Injection
8944| [20216] OpenSSH with KerberosV Remote Authentication Bypass
8945| [19142] OpenSSH Multiple X11 Channel Forwarding Leaks
8946| [19141] OpenSSH GSSAPIAuthentication Credential Escalation
8947| [18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass
8948| [16567] OpenSSH Privilege Separation LoginGraceTime DoS
8949| [16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS
8950| [9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness
8951| [9550] OpenSSH scp Traversal Arbitrary File Overwrite
8952| [6601] OpenSSH *realloc() Unspecified Memory Errors
8953| [6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow
8954| [6073] OpenSSH on FreeBSD libutil Arbitrary File Read
8955| [6072] OpenSSH PAM Conversation Function Stack Modification
8956| [6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation
8957| [5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass
8958| [5408] OpenSSH echo simulation Information Disclosure
8959| [5113] OpenSSH NIS YP Netgroups Authentication Bypass
8960| [4536] OpenSSH Portable AIX linker Privilege Escalation
8961| [3938] OpenSSL and OpenSSH /dev/random Check Failure
8962| [3456] OpenSSH buffer_append_space() Heap Corruption
8963| [2557] OpenSSH Multiple Buffer Management Multiple Overflows
8964| [2140] OpenSSH w/ PAM Username Validity Timing Attack
8965| [2112] OpenSSH Reverse DNS Lookup Bypass
8966| [2109] OpenSSH sshd Root Login Timing Side-Channel Weakness
8967| [1853] OpenSSH Symbolic Link 'cookies' File Removal
8968| [839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow
8969| [781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow
8970| [730] OpenSSH Channel Code Off by One Remote Privilege Escalation
8971| [688] OpenSSH UseLogin Environment Variable Local Command Execution
8972| [642] OpenSSH Multiple Key Type ACL Bypass
8973| [504] OpenSSH SSHv2 Public Key Authentication Bypass
8974| [341] OpenSSH UseLogin Local Privilege Escalation
8975|_
897625/tcp closed smtp conn-refused
897780/tcp open http syn-ack nginx
8978|_http-server-header: nginx
8979| vulscan: VulDB - https://vuldb.com:
8980| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
8981| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
8982| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
8983| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
8984| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
8985| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
8986| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
8987| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
8988| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
8989| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
8990| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
8991| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
8992| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
8993| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
8994| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
8995| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
8996| [67677] nginx up to 1.7.3 SSL weak authentication
8997| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls() privilege escalation
8998| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
8999| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
9000| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
9001| [65364] nginx up to 1.1.13 Default Configuration information disclosure
9002| [8671] nginx up to 1.4 proxy_pass denial of service
9003| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
9004| [7247] nginx 1.2.6 Proxy Function spoofing
9005| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
9006| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
9007| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
9008| [59645] nginx up to 0.8.9 Heap-based memory corruption
9009| [87037] nginx on Windows :$DATA privilege escalation
9010| [53592] nginx 0.8.36 memory corruption
9011| [53590] nginx up to 0.8.9 unknown vulnerability
9012| [51533] nginx 0.7.64 Terminal privilege escalation
9013| [50905] nginx up to 0.8.9 directory traversal
9014| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
9015| [50043] nginx up to 0.8.10 memory corruption
9016|
9017| MITRE CVE - https://cve.mitre.org:
9018| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
9019| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
9020| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
9021| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
9022| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
9023| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
9024| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
9025| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
9026| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
9027| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
9028| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
9029| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
9030| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
9031|
9032| SecurityFocus - https://www.securityfocus.com/bid/:
9033| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
9034| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
9035| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
9036| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
9037| [82230] nginx Multiple Denial of Service Vulnerabilities
9038| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
9039| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
9040| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
9041| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
9042| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
9043| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
9044| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
9045| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
9046| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
9047| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
9048| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
9049| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
9050| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
9051| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
9052| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
9053| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
9054| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
9055| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
9056| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
9057| [40420] nginx Directory Traversal Vulnerability
9058| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
9059| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
9060| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
9061| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
9062| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
9063|
9064| IBM X-Force - https://exchange.xforce.ibmcloud.com:
9065| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
9066| [84172] nginx denial of service
9067| [84048] nginx buffer overflow
9068| [83923] nginx ngx_http_close_connection() integer overflow
9069| [83688] nginx null byte code execution
9070| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
9071| [82319] nginx access.log information disclosure
9072| [80952] nginx SSL spoofing
9073| [77244] nginx and Microsoft Windows request security bypass
9074| [76778] Naxsi module for Nginx nx_extract.py directory traversal
9075| [74831] nginx ngx_http_mp4_module.c buffer overflow
9076| [74191] nginx ngx_cpystrn() information disclosure
9077| [74045] nginx header response information disclosure
9078| [71355] nginx ngx_resolver_copy() buffer overflow
9079| [59370] nginx characters denial of service
9080| [59369] nginx DATA source code disclosure
9081| [59047] nginx space source code disclosure
9082| [58966] nginx unspecified directory traversal
9083| [54025] nginx ngx_http_parse.c denial of service
9084| [53431] nginx WebDAV component directory traversal
9085| [53328] Nginx CRC-32 cached domain name spoofing
9086| [53250] Nginx ngx_http_parse_complex_uri() function code execution
9087|
9088| Exploit-DB - https://www.exploit-db.com:
9089| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
9090| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
9091| [25499] nginx 1.3.9-1.4.0 DoS PoC
9092| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
9093| [14830] nginx 0.6.38 - Heap Corruption Exploit
9094| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
9095| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
9096| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
9097| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
9098| [9829] nginx 0.7.61 WebDAV directory traversal
9099|
9100| OpenVAS (Nessus) - http://www.openvas.org:
9101| [864418] Fedora Update for nginx FEDORA-2012-3846
9102| [864310] Fedora Update for nginx FEDORA-2012-6238
9103| [864209] Fedora Update for nginx FEDORA-2012-6411
9104| [864204] Fedora Update for nginx FEDORA-2012-6371
9105| [864121] Fedora Update for nginx FEDORA-2012-4006
9106| [864115] Fedora Update for nginx FEDORA-2012-3991
9107| [864065] Fedora Update for nginx FEDORA-2011-16075
9108| [863654] Fedora Update for nginx FEDORA-2011-16110
9109| [861232] Fedora Update for nginx FEDORA-2007-1158
9110| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
9111| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
9112| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
9113| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
9114| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
9115| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
9116| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
9117| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
9118| [100659] nginx Directory Traversal Vulnerability
9119| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
9120| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
9121| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
9122| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
9123| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
9124| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
9125| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
9126| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
9127| [71297] FreeBSD Ports: nginx
9128| [71276] FreeBSD Ports: nginx
9129| [71239] Debian Security Advisory DSA 2434-1 (nginx)
9130| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
9131| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
9132| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
9133| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
9134| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
9135| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
9136| [64894] FreeBSD Ports: nginx
9137| [64869] Debian Security Advisory DSA 1884-1 (nginx)
9138|
9139| SecurityTracker - https://www.securitytracker.com:
9140| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
9141| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
9142| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
9143| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
9144|
9145| OSVDB - http://www.osvdb.org:
9146| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
9147| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
9148| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
9149| [92796] nginx ngx_http_close_connection Function Crafted r->
9150| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
9151| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
9152| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
9153| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
9154| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
9155| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
9156| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
9157| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
9158| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
9159| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
9160| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
9161| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
9162| [62617] nginx Internal DNS Cache Poisoning Weakness
9163| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
9164| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
9165| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
9166| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
9167| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
9168| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
9169| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
9170| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
9171| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
9172| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
9173|_
9174110/tcp open pop3 syn-ack Dovecot pop3d
9175| vulscan: VulDB - https://vuldb.com:
9176| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
9177| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
9178| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
9179| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
9180| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
9181| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
9182| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
9183| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
9184| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
9185| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
9186| [69835] Dovecot 2.2.0/2.2.1 denial of service
9187| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
9188| [65684] Dovecot up to 2.2.6 unknown vulnerability
9189| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
9190| [63692] Dovecot up to 2.0.15 spoofing
9191| [7062] Dovecot 2.1.10 mail-search.c denial of service
9192| [57517] Dovecot up to 2.0.12 Login directory traversal
9193| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
9194| [57515] Dovecot up to 2.0.12 Crash denial of service
9195| [54944] Dovecot up to 1.2.14 denial of service
9196| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
9197| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
9198| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
9199| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
9200| [53277] Dovecot up to 1.2.10 denial of service
9201| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
9202| [45256] Dovecot up to 1.1.5 directory traversal
9203| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
9204| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
9205| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
9206| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
9207| [40356] Dovecot 1.0.9 Cache unknown vulnerability
9208| [38222] Dovecot 1.0.2 directory traversal
9209| [36376] Dovecot up to 1.0.x directory traversal
9210| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
9211| [30268] Timo Sirainen Dovecot 1.0/1.0 Beta2/1.0 Beta3/1.0 Beta7 directory traversal
9212|
9213| MITRE CVE - https://cve.mitre.org:
9214| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
9215| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
9216| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
9217| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
9218| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
9219| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
9220| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
9221| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
9222| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
9223| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
9224| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
9225| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
9226| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
9227| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
9228| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
9229| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
9230| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
9231| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
9232| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
9233| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
9234| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
9235| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
9236| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
9237| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
9238| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
9239| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
9240| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
9241| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
9242| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
9243| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
9244| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
9245| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
9246| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
9247| [CVE-2002-0925] Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
9248| [CVE-2001-0143] vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
9249| [CVE-2000-1197] POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
9250| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
9251|
9252| SecurityFocus - https://www.securityfocus.com/bid/:
9253| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
9254| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
9255| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
9256| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
9257| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
9258| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
9259| [67306] Dovecot Denial of Service Vulnerability
9260| [67219] akpop3d 'pszQuery' Remote Memory Corruption Vulnerability
9261| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
9262| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
9263| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
9264| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
9265| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
9266| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
9267| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
9268| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
9269| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
9270| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
9271| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
9272| [39838] tpop3d Remote Denial of Service Vulnerability
9273| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
9274| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
9275| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
9276| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
9277| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
9278| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
9279| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
9280| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
9281| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
9282| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
9283| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
9284| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
9285| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
9286| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
9287| [17961] Dovecot Remote Information Disclosure Vulnerability
9288| [16672] Dovecot Double Free Denial of Service Vulnerability
9289| [8495] akpop3d User Name SQL Injection Vulnerability
9290| [8473] Vpop3d Remote Denial Of Service Vulnerability
9291| [3990] ZPop3D Bad Login Logging Failure Vulnerability
9292| [2781] DynFX MailServer POP3d Denial of Service Vulnerability
9293|
9294| IBM X-Force - https://exchange.xforce.ibmcloud.com:
9295| [86382] Dovecot POP3 Service denial of service
9296| [84396] Dovecot IMAP APPEND denial of service
9297| [80453] Dovecot mail-search.c denial of service
9298| [71354] Dovecot SSL Common Name (CN) weak security
9299| [67675] Dovecot script-login security bypass
9300| [67674] Dovecot script-login directory traversal
9301| [67589] Dovecot header name denial of service
9302| [63267] Apple Mac OS X Dovecot information disclosure
9303| [62340] Dovecot mailbox security bypass
9304| [62339] Dovecot IMAP or POP3 denial of service
9305| [62256] Dovecot mailbox security bypass
9306| [62255] Dovecot ACL entry security bypass
9307| [60639] Dovecot ACL plugin weak security
9308| [57267] Apple Mac OS X Dovecot Kerberos security bypass
9309| [56763] Dovecot header denial of service
9310| [54363] Dovecot base_dir privilege escalation
9311| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
9312| [46323] Dovecot dovecot.conf information disclosure
9313| [46227] Dovecot message parsing denial of service
9314| [45669] Dovecot ACL mailbox security bypass
9315| [45667] Dovecot ACL plugin rights security bypass
9316| [41085] Dovecot TAB characters authentication bypass
9317| [41009] Dovecot mail_extra_groups option unauthorized access
9318| [39342] Dovecot LDAP auth cache configuration security bypass
9319| [35767] Dovecot ACL plugin security bypass
9320| [34082] Dovecot mbox-storage.c directory traversal
9321| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
9322| [26578] Cyrus IMAP pop3d buffer overflow
9323| [26536] Dovecot IMAP LIST information disclosure
9324| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
9325| [24709] Dovecot APPEND command denial of service
9326| [13018] akpop3d authentication code SQL injection
9327| [7345] Slackware Linux imapd and ipop3d core dump
9328| [6269] imap, ipop2d and ipop3d buffer overflows
9329| [5923] Linuxconf vpop3d symbolic link
9330| [4918] IPOP3D, Buffer overflow attack
9331| [1560] IPOP3D, user login successful
9332| [1559] IPOP3D user login to remote host successful
9333| [1525] IPOP3D, user logout
9334| [1524] IPOP3D, user auto-logout
9335| [1523] IPOP3D, user login failure
9336| [1522] IPOP3D, brute force attack
9337| [1521] IPOP3D, user kiss of death logout
9338| [418] pop3d mktemp creates insecure temporary files
9339|
9340| Exploit-DB - https://www.exploit-db.com:
9341| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
9342| [23053] Vpop3d Remote Denial of Service Vulnerability
9343| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
9344| [11893] tPop3d 1.5.3 DoS
9345| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
9346| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
9347| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
9348| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
9349|
9350| OpenVAS (Nessus) - http://www.openvas.org:
9351| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
9352| [901025] Dovecot Version Detection
9353| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
9354| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
9355| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
9356| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
9357| [870607] RedHat Update for dovecot RHSA-2011:0600-01
9358| [870471] RedHat Update for dovecot RHSA-2011:1187-01
9359| [870153] RedHat Update for dovecot RHSA-2008:0297-02
9360| [863272] Fedora Update for dovecot FEDORA-2011-7612
9361| [863115] Fedora Update for dovecot FEDORA-2011-7258
9362| [861525] Fedora Update for dovecot FEDORA-2007-664
9363| [861394] Fedora Update for dovecot FEDORA-2007-493
9364| [861333] Fedora Update for dovecot FEDORA-2007-1485
9365| [860845] Fedora Update for dovecot FEDORA-2008-9202
9366| [860663] Fedora Update for dovecot FEDORA-2008-2475
9367| [860169] Fedora Update for dovecot FEDORA-2008-2464
9368| [860089] Fedora Update for dovecot FEDORA-2008-9232
9369| [840950] Ubuntu Update for dovecot USN-1295-1
9370| [840668] Ubuntu Update for dovecot USN-1143-1
9371| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
9372| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
9373| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
9374| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
9375| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
9376| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
9377| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
9378| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
9379| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
9380| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
9381| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
9382| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
9383| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
9384| [70259] FreeBSD Ports: dovecot
9385| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
9386| [66522] FreeBSD Ports: dovecot
9387| [65010] Ubuntu USN-838-1 (dovecot)
9388| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
9389| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
9390| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
9391| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
9392| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
9393| [62854] FreeBSD Ports: dovecot-managesieve
9394| [61916] FreeBSD Ports: dovecot
9395| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
9396| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
9397| [60528] FreeBSD Ports: dovecot
9398| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
9399| [60089] FreeBSD Ports: dovecot
9400| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
9401| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
9402|
9403| SecurityTracker - https://www.securitytracker.com:
9404| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
9405| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
9406| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
9407|
9408| OSVDB - http://www.osvdb.org:
9409| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
9410| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
9411| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
9412| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
9413| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
9414| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
9415| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
9416| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
9417| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
9418| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
9419| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
9420| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
9421| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
9422| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
9423| [66113] Dovecot Mail Root Directory Creation Permission Weakness
9424| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
9425| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
9426| [66110] Dovecot Multiple Unspecified Buffer Overflows
9427| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
9428| [64783] Dovecot E-mail Message Header Unspecified DoS
9429| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
9430| [62796] Dovecot mbox Format Email Header Handling DoS
9431| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
9432| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
9433| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
9434| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
9435| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
9436| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
9437| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
9438| [43137] Dovecot mail_extra_groups Symlink File Manipulation
9439| [42979] Dovecot passdbs Argument Injection Authentication Bypass
9440| [39876] Dovecot LDAP Auth Cache Security Bypass
9441| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
9442| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
9443| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
9444| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
9445| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
9446| [23281] Dovecot imap/pop3-login dovecot-auth DoS
9447| [23280] Dovecot Malformed APPEND Command DoS
9448| [14459] mmmail mmpop3d USER Command mmsyslog Function Format String
9449| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
9450| [5857] Linux pop3d Arbitrary Mail File Access
9451| [2471] akpop3d username SQL Injection
9452|_
9453139/tcp closed netbios-ssn conn-refused
9454143/tcp open imap syn-ack Dovecot imapd
9455| vulscan: VulDB - https://vuldb.com:
9456| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
9457| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
9458| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
9459| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
9460| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
9461| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
9462| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
9463| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
9464| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
9465| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
9466| [69835] Dovecot 2.2.0/2.2.1 denial of service
9467| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
9468| [65684] Dovecot up to 2.2.6 unknown vulnerability
9469| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
9470| [63692] Dovecot up to 2.0.15 spoofing
9471| [7062] Dovecot 2.1.10 mail-search.c denial of service
9472| [59792] Cyrus IMAPd 2.4.11 weak authentication
9473| [57517] Dovecot up to 2.0.12 Login directory traversal
9474| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
9475| [57515] Dovecot up to 2.0.12 Crash denial of service
9476| [54944] Dovecot up to 1.2.14 denial of service
9477| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
9478| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
9479| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
9480| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
9481| [53277] Dovecot up to 1.2.10 denial of service
9482| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
9483| [45256] Dovecot up to 1.1.5 directory traversal
9484| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
9485| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
9486| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
9487| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
9488| [40356] Dovecot 1.0.9 Cache unknown vulnerability
9489| [38222] Dovecot 1.0.2 directory traversal
9490| [37927] Ipswitch Ipswitch Collaboration Suite up to 2006.1 IMAP Service imapd32.exe memory corruption
9491| [36376] Dovecot up to 1.0.x directory traversal
9492| [35759] Atrium MERCUR IMAPD IMAP4 mcrimap4.exe memory corruption
9493| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
9494| [30337] Cyrus IMAPD 2.3.2 Stack-based memory corruption
9495| [30268] Timo Sirainen Dovecot 1.0/1.0 Beta2/1.0 Beta3/1.0 Beta7 directory traversal
9496|
9497| MITRE CVE - https://cve.mitre.org:
9498| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
9499| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
9500| [CVE-2011-3481] The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.
9501| [CVE-2011-3372] imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
9502| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
9503| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
9504| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
9505| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
9506| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
9507| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
9508| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
9509| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
9510| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
9511| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
9512| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
9513| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
9514| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
9515| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
9516| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
9517| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
9518| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
9519| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
9520| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
9521| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
9522| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
9523| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
9524| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
9525| [CVE-2007-5740] The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.
9526| [CVE-2007-5018] Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command. NOTE: this issue might overlap with CVE-2004-1211.
9527| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
9528| [CVE-2007-3925] Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.
9529| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
9530| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
9531| [CVE-2007-1579] Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command.
9532| [CVE-2007-1578] Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow.
9533| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
9534| [CVE-2006-6762] The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument.
9535| [CVE-2006-6761] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command.
9536| [CVE-2006-6425] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.
9537| [CVE-2006-6424] Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow
9538| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
9539| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
9540| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
9541| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
9542| [CVE-2005-2278] Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name.
9543| [CVE-2005-1256] Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.
9544| [CVE-2005-1249] The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop.
9545| [CVE-2005-1015] Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command.
9546| [CVE-2005-0546] Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd.
9547| [CVE-2003-1322] Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command.
9548| [CVE-2002-1782] The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user.
9549| [CVE-2002-1604] Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.
9550| [CVE-2002-0997] Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service.
9551| [CVE-2002-0379] Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.
9552| [CVE-2001-0691] Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations.
9553| [CVE-2000-0284] Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
9554| [CVE-1999-1557] Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password.
9555| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
9556| [CVE-1999-1224] IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information.
9557|
9558| SecurityFocus - https://www.securityfocus.com/bid/:
9559| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
9560| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
9561| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
9562| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
9563| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
9564| [84478] imapd CVE-1999-1224 Denial-Of-Service Vulnerability
9565| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
9566| [67306] Dovecot Denial of Service Vulnerability
9567| [65650] Eudora WorldMail imapd 'UID' Command Buffer Overflow Vulnerability
9568| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
9569| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
9570| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
9571| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
9572| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
9573| [51403] Eudora WorldMail imapd 'LIST' Command Buffer Overflow Vulnerability
9574| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
9575| [49949] Cyrus IMAPd NTTP Logic Error Authentication Bypass Vulnerability
9576| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
9577| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
9578| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
9579| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
9580| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
9581| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
9582| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
9583| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
9584| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
9585| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
9586| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
9587| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
9588| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
9589| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
9590| [26270] Perdition IMAPD __STR_VWRITE Remote Format String Vulnerability
9591| [25733] Mercury/32 IMAPD SEARCH Command Remote Stack Buffer Overflow Vulnerability
9592| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
9593| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
9594| [23058] Atrium Mercur IMapD NTLM Buffer Overflow Vulnerability
9595| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
9596| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
9597| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
9598| [17961] Dovecot Remote Information Disclosure Vulnerability
9599| [16672] Dovecot Double Free Denial of Service Vulnerability
9600| [15980] Qualcomm WorldMail IMAPD Buffer Overflow Vulnerability
9601| [15753] Ipswitch Collaboration Suite and IMail Server IMAPD LIST Command Denial Of Service Vulnerability
9602| [12636] Cyrus IMAPD Multiple Remote Buffer Overflow Vulnerabilities
9603| [11738] Cyrus IMAPD Multiple Remote Unspecified Vulnerabilities
9604| [11729] Cyrus IMAPD Multiple Remote Vulnerabilities
9605| [6298] Cyrus IMAPD Pre-Login Heap Corruption Vulnerability
9606| [4713] Wu-imapd Partial Mailbox Attribute Remote Buffer Overflow Vulnerability
9607| [2856] Imapd 'Local' Buffer Overflow Vulnerabilities
9608| [1110] Univ. Of Washington imapd Buffer Overflow Vulnerabilities
9609| [502] NT IMail Imapd Buffer Overflow DoS Vulnerability
9610| [130] imapd Buffer Overflow Vulnerability
9611|
9612| IBM X-Force - https://exchange.xforce.ibmcloud.com:
9613| [86382] Dovecot POP3 Service denial of service
9614| [84396] Dovecot IMAP APPEND denial of service
9615| [80453] Dovecot mail-search.c denial of service
9616| [71354] Dovecot SSL Common Name (CN) weak security
9617| [70325] Cyrus IMAPd NNTP security bypass
9618| [67675] Dovecot script-login security bypass
9619| [67674] Dovecot script-login directory traversal
9620| [67589] Dovecot header name denial of service
9621| [63267] Apple Mac OS X Dovecot information disclosure
9622| [62340] Dovecot mailbox security bypass
9623| [62339] Dovecot IMAP or POP3 denial of service
9624| [62256] Dovecot mailbox security bypass
9625| [62255] Dovecot ACL entry security bypass
9626| [60639] Dovecot ACL plugin weak security
9627| [57267] Apple Mac OS X Dovecot Kerberos security bypass
9628| [56763] Dovecot header denial of service
9629| [54363] Dovecot base_dir privilege escalation
9630| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
9631| [47526] UW-imapd rfc822_output_char() denial of service
9632| [46323] Dovecot dovecot.conf information disclosure
9633| [46227] Dovecot message parsing denial of service
9634| [45669] Dovecot ACL mailbox security bypass
9635| [45667] Dovecot ACL plugin rights security bypass
9636| [41085] Dovecot TAB characters authentication bypass
9637| [41009] Dovecot mail_extra_groups option unauthorized access
9638| [39342] Dovecot LDAP auth cache configuration security bypass
9639| [35767] Dovecot ACL plugin security bypass
9640| [34082] Dovecot mbox-storage.c directory traversal
9641| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
9642| [26536] Dovecot IMAP LIST information disclosure
9643| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
9644| [24709] Dovecot APPEND command denial of service
9645| [22629] RHSA-2005:408 updates for cyrus-imapd not installed
9646| [19460] Cyrus IMAP imapd buffer overflow
9647| [19455] Cyrus IMAP imapd extension off-by-one buffer overflow
9648| [18492] Novell NetMail IMAPD 101_mEna buffer overflow
9649| [10803] UW IMAP (wu-imapd) authenticated user buffer overflow
9650| [9238] UW IMAP (wu-imapd) could allow a remote attacker to access arbitrary files
9651| [9055] UW IMAP (wu-imapd) partial mailbox attributes to request buffer overflow
9652| [7345] Slackware Linux imapd and ipop3d core dump
9653| [573] Imapd denial of service
9654|
9655| Exploit-DB - https://www.exploit-db.com:
9656| [30724] Perdition 1.17 IMAPD __STR_VWRITE Remote Format String Vulnerability
9657| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
9658| [22061] Cyrus IMAPD 1.4/1.5.19/2.0.12/2.0.16/2.1.9/2.1.10 Pre-Login Heap Corruption Vulnerability
9659| [21443] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (2)
9660| [21442] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (1)
9661| [19849] UoW imapd 10.234/12.264 COPY Buffer Overflow (meta)
9662| [19848] UoW imapd 10.234/12.264 LSUB Buffer Overflow (meta)
9663| [19847] UoW imapd 10.234/12.264 Buffer Overflow Vulnerabilities
9664| [19377] Ipswitch IMail 5.0 Imapd Buffer Overflow DoS Vulnerability
9665| [19107] Netscape Messaging Server 3.55,University of Washington imapd 10.234 Buffer Overflow Vulnerability
9666| [18354] WorldMail imapd 3.0 SEH overflow (egg hunter)
9667| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
9668| [16485] MailEnable IMAPD 1.54 - STATUS Request Buffer Overflow
9669| [16482] MDaemon 9.6.4 IMAPD FETCH Buffer Overflow
9670| [16480] MailEnable IMAPD W3C Logging Buffer Overflow
9671| [16477] Mdaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow
9672| [16475] MailEnable IMAPD (2.35) Login Request Buffer Overflow
9673| [16474] Qualcomm WorldMail 3.0 IMAPD LIST Buffer Overflow
9674| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
9675| [4429] Mercury/32 4.52 IMAPD SEARCH command Post-Auth Overflow Exploit
9676| [3627] IPSwitch IMail Server <= 8.20 IMAPD Remote Buffer Overflow Exploit
9677| [3527] Mercur IMAPD 5.00.14 Remote Denial of Service Exploit (win32)
9678| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
9679| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
9680| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
9681| [1380] Eudora Qualcomm WorldMail 3.0 (IMAPd) Remote Overflow Exploit
9682| [1332] MailEnable 1.54 Pro Universal IMAPD W3C Logging BoF Exploit
9683| [1327] FTGate4 Groupware Mail Server 4.1 (imapd) Remote Buffer Overflow PoC
9684| [1151] MDaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow Exploit
9685| [1124] IPSwitch IMail Server <= 8.15 IMAPD Remote Root Exploit
9686| [915] MailEnable Enterprise 1.x Imapd Remote Exploit
9687| [903] Cyrus imapd 2.2.4 - 2.2.8 (imapmagicplus) Remote Exploit
9688| [340] Linux imapd Remote Overflow File Retrieve Exploit
9689|
9690| OpenVAS (Nessus) - http://www.openvas.org:
9691| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
9692| [901025] Dovecot Version Detection
9693| [881425] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 x86_64
9694| [881403] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 x86_64
9695| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
9696| [881397] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 x86_64
9697| [881370] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 x86_64
9698| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
9699| [881318] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 x86_64
9700| [881255] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 x86_64
9701| [881050] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 i386
9702| [881049] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 i386
9703| [881007] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 i386
9704| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
9705| [880978] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 i386
9706| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
9707| [880958] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 i386
9708| [880905] CentOS Update for cyrus-imapd CESA-2009:1459 centos4 i386
9709| [880864] CentOS Update for cyrus-imapd CESA-2009:1459 centos5 i386
9710| [880826] CentOS Update for cyrus-imapd CESA-2009:1116 centos5 i386
9711| [880536] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 i386
9712| [870607] RedHat Update for dovecot RHSA-2011:0600-01
9713| [870520] RedHat Update for cyrus-imapd RHSA-2011:1508-01
9714| [870489] RedHat Update for cyrus-imapd RHSA-2011:1317-01
9715| [870471] RedHat Update for dovecot RHSA-2011:1187-01
9716| [870443] RedHat Update for cyrus-imapd RHSA-2011:0859-01
9717| [870153] RedHat Update for dovecot RHSA-2008:0297-02
9718| [864075] Fedora Update for cyrus-imapd FEDORA-2011-13832
9719| [863585] Fedora Update for cyrus-imapd FEDORA-2011-13869
9720| [863579] Fedora Update for cyrus-imapd FEDORA-2011-13860
9721| [863281] Fedora Update for cyrus-imapd FEDORA-2011-7193
9722| [863273] Fedora Update for cyrus-imapd FEDORA-2011-7217
9723| [863272] Fedora Update for dovecot FEDORA-2011-7612
9724| [863115] Fedora Update for dovecot FEDORA-2011-7258
9725| [861525] Fedora Update for dovecot FEDORA-2007-664
9726| [861394] Fedora Update for dovecot FEDORA-2007-493
9727| [861333] Fedora Update for dovecot FEDORA-2007-1485
9728| [860845] Fedora Update for dovecot FEDORA-2008-9202
9729| [860663] Fedora Update for dovecot FEDORA-2008-2475
9730| [860169] Fedora Update for dovecot FEDORA-2008-2464
9731| [860089] Fedora Update for dovecot FEDORA-2008-9232
9732| [840950] Ubuntu Update for dovecot USN-1295-1
9733| [840668] Ubuntu Update for dovecot USN-1143-1
9734| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
9735| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
9736| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
9737| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
9738| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
9739| [831590] Mandriva Update for cyrus-imapd MDVSA-2012:037 (cyrus-imapd)
9740| [831468] Mandriva Update for cyrus-imapd MDVSA-2011:149 (cyrus-imapd)
9741| [831410] Mandriva Update for cyrus-imapd MDVSA-2011:100 (cyrus-imapd)
9742| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
9743| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
9744| [831207] Mandriva Update for cyrus-imapd MDVA-2010:208 (cyrus-imapd)
9745| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
9746| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
9747| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
9748| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
9749| [800149] UW-imapd tmail and dmail BOF Vulnerabilities (Linux)
9750| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
9751| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
9752| [70696] Debian Security Advisory DSA 2377-1 (cyrus-imapd-2.2)
9753| [70407] Debian Security Advisory DSA 2318-1 (cyrus-imapd-2.2)
9754| [70259] FreeBSD Ports: dovecot
9755| [69965] Debian Security Advisory DSA 2258-1 (kolab-cyrus-imapd)
9756| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
9757| [69740] Debian Security Advisory DSA 2242-1 (cyrus-imapd-2.2)
9758| [66522] FreeBSD Ports: dovecot
9759| [66416] Mandriva Security Advisory MDVSA-2009:229-1 (cyrus-imapd)
9760| [66233] SLES10: Security update for Cyrus IMAPD
9761| [66226] SLES11: Security update for Cyrus IMAPD
9762| [66222] SLES9: Security update for Cyrus IMAPD
9763| [65938] SLES10: Security update for Cyrus IMAPD
9764| [65723] SLES11: Security update for Cyrus IMAPD
9765| [65523] SLES9: Security update for Cyrus IMAPD
9766| [65479] SLES9: Security update for cyrus-imapd
9767| [65094] SLES9: Security update for cyrus-imapd
9768| [65010] Ubuntu USN-838-1 (dovecot)
9769| [64989] CentOS Security Advisory CESA-2009:1459 (cyrus-imapd)
9770| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
9771| [64977] Debian Security Advisory DSA 1893-1 (cyrus-imapd-2.2 kolab-cyrus-imapd)
9772| [64965] Fedora Core 11 FEDORA-2009-9901 (cyrus-imapd)
9773| [64963] Fedora Core 10 FEDORA-2009-9869 (cyrus-imapd)
9774| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
9775| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
9776| [64898] FreeBSD Ports: cyrus-imapd
9777| [64864] Debian Security Advisory DSA 1881-1 (cyrus-imapd-2.2)
9778| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
9779| [64847] Fedora Core 10 FEDORA-2009-9428 (cyrus-imapd)
9780| [64846] Fedora Core 11 FEDORA-2009-9417 (cyrus-imapd)
9781| [64838] Mandrake Security Advisory MDVSA-2009:229 (cyrus-imapd)
9782| [64271] CentOS Security Advisory CESA-2009:1116 (cyrus-imapd)
9783| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
9784| [62854] FreeBSD Ports: dovecot-managesieve
9785| [61916] FreeBSD Ports: dovecot
9786| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
9787| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
9788| [60528] FreeBSD Ports: dovecot
9789| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
9790| [60089] FreeBSD Ports: dovecot
9791| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
9792| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
9793| [55807] Slackware Advisory SSA:2005-310-06 imapd
9794| [54861] Gentoo Security Advisory GLSA 200502-29 (cyrus-imapd)
9795| [54755] Gentoo Security Advisory GLSA 200411-34 (cyrus-imapd)
9796| [53739] Debian Security Advisory DSA 215-1 (cyrus-imapd)
9797| [53288] Debian Security Advisory DSA 597-1 (cyrus-imapd)
9798| [52297] FreeBSD Ports: cyrus-imapd
9799| [52296] FreeBSD Ports: cyrus-imapd
9800| [52295] FreeBSD Ports: cyrus-imapd
9801| [52294] FreeBSD Ports: cyrus-imapd
9802| [52172] FreeBSD Ports: cyrus-imapd
9803|
9804| SecurityTracker - https://www.securitytracker.com:
9805| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
9806| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
9807| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
9808| [1013278] Cyrus IMAPd Buffer Overflows in Annotate Extension, Cached Header, and Fetchnews May Let Remote Users Execute Arbitrary Code
9809|
9810| OSVDB - http://www.osvdb.org:
9811| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
9812| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
9813| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
9814| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
9815| [78304] Eudora WorldMail imapd SEH LIST Command Parsing Remote Overflow
9816| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
9817| [75445] Cyrus IMAP Server imapd index.c index_get_ids Function References Header NULL Dereference Remote DoS
9818| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
9819| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
9820| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
9821| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
9822| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
9823| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
9824| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
9825| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
9826| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
9827| [66113] Dovecot Mail Root Directory Creation Permission Weakness
9828| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
9829| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
9830| [66110] Dovecot Multiple Unspecified Buffer Overflows
9831| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
9832| [64783] Dovecot E-mail Message Header Unspecified DoS
9833| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
9834| [62796] Dovecot mbox Format Email Header Handling DoS
9835| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
9836| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
9837| [57843] Cyrus IMAP Server (cyrus-imapd) SIEVE Script Component (sieve/script.c) Crafted Script Handling Overflow
9838| [57681] UoW imap Server (uw-imapd) Arbitrary Remote File Access
9839| [52906] UW-imapd c-client Initial Request Remote Format String
9840| [52905] UW-imapd c-client Library RFC822BUFFER Routines rfc822_output_char Function Off-by-one
9841| [52456] UW-imapd on Debian Linux LOGIN Command Remote DoS
9842| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
9843| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
9844| [49485] UW-imapd dmail Utility Mailbox Name Handling Overflow
9845| [49484] UW-imapd tmail Utility Mailbox Name Handling Overflow
9846| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
9847| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
9848| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
9849| [43137] Dovecot mail_extra_groups Symlink File Manipulation
9850| [42979] Dovecot passdbs Argument Injection Authentication Bypass
9851| [42004] Perdition Mail Retrieval Proxy IMAPD IMAP Tag Remote Format String Arbitrary Code Execution
9852| [39876] Dovecot LDAP Auth Cache Security Bypass
9853| [39670] Mercury Mail Transport System IMAPD SEARCH Command Remote Overflow
9854| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
9855| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
9856| [31362] Novell NetMail IMAP Daemon (IMAPD) APPEND Command Remote Overflow
9857| [31361] Novell NetMail IMAP Daemon (IMAPD) APPEND Command DoS
9858| [31360] Novell NetMail IMAP Daemon (IMAPD) SUBSCRIBE Command Remote Overflow
9859| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
9860| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
9861| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
9862| [23281] Dovecot imap/pop3-login dovecot-auth DoS
9863| [23280] Dovecot Malformed APPEND Command DoS
9864| [18179] HP Tru64 UNIX imapd NLSPATH Environment Variable Local Overflow
9865| [13242] UW-imapd CRAM-MD5 Authentication Bypass
9866| [12385] Novell NetMail IMAPD 101_mEna Script Remote Overflow
9867| [12042] UoW imapd Multiple Unspecified Overflows
9868| [12037] UoW imapd (UW-IMAP) Multiple Command Remote Overflows
9869| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
9870| [911] UoW imapd AUTHENTICATE Command Remote Overflow
9871| [790] UoW imap Server (uw-imapd) BODY Request Remote Overflow
9872| [519] UoW imapd SIGABRT Signal Forced Crash Information Disclosure
9873|_
9874443/tcp closed https conn-refused
9875445/tcp closed microsoft-ds conn-refused
9876465/tcp open ssl/smtp syn-ack Exim smtpd 4.92
9877| vulscan: VulDB - https://vuldb.com:
9878| [113048] Exim up to 4.90 SMTP Listener Message memory corruption
9879| [109969] Exim 4.88/4.89 SMTP Daemon receive.c bdat_getc denial of service
9880| [109968] Exim 4.88/4.89 SMTP Daemon receive.c receive_msg memory corruption
9881| [94599] Exim up to 4.87 information disclosure
9882| [13422] Exim 4.82 Mail Header dmarc.c expand_string() memory corruption
9883| [6817] Exim up to 4.80 src/dkim.c dkim_exim_query_dns_txt() memory corruption
9884| [58841] exim up to 4.69 dkim_exim_verify_finish memory corruption
9885| [57462] Exim up to 4.75 Filesystem memory corruption
9886| [4280] Exim Server 4.x open_log() race condition
9887|
9888| MITRE CVE - https://cve.mitre.org:
9889| [CVE-2012-5671] Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
9890| [CVE-2012-0478] The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.
9891| [CVE-2011-1764] Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
9892| [CVE-2011-1407] The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
9893| [CVE-2011-0017] The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
9894| [CVE-2010-4345] Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
9895| [CVE-2010-4344] Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
9896| [CVE-2010-2024] transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
9897| [CVE-2010-2023] transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
9898| [CVE-2006-1251] Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
9899| [CVE-2005-0022] Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
9900| [CVE-2005-0021] Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
9901| [CVE-2004-0400] Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
9902| [CVE-2004-0399] Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
9903| [CVE-2003-0743] Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
9904| [CVE-2002-1381] Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
9905|
9906| SecurityFocus - https://www.securityfocus.com/bid/:
9907| [103049] Exim 'base64d()' Function Buffer Overflow Vulnerability
9908| [99252] Exim CVE-2017-1000369 Local Privilege Escalation Vulnerability
9909| [94947] Exim CVE-2016-9963 Unspecified Information Disclosure Vulnerability
9910| [84132] Exim CVE-2016-1531 Local Privilege Escalation Vulnerability
9911| [68857] Exim CVE-2014-2972 Local Privilege Escalation Vulnerability
9912| [67695] Exim 'dmarc.c' Remote Code Execution Vulnerability
9913| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
9914| [56285] Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
9915| [47836] Exim DKIM CVE-2011-1407 Remote Code Execution Vulnerability
9916| [47736] Exim 'dkim_exim_verify_finish()' Remote Format String Vulnerability
9917| [46065] Exim 'log.c' Local Privilege Escalation Vulnerability
9918| [45341] Exim ALT_CONFIG_ROOT_ONLY 'exim' User Local Privilege Escalation Vulnerability
9919| [45308] Exim Crafted Header Remote Code Execution Vulnerability
9920| [40454] Exim MBX Locking Insecure Temporary File Creation Vulnerability
9921| [40451] Exim Sticky Mail Directory Local Privilege Escalation Vulnerability
9922| [36181] ikiwiki 'teximg' Plugin Insecure TeX Commands Information Disclosure Vulnerability
9923| [23977] Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
9924| [17110] sa-exim Unauthorized File Access Vulnerability
9925| [12268] Exim IP Address Command Line Argument Local Buffer Overflow Vulnerability
9926| [12188] Exim SPA Authentication Remote Buffer Overflow Vulnerability
9927| [12185] Exim Illegal IPv6 Address Buffer Overflow Vulnerability
9928| [10291] Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability
9929| [10290] Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
9930| [8518] Exim EHLO/HELO Remote Heap Corruption Vulnerability
9931| [6314] Exim Internet Mailer Format String Vulnerability
9932| [4096] Exim Configuration File Argument Command Line Buffer Overflow Vulnerability
9933| [3728] Exim Pipe Hostname Arbitrary Command Execution Vulnerability
9934| [2828] Exim Format String Vulnerability
9935| [1859] Exim Buffer Overflow Vulnerability
9936|
9937| IBM X-Force - https://exchange.xforce.ibmcloud.com:
9938| [84758] Exim sender_address parameter command execution
9939| [84015] Exim command execution
9940| [80186] Mozilla Firefox, Thunderbird, and SeaMonkey copyTexImage2D code execution
9941| [80184] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D calls code execution
9942| [79615] Exim dkim_exim_query_dns_txt() buffer overflow
9943| [75155] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D denial of service
9944| [67455] Exim DKIM processing code execution
9945| [67299] Exim dkim_exim_verify_finish() format string
9946| [65028] Exim open_log privilege escalation
9947| [63967] Exim config file privilege escalation
9948| [63960] Exim header buffer overflow
9949| [59043] Exim mail directory privilege escalation
9950| [59042] Exim MBX symlink
9951| [52922] ikiwiki teximg plugin information disclosure
9952| [34265] Exim spamd buffer overflow
9953| [25286] Sa-exim greylistclean.cron file deletion
9954| [22687] RHSA-2005:025 updates for exim not installed
9955| [18901] Exim dns_build_reverse buffer overflow
9956| [18764] Exim spa_base64_to_bits function buffer overflow
9957| [18763] Exim host_aton buffer overflow
9958| [16079] Exim require_verify buffer overflow
9959| [16077] Exim header_check_syntax buffer overflow
9960| [16075] Exim sender_verify buffer overflow
9961| [13067] Exim HELO or EHLO command heap overflow
9962| [10761] Exim daemon.c format string
9963| [8194] Exim configuration file -c command-line argument buffer overflow
9964| [7738] Exim allows attacker to hide commands in localhost names using pipes
9965| [6671] Exim "
9966| [1893] Exim MTA allows local users to gain root privileges
9967|
9968| Exploit-DB - https://www.exploit-db.com:
9969| [16925] Exim4 <= 4.69 - string_format Function Heap Buffer Overflow
9970| [15725] Exim 4.63 Remote Root Exploit
9971| [1009] Exim <= 4.41 dns_build_reverse Local Exploit
9972| [812] Exim <= 4.43 auth_spa_server() Remote PoC Exploit
9973| [796] Exim <= 4.42 Local Root Exploit
9974| [756] Exim <= 4.41 dns_build_reverse Local Exploit PoC
9975|
9976| OpenVAS (Nessus) - http://www.openvas.org:
9977| [100663] Exim < 4.72 RC2 Multiple Vulnerabilities
9978|
9979| SecurityTracker - https://www.securitytracker.com:
9980| [1025539] Exim DKIM Processing Flaw Lets Remote Users Execute Arbitrary Code
9981| [1025504] Exim DKIM Signature Format String Flaw Lets Remote Users Execute Arbitrary Code
9982| [1024859] Exim Configuration File Capability Lets Local Users Gain Elevated Privileges
9983| [1024858] Exim Buffer Overfow in string_format() Lets Remote Users Execute Arbitrary Code
9984| [1012904] Exim Buffer Overflow in dns_build_reverse() Lets Local Users Obtain Elevated Privileges
9985| [1012771] Exim Buffer Overflows in host_aton() and spa_base64_to_bits() May Let Local Users Gain Elevated Privileges
9986| [1010081] Exim Buffer Overflows in 'accept.c' and 'verify.c' Let Remote Users Execute Arbitrary Code
9987| [1007609] Exim Heap Overflow in 'smtp_in.c' May Allow Remote Arbitrary Code Execution
9988| [1005756] Exim Mail Server Format String Bug Lets Local Exim Administrators Execute Arbitrary Code With Root Privileges
9989| [1003547] Potential Bug in Exim Mail Server May Let Local Users Execute Code With Root Privileges
9990| [1003014] Exim Mail Server Pipe Address Validation Error May Let Remote Users Execute Arbitrary Code With Root Privileges in a Certain Configuration
9991| [1001694] Exim Mail Server May Allow Remote Users to Execute Arbitrary Code with Root-Level Privileges on the Server
9992|
9993| OSVDB - http://www.osvdb.org:
9994| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
9995| [87599] Mozilla Multiple Product copyTexImage2D Call Image Dimension Handling Memory Corruption
9996| [87581] Mozilla Multiple Product texImage2D Call Handling Memory Corruption
9997| [86616] Exim src/dkim.c dkim_exim_query_dns_txt() Function DNS Record Parsing Remote Overflow
9998| [81523] Mozilla Multiple Product WebGL texImage2D() Function JSVAL_TO_OBJECT Remote Code Execution
9999| [72642] Exim DKIM Identity Lookup Item Remote Code Execution
10000| [72156] Exim src/dkim.c dkim_exim_verify_finish() Function DKIM-Signature Header Format String
10001| [70696] Exim log.c open_log() Function Local Privilege Escalation
10002| [69860] Exim exim User Account Configuration File Directive Local Privilege Escalation
10003| [69685] Exim string_format Function Remote Overflow
10004| [65159] Exim transports/appendfile.c MBX Locking Race Condition Permission Modification
10005| [65158] Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite
10006| [57575] teximg Plugin for ikiwiki TEX Command Arbitrary File Local Disclosure
10007| [23849] sa-exim greylistclean.cron Arbitrary File Deletion
10008| [13073] Oracle Database Server Advanced Queuing Component dbms_transform_eximp Unspecified Security Issue
10009| [12946] Exim -bh Command Line Option dns_build_reverse Function Local Overflow
10010| [12727] Exim SPA Authentication spa_base64_to_bits Function Remote Overflow
10011| [12726] Exim -be Command Line Option host_aton Function Local Overflow
10012| [10877] Exim smtp_in.c HELO/EHLO Remote Overflow
10013| [10360] Exim daemon.c pid_file_path Variable Manipulation Arbitrary Command Execution
10014| [10032] libXpm CreateXImage Function Integer Overflow
10015| [7160] Exim .forward :include: Option Privilege Escalation
10016| [6479] Vexim COOKIE Authentication Credential Disclosure
10017| [6478] Vexim Multiple Parameter SQL Injection
10018| [5930] Exim Parenthesis File Name Filter Bypass
10019| [5897] Exim header_syntax Function Remote Overflow
10020| [5896] Exim sender_verify Function Remote Overflow
10021| [5530] Exim Localhost Name Arbitrary Command Execution
10022| [5330] Exim Configuration File Variable Overflow
10023| [1855] Exim Batched SMTP Mail Header Format String
10024|_
10025587/tcp open smtp syn-ack Exim smtpd 4.92
10026| vulscan: VulDB - https://vuldb.com:
10027| [113048] Exim up to 4.90 SMTP Listener Message memory corruption
10028| [109969] Exim 4.88/4.89 SMTP Daemon receive.c bdat_getc denial of service
10029| [109968] Exim 4.88/4.89 SMTP Daemon receive.c receive_msg memory corruption
10030| [94599] Exim up to 4.87 information disclosure
10031| [13422] Exim 4.82 Mail Header dmarc.c expand_string() memory corruption
10032| [6817] Exim up to 4.80 src/dkim.c dkim_exim_query_dns_txt() memory corruption
10033| [58841] exim up to 4.69 dkim_exim_verify_finish memory corruption
10034| [57462] Exim up to 4.75 Filesystem memory corruption
10035| [4280] Exim Server 4.x open_log() race condition
10036|
10037| MITRE CVE - https://cve.mitre.org:
10038| [CVE-2012-5671] Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
10039| [CVE-2012-0478] The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.
10040| [CVE-2011-1764] Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
10041| [CVE-2011-1407] The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
10042| [CVE-2011-0017] The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
10043| [CVE-2010-4345] Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
10044| [CVE-2010-4344] Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
10045| [CVE-2010-2024] transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
10046| [CVE-2010-2023] transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
10047| [CVE-2006-1251] Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
10048| [CVE-2005-0022] Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
10049| [CVE-2005-0021] Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
10050| [CVE-2004-0400] Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
10051| [CVE-2004-0399] Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
10052| [CVE-2003-0743] Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
10053| [CVE-2002-1381] Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
10054|
10055| SecurityFocus - https://www.securityfocus.com/bid/:
10056| [103049] Exim 'base64d()' Function Buffer Overflow Vulnerability
10057| [99252] Exim CVE-2017-1000369 Local Privilege Escalation Vulnerability
10058| [94947] Exim CVE-2016-9963 Unspecified Information Disclosure Vulnerability
10059| [84132] Exim CVE-2016-1531 Local Privilege Escalation Vulnerability
10060| [68857] Exim CVE-2014-2972 Local Privilege Escalation Vulnerability
10061| [67695] Exim 'dmarc.c' Remote Code Execution Vulnerability
10062| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
10063| [56285] Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
10064| [47836] Exim DKIM CVE-2011-1407 Remote Code Execution Vulnerability
10065| [47736] Exim 'dkim_exim_verify_finish()' Remote Format String Vulnerability
10066| [46065] Exim 'log.c' Local Privilege Escalation Vulnerability
10067| [45341] Exim ALT_CONFIG_ROOT_ONLY 'exim' User Local Privilege Escalation Vulnerability
10068| [45308] Exim Crafted Header Remote Code Execution Vulnerability
10069| [40454] Exim MBX Locking Insecure Temporary File Creation Vulnerability
10070| [40451] Exim Sticky Mail Directory Local Privilege Escalation Vulnerability
10071| [36181] ikiwiki 'teximg' Plugin Insecure TeX Commands Information Disclosure Vulnerability
10072| [23977] Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
10073| [17110] sa-exim Unauthorized File Access Vulnerability
10074| [12268] Exim IP Address Command Line Argument Local Buffer Overflow Vulnerability
10075| [12188] Exim SPA Authentication Remote Buffer Overflow Vulnerability
10076| [12185] Exim Illegal IPv6 Address Buffer Overflow Vulnerability
10077| [10291] Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability
10078| [10290] Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
10079| [8518] Exim EHLO/HELO Remote Heap Corruption Vulnerability
10080| [6314] Exim Internet Mailer Format String Vulnerability
10081| [4096] Exim Configuration File Argument Command Line Buffer Overflow Vulnerability
10082| [3728] Exim Pipe Hostname Arbitrary Command Execution Vulnerability
10083| [2828] Exim Format String Vulnerability
10084| [1859] Exim Buffer Overflow Vulnerability
10085|
10086| IBM X-Force - https://exchange.xforce.ibmcloud.com:
10087| [84758] Exim sender_address parameter command execution
10088| [84015] Exim command execution
10089| [80186] Mozilla Firefox, Thunderbird, and SeaMonkey copyTexImage2D code execution
10090| [80184] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D calls code execution
10091| [79615] Exim dkim_exim_query_dns_txt() buffer overflow
10092| [75155] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D denial of service
10093| [67455] Exim DKIM processing code execution
10094| [67299] Exim dkim_exim_verify_finish() format string
10095| [65028] Exim open_log privilege escalation
10096| [63967] Exim config file privilege escalation
10097| [63960] Exim header buffer overflow
10098| [59043] Exim mail directory privilege escalation
10099| [59042] Exim MBX symlink
10100| [52922] ikiwiki teximg plugin information disclosure
10101| [34265] Exim spamd buffer overflow
10102| [25286] Sa-exim greylistclean.cron file deletion
10103| [22687] RHSA-2005:025 updates for exim not installed
10104| [18901] Exim dns_build_reverse buffer overflow
10105| [18764] Exim spa_base64_to_bits function buffer overflow
10106| [18763] Exim host_aton buffer overflow
10107| [16079] Exim require_verify buffer overflow
10108| [16077] Exim header_check_syntax buffer overflow
10109| [16075] Exim sender_verify buffer overflow
10110| [13067] Exim HELO or EHLO command heap overflow
10111| [10761] Exim daemon.c format string
10112| [8194] Exim configuration file -c command-line argument buffer overflow
10113| [7738] Exim allows attacker to hide commands in localhost names using pipes
10114| [6671] Exim "
10115| [1893] Exim MTA allows local users to gain root privileges
10116|
10117| Exploit-DB - https://www.exploit-db.com:
10118| [16925] Exim4 <= 4.69 - string_format Function Heap Buffer Overflow
10119| [15725] Exim 4.63 Remote Root Exploit
10120| [1009] Exim <= 4.41 dns_build_reverse Local Exploit
10121| [812] Exim <= 4.43 auth_spa_server() Remote PoC Exploit
10122| [796] Exim <= 4.42 Local Root Exploit
10123| [756] Exim <= 4.41 dns_build_reverse Local Exploit PoC
10124|
10125| OpenVAS (Nessus) - http://www.openvas.org:
10126| [100663] Exim < 4.72 RC2 Multiple Vulnerabilities
10127|
10128| SecurityTracker - https://www.securitytracker.com:
10129| [1025539] Exim DKIM Processing Flaw Lets Remote Users Execute Arbitrary Code
10130| [1025504] Exim DKIM Signature Format String Flaw Lets Remote Users Execute Arbitrary Code
10131| [1024859] Exim Configuration File Capability Lets Local Users Gain Elevated Privileges
10132| [1024858] Exim Buffer Overfow in string_format() Lets Remote Users Execute Arbitrary Code
10133| [1012904] Exim Buffer Overflow in dns_build_reverse() Lets Local Users Obtain Elevated Privileges
10134| [1012771] Exim Buffer Overflows in host_aton() and spa_base64_to_bits() May Let Local Users Gain Elevated Privileges
10135| [1010081] Exim Buffer Overflows in 'accept.c' and 'verify.c' Let Remote Users Execute Arbitrary Code
10136| [1007609] Exim Heap Overflow in 'smtp_in.c' May Allow Remote Arbitrary Code Execution
10137| [1005756] Exim Mail Server Format String Bug Lets Local Exim Administrators Execute Arbitrary Code With Root Privileges
10138| [1003547] Potential Bug in Exim Mail Server May Let Local Users Execute Code With Root Privileges
10139| [1003014] Exim Mail Server Pipe Address Validation Error May Let Remote Users Execute Arbitrary Code With Root Privileges in a Certain Configuration
10140| [1001694] Exim Mail Server May Allow Remote Users to Execute Arbitrary Code with Root-Level Privileges on the Server
10141|
10142| OSVDB - http://www.osvdb.org:
10143| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
10144| [87599] Mozilla Multiple Product copyTexImage2D Call Image Dimension Handling Memory Corruption
10145| [87581] Mozilla Multiple Product texImage2D Call Handling Memory Corruption
10146| [86616] Exim src/dkim.c dkim_exim_query_dns_txt() Function DNS Record Parsing Remote Overflow
10147| [81523] Mozilla Multiple Product WebGL texImage2D() Function JSVAL_TO_OBJECT Remote Code Execution
10148| [72642] Exim DKIM Identity Lookup Item Remote Code Execution
10149| [72156] Exim src/dkim.c dkim_exim_verify_finish() Function DKIM-Signature Header Format String
10150| [70696] Exim log.c open_log() Function Local Privilege Escalation
10151| [69860] Exim exim User Account Configuration File Directive Local Privilege Escalation
10152| [69685] Exim string_format Function Remote Overflow
10153| [65159] Exim transports/appendfile.c MBX Locking Race Condition Permission Modification
10154| [65158] Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite
10155| [57575] teximg Plugin for ikiwiki TEX Command Arbitrary File Local Disclosure
10156| [23849] sa-exim greylistclean.cron Arbitrary File Deletion
10157| [13073] Oracle Database Server Advanced Queuing Component dbms_transform_eximp Unspecified Security Issue
10158| [12946] Exim -bh Command Line Option dns_build_reverse Function Local Overflow
10159| [12727] Exim SPA Authentication spa_base64_to_bits Function Remote Overflow
10160| [12726] Exim -be Command Line Option host_aton Function Local Overflow
10161| [10877] Exim smtp_in.c HELO/EHLO Remote Overflow
10162| [10360] Exim daemon.c pid_file_path Variable Manipulation Arbitrary Command Execution
10163| [10032] libXpm CreateXImage Function Integer Overflow
10164| [7160] Exim .forward :include: Option Privilege Escalation
10165| [6479] Vexim COOKIE Authentication Credential Disclosure
10166| [6478] Vexim Multiple Parameter SQL Injection
10167| [5930] Exim Parenthesis File Name Filter Bypass
10168| [5897] Exim header_syntax Function Remote Overflow
10169| [5896] Exim sender_verify Function Remote Overflow
10170| [5530] Exim Localhost Name Arbitrary Command Execution
10171| [5330] Exim Configuration File Variable Overflow
10172| [1855] Exim Batched SMTP Mail Header Format String
10173|_
10174993/tcp open ssl/imaps? syn-ack
10175995/tcp open ssl/pop3s? syn-ack
101762525/tcp open smtp syn-ack Exim smtpd 4.92
10177| vulscan: VulDB - https://vuldb.com:
10178| [113048] Exim up to 4.90 SMTP Listener Message memory corruption
10179| [109969] Exim 4.88/4.89 SMTP Daemon receive.c bdat_getc denial of service
10180| [109968] Exim 4.88/4.89 SMTP Daemon receive.c receive_msg memory corruption
10181| [94599] Exim up to 4.87 information disclosure
10182| [13422] Exim 4.82 Mail Header dmarc.c expand_string() memory corruption
10183| [6817] Exim up to 4.80 src/dkim.c dkim_exim_query_dns_txt() memory corruption
10184| [58841] exim up to 4.69 dkim_exim_verify_finish memory corruption
10185| [57462] Exim up to 4.75 Filesystem memory corruption
10186| [4280] Exim Server 4.x open_log() race condition
10187|
10188| MITRE CVE - https://cve.mitre.org:
10189| [CVE-2012-5671] Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
10190| [CVE-2012-0478] The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.
10191| [CVE-2011-1764] Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
10192| [CVE-2011-1407] The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
10193| [CVE-2011-0017] The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
10194| [CVE-2010-4345] Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
10195| [CVE-2010-4344] Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
10196| [CVE-2010-2024] transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
10197| [CVE-2010-2023] transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
10198| [CVE-2006-1251] Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
10199| [CVE-2005-0022] Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
10200| [CVE-2005-0021] Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
10201| [CVE-2004-0400] Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
10202| [CVE-2004-0399] Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
10203| [CVE-2003-0743] Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
10204| [CVE-2002-1381] Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
10205|
10206| SecurityFocus - https://www.securityfocus.com/bid/:
10207| [103049] Exim 'base64d()' Function Buffer Overflow Vulnerability
10208| [99252] Exim CVE-2017-1000369 Local Privilege Escalation Vulnerability
10209| [94947] Exim CVE-2016-9963 Unspecified Information Disclosure Vulnerability
10210| [84132] Exim CVE-2016-1531 Local Privilege Escalation Vulnerability
10211| [68857] Exim CVE-2014-2972 Local Privilege Escalation Vulnerability
10212| [67695] Exim 'dmarc.c' Remote Code Execution Vulnerability
10213| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
10214| [56285] Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
10215| [47836] Exim DKIM CVE-2011-1407 Remote Code Execution Vulnerability
10216| [47736] Exim 'dkim_exim_verify_finish()' Remote Format String Vulnerability
10217| [46065] Exim 'log.c' Local Privilege Escalation Vulnerability
10218| [45341] Exim ALT_CONFIG_ROOT_ONLY 'exim' User Local Privilege Escalation Vulnerability
10219| [45308] Exim Crafted Header Remote Code Execution Vulnerability
10220| [40454] Exim MBX Locking Insecure Temporary File Creation Vulnerability
10221| [40451] Exim Sticky Mail Directory Local Privilege Escalation Vulnerability
10222| [36181] ikiwiki 'teximg' Plugin Insecure TeX Commands Information Disclosure Vulnerability
10223| [23977] Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
10224| [17110] sa-exim Unauthorized File Access Vulnerability
10225| [12268] Exim IP Address Command Line Argument Local Buffer Overflow Vulnerability
10226| [12188] Exim SPA Authentication Remote Buffer Overflow Vulnerability
10227| [12185] Exim Illegal IPv6 Address Buffer Overflow Vulnerability
10228| [10291] Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability
10229| [10290] Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
10230| [8518] Exim EHLO/HELO Remote Heap Corruption Vulnerability
10231| [6314] Exim Internet Mailer Format String Vulnerability
10232| [4096] Exim Configuration File Argument Command Line Buffer Overflow Vulnerability
10233| [3728] Exim Pipe Hostname Arbitrary Command Execution Vulnerability
10234| [2828] Exim Format String Vulnerability
10235| [1859] Exim Buffer Overflow Vulnerability
10236|
10237| IBM X-Force - https://exchange.xforce.ibmcloud.com:
10238| [84758] Exim sender_address parameter command execution
10239| [84015] Exim command execution
10240| [80186] Mozilla Firefox, Thunderbird, and SeaMonkey copyTexImage2D code execution
10241| [80184] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D calls code execution
10242| [79615] Exim dkim_exim_query_dns_txt() buffer overflow
10243| [75155] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D denial of service
10244| [67455] Exim DKIM processing code execution
10245| [67299] Exim dkim_exim_verify_finish() format string
10246| [65028] Exim open_log privilege escalation
10247| [63967] Exim config file privilege escalation
10248| [63960] Exim header buffer overflow
10249| [59043] Exim mail directory privilege escalation
10250| [59042] Exim MBX symlink
10251| [52922] ikiwiki teximg plugin information disclosure
10252| [34265] Exim spamd buffer overflow
10253| [25286] Sa-exim greylistclean.cron file deletion
10254| [22687] RHSA-2005:025 updates for exim not installed
10255| [18901] Exim dns_build_reverse buffer overflow
10256| [18764] Exim spa_base64_to_bits function buffer overflow
10257| [18763] Exim host_aton buffer overflow
10258| [16079] Exim require_verify buffer overflow
10259| [16077] Exim header_check_syntax buffer overflow
10260| [16075] Exim sender_verify buffer overflow
10261| [13067] Exim HELO or EHLO command heap overflow
10262| [10761] Exim daemon.c format string
10263| [8194] Exim configuration file -c command-line argument buffer overflow
10264| [7738] Exim allows attacker to hide commands in localhost names using pipes
10265| [6671] Exim "
10266| [1893] Exim MTA allows local users to gain root privileges
10267|
10268| Exploit-DB - https://www.exploit-db.com:
10269| [16925] Exim4 <= 4.69 - string_format Function Heap Buffer Overflow
10270| [15725] Exim 4.63 Remote Root Exploit
10271| [1009] Exim <= 4.41 dns_build_reverse Local Exploit
10272| [812] Exim <= 4.43 auth_spa_server() Remote PoC Exploit
10273| [796] Exim <= 4.42 Local Root Exploit
10274| [756] Exim <= 4.41 dns_build_reverse Local Exploit PoC
10275|
10276| OpenVAS (Nessus) - http://www.openvas.org:
10277| [100663] Exim < 4.72 RC2 Multiple Vulnerabilities
10278|
10279| SecurityTracker - https://www.securitytracker.com:
10280| [1025539] Exim DKIM Processing Flaw Lets Remote Users Execute Arbitrary Code
10281| [1025504] Exim DKIM Signature Format String Flaw Lets Remote Users Execute Arbitrary Code
10282| [1024859] Exim Configuration File Capability Lets Local Users Gain Elevated Privileges
10283| [1024858] Exim Buffer Overfow in string_format() Lets Remote Users Execute Arbitrary Code
10284| [1012904] Exim Buffer Overflow in dns_build_reverse() Lets Local Users Obtain Elevated Privileges
10285| [1012771] Exim Buffer Overflows in host_aton() and spa_base64_to_bits() May Let Local Users Gain Elevated Privileges
10286| [1010081] Exim Buffer Overflows in 'accept.c' and 'verify.c' Let Remote Users Execute Arbitrary Code
10287| [1007609] Exim Heap Overflow in 'smtp_in.c' May Allow Remote Arbitrary Code Execution
10288| [1005756] Exim Mail Server Format String Bug Lets Local Exim Administrators Execute Arbitrary Code With Root Privileges
10289| [1003547] Potential Bug in Exim Mail Server May Let Local Users Execute Code With Root Privileges
10290| [1003014] Exim Mail Server Pipe Address Validation Error May Let Remote Users Execute Arbitrary Code With Root Privileges in a Certain Configuration
10291| [1001694] Exim Mail Server May Allow Remote Users to Execute Arbitrary Code with Root-Level Privileges on the Server
10292|
10293| OSVDB - http://www.osvdb.org:
10294| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
10295| [87599] Mozilla Multiple Product copyTexImage2D Call Image Dimension Handling Memory Corruption
10296| [87581] Mozilla Multiple Product texImage2D Call Handling Memory Corruption
10297| [86616] Exim src/dkim.c dkim_exim_query_dns_txt() Function DNS Record Parsing Remote Overflow
10298| [81523] Mozilla Multiple Product WebGL texImage2D() Function JSVAL_TO_OBJECT Remote Code Execution
10299| [72642] Exim DKIM Identity Lookup Item Remote Code Execution
10300| [72156] Exim src/dkim.c dkim_exim_verify_finish() Function DKIM-Signature Header Format String
10301| [70696] Exim log.c open_log() Function Local Privilege Escalation
10302| [69860] Exim exim User Account Configuration File Directive Local Privilege Escalation
10303| [69685] Exim string_format Function Remote Overflow
10304| [65159] Exim transports/appendfile.c MBX Locking Race Condition Permission Modification
10305| [65158] Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite
10306| [57575] teximg Plugin for ikiwiki TEX Command Arbitrary File Local Disclosure
10307| [23849] sa-exim greylistclean.cron Arbitrary File Deletion
10308| [13073] Oracle Database Server Advanced Queuing Component dbms_transform_eximp Unspecified Security Issue
10309| [12946] Exim -bh Command Line Option dns_build_reverse Function Local Overflow
10310| [12727] Exim SPA Authentication spa_base64_to_bits Function Remote Overflow
10311| [12726] Exim -be Command Line Option host_aton Function Local Overflow
10312| [10877] Exim smtp_in.c HELO/EHLO Remote Overflow
10313| [10360] Exim daemon.c pid_file_path Variable Manipulation Arbitrary Command Execution
10314| [10032] libXpm CreateXImage Function Integer Overflow
10315| [7160] Exim .forward :include: Option Privilege Escalation
10316| [6479] Vexim COOKIE Authentication Credential Disclosure
10317| [6478] Vexim Multiple Parameter SQL Injection
10318| [5930] Exim Parenthesis File Name Filter Bypass
10319| [5897] Exim header_syntax Function Remote Overflow
10320| [5896] Exim sender_verify Function Remote Overflow
10321| [5530] Exim Localhost Name Arbitrary Command Execution
10322| [5330] Exim Configuration File Variable Overflow
10323| [1855] Exim Batched SMTP Mail Header Format String
10324|_
103253306/tcp open mysql syn-ack MySQL 5.5.47
10326| vulscan: VulDB - https://vuldb.com:
10327| [90137] Oracle MySQL Server up to 5.5.48/5.6.29/5.7.10 Encryption information disclosure
10328| [90136] Oracle MySQL Server up to 5.5.48/5.6.29/5.7.11 Connection information disclosure
10329| [90132] Oracle MySQL Server up to 5.5.49/5.6.30/5.7.12 RBR denial of service
10330| [90125] Oracle MySQL Server up to 5.5.49/5.6.30/5.7.12 DML denial of service
10331| [90123] Oracle MySQL Server up to 5.5.49/5.6.30/5.7.12 Types denial of service
10332| [82687] Oracle MySQL Server up to 5.5.48/5.6.29/5.7.11 Connection Handling spoofing
10333| [80605] Oracle MySQL Server up to 5.5.46/5.6.27/5.7.9 Privileges denial of service
10334| [80603] Oracle MySQL Server up to 5.5.45/5.6.26 Encryption information disclosure
10335| [80601] Oracle MySQL Server up to 5.5.46/5.6.27/5.7.9 UDF denial of service
10336| [80600] Oracle MySQL Server up to 5.5.46/5.6.27/5.7.9 Encryption weak encryption
10337| [80596] Oracle MySQL Server up to 5.5.46/5.6.27/5.7.9 InnoDB denial of service
10338| [80595] Oracle MySQL Server up to 5.5.46/5.6.27/5.7.9 DML denial of service
10339| [80594] Oracle MySQL Server up to 5.5.46 Optimizer denial of service
10340| [80592] Oracle MySQL Server up to 5.5.46/5.6.27/5.7.9 Optimizer denial of service
10341| [80590] Oracle MySQL Server up to 5.5.46/5.6.27 DML denial of service
10342| [80586] Oracle MySQL Server up to 5.5.46/5.6.27/5.7.9 Options unknown vulnerability
10343| [78705] Oracle MySQL Server up to 5.5.45/5.6.26 Partition denial of service
10344| [78702] Oracle MySQL Server up to 5.5.45/5.6.26 SP denial of service
10345| [78701] Oracle MySQL Server up to 5.5.43/5.6.24 Privileges information disclosure
10346| [78698] Oracle MySQL Server up to 5.5.45/5.6.26 Query Cache denial of service
10347| [78697] Oracle MySQL Server up to 5.5.45/5.6.26 InnoDB denial of service
10348| [78695] Oracle MySQL Server up to 5.5.45/5.6.26 DML denial of service
10349| [78693] Oracle MySQL Server up to 5.5.45/5.6.26 Types unknown vulnerability
10350| [78691] Oracle MySQL Server up to 5.5.45/5.6.26 Privileges unknown vulnerability
10351| [78689] Oracle MySQL Server up to 5.5.45/5.6.26 Partition denial of service
10352| [78688] Oracle MySQL Server up to 5.5.45/5.6.26 Parser denial of service
10353| [78686] Oracle MySQL Server up to 5.5.44 InnoDB denial of service
10354| [78683] Oracle MySQL Server up to 5.5.45/5.6.26 DML denial of service
10355| [78681] Oracle MySQL Server up to 5.5.45/5.6.26 DDL denial of service
10356| [78680] Oracle MySQL Server up to 5.5.44/5.6.25 DML unknown vulnerability
10357| [76691] Oracle MySQL Server up to 5.5.42 Optimizer denial of service
10358| [76686] Oracle MySQL Server up to 5.5.43/5.6.24 denial of service
10359| [76671] Oracle MySQL Server up to 5.5.43/5.6.23 Pluggable Auth information disclosure
10360| [76634] Oracle MySQL Server up to 5.5.43/5.6.24 DML denial of service
10361| [76629] Oracle MySQL Server up to 5.5.43/5.6.24 Optimizer denial of service
10362| [76608] Oracle MySQL Server up to 5.5.43/5.6.23 information disclosure
10363| [76571] Oracle MySQL Server up to 5.5.43/5.6.24 GIS denial of service
10364| [74962] Oracle MySQL Server up to 5.5.42/5.6.23 Federated unknown vulnerability
10365| [74961] Oracle MySQL Server up to 5.5.42/5.6.23 DDL unknown vulnerability
10366| [74959] Oracle MySQL Server up to 5.5.41/5.6.22 Encryption weak encryption
10367| [74956] Oracle MySQL Server up to 5.5.42/5.6.23 Optimizer unknown vulnerability
10368| [74954] Oracle MySQL Server up to 5.5.41/5.6.22 DML unknown vulnerability
10369| [74950] Oracle MySQL Server up to 5.5.41/5.6.22 DDL unknown vulnerability
10370| [74948] Oracle MySQL Server up to 5.5.41/5.6.22 Privileges unknown vulnerability
10371| [74946] Oracle MySQL Server up to 5.5.42/5.6.23 Compiling unknown vulnerability
10372| [68810] Oracle MySQL Server up to 5.5.40/5.6.21 Foreign Key information disclosure
10373| [68808] Oracle MySQL Server up to 5.5.40/5.6.21 DML denial of service
10374| [68806] Oracle MySQL Server up to 5.5.40 Foreign Key denial of service
10375| [68804] Oracle MySQL Server up to 5.5.40/5.6.21 Replication denial of service
10376| [68803] Oracle MySQL Server up to 5.5.40/5.6.21 Replication denial of service
10377| [68802] Oracle MySQL Server up to 5.5.40/5.6.21 Encryption weak encryption
10378| [125564] Oracle MySQL Server up to 5.5.61/5.6.41/5.7.23/8.0.12 Storage Engines denial of service
10379| [125543] Oracle MySQL Server up to 5.5.61/5.6.41/5.7.23/8.0.12 Parser denial of service
10380| [125535] Oracle MySQL Server up to 5.5.61/5.6.41/5.7.23/8.0.12 InnoDB unknown vulnerability
10381| [121800] Oracle MySQL Server up to 5.5.60/5.6.40/5.7.22 Encryption weak encryption
10382| [121799] Oracle MySQL Server up to 5.5.60/5.6.40/5.7.22 Options unknown vulnerability
10383| [121796] Oracle MySQL Server up to 5.5.60/5.6.40/5.7.22 MyISAM information disclosure
10384| [121794] Oracle MySQL Server up to 5.5.60 Privileges denial of service
10385| [121785] Oracle MySQL Client up to 5.5.60/5.6.40/5.7.22/8.0.11 Client Programs denial of service
10386| [121777] Oracle MySQL Server up to 5.5.60/5.6.40/5.7.22 Client mysqldump denial of service
10387| [116762] Oracle MySQL Server up to 5.5.59/5.6.39/5.7.21 DDL information disclosure
10388| [116761] Oracle MySQL Server up to 5.5.59/5.6.39/5.7.21 Locking denial of service
10389| [116755] Oracle MySQL Server up to 5.5.59/5.6.39/5.7.21 Optimizer denial of service
10390| [116751] Oracle MySQL Server up to 5.5.59/5.6.39/5.7.21 Privileges denial of service
10391| [116742] Oracle MySQL Server up to 5.5.59/5.6.39/5.7.21 Client programs denial of service
10392| [116738] Oracle MySQL Server up to 5.5.59/5.6.39/5.7.21 DDL denial of service
10393| [116736] Oracle MySQL Server up to 5.5.59/5.6.39/5.7.21 InnoDB denial of service
10394| [112099] Oracle MySQL Server up to 5.5.58/5.6.38/5.7.20 Optimizer denial of service
10395| [112098] Oracle MySQL Server up to 5.5.58/5.6.38/5.7.20 Optimizer denial of service
10396| [112097] Oracle MySQL Server up to 5.5.58/5.6.38/5.7.20 Optimizer denial of service
10397| [112095] Oracle MySQL Server up to 5.5.58/5.6.38/5.7.20 DDL denial of service
10398| [112091] Oracle MySQL Server up to 5.5.58/5.6.38/5.7.19 Partition denial of service
10399| [108176] Oracle MySQL Server up to 5.5.57/5.6.37/5.7.11 Optimizer denial of service
10400| [108173] Oracle MySQL Server up to 5.5.57/5.6.37/5.7.19 DDL denial of service
10401| [108172] Oracle MySQL Server up to 5.5.57/5.6.37/5.7.19 Client programs information disclosure
10402| [104089] Oracle MySQL Server up to 5.5.56/5.6.36/5.7.18 DDL unknown vulnerability
10403| [104087] Oracle MySQL Server up to 5.5.56/5.6.36/5.7.18 DDL unknown vulnerability
10404| [104086] Oracle MySQL Server up to 5.5.56/5.6.36/5.7.18 Client mysqldump unknown vulnerability
10405| [104083] Oracle MySQL Server up to 5.5.56/5.6.36/5.7.18 Charsets denial of service
10406| [104075] Oracle MySQL Server up to 5.5.56/5.6.36/5.7.18 DML denial of service
10407| [104069] Oracle MySQL Server up to 5.5.56/5.6.36/5.7.18 C API denial of service
10408| [100225] Oracle MySQL Server up to 5.5.54/5.6.35/5.7.17 DDL unknown vulnerability
10409| [100224] Oracle MySQL Server up to 5.5.54/5.6.35/5.7.17 Privileges denial of service
10410| [100223] Oracle MySQL Server up to 5.5.54/5.6.35/5.7.17 Privileges denial of service
10411| [100222] Oracle MySQL Server up to 5.5.54/5.6.35/5.7.17 Privileges denial of service
10412| [100218] Oracle MySQL Server up to 5.5.54/5.6.35/5.7.17 DML denial of service
10413| [100215] Oracle MySQL Server up to 5.5.54/5.6.35 C API information disclosure
10414| [100207] Oracle MySQL Server up to 5.5.54/5.6.35/5.7.17 Optimizer denial of service
10415| [100204] Oracle MySQL Server up to 5.5.54/5.6.35/5.7.17 Client mysqldump unknown vulnerability
10416| [100203] Oracle MySQL Server up to 5.5.54/5.6.35/5.7.17 Thread Pooling denial of service
10417| [100200] Oracle MySQL Server up to 5.5.54/5.6.35/5.7.17 Optimizer denial of service
10418| [100199] Oracle MySQL Server up to 5.5.54/5.6.35/5.7.17 DML denial of service
10419| [96814] MariaDB up to 5.5.54/10.0.29/10.1.21/10.2.3 libmysqlclient.so denial of service
10420| [95722] Oracle MySQL Server up to 5.5.53 Charsets denial of service
10421| [95715] Oracle MySQL Server 5.5.53/5.6.34/5.7.16 Optimizer denial of service
10422| [95713] Oracle MySQL Server 5.5.53/5.6.34/5.7.16 DML denial of service
10423| [95711] Oracle MySQL Server 5.5.53/5.6.34/5.7.16 DDL denial of service
10424| [92900] Oracle MySQL Server up to 5.5.51/5.6.32/5.7.14 Optimizer denial of service
10425| [92898] Oracle MySQL Server up to 5.5.51/5.6.32/5.7.14 GIS denial of service
10426| [92897] Oracle MySQL Server up to 5.5.51 DML denial of service
10427| [92896] Oracle MySQL Server up to 5.5.50/5.6.31/5.7.13 DML denial of service
10428| [92827] Oracle MySQL Server up to 5.5.51/5.6.32/5.7.14 Federated denial of service
10429| [92818] Oracle MySQL Server up to 5.5.52/5.6.33/5.7.15 Encryption information disclosure
10430| [92817] Oracle MySQL Server up to 5.5.51/5.6.32/5.7.14 Types denial of service
10431| [91505] Oracle MySQL up to 5.5.52/5.6.33/5.7.15 Logging my.cnf privilege escalation
10432| [80591] Oracle MySQL Server up to 5.5.31/5.6.11 Optimizer denial of service
10433| [68805] Oracle MySQL Server up to 5.5.38/5.6.19 DDL denial of service
10434| [67988] Oracle MySQL Server up to 5.5.38/5.6.19 denial of service
10435| [67986] Oracle MySQL Server up to 5.5.38/5.6.19 denial of service
10436| [67984] Oracle MySQL Server up to 5.5.39/5.6.20 denial of service
10437| [67983] Oracle MySQL Server up to 5.5.38/5.6.19 denial of service
10438| [67982] Oracle MySQL Server up to 5.5.38 denial of service
10439| [67981] Oracle MySQL Server up to 5.5.38/5.6.19 denial of service
10440| [67979] Oracle MySQL Server up to 5.5.38/5.6.19 unknown vulnerability
10441| [67978] Oracle MySQL Server up to 5.5.38/5.6.19 denial of service
10442| [67977] Oracle MySQL Server up to 5.5.39/5.6.20 denial of service
10443| [67976] Oracle MySQL Server up to 5.5.39/5.6.20 denial of service
10444| [67975] Oracle MySQL Server up to 5.5.39/5.6.20 information disclosure
10445| [67974] Oracle MySQL Server up to 5.5.38/5.6.19 Messages Stack-Based sql injection
10446| [67972] Oracle MySQL Server up to 5.5.39/5.6.20 unknown vulnerability
10447| [67971] Oracle MySQL Server up to 5.5.38/5.6.19 unknown vulnerability
10448| [67969] Oracle MySQL Server up to 5.5.39/5.6.20 directory traversal
10449| [67968] Oracle MySQL Server up to 5.5.39/5.6.20 denial of service
10450| [67967] Oracle MySQL Server up to 5.5.39/5.6.20 denial of service
10451| [67966] Oracle MySQL Server up to 5.5.39/5.6.20 unknown vulnerability
10452| [67166] Oracle MySQL Server up to 5.5.35/5.6.15 denial of service
10453| [67162] Oracle MySQL Server up to 5.5.37 denial of service
10454| [67160] Oracle MySQL Server up to 5.5.37 denial of service
10455| [67159] Oracle MySQL Server up to 5.5.37/5.6.17 unknown vulnerability
10456| [67158] Oracle MySQL Server up to 5.5.37/5.6.17 unknown vulnerability
10457| [12983] Oracle MySQL Server up to 5.5.36/5.6.16 Options denial of service
10458| [12982] Oracle MySQL Server up to 5.5.35/5.6.15 Federated denial of service
10459| [12981] Oracle MySQL Server up to 5.5.35/5.6.15 Replication denial of service
10460| [12979] Oracle MySQL Server up to 5.5.36/5.6.16 Performance Schema denial of service
10461| [12978] Oracle MySQL Server up to 5.5.35/5.6.15 XML denial of service
10462| [12977] Oracle MySQL Server up to 5.5.35/5.6.15 Partition denial of service
10463| [12972] Oracle MySQL Client up to 5.5.36/5.6.16 unknown vulnerability
10464| [12971] Oracle MySQL Server up to 5.5.36/5.6.16 RBR unknown vulnerability
10465| [11947] Oracle MySQL Server up to 5.5.34/5.6.14 Replication denial of service
10466| [11940] Oracle MySQL Server up to 5.5.33/5.6.13 Partition denial of service
10467| [10816] Oracle MySQL Server up to 5.5.32/5.6.12 Replication unknown vulnerability
10468| [65143] MariaDB up to 5.5.28 MySQL privilege escalation
10469| [9671] Oracle MySQL Server up to 5.5.31/5.6.11 Server Replication denial of service
10470| [9668] Oracle MySQL Server up to 5.5.30/5.6.10 Server Partition Stored unknown vulnerability
10471| [9667] Oracle MySQL Server up to 5.5.31 Server Parser denial of service
10472| [9666] Oracle MySQL Server up to 5.5.30/5.6.10 Server Options Stored unknown vulnerability
10473| [9662] Oracle MySQL Server up to 5.5.30/5.6.10 Prepared Statement Stored unknown vulnerability
10474| [9658] Oracle MySQL Server up to 5.5.31/5.6.11 Data Manipulation Language denial of service
10475| [9657] Oracle MySQL Server up to 5.5.31/5.6.11 Audit Log information disclosure
10476| [8413] Oracle MySQL Server up to 5.5.30/5.6.10 InnoDB unknown vulnerability
10477| [8411] Oracle MySQL Server up to 5.5.30/5.6.10 Stored Procedure unknown vulnerability
10478| [8409] Oracle MySQL Server up to 5.5.29 Server Replication denial of service
10479| [8404] Oracle MySQL Server up to 5.5.29 Data Manipulation Language denial of service
10480| [8402] Oracle MySQL Server up to 5.5.29/5.6.10 Server Optimizer denial of service
10481| [8065] Oracle MySQL up to 5.5.27 yaSSL memory corruption
10482| [8064] Oracle MySQL up to 5.5.29 yaSSL memory corruption
10483| [7431] Oracle MySQL Server up to 5.5.28 Privileges denial of service
10484| [7430] Oracle MySQL Server up to 5.5.28 Partition denial of service
10485| [7429] Oracle MySQL Server up to 5.5.28 Optimizer denial of service
10486| [7426] Oracle MySQL Server up to 5.5.28 MyISAM denial of service
10487| [7424] Oracle MySQL Server up to 5.5.28 InnoDB denial of service
10488| [7419] Oracle MySQL Server up to 5.5.28 Stored Procedure denial of service
10489| [7414] Oracle MySQL Server up to 5.5.28 Parser Heap-based memory corruption
10490| [63111] Oracle MySQL 5.5.19 Installation denial of service
10491| [7068] Oracle MySQL Server up to 5.5.19 Authentication information disclosure
10492| [7067] Oracle MySQL Server up to 5.5.19 sql/sql_acl.cc acl_get memory corruption
10493| [7066] Oracle MySQL Server up to 5.5.19 SELECT Command Crash denial of service
10494| [7065] Oracle MySQL Server up to 5.5.19 Create Table MDL_key::mdl_key_init memory corruption
10495| [6793] Oracle MySQL Server up to 5.5.25 unknown vulnerability
10496| [6792] Oracle MySQL Server up to 5.5.26 MySQL Client information disclosure
10497| [6789] Oracle MySQL Server up to 5.5.26 unknown vulnerability
10498| [6786] Oracle MySQL Server up to 5.5.26 MySQL Client sql injection
10499| [5781] Oracle MySQL Server up to 5.5.23 denial of service
10500| [5780] Oracle MySQL Server up to 5.5.23 InnoDB denial of service
10501| [5778] Oracle MySQL Server up to 5.5.23 Server Optimizer denial of service
10502| [5635] Oracle MySQL Server up to 5.5.25 on Linux InnoDB UPDATE denial of service
10503| [5166] Oracle MySQL Server up to 5.5.21 Partition denial of service
10504| [5165] Oracle MySQL Server up to 5.5.19 Optimizer denial of service
10505| [5072] Oracle MySQL Server up to 5.5.21 denial of service
10506| [4627] Oracle MySQL up to 5.5.20 memory corruption
10507| [5236] Oracle MySQL Server 5.5.x unknown vulnerability
10508| [5235] Oracle MySQL Server 5.5.x denial of service
10509| [5233] Oracle MySQL Server 5.5.x denial of service
10510| [5232] Oracle MySQL Server 5.5.x denial of service
10511| [5231] Oracle MySQL Server 5.5.x denial of service
10512| [5230] Oracle MySQL Server 5.5.x denial of service
10513| [5229] Oracle MySQL Server 5.5.x denial of service
10514| [5228] Oracle MySQL Server 5.5.x denial of service
10515| [5227] Oracle MySQL Server 5.5.x unknown vulnerability
10516| [59882] MySQL 5.5.8 NULL Pointer Dereference denial of service
10517|
10518| MITRE CVE - https://cve.mitre.org:
10519| [CVE-2013-3812] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
10520| [CVE-2013-3809] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.
10521| [CVE-2013-3808] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.
10522| [CVE-2013-3805] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.
10523| [CVE-2013-3804] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10524| [CVE-2013-3802] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.
10525| [CVE-2013-3801] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.
10526| [CVE-2013-3794] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
10527| [CVE-2013-3793] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
10528| [CVE-2013-3783] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.
10529| [CVE-2013-2392] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10530| [CVE-2013-2391] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.
10531| [CVE-2013-2389] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
10532| [CVE-2013-2378] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
10533| [CVE-2013-2376] Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.
10534| [CVE-2013-2375] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
10535| [CVE-2013-1861] MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.
10536| [CVE-2013-1555] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
10537| [CVE-2013-1552] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
10538| [CVE-2013-1544] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
10539| [CVE-2013-1532] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema.
10540| [CVE-2013-1531] Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Privileges.
10541| [CVE-2013-1526] Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
10542| [CVE-2013-1523] Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Optimizer.
10543| [CVE-2013-1521] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking.
10544| [CVE-2013-1512] Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
10545| [CVE-2013-1511] Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
10546| [CVE-2013-1506] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.
10547| [CVE-2013-1502] Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.
10548| [CVE-2013-1492] Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553.
10549| [CVE-2013-0389] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10550| [CVE-2013-0386] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.
10551| [CVE-2013-0385] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.
10552| [CVE-2013-0384] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema.
10553| [CVE-2013-0383] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking.
10554| [CVE-2013-0371] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM.
10555| [CVE-2013-0368] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
10556| [CVE-2013-0367] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
10557| [CVE-2012-5615] MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
10558| [CVE-2012-5614] Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements.
10559| [CVE-2012-5613] ** DISPUTED ** MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.
10560| [CVE-2012-5612] Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.
10561| [CVE-2012-5611] Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
10562| [CVE-2012-5383] ** DISPUTED ** Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the "C:\MySQL\MySQL Server 5.5\bin" directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the MySQL installation.
10563| [CVE-2012-5096] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.
10564| [CVE-2012-5060] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension.
10565| [CVE-2012-4414] Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.
10566| [CVE-2012-3197] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
10567| [CVE-2012-3180] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10568| [CVE-2012-3177] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server.
10569| [CVE-2012-3173] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.
10570| [CVE-2012-3167] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.
10571| [CVE-2012-3166] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
10572| [CVE-2012-3163] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
10573| [CVE-2012-3160] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.
10574| [CVE-2012-3158] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol.
10575| [CVE-2012-3156] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.
10576| [CVE-2012-3150] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10577| [CVE-2012-3149] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality, related to MySQL Client.
10578| [CVE-2012-3147] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability, related to MySQL Client.
10579| [CVE-2012-3144] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.
10580| [CVE-2012-2750] Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related to a "Security Fix", aka Bug #59533. NOTE: this might be a duplicate of CVE-2012-1689, but as of 20120816, Oracle has not commented on this possibility.
10581| [CVE-2012-2749] MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service (mysqld crash) via vectors related to incorrect calculation and a sort order index.
10582| [CVE-2012-2122] sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
10583| [CVE-2012-2102] MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.
10584| [CVE-2012-1757] Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
10585| [CVE-2012-1756] Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors.
10586| [CVE-2012-1735] Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10587| [CVE-2012-1734] Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10588| [CVE-2012-1705] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10589| [CVE-2012-1703] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10590| [CVE-2012-1702] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.
10591| [CVE-2012-1697] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.
10592| [CVE-2012-1696] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10593| [CVE-2012-1690] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10594| [CVE-2012-1689] Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10595| [CVE-2012-1688] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML.
10596| [CVE-2012-0882] Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.
10597| [CVE-2012-0583] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM.
10598| [CVE-2012-0578] Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
10599| [CVE-2012-0574] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.
10600| [CVE-2012-0572] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
10601| [CVE-2012-0553] Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492.
10602| [CVE-2012-0540] Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension.
10603| [CVE-2012-0496] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
10604| [CVE-2012-0495] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and CVE-2012-0493.
10605| [CVE-2012-0494] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows local users to affect availability via unknown vectors.
10606| [CVE-2012-0493] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and CVE-2012-0495.
10607| [CVE-2012-0492] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485.
10608| [CVE-2012-0491] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0493, and CVE-2012-0495.
10609| [CVE-2012-0490] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.
10610| [CVE-2012-0489] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
10611| [CVE-2012-0488] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
10612| [CVE-2012-0487] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
10613| [CVE-2012-0486] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
10614| [CVE-2012-0485] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492.
10615| [CVE-2012-0484] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.
10616| [CVE-2012-0120] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492.
10617| [CVE-2012-0119] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
10618| [CVE-2012-0118] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113.
10619| [CVE-2012-0117] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.
10620| [CVE-2012-0116] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
10621| [CVE-2012-0115] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
10622| [CVE-2012-0114] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors.
10623| [CVE-2012-0113] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118.
10624| [CVE-2012-0112] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
10625| [CVE-2012-0075] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.
10626| [CVE-2011-5049] MySQL 5.5.8, when running on Windows, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted packet to TCP port 3306.
10627| [CVE-2011-2262] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors.
10628| [CVE-2010-3839] MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements.
10629| [CVE-2010-3838] MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table."
10630| [CVE-2010-3837] MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.
10631| [CVE-2010-3836] MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.
10632| [CVE-2010-3835] MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.
10633| [CVE-2010-3834] Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments."
10634| [CVE-2010-3833] MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT."
10635| [CVE-2010-3683] Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request.
10636| [CVE-2010-3681] Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure.
10637| [CVE-2009-4484] Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.
10638| [CVE-2006-4835] Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) db_mysql_error.php, (4) langlist.php, (5) sendmail.php, or (6) style.php, which reveals the path in various error messages.
10639|
10640| SecurityFocus - https://www.securityfocus.com/bid/:
10641| [52154] RETIRED: MySQL 5.5.20 Unspecified Remote Code Execution Vulnerability
10642|
10643| IBM X-Force - https://exchange.xforce.ibmcloud.com:
10644| [85724] Oracle MySQL Server XA Transactions denial of service
10645| [85723] Oracle MySQL Server Server Replication denial of service
10646| [85722] Oracle MySQL Server InnoDB denial of service
10647| [85721] Oracle MySQL Server Server Privileges unspecified
10648| [85720] Oracle MySQL Server Server Partition denial of service
10649| [85719] Oracle MySQL Server Server Parser denial of service
10650| [85718] Oracle MySQL Server Server Options denial of service
10651| [85717] Oracle MySQL Server Server Options denial of service
10652| [85716] Oracle MySQL Server Server Optimizer denial of service
10653| [85715] Oracle MySQL Server Server Optimizer denial of service
10654| [85714] Oracle MySQL Server Prepared Statements denial of service
10655| [85713] Oracle MySQL Server InnoDB denial of service
10656| [85712] Oracle MySQL Server Full Text Search denial of service
10657| [85711] Oracle MySQL Server Data Manipulation Language denial of service
10658| [85710] Oracle MySQL Server Data Manipulation Language denial of service
10659| [85709] Oracle MySQL Server Audit Log unspecified
10660| [85708] Oracle MySQL Server MemCached unspecified
10661| [84846] Debian mysql-server package information disclosure
10662| [84375] Wireshark MySQL dissector denial of service
10663| [83554] Oracle MySQL Server Server Partition denial of service
10664| [83553] Oracle MySQL Server Server Locking denial of service
10665| [83552] Oracle MySQL Server Server Install unspecified
10666| [83551] Oracle MySQL Server Server Types denial of service
10667| [83550] Oracle MySQL Server Server Privileges unspecified
10668| [83549] Oracle MySQL Server InnoDB denial of service
10669| [83548] Oracle MySQL Server InnoDB denial of service
10670| [83547] Oracle MySQL Server Data Manipulation Language denial of service
10671| [83546] Oracle MySQL Server Stored Procedure denial of service
10672| [83545] Oracle MySQL Server Server Replication denial of service
10673| [83544] Oracle MySQL Server Server Partition denial of service
10674| [83543] Oracle MySQL Server Server Optimizer denial of service
10675| [83542] Oracle MySQL Server InnoDB denial of service
10676| [83541] Oracle MySQL Server Information Schema denial of service
10677| [83540] Oracle MySQL Server Data Manipulation Language denial of service
10678| [83539] Oracle MySQL Server Data Manipulation Language denial of service
10679| [83538] Oracle MySQL Server Server Optimizer unspecified
10680| [83537] Oracle MySQL Server MemCached denial of service
10681| [83536] Oracle MySQL Server Server Privileges unspecified
10682| [83535] Oracle MySQL Server Server Privileges unspecified
10683| [83534] Oracle MySQL Server Server unspecified
10684| [83533] Oracle MySQL Server Information Schema unspecified
10685| [83532] Oracle MySQL Server Server Locking unspecified
10686| [83531] Oracle MySQL Server Data Manipulation Language denial of service
10687| [83388] MySQL administrative login attempt detected
10688| [82963] Mambo MySQL database information disclosure
10689| [82946] Oracle MySQL buffer overflow
10690| [82945] Oracle MySQL buffer overflow
10691| [82895] Oracle MySQL and MariaDB geometry queries denial of service
10692| [81577] MySQL2JSON extension for TYPO3 unspecified SQL injection
10693| [81325] Oracle MySQL Server Server Privileges denial of service
10694| [81324] Oracle MySQL Server Server Partition denial of service
10695| [81323] Oracle MySQL Server Server Optimizer denial of service
10696| [81322] Oracle MySQL Server Server Optimizer denial of service
10697| [81321] Oracle MySQL Server Server denial of service
10698| [81320] Oracle MySQL Server MyISAM denial of service
10699| [81319] Oracle MySQL Server InnoDB denial of service
10700| [81318] Oracle MySQL Server InnoDB denial of service
10701| [81317] Oracle MySQL Server Server Locking denial of service
10702| [81316] Oracle MySQL Server Server denial of service
10703| [81315] Oracle MySQL Server Server Replication unspecified
10704| [81314] Oracle MySQL Server Server Replication unspecified
10705| [81313] Oracle MySQL Server Stored Procedure denial of service
10706| [81312] Oracle MySQL Server Server Optimizer denial of service
10707| [81311] Oracle MySQL Server Information Schema denial of service
10708| [81310] Oracle MySQL Server GIS Extension denial of service
10709| [80790] Oracle MySQL yaSSL buffer overflow
10710| [80553] Oracle MySQL and MariaDB salt security bypass
10711| [80443] Oracle MySQL Server unspecified code execution
10712| [80442] Oracle MySQL Server acl_get() buffer overflow
10713| [80440] Oracle MySQL Server table buffer overflow
10714| [80435] Oracle MySQL Server database privilege escalation
10715| [80434] Oracle MySQL Server COM_BINLOG_DUMP denial of service
10716| [80433] Oracle MySQL Server Stuxnet privilege escalation
10717| [80432] Oracle MySQL Server authentication information disclosure
10718| [79394] Oracle MySQL Server Server Installation information disclosure
10719| [79393] Oracle MySQL Server Server Replication denial of service
10720| [79392] Oracle MySQL Server Server Full Text Search denial of service
10721| [79391] Oracle MySQL Server Server denial of service
10722| [79390] Oracle MySQL Server Client information disclosure
10723| [79389] Oracle MySQL Server Server Optimizer denial of service
10724| [79388] Oracle MySQL Server Server Optimizer denial of service
10725| [79387] Oracle MySQL Server Server denial of service
10726| [79386] Oracle MySQL Server InnoDB Plugin denial of service
10727| [79385] Oracle MySQL Server InnoDB denial of service
10728| [79384] Oracle MySQL Server Client unspecified
10729| [79383] Oracle MySQL Server Server denial of service
10730| [79382] Oracle MySQL Server Protocol unspecified
10731| [79381] Oracle MySQL Server Information Schema unspecified
10732| [78954] SilverStripe MySQLDatabase.php information disclosure
10733| [78948] MySQL MyISAM table symlink
10734| [77865] MySQL unknown vuln
10735| [77864] MySQL sort order denial of service
10736| [77768] MySQLDumper refresh_dblist.php information disclosure
10737| [77177] MySQL Squid Access Report unspecified cross-site scripting
10738| [77065] Oracle MySQL Server Optimizer denial of service
10739| [77064] Oracle MySQL Server Optimizer denial of service
10740| [77063] Oracle MySQL Server denial of service
10741| [77062] Oracle MySQL InnoDB denial of service
10742| [77061] Oracle MySQL GIS Extension denial of service
10743| [77060] Oracle MySQL Server Optimizer denial of service
10744| [76189] MySQL unspecified error
10745| [76188] MySQL attempts security bypass
10746| [75287] MySQLDumper restore.php information disclosure
10747| [75286] MySQLDumper filemanagement.php directory traversal
10748| [75285] MySQLDumper main.php cross-site request forgery
10749| [75284] MySQLDumper install.php cross-site scripting
10750| [75283] MySQLDumper install.php file include
10751| [75282] MySQLDumper menu.php code execution
10752| [75022] Oracle MySQL Server Server Optimizer denial of service
10753| [75021] Oracle MySQL Server Server Optimizer denial of service
10754| [75020] Oracle MySQL Server Server DML denial of service
10755| [75019] Oracle MySQL Server Partition denial of service
10756| [75018] Oracle MySQL Server MyISAM denial of service
10757| [75017] Oracle MySQL Server Server Optimizer denial of service
10758| [74672] Oracle MySQL Server multiple unspecified
10759| [73092] MySQL unspecified code execution
10760| [72540] Oracle MySQL Server denial of service
10761| [72539] Oracle MySQL Server unspecified
10762| [72538] Oracle MySQL Server denial of service
10763| [72537] Oracle MySQL Server denial of service
10764| [72536] Oracle MySQL Server unspecified
10765| [72535] Oracle MySQL Server denial of service
10766| [72534] Oracle MySQL Server denial of service
10767| [72533] Oracle MySQL Server denial of service
10768| [72532] Oracle MySQL Server denial of service
10769| [72531] Oracle MySQL Server denial of service
10770| [72530] Oracle MySQL Server denial of service
10771| [72529] Oracle MySQL Server denial of service
10772| [72528] Oracle MySQL Server denial of service
10773| [72527] Oracle MySQL Server denial of service
10774| [72526] Oracle MySQL Server denial of service
10775| [72525] Oracle MySQL Server information disclosure
10776| [72524] Oracle MySQL Server denial of service
10777| [72523] Oracle MySQL Server denial of service
10778| [72522] Oracle MySQL Server denial of service
10779| [72521] Oracle MySQL Server denial of service
10780| [72520] Oracle MySQL Server denial of service
10781| [72519] Oracle MySQL Server denial of service
10782| [72518] Oracle MySQL Server unspecified
10783| [72517] Oracle MySQL Server unspecified
10784| [72516] Oracle MySQL Server unspecified
10785| [72515] Oracle MySQL Server denial of service
10786| [72514] Oracle MySQL Server unspecified
10787| [71965] MySQL port denial of service
10788| [70680] DBD::mysqlPP unspecified SQL injection
10789| [70370] TaskFreak! multi-mysql unspecified path disclosure
10790| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
10791| [68294] MySQLDriverCS statement.cs sql injection
10792| [68175] Prosody MySQL denial of service
10793| [67539] Zend Framework MySQL PDO security bypass
10794| [67254] DirectAdmin MySQL information disclosure
10795| [66567] Xoops mysql.sql information disclosure
10796| [65871] PyWebDAV MySQLAuthHandler class SQL injection
10797| [65543] MySQL Select Arbitrary data into a File
10798| [65529] MySQL Eventum full_name field cross-site scripting
10799| [65380] Oracle MySQL Eventum forgot_password.php cross-site scripting
10800| [65379] Oracle MySQL Eventum list.php cross-site scripting
10801| [65266] Accellion File Transfer Appliance MySQL default password
10802| [64878] MySQL Geometry denial of service
10803| [64877] MySQL EXPLAIN EXTENDED denial of service
10804| [64876] MySQL prepared statement denial of service
10805| [64845] MySQL extreme-value denial of service
10806| [64844] MySQL Gis_line_string::init_from_wkb denial of service
10807| [64843] MySQL user-variable denial of service
10808| [64842] MySQL view preparation denial of service
10809| [64841] MySQL prepared statement denial of service
10810| [64840] MySQL LONGBLOB denial of service
10811| [64839] MySQL invocations denial of service
10812| [64838] MySQL Gis_line_string::init_from_wkb denial of service
10813| [64689] MySQL dict0crea.c denial of service
10814| [64688] MySQL SET column denial of service
10815| [64687] MySQL BINLOG command denial of service
10816| [64686] MySQL InnoDB denial of service
10817| [64685] MySQL HANDLER interface denial of service
10818| [64684] MySQL Item_singlerow_subselect::store denial of service
10819| [64683] MySQL OK packet denial of service
10820| [63518] MySQL Query Browser GUI Tools information disclosure
10821| [63517] MySQL Administrator GUI Tools information disclosure
10822| [62272] MySQL PolyFromWKB() denial of service
10823| [62269] MySQL LIKE predicates denial of service
10824| [62268] MySQL joins denial of service
10825| [62267] MySQL GREATEST() or LEAST() denial of service
10826| [62266] MySQL GROUP_CONCAT() denial of service
10827| [62265] MySQL expression values denial of service
10828| [62264] MySQL temporary table denial of service
10829| [62263] MySQL LEAST() or GREATEST() denial of service
10830| [62262] MySQL replication privilege escalation
10831| [61739] MySQL WITH ROLLUP denial of service
10832| [61343] MySQL LOAD DATA INFILE denial of service
10833| [61342] MySQL EXPLAIN denial of service
10834| [61341] MySQL HANDLER denial of service
10835| [61340] MySQL BINLOG denial of service
10836| [61339] MySQL IN() or CASE denial of service
10837| [61338] MySQL SET denial of service
10838| [61337] MySQL DDL denial of service
10839| [61318] PHP mysqlnd_wireprotocol.c buffer overflow
10840| [61317] PHP php_mysqlnd_read_error_from_line buffer overflow
10841| [61316] PHP php_mysqlnd_auth_write buffer overflow
10842| [61274] MySQL TEMPORARY InnoDB denial of service
10843| [59905] MySQL ALTER DATABASE denial of service
10844| [59841] CMySQLite updateUser.php cross-site request forgery
10845| [59112] MySQL Enterprise Monitor unspecified cross-site request forgery
10846| [59075] PHP php_mysqlnd_auth_write() buffer overflow
10847| [59074] PHP php_mysqlnd_read_error_from_line() buffer overflow
10848| [59073] PHP php_mysqlnd_rset_header_read() buffer overflow
10849| [59072] PHP php_mysqlnd_ok_read() information disclosure
10850| [58842] MySQL DROP TABLE file deletion
10851| [58676] Template Shares MySQL information disclosure
10852| [58531] MySQL COM_FIELD_LIST buffer overflow
10853| [58530] MySQL packet denial of service
10854| [58529] MySQL COM_FIELD_LIST security bypass
10855| [58311] ClanSphere the captcha generator and MySQL driver SQL injection
10856| [57925] MySQL UNINSTALL PLUGIN security bypass
10857| [57006] Quicksilver Forums mysqldump information disclosure
10858| [56800] Employee Timeclock Software mysqldump information disclosure
10859| [56200] Flex MySQL Connector ActionScript SQL injection
10860| [55877] MySQL yaSSL buffer overflow
10861| [55622] kiddog_mysqldumper extension for TYPO3 information disclosure
10862| [55416] MySQL unspecified buffer overflow
10863| [55382] Ublog UblogMySQL.sql information disclosure
10864| [55251] PHP-MySQL-Quiz editquiz.php SQL injection
10865| [54597] MySQL sql_table.cc security bypass
10866| [54596] MySQL mysqld denial of service
10867| [54365] MySQL OpenSSL security bypass
10868| [54364] MySQL MyISAM table symlink
10869| [53950] The mysql-ocaml mysql_real_escape_string weak security
10870| [52978] Zmanda Recovery Manager for MySQL mysqlhotcopy privilege escalation
10871| [52977] Zmanda Recovery Manager for MySQL socket-server.pl command execution
10872| [52660] iScouter PHP Web Portal MySQL Password Retrieval
10873| [52220] aa33code mysql.inc information disclosure
10874| [52122] MySQL Connector/J unicode SQL injection
10875| [51614] MySQL dispatch_command() denial of service
10876| [51406] MySQL Connector/NET SSL spoofing
10877| [49202] MySQL UDF command execution
10878| [49050] MySQL XPath denial of service
10879| [48919] Cisco Application Networking Manager MySQL default account password
10880| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
10881| [47544] MySQL Calendar index.php SQL injection
10882| [47476] MySQL Calendar index.php nodstrumCalendarV2 security bypass
10883| [45649] MySQL MyISAM symlink security bypass
10884| [45648] MySQL MyISAM symlinks security bypass
10885| [45607] MySQL Quick Admin actions.php file include
10886| [45606] MySQL Quick Admin index.php file include
10887| [45590] MySQL command-line client cross-site scripting
10888| [45436] PromoteWeb MySQL go.php SQL injection
10889| [45042] MySQL empty bit-string literal denial of service
10890| [44662] mysql-lists unspecified cross-site scripting
10891| [42267] MySQL MyISAM security bypass
10892| [42211] GEDCOM_to_MySQL2 index.php, info.php and prenom.php cross-site scripting
10893| [42014] miniBB setup_mysql.php and setup_options.php SQL injection
10894| [40920] MySQL sql_select.cc denial of service
10895| [40734] MySQL Server BINLOG privilege escalation
10896| [40350] MySQL password information disclosure
10897| [39415] Debian GNU/Linux libdspam7-drv-mysql cron job password disclosure
10898| [39402] PHP LOCAL INFILE and MySQL extension security bypass
10899| [38999] aurora framework db_mysql.lib SQL injection
10900| [38990] MySQL federated engine denial of service
10901| [38989] MySQL DEFINER value privilege escalation
10902| [38988] MySQL DATA DIRECTORY and INDEX DIRECTORY privilege escalation
10903| [38964] MySQL RENAME TABLE symlink
10904| [38733] ManageEngine EventLog Analyzer MySQL default password
10905| [38284] MySQL ha_innodb.cc convert_search_mode_to_innobase() denial of service
10906| [38189] MySQL default root password
10907| [37235] Asterisk-Addons cdr_addon_mysql module SQL injection
10908| [37099] RHSA update for MySQL case sensistive database name privilege escalation not installed
10909| [36555] PHP MySQL extension multiple functions security bypass
10910| [35960] MySQL view privilege escalation
10911| [35959] MySQL CREATE TABLE LIKE information disclosure
10912| [35958] MySQL connection protocol denial of service
10913| [35291] MySQLDumper main.php security bypass
10914| [34811] MySQL udf_init and mysql_create_function command execution
10915| [34809] MySQL mysql_update privilege escalation
10916| [34349] MySQL ALTER information disclosure
10917| [34348] MySQL mysql_change_db privilege escalation
10918| [34347] MySQL RENAME TABLE weak security
10919| [34232] MySQL IF clause denial of service
10920| [33388] Advanced Website Creator (AWC) mysql_escape_string SQL injection
10921| [33285] Eve-Nuke mysql.php file include
10922| [32957] MySQL Commander dbopen.php file include
10923| [32933] cPanel load_language.php and mysqlconfig.php file include
10924| [32911] MySQL filesort function denial of service
10925| [32462] cPanel passwdmysql cross-site scripting
10926| [32288] RHSA-2006:0544 updates for mysql not installed
10927| [32266] MySQLNewsEngine affichearticles.php3 file include
10928| [31244] The Address Book MySQL export.php password information disclosure
10929| [31037] Php/Mysql Site Builder (PHPBuilder) htm2php.php directory traversal
10930| [30760] BTSaveMySql URL file disclosure
10931| [30191] StoryStream mysql.php and mysqli.php file include
10932| [30085] MySQL MS-DOS device name denial of service
10933| [30031] Agora MysqlfinderAdmin.php file include
10934| [29438] MySQLDumper mysqldumper_path/sql.php cross-site scripting
10935| [29179] paBugs class.mysql.php file include
10936| [29120] ZoomStats MySQL file include
10937| [28448] MySQL case sensitive database name privilege escalation
10938| [28442] MySQL GRANT EXECUTE privilege escalation
10939| [28387] FunkBoard admin/mysql_install.php and admin/pg_install.php unauthorized access
10940| [28202] MySQL multiupdate subselect query denial of service
10941| [28180] MySQL MERGE table security bypass
10942| [28176] PHP MySQL Banner Exchange lib.inc information disclosure
10943| [27995] Opsware Network Automation System MySQL plaintext password
10944| [27904] MySQL date_format() format string
10945| [27635] MySQL Instance Manager denial of service
10946| [27212] MySQL SELECT str_to_date denial of service
10947| [26875] MySQL ASCII escaping SQL injection
10948| [26420] Apple Mac OS X MySQL Manager blank password
10949| [26236] MySQL login packet information disclosure
10950| [26232] MySQL COM_TABLE_DUMP buffer overflow
10951| [26228] MySQL sql_parce.cc information disclosure
10952| [26042] MySQL running
10953| [25313] WoltLab Burning Board class_db_mysql.php cross-site scripting
10954| [24966] MySQL mysql_real_query logging bypass
10955| [24653] PAM-MySQL logging function denial of service
10956| [24652] PAM-MySQL authentication double free code execution
10957| [24567] PHP/MYSQL Timesheet index.php and changehrs.php SQL injection
10958| [24095] PHP ext/mysqli exception handling format string
10959| [23990] PHP mysql_connect() buffer overflow
10960| [23596] MySQL Auction search module could allow cross-site scripting
10961| [22642] RHSA-2005:334 updates for mysql not installed
10962| [21757] MySQL UDF library functions command execution
10963| [21756] MySQL LoadLibraryEx function denial of service
10964| [21738] MySQL UDF mysql_create_function function directory traversal
10965| [21737] MySQL user defined function buffer overflow
10966| [21640] MySQL Eventum multiple class SQL injection
10967| [21638] MySQL Eventum multiple scripts cross-site scripting
10968| [20984] xmysqladmin temporary file symlink
10969| [20656] MySQL mysql_install_db script symlink
10970| [20333] Plans MySQL password information disclosure
10971| [19659] MySQL CREATE TEMPORARY TABLE command creates insecure files
10972| [19658] MySQL udf_init function gain access
10973| [19576] auraCMS mysql_fetch_row function path disclosure
10974| [18922] MySQL mysqlaccess script symlink attack
10975| [18824] MySQL UDF root privileges
10976| [18464] mysql_auth unspecified vulnerability
10977| [18449] Sugar Sales plaintext MySQL password
10978| [17783] MySQL underscore allows elevated privileges
10979| [17768] MySQL MATCH ... AGAINST SQL statement denial of service
10980| [17667] MySQL UNION change denial of service
10981| [17666] MySQL ALTER TABLE RENAME bypass restriction
10982| [17493] MySQL libmysqlclient bulk inserts buffer overflow
10983| [17462] MySQLGuest AWSguest.php script cross-site scripting
10984| [17047] MySQL mysql_real_connect buffer overflow
10985| [17030] MySQL mysqlhotcopy insecure temporary file
10986| [16612] MySQL my_rnd buffer overflow
10987| [16604] MySQL check_scramble_323 function allows unauthorized access
10988| [15883] MySQL mysqld_multi script symlink attack
10989| [15617] MySQL mysqlbug script symlink attack
10990| [15417] Confixx db_mysql_loeschen2.php SQL injection
10991| [15280] Proofpoint Protection Server MySQL allows unauthorized access
10992| [13404] HP Servicecontrol Manager multiple vulnerabilities in MySQL could allow execution of code
10993| [13153] MySQL long password buffer overflow
10994| [12689] MySQL AB ODBC Driver stores ODBC passwords and usernames in plain text
10995| [12540] Teapop PostSQL and MySQL modules SQL injection
10996| [12337] MySQL mysql_real_connect function buffer overflow
10997| [11510] MySQL datadir/my.cnf modification could allow root privileges
10998| [11493] mysqlcc configuration and connection files are world writable
10999| [11340] SuckBot mod_mysql_logger denial of service
11000| [11199] MySQL mysql_change_user() double-free memory pointer denial of service
11001| [10850] MySQL libmysql client read_one_row buffer overflow
11002| [10849] MySQL libmysql client read_rows buffer overflow
11003| [10848] MySQL COM_CHANGE_USER password buffer overflow
11004| [10847] MySQL COM_CHANGE_USER command password authentication bypass
11005| [10846] MySQL COM_TABLE_DUMP unsigned integer denial of service
11006| [10483] Bugzilla stores passwords in plain text in the MySQL database
11007| [10455] gBook MySQL could allow administrative access
11008| [10243] MySQL my.ini "
11009| [9996] MySQL SHOW GRANTS command discloses adminstrator`s encrypted password
11010| [9909] MySQL logging disabled by default on Windows
11011| [9908] MySQL binding to the loopback adapter is disabled
11012| [9902] MySQL default root password could allow unauthorized access
11013| [8748] Cyrus SASL LDAP+MySQL patch allows user unauthorized POP access
11014| [8105] PHP MySQL client library allows an attacker to bypass safe_mode restrictions
11015| [7923] Conectiva Linux MySQL /var/log/mysql file has insecure permissions
11016| [7206] WinMySQLadmin stores MySQL password in plain text
11017| [6617] MySQL "
11018| [6419] MySQL drop database command buffer overflow
11019| [6418] MySQL libmysqlclient.so buffer overflow
11020| [5969] MySQL select buffer overflow
11021| [5447] pam_mysql authentication input
11022| [5409] MySQL authentication algorithm obtain password hash
11023| [5057] PCCS MySQL Database Admin Tool could reveal username and password
11024| [4228] MySQL unauthenticated remote access
11025| [3849] MySQL default test account could allow any user to connect to the database
11026| [1568] MySQL creates readable log files
11027|
11028| Exploit-DB - https://www.exploit-db.com:
11029| [18269] MySQL 5.5.8 - Remote Denial of Service (DOS)
11030|
11031| OpenVAS (Nessus) - http://www.openvas.org:
11032| [53251] Debian Security Advisory DSA 562-1 (mysql)
11033| [53230] Debian Security Advisory DSA 540-1 (mysql)
11034|
11035| SecurityTracker - https://www.securitytracker.com:
11036| [1028790] MySQL Multiple Bugs Let Remote Users Deny Service and Partially Access and Modify Data
11037| [1028449] MySQL Multiple Bugs Let Remote Authenticated Users Deny Service and Partially Access and Modify Data
11038| [1028004] MySQL Multiple Bugs Let Remote Authenticated Users Take Full Control or Deny Service and Let Local Users Access and Modify Data
11039| [1027829] MySQL Bug in UpdateXML() Lets Remote Authenticated Users Deny Service
11040| [1027828] MySQL Heap Overflow May Let Remote Authenticated Users Execute Arbitrary Code
11041| [1027827] MySQL Stack Overflow May Let Remote Authenticated Users Execute Arbitrary Code
11042| [1027665] MySQL Multiple Bugs Let Remote Authenticated Users Access and Modify Data and Deny Service and Local Users Access Data
11043| [1027263] MySQL Multiple Bugs Let Remote Authenticated Users Deny Service
11044| [1027143] MySQL memcmp() Comparison Error Lets Remote Users Bypass Authentication
11045| [1026934] MySQL Multiple Bugs Let Remote Users Deny Service
11046| [1026896] MySQL Unspecified Flaws Have Unspecified Impact
11047| [1026659] MySQL Unspecified Flaw Lets Remote Users Execute Arbitrary Code
11048| [1026530] MySQL Multiple Bugs Let Local and Remote Users Partially Access and Modifiy Data and Partially Deny Service
11049| [1024508] MySQL Replication Flaw Lets Remote Authenticated Users Gain Elevated Privileges
11050| [1024507] MySQL Multiple Flaws Let Remote Authenticated Users Deny Service
11051| [1024360] MySQL Multiple Flaws Let Remote Authenticated Users Deny Service
11052| [1024160] MySQL ALTER DATABASE Processing Error Lets Remote Authenticated Users Deny Service
11053| [1024033] MySQL COM_FIELD_LIST Packet Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code
11054| [1024032] MySQL Large Packet Processing Flaw in my_net_skip_rest() Lets Remote Users Deny Service
11055| [1024031] MySQL COM_FIELD_LIST Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
11056| [1024004] MySQL mi_delete_table() Symlink Flaw Lets Remote Authenticated Users Delete Data and Index Files
11057| [1023402] MySQL Unspecified Flaw Lets Remote Users Execute Arbitrary Code
11058| [1023220] MySQL Client Fails to Check Server Certificates in Certain Cases
11059| [1022812] MySQL Unspecified Buffer Overflow Lets Remote Users Execute Arbitrary Code
11060| [1022533] MySQL Format String Bug in dispatch_command() Lets Remote Users Deny Service
11061| [1022482] MySQL Connector/Net is Missing SSL Certificate Validation
11062| [1021786] MySQL Bug in ExtractValue()/UpdateXML() in Processing XPath Expressions Lets Remote Authenticated Users Deny Service
11063| [1021714] (Red Hat Issues Fix) mod_auth_mysql Input Validation Flaw Lets Remote Users Inject SQL Commands
11064| [1020858] MySQL Item_bin_string::Item_bin_string() Binary Value Processing Bug Lets Remote Authenticated Users Deny Service
11065| [1019995] MySQL MyISAM Options Let Local Users Overwrite Table Files
11066| [1019085] MySQL Bugs Let Remote Authenticated Users Gain Elevated Privileges and Deny Service
11067| [1019084] MySQL DATA DIRECTORY and INDEX DIRECTORY Options May Let Remote Authenticated Users Gain Elevated Privileges
11068| [1019083] MySQL BINLOG Filename Path Bug May Let Remote Authenticated Users Gain Elevated Privileges
11069| [1019060] MySQL Rename Table Bug Lets Remote Authenticated Users Modify System Table Information
11070| [1018978] MySQL convert_search_mode_to_innobase() Bug Lets Remote Authenticated Users Deny Service
11071| [1018824] Asterisk-Addons Input Validation Flaw in cdr_addon_mysql Lets Remote Users Inject SQL Commands
11072| [1018663] MySQL Table View Access Bug Lets Remote Authenticated Users Gain Elevated Privileges
11073| [1018629] MySQL Authentication Protocol Bug Lets Remote Users Deny Service
11074| [1018071] MySQL ALTER TABLE Function Lets Remote Authenticated Users Obtain Potentially Sensitive Information
11075| [1018070] MySQL SQL SECURITY INVOKER Routines Let Remote Authenticated Users Gain Elevated Privileges
11076| [1018069] MySQL Lets Remote Authenticated Users Issue the RENAME TABLE Command
11077| [1017746] MySQL Single Row Subselect Statements Let Remote Users Deny Service
11078| [1016790] MySQL Replication Error Lets Local Users Deny Service
11079| [1016710] MySQL Case-Sensitive Database Names May Let Users Access Restricted Databases
11080| [1016709] MySQL Error in Checking suid Routine Arguments May Let Users Gain Elevated Privileges
11081| [1016617] MySQL MERGE Access Control Error May Let Users Access a Restricted Table
11082| [1016566] Opsware Network Automation System Discloses MySQL Password to Local Users
11083| [1016216] MySQL Error in Parsing Multibyte Encoded Data in mysql_real_escape() Lets Remote Users Inject SQL Commands
11084| [1016077] Apple MySQL Manager Database Initialization Bug May Let Local Users Access the Database
11085| [1016017] MySQL Anonymous Login Processing May Disclose Some Memory Contents to Remote Users
11086| [1016016] MySQL COM_TABLE_DUMP Processing Lets Remote Authenticated Users Execute Arbitrary Code or Obtain Information
11087| [1015789] Woltlab Burning Board Input Validation Hole in 'class_db_mysql.php' Permits Cross-Site Scripting Attacks
11088| [1015693] MySQL Query Bug Lets Remote Users Bypass Query Logging
11089| [1015603] PAM-MySQL pam_get_item() Double Free May Let Remote Users Execute Arbitrary Code
11090| [1015485] PHP mysqli Extension Error Mode Format String Flaw May Let Users Execute Arbitrary Code
11091| [1014603] MySQL Eventum Input Validation Hole in 'class.auth.php' Permits SQL Injection and Other Input Validation Bugs Permit Cross-Site Scripting Attacks
11092| [1014172] xMySQLadmin Lets Local Users Delete Files
11093| [1013995] MySQL 'mysql_install_db' Uses Unsafe Temporary Files and May Let Local Users Gain Elevated Privilege
11094| [1013994] MySQL Non-existent '--user' Error May Allow the Database to Run With Incorrect Privileges
11095| [1013415] MySQL CREATE FUNCTION Lets Authenticated Users Invoke libc Functions to Execute Arbitrary Code
11096| [1013414] MySQL udf_init() Path Validation Flaw Lets Authenticated Users Execute Arbitrary Libraries
11097| [1013413] MySQL CREATE TEMPORARY TABLE Uses Predictable Temporary Files That May Let Users Gain Elevated Privileges
11098| [1012914] MySQL 'mysqlaccess.sh' Unsafe Temporary Files May Let Local Users Gain Elevated Privileges
11099| [1012893] MySQL MaxDB Buffer Overflow in websql Password Parameter Lets Remote Users Execute Arbitrary Code
11100| [1012500] mysql_auth Memory Leak Has Unspecified Impact
11101| [1011741] MySQL Access Control Error in Databases With Underscore Wildcard Character May Grant Unauthorized Access
11102| [1011606] MySQL May Let Remote Authenticated Users Access Restricted Tables or Crash the System
11103| [1011408] MySQL libmysqlclient Buffer Overflow in Executing Prepared Statements Has Unspecified Impact
11104| [1011376] MySQLGuest Lack of Input Validation Lets Remote Users Conduct Cross-Site Scripting Attacks
11105| [1011008] MySQL Buffer Overflow in mysql_real_connect() May Let Remote Users Execute Arbitrary Code
11106| [1010979] MySQL 'mysqlhotcopy' Unsafe Temporary Files May Let Local Users Gain Elevated Privileges
11107| [1010645] MySQL check_scramble_323() Zero-Length Comparison Lets Remote Users Bypass Authentication
11108| [1009784] MySQL 'mysqld_multi' Temporary File Flaw Lets Local Users Overwrite Files
11109| [1009554] MySQL 'mysqlbug' Temporary File Flaw Lets Local Users Overwrite Files
11110| [1007979] MySQL mysql_change_user() Double Free Error Lets Remote Authenticated Users Crash mysqld
11111| [1007673] MySQL acl_init() Buffer Overflow Permits Remote Authenticated Administrators to Execute Arbitrary Code
11112| [1007518] DWebPro Discloses MySQL Database Password to Local Users
11113| [1007312] MySQL World-Writable Configuration File May Let Local Users Gain Root Privileges
11114| [1006976] MySQL Buffer Overflow in 'mysql_real_connect()' Client Function May Let Remote or Local Users Execute Arbitrary Code
11115| [1005800] MySQL Overflow and Authentication Bugs May Let Remote Users Execute Code or Access Database Accounts
11116| [1005345] MySQL Buffer Overflow Lets Local Users Gain System Privileges on Windows NT
11117| [1004506] vBulletin PHP-based Forum Software Has Unspecified Security Flaw in the 'db_mysql.php' Module
11118| [1004172] PHP-Survey Script Discloses Underlying MySQL Database Username and Password to Remote Users
11119| [1003955] 3rd Party Patch for Cyrus SASL ('auxprop for mysql and ldap') Lets Remote Users Access Protected POP Mail Accounts Without Authentication
11120| [1003290] Conectiva Linux MySQL Distribution May Allow Local Users to Obtain Sensitive Information
11121| [1002993] PurePostPro Script Add-on for PureFTPd and MySQL Allows Remote Users to Execute SQL Commands on the Server
11122| [1002485] WinMySQLadmin Database Administration Tool Discloses MySQL Password to Local Users
11123| [1002324] Vpopmail Mail Server Discloses Database Password to Local Users When Installed with MySQL
11124| [1001411] phpMyAdmin Administration Tool for MySQL Allows Remote Users to Execute Commands on the Server
11125| [1001118] MySQL Database Allows Authorized Users to Modify Server Files to Deny Service or Obtain Additional Access
11126|
11127| OSVDB - http://www.osvdb.org:
11128| [95337] Oracle MySQL Server XA Transactions Subcomponent Unspecified Remote DoS
11129| [95336] Oracle MySQL Server Replication Subcomponent Unspecified Remote DoS
11130| [95335] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
11131| [95334] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue
11132| [95333] Oracle MySQL Server Partition Subcomponent Unspecified Remote DoS
11133| [95332] Oracle MySQL Server Parser Subcomponent Unspecified Remote DoS
11134| [95331] Oracle MySQL Server Options Subcomponent Unspecified Remote DoS (2013-3801)
11135| [95330] Oracle MySQL Server Options Subcomponent Unspecified Remote DoS (2013-3808)
11136| [95329] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2013-3796)
11137| [95328] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2013-3804)
11138| [95327] Oracle MySQL Server Prepared Statements Subcomponent Unspecified Remote DoS
11139| [95326] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
11140| [95325] Oracle MySQL Server Full Text Search Subcomponent Unspecified Remote DoS
11141| [95324] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-3795)
11142| [95323] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-3793)
11143| [95322] Oracle MySQL Server Audit Log Subcomponent Unspecified Remote Issue
11144| [95321] Oracle MySQL Server MemCached Subcomponent Unspecified Remote Issue
11145| [95131] AutoMySQLBackup /usr/sbin/automysqlbackup Database Name Arbitrary Code Injection
11146| [94076] Debian Linux MySQL Server mysql-server-5.5.postinst Race Condition debian.cnf Plaintext Credential Local Disclosure
11147| [93505] Wireshark MySQL Dissector (packet-mysql.c) Malformed Packet Handling Infinite Loop Remote DoS
11148| [93174] MySQL Crafted Derived Table Handling DoS
11149| [92967] MySQL2JSON (mn_mysql2json) Extension for TYPO3 Unspecified SQL Injection
11150| [92950] MySQL Running START SLAVE Statement Process Listing Plaintext Local Password Disclosure
11151| [92485] Oracle MySQL Server Partition Subcomponent Unspecified Local DoS
11152| [92484] Oracle MySQL Server Locking Subcomponent Unspecified Remote DoS (2013-1506)
11153| [92483] Oracle MySQL Server Install Subcomponent Unspecified Local Issue
11154| [92482] Oracle MySQL Server Types Subcomponent Unspecified Remote DoS
11155| [92481] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue (2013-2381)
11156| [92480] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-1566)
11157| [92479] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-1511)
11158| [92478] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-1567)
11159| [92477] Oracle MySQL Server Stored Procedure Subcomponent Unspecified Remote DoS
11160| [92476] Oracle MySQL Server Replication Subcomponent Unspecified Remote DoS
11161| [92475] Oracle MySQL Server Partition Subcomponent Unspecified Remote DoS
11162| [92474] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS
11163| [92473] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-2389)
11164| [92472] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote DoS
11165| [92471] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-1512)
11166| [92470] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-1544)
11167| [92469] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote Issue
11168| [92468] Oracle MySQL Server MemCached Subcomponent Unspecified Remote DoS
11169| [92467] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue (2013-2375)
11170| [92466] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue (2013-1531)
11171| [92465] Oracle MySQL Server Server Subcomponent Unspecified Remote Issue
11172| [92464] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote Issue
11173| [92463] Oracle MySQL Server Locking Subcomponent Unspecified Remote Issue (2013-1521)
11174| [92462] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-2395)
11175| [91536] Oracle MySQL yaSSL Unspecified Overflow (2012-0553)
11176| [91534] Oracle MySQL yaSSL Unspecified Overflow (2013-1492)
11177| [91415] MySQL Raw Geometry Object String Conversion Remote DoS
11178| [91108] Juju mysql Charm Install Script mysql.passwd MySQL Password Plaintext Local Disclosure
11179| [89970] Site Go /site-go/admin/extra/mysql/index.php idm Parameter Traversal Arbitrary File Access
11180| [89265] Oracle MySQL Server Server Privileges Subcomponent Unspecified Remote DoS
11181| [89264] Oracle MySQL Server Server Partition Subcomponent Unspecified Remote DoS
11182| [89263] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-0578)
11183| [89262] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-1705)
11184| [89261] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-0574)
11185| [89260] Oracle MySQL Server MyISAM Subcomponent Unspecified Remote DoS
11186| [89259] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2012-0572)
11187| [89258] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-0368)
11188| [89257] Oracle MySQL Server Server Locking Subcomponent Unspecified Remote DoS
11189| [89256] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-1702)
11190| [89255] Oracle MySQL Server Server Replication Subcomponent Unspecified Remote Issue
11191| [89254] Oracle MySQL Server Server Replication Subcomponent Unspecified Local Issue
11192| [89253] Oracle MySQL Server Stored Procedure Subcomponent Unspecified Remote DoS
11193| [89252] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS
11194| [89251] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote DoS
11195| [89250] Oracle MySQL Server GIS Extension Subcomponent Unspecified Remote DoS
11196| [89042] ViciBox Server MySQL cron Service Default Credentials
11197| [88415] Oracle MySQL Server COM_CHANGE_USER Account Password Brute-Force Weakness
11198| [88118] Oracle MySQL Server FILE Privilege Database Privilege Escalation
11199| [88067] Oracle MySQL Server Authentication Error Message User Enumeration
11200| [88066] Oracle MySQL Server for Linux Access Rights Checking Routine Database Name Handling Stack Buffer Overflow
11201| [88065] Oracle MySQL Server COM_BINLOG_DUMP Invalid Data Handling DoS
11202| [88064] Oracle MySQL Server Multiple-Table DELETE Heap Buffer Overflow
11203| [87704] CodeIgniter MySQL / MySQLi Driver Database Client Multi-byte Character Set Unspecified SQL Injection
11204| [87507] Oracle MySQL Statement Logging Multiple Log Plaintext Local Password Disclosure
11205| [87501] Oracle MySQL optimizer_switch Malformed Value Processing Local DoS
11206| [87494] Oracle MySQL on Windows Field_new_decimal::store_value dbug_buff Variable Overflow DoS
11207| [87480] MySQL Malformed XML Comment Handling DoS
11208| [87466] MySQL SSL Certificate Revocation Weakness
11209| [87356] Oracle MySQL do_div_mod DIV Expression Handling Remote DoS
11210| [87355] Oracle MySQL handler::pushed_cond Table Cache Handling mysqld DoS
11211| [87354] Oracle MySQL Polygon Union / Intersection Spatial Operations DoS
11212| [86273] Oracle MySQL Server Server Installation Subcomponent Unspecified Local Information Disclosure
11213| [86272] Oracle MySQL Server Server Replication Subcomponent Unspecified Remote DoS
11214| [86271] Oracle MySQL Server Server Full Text Search Subcomponent Unspecified Remote DoS
11215| [86270] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-3156)
11216| [86269] Oracle MySQL Server MySQL Client Subcomponent Unspecified Remote Information Disclosure
11217| [86268] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-3180)
11218| [86267] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-3150)
11219| [86266] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-3144)
11220| [86265] Oracle MySQL Server InnoDB Plugin Subcomponent Unspecified Remote DoS
11221| [86264] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
11222| [86263] Oracle MySQL Server MySQL Client Subcomponent Unspecified Remote Issue
11223| [86262] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-3177)
11224| [86261] Oracle MySQL Server Protocol Subcomponent Unspecified Remote Issue
11225| [86260] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote Code Execution
11226| [86175] Oracle MySQL on Windows Path Subversion Arbitrary DLL Injection Code Execution
11227| [85155] Icinga module/idoutils/db/scripts/create_mysqldb.sh Icinga User Database Access Restriction Bypass
11228| [84755] Oracle MySQL Sort Order Index Calculation Remote DoS
11229| [84719] MySQLDumper index.php page Parameter XSS
11230| [84680] MySQL Squid Access Report access.log File Path XSS
11231| [83980] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2012-1689)
11232| [83979] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2012-1734)
11233| [83978] Oracle MySQL Server Subcomponent Unspecified Remote DoS
11234| [83977] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
11235| [83976] Oracle MySQL Server GIS Extension Subcomponent Unspecified Remote DoS
11236| [83975] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2012-1735)
11237| [83661] Oracle MySQL Unspecified Issue (59533)
11238| [82804] Oracle MySQL Authentication Protocol Token Comparison Casting Failure Password Bypass
11239| [82803] Oracle MySQL Unspecified Issue (59387)
11240| [82120] Oracle MySQL Version Specific Comment Handling Arbitrary SQL Command Execution
11241| [81897] Viscacha classes/database/mysql.inc.php Multiple Parameter SQL Injection
11242| [81616] MySQLDumper Multiple Script Direct Request Information Disclosure
11243| [81615] MySQLDumper filemanagement.php f Parameter Traversal Arbitrary File Access
11244| [81614] MySQLDumper File Upload PHP Code Execution
11245| [81613] MySQLDumper main.php Multiple Function CSRF
11246| [81612] MySQLDumper restore.php filename Parameter XSS
11247| [81611] MySQLDumper sql.php Multiple Parameter XSS
11248| [81610] MySQLDumper install.php Multiple Parameter XSS
11249| [81609] MySQLDumper install.php language Parameter Traversal Arbitrary File Access
11250| [81378] Oracle MySQL Server Server Optimizer Component Unspecified Remote DoS (2012-1690)
11251| [81377] Oracle MySQL Server Server Optimizer Component Unspecified Remote DoS (2012-1696)
11252| [81376] Oracle MySQL Server Server DML Component Unspecified Remote DoS
11253| [81375] Oracle MySQL Server Partition Component Unspecified Remote DoS
11254| [81374] Oracle MySQL Server MyISAM Component Unspecified Remote DoS
11255| [81373] Oracle MySQL Server Server Optimizer Component Unspecified Remote DoS (2012-1703)
11256| [81059] Oracle MySQL Server Multiple Unspecified Issues
11257| [79038] Webmin Process Listing MySQL Password Local Disclosure
11258| [78919] Oracle MySQL Unspecified Pre-authentication Remote Code Execution
11259| [78710] WordPress wp-admin/setup-config.php MySQL Query Saturation Brute-Force Proxy Weakness
11260| [78708] WordPress wp-admin/setup-config.php MySQL Database Verification Code Injection Weakness
11261| [78707] WordPress wp-admin/setup-config.php MySQL Credentials Error Message Brute-Force Weakness
11262| [78394] Oracle MySQL Server Unspecified Remote DoS (2012-0493)
11263| [78393] Oracle MySQL Server Unspecified Remote DoS (2012-0492)
11264| [78392] Oracle MySQL Server Unspecified Remote DoS (2012-0117)
11265| [78391] Oracle MySQL Server Unspecified Remote DoS (2012-0112)
11266| [78390] Oracle MySQL Server Unspecified Remote DoS (2012-0495)
11267| [78389] Oracle MySQL Server Unspecified Remote DoS (2012-0491)
11268| [78388] Oracle MySQL Server Unspecified Remote DoS (2012-0490)
11269| [78387] Oracle MySQL Server Unspecified Remote DoS (2012-0489)
11270| [78386] Oracle MySQL Server Unspecified Remote DoS (2012-0488)
11271| [78385] Oracle MySQL Server Unspecified Remote DoS (2012-0487)
11272| [78384] Oracle MySQL Server Unspecified Remote DoS (2012-0486)
11273| [78383] Oracle MySQL Server Unspecified Remote DoS (2012-0485)
11274| [78382] Oracle MySQL Server Unspecified Remote DoS (2012-0120)
11275| [78381] Oracle MySQL Server Unspecified Remote DoS (2012-0119)
11276| [78380] Oracle MySQL Server Unspecified Remote DoS (2012-0115)
11277| [78379] Oracle MySQL Server Unspecified Remote DoS (2012-0102)
11278| [78378] Oracle MySQL Server Unspecified Remote DoS (2012-0101)
11279| [78377] Oracle MySQL Server Unspecified Remote DoS (2012-0087)
11280| [78376] Oracle MySQL Server Unspecified Remote DoS (2011-2262)
11281| [78375] Oracle MySQL Server Unspecified Local DoS
11282| [78374] Oracle MySQL Server Unspecified Remote Issue (2012-0075)
11283| [78373] Oracle MySQL Server Unspecified Local Issue
11284| [78372] Oracle MySQL Server Unspecified Remote Information Disclosure
11285| [78371] Oracle MySQL Server Unspecified Remote Issue (2012-0496)
11286| [78370] Oracle MySQL Server Unspecified Remote Issue (2012-0118)
11287| [78369] Oracle MySQL Server Unspecified Remote Issue (2012-0116)
11288| [78368] Oracle MySQL Server Unspecified Remote Issue (2012-0113)
11289| [78283] Oracle MySQL NULL Pointer Dereference Packet Parsing Remote DoS
11290| [77042] e107 CMS install_.php MySQL Server Name Parsing Remote PHP Code Execution
11291| [77040] DBD::mysqlPP Unspecified SQL Injection
11292| [75888] TaskFreak! multi-mysql Multiple Script Direct Request Path Disclosure
11293| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
11294| [73555] Prosody MySQL Value Column Invalid Data Type Handling DoS
11295| [73387] Zend Framework PDO_MySql Character Set Security Bypass
11296| [72836] Arctic Fox CMS Multiple Script Direct Request MySQL Settings Disclosure
11297| [72660] MySQL GUI Tools Administrator / Query Browser Command Line Credentials Local Disclosure
11298| [72120] DirectAdmin mysql_backups Folder MySQL Database Backup Local Disclosure
11299| [71368] Accellion File Transfer Appliance Weak MySQL root Password
11300| [70967] MySQL Eventum Admin User Creation CSRF
11301| [70966] MySQL Eventum preferences.php full_name Parameter XSS
11302| [70961] MySQL Eventum list.php Multiple Parameter XSS
11303| [70960] MySQL Eventum forgot_password.php URI XSS
11304| [70947] PyWebDAV DAVServer/mysqlauth.py get_userinfo() Multiple Parameter SQL Injection
11305| [70610] PHP MySQLi Extension set_magic_quotes_runtime Function mysqli_fetch_assoc Function Interaction Weakness
11306| [69885] SilverStripe modules/sapphire/trunk/core/model/MySQLDatabase.php showqueries Parameter SQL Command Disclosure
11307| [69395] MySQL Derived Table Grouping DoS
11308| [69394] MySQL Temporary Table Expression Re-Evaluation DoS
11309| [69393] MySQL GROUP_CONCAT() WITH ROLLUP Modifier DoS
11310| [69392] MySQL Extreme-Value Functions Mixed Arguments DoS
11311| [69391] MySQL Stored Procedures / Prepared Statements Nested Joins DoS
11312| [69390] MySQL Extreme-Value Functions Argument Parsing Type Error DoS
11313| [69389] MySQL CONVERT_TZ() Function Empty SET Column DoS
11314| [69388] MySQL InnoDB Storage Engine Table Handling Overflow
11315| [69387] MySQL LIKE Predicates Pre-Evaluation DoS
11316| [69001] MySQL PolyFromWKB() Function WKB Data Remote DoS
11317| [69000] MySQL HANDLER Interface Unspecified READ Request DoS
11318| [68997] MySQL Prepared-Statement Mode EXPLAIN DoS
11319| [68996] MySQL EXPLAIN EXTENDED Statement DoS
11320| [68995] MySQL GeometryCollection non-Geometry Value Assignment DoS
11321| [67488] phpMyAdmin libraries/dbi/mysqli.dbi.lib.php Unspecified Parameter XSS
11322| [67487] phpMyAdmin libraries/dbi/mysql.dbi.lib.php Unspecified Parameter XSS
11323| [67421] PHP Mysqlnd Extension mysqlnd_wireprotocol.c php_mysqlnd_rset_header_read Function Overflow
11324| [67420] PHP Mysqlnd Extension mysqlnd_wireprotocol.c php_mysqlnd_ok_read Function Arbitrary Memory Content Disclosure
11325| [67419] PHP Mysqlnd Extension php_mysqlnd_read_error_from_line Function Negative Buffer Length Value Overflow
11326| [67418] PHP Mysqlnd Extension php_mysqlnd_auth_write Function Multiple Overflows
11327| [67384] MySQL LOAD DATA INFILE Statement Incorrect OK Packet DoS
11328| [67383] MySQL EXPLAIN Statement Item_singlerow_subselect::store Function NULL Dereference DoS
11329| [67381] MySQL InnoDB Temporary Table Handling DoS
11330| [67380] MySQL BINLOG Statement Unspecified Argument DoS
11331| [67379] MySQL Multiple Operation NULL Argument Handling DoS
11332| [67378] MySQL Unique SET Column Join Statement Remote DoS
11333| [67377] MySQL DDL Statement Multiple Configuration Parameter DoS
11334| [66800] PHP Multiple mysqlnd_* Function Unspecified Overflow
11335| [66799] PHP mysqlnd Error Packet Handling Multiple Overflows
11336| [66731] PHP Bundled MySQL Library Unspecified Issue
11337| [66665] PHP MySQL LOAD DATA LOCAL open_basedir Bypass
11338| [65851] MySQL ALTER DATABASE #mysql50# Prefix Handling DoS
11339| [65450] phpGraphy mysql_cleanup.php include_path Parameter Remote File Inclusion
11340| [65085] MySQL Enterprise Monitor Unspecified CSRF
11341| [64843] MySQL DROP TABLE Command Symlink MyISAM Table Local Data Deletion
11342| [64588] MySQL sql/net_serv.cc my_net_skip_rest Function Large Packet Handling Remote DoS
11343| [64587] MySQL COM_FIELD_LIST Command Packet Table Name Argument Overflow
11344| [64586] MySQL COM_FIELD_LIST Command Packet Authentication Bypass
11345| [64524] Advanced Poll misc/get_admin.php mysql_host Parameter XSS
11346| [64447] Tirzen Framework (TZN) tzn_mysql.php Username Parameter SQL Injection Authentication Bypass
11347| [64320] ClanSphere MySQL Driver s_email Parameter SQL Injection
11348| [63903] MySQL sql/sql_plugin.cc mysql_uninstall_plugin Function UNINSTALL PLUGIN Command Privilege Check Weakness
11349| [63115] Quicksilver Forums mysqldump Process List Database Password Disclosure
11350| [62830] Employee Timeclock Software mysqldump Command-line Database Password Disclosure
11351| [62640] PHP mysqli_real_escape_string() Function Error Message Path Disclosure
11352| [62216] Flex MySQL Connector ActionScript SQL Query Arbitrary Code Execution
11353| [61752] kiddog_mysqldumper Extension for TYPO3 Unspecified Information Disclosure
11354| [61497] microTopic admin/mysql.php rating Parameter SQL Injection
11355| [60665] MySQL CREATE TABLE MyISAM Table mysql_unpacked_real_data_home Local Restriction Bypass
11356| [60664] MySQL sql/sql_table.cc Data Home Directory Symlink CREATE TABLE Access Restriction Bypass
11357| [60516] RADIO istek scripti estafresgaftesantusyan.inc Direct Request MySQL Database Credentials Disclosure
11358| [60489] MySQL GeomFromWKB() Function First Argument Geometry Value Handling DoS
11359| [60488] MySQL SELECT Statement WHERE Clause Sub-query DoS
11360| [60487] MySQL vio_verify_callback() Function Crafted Certificate MiTM Weakness
11361| [60356] MySql Client Library (libmysqlclient) mysql_real_connect Function Local Overflow
11362| [59907] MySQL on Windows bind-address Remote Connection Weakness
11363| [59906] MySQL on Windows Default Configuration Logging Weakness
11364| [59616] MySQL Hashed Password Weakness
11365| [59609] Suckbot mod_mysql_logger Shared Object Unspecified Remote DoS
11366| [59495] Cyrus SASL LDAP / MySQL Authentication Patch password Field SQL Injection Authentication Bypass
11367| [59062] phpMyAdmin Extension for TYPO3 MySQL Table Name Unspecified XSS
11368| [59045] phpMyAdmin Crafted MYSQL Table Name XSS
11369| [59030] mysql-ocaml for MySQL mysql_real_escape_string() Function Character Escaping Weakness
11370| [57587] Zmanda Recovery Manager for MySQL socket-server.pl system() Function Local Privilege Escalation
11371| [57586] Zmanda Recovery Manager for MySQL socket-server.pl system() Function Remote Shell Command Execution
11372| [56741] MySQL Connector/J Unicode w/ SJIS/Windows-31J Charset SQL Injection
11373| [56134] Virtualmin MySQL Module Execute SQL Feature Arbitrary File Access
11374| [55734] MySQL sql_parse.cc dispatch_command() Function Format String DoS
11375| [55566] MySQL Connector/NET SSL Certificate Verification Weakness
11376| [53525] MyBlog /config/mysqlconnection.inc Direct Request Information Disclosure
11377| [53524] blog+ includes/window_top.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
11378| [53523] blog+ includes/block_center_down.php row_mysql_blocks_center_down[file] Parameter Traversal Local File Inclusion
11379| [53522] blog+ includes/block_center_top.php row_mysql_blocks_center_top[file] Parameter Traversal Local File Inclusion
11380| [53521] blog+ includes/block_left.php row_mysql_blocks_left[file] Parameter Traversal Local File Inclusion
11381| [53520] blog+ includes/block_right.php row_mysql_blocks_right[file] Parameter Traversal Local File Inclusion
11382| [53519] blog+ includes/window_down.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
11383| [53366] GEDCOM_TO_MYSQL php/info.php Multiple Parameter XSS
11384| [53365] GEDCOM_TO_MYSQL php/index.php nom_branche Parameter XSS
11385| [53364] GEDCOM_TO_MYSQL php/prenom.php Multiple Parameter XSS
11386| [53360] Blogplus includes/window_top.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
11387| [53359] Blogplus includes/window_down.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
11388| [53358] Blogplus includes/block_right.php row_mysql_blocks_right[file] Parameter Traversal Local File Inclusion
11389| [53357] Blogplus includes/block_left.php row_mysql_blocks_left[file] Parameter Traversal Local File Inclusion
11390| [53356] Blogplus block_center_top.php row_mysql_blocks_center_top[file] Parameter Traversal Local File Inclusion
11391| [53355] Blogplus includes/block_center_down.php row_mysql_blocks_center_down[file] Parameter Traversal Local File Inclusion
11392| [53110] XOOPS Cube Legacy ErrorHandler::show() Function MySQL Error Message XSS
11393| [52729] Asterisk-addon cdr_addon_mysql.c Call Detail Record SQL Injection
11394| [52728] Tribox cdr_addon_mysql.c Call Detail Record XSS
11395| [52727] FreePBX cdr_addon_mysql.c Call Detail Record XSS
11396| [52726] Areski cdr_addon_mysql.c Call Detail Record XSS
11397| [52464] MySQL charset Column Truncation Weakness
11398| [52453] MySQL sql/item_xmlfunc.cc ExtractValue() / UpdateXML() Functions Scalar XPath DoS
11399| [52378] Cisco ANM MySQL root Account Default Password
11400| [52264] Broadcast Machine MySQLController.php controllers/baseDir Parameter Remote File Inclusion
11401| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
11402| [51171] MySQL InnoDB convert_search_mode_to_innobase Function DoS
11403| [50892] MySQL Calendar index.php username Parameter SQL Injection
11404| [50827] Nodstrum MySQL Calendar nodstrumCalendarV2 Cookie Manipulation Admin Authentication Bypass
11405| [49875] PromoteWeb MySQL go.php id Parameter SQL Injection
11406| [48710] MySQL Command Line Client HTML Output XSS
11407| [48709] MySQL Quick Admin actions.php lang Parameter Traversal Local File Inclusion
11408| [48708] MySQL Quick Admin index.php language Cookie Traversal Local File Inclusion
11409| [48021] MySQL Empty Bit-String Literal Token SQL Statement DoS
11410| [47789] mysql-lists Unspecified XSS
11411| [47394] Keld PHP-MySQL News Script login.php username Parameter SQL Injection
11412| [45073] MySQLDumper Extension for TYPO3 Unspecified Authentication Bypass
11413| [44937] MySQL MyISAM Table CREATE TABLE Privilege Check Bypass
11414| [44138] Debian GNU/Linux libdspam7-drv-mysql Cron MySQL dspam Database Password Local Disclosure
11415| [44071] Phorum /include/db/mysql.php Unspecified Search SQL Injection
11416| [43180] MySQL sql_select.cc INFORMATION_SCHEMA Table Crafted Query Remote DoS
11417| [43179] MySQL Server BINLOG Statement Rights Checking Failure
11418| [42610] MySQL DEFINER View Value Crafted Statements Remote Privilege Escalation
11419| [42609] MySQL Federated Engine SHOW TABLE STATUS Query Remote DoS
11420| [42608] MySQL RENAME TABLE Symlink System Table Overwrite
11421| [42607] MySQL Multiple table-level DIRECTORY Remote Privilege Escalation
11422| [42460] MySQLDumper HTTP POST Request Remote Authentication Bypass
11423| [42423] AdventNet EventLog Analyzer MySQL Installation Default root Account
11424| [41861] Bacula make_catalog_backup Function MySQL Director Password Cleartext Disclosure
11425| [40232] PHP MySQL Banner Exchange inc/lib.inc Direct Request Database Disclosure
11426| [40188] Password Manager Pro (PMP) mysql Unspecified Remote Command Injection
11427| [39279] PHP mysql_error() Function XSS
11428| [39145] aurora framework db_mysql.lib pack_var() value Parameter SQL Injection
11429| [38567] NetClassifieds Mysql_db.php Halt_On_Error Setting Error Message Path Disclosure
11430| [38112] Excel Parser Pro sample/xls2mysql parser_path Parameter Remote File Inclusion
11431| [37880] Asterisk-Addons source/destination Numbers cdr_addon_mysql Module SQL Injection
11432| [37784] PHP MySQL Extension Multiple Function Security Restriction Bypass
11433| [37783] MySQL Community Server CREATE TABLE LIKE Table Structure Disclosure
11434| [37782] MySQL Community Server External Table View Privilege Escalation
11435| [37781] MySQL ALTER TABLE Information Disclosure
11436| [37539] GPL PHP Board db.mysql.inc.php root_path Parameter Remote File Inclusion
11437| [37195] Eve-Nuke Module for PHP-Nuke db/mysql.php phpbb_root_path
11438| [37015] paBugs class.mysql.php path_to_bt_dir Parameter Remote File Inclusion
11439| [36868] PHP MySQLi Extension LOCAL INFILE Operation Security Restriction Bypass
11440| [36867] PHP MySQL Extension LOCAL INFILE Operation Security Restriction Bypass
11441| [36771] InterWorx-CP SiteWorx mysql.php PATH_INFO Parameter XSS
11442| [36757] InterWorx-CP NodeWorx mysql.php PATH_INFO Parameter XSS
11443| [36732] MySQL Community Server Connection Protocol Malformed Password Packet Remote DoS
11444| [36251] Associated Press (AP) Newspower Default MySQL root Password
11445| [35168] Study Planner (Studiewijzer) db/mysql/db.inc.php SPL_CFG[dirroot] Parameter Remote File Inclusion
11446| [35037] Fantastico for cPanel includes/mysqlconfig.php fantasticopath Parameter Traversal Local File Inclusion
11447| [34780] Backup Manager Command Line Cleartext MySQL Password Disclosure
11448| [34766] MySQL RENAME TABLE Statement Arbitrary Table Name Modification
11449| [34765] MySQL mysql_change_db Function THD::db_access Privilege Escalation
11450| [34734] MySQL Crafted IF Clause Divide-by-zero NULL Dereference DoS
11451| [34038] MySQL Commander ressourcen/dbopen.php home Parameter Remote File Inclusion
11452| [33974] MySQL information_schema Table Subselect Single-Row DoS
11453| [33678] MySQLNewsEngine affichearticles.php3 newsenginedir Parameter Remote File Inclusion
11454| [33447] WGS-PPC (PPC Search Engine) config/mysql_config.php INC Parameter Remote File Inclusion
11455| [33372] deV!L'z Clanportal inc/filebrowser/browser.php MySQL Data Disclosure
11456| [33147] ActiveCalendar data/mysqlevents.php css Parameter XSS
11457| [32784] Storystream mysqli.php baseDir Parameter Remote File Inclusion
11458| [32783] Storystream mysql.php baseDir Parameter Remote File Inclusion
11459| [32421] Contenido CMS conlib/db_mysqli.inc Direct Request Path Disclosure
11460| [32272] JevonCMS /phplib/db_mysql.inc Direct Request Path Disclosure
11461| [32171] Blue Magic Board db_mysql_error.php Direct Request Path Disclosure
11462| [32056] BTSaveMySql Direct Request Config File Disclosure
11463| [32044] cPanel WebHost Manager (WHM) scripts/passwdmysql password Parameter XSS
11464| [32024] TikiWiki tiki-wiki_rss.php ver MySQL Credential Disclosure
11465| [31963] Agora MysqlfinderAdmin.php _SESSION[PATH_COMPOSANT] Parameter Remote File Inclusion
11466| [31431] ZoomStats libs/dbmax/mysql.php GLOBALS[lib][db][path] Parameter Remote File Inclusion
11467| [30172] TikiWiki Multiple Script Empty sort_mode Parameter MySQL Authentication Credential Disclosure
11468| [29696] MySQLDumper sql.php db Parameter XSS
11469| [29453] ConPresso CMS db_mysql.inc.php msg Parameter XSS
11470| [29122] cPanel mysqladmin/hooksadmin Unspecified Privilege Escalation
11471| [28296] MySQL Crafted multiupdate / subselects Query Local DoS
11472| [28288] MySQL Instance_options::complete_initialization Function Overflow
11473| [28030] Tutti Nova class.novaRead.mysql.php TNLIB_DIR Parameter Remote File Inclusion
11474| [28029] Tutti Nova class.novaAdmin.mysql.php TNLIB_DIR Parameter Remote File Inclusion
11475| [28028] Tutti Nova class.novaEdit.mysql.php TNLIB_DIR Parameter Remote File Inclusion
11476| [28013] MySQL SUID Routine Miscalculation Arbitrary DML Statement Execution
11477| [28012] MySQL Case Sensitivity Unauthorized Database Creation
11478| [27919] MySQL VIEW Access information_schema.views Information Disclosure
11479| [27703] MySQL MERGE Table Privilege Persistence
11480| [27593] Drupal database.mysqli.inc Multiple Parameter SQL Injection
11481| [27549] Opsware NAS /etc/init.d/mysqll MySQL root Cleartext Password Local Disclosure
11482| [27416] MySQL Server time.cc date_format Function Format String
11483| [27054] MySQL mysqld str_to_date Function NULL Argument DoS
11484| [26923] PHP/MySQL Classifieds (PHP Classifieds) search.php rate Parameter SQL Injection
11485| [26922] PHP/MySQL Classifieds (PHP Classifieds) AddAsset1.php Multiple Field XSS
11486| [26822] Bee-hive Lite include/listall.inc.php mysqlcall Parameter Remote File Inclusion
11487| [26821] Bee-hive Lite conad/include/mysqlCall.inc.php config Parameter Remote File Inclusion
11488| [26820] Bee-hive Lite conad/logout.inc.php mysqlCall Parameter Remote File Inclusion
11489| [26819] Bee-hive Lite conad/login.inc.php mysqlCall Parameter Remote File Inclusion
11490| [26818] Bee-hive Lite conad/checkPasswd.inc.php mysqlCall Parameter Remote File Inclusion
11491| [26817] Bee-hive Lite conad/changeUserDetails.inc.php mysqlCall Parameter Remote File Inclusion
11492| [26816] Bee-hive Lite conad/changeEmail.inc.php mysqlCall Parameter Remote File Inclusion
11493| [26125] Open Searchable Image Catalogue core.php do_mysql_query Function Error Message XSS
11494| [26123] Open Searchable Image Catalogue core.php do_mysql_query Function SQL Injection
11495| [25987] MySQL Multibyte Encoding SQL Injection Filter Bypass
11496| [25908] Drupal database.mysql.inc Multiple Parameter SQL Injection
11497| [25595] Apple Mac OS X MySQL Manager Blank root Password
11498| [25228] MySQL Crafted COM_TABLE_DUMP Request Arbitrary Memory Disclosure
11499| [25227] MySQL COM_TABLE_DUMP Packet Overflow
11500| [25226] MySQL Malformed Login Packet Remote Memory Disclosure
11501| [24245] Cholod Mysql Based Message Board Unspecified XSS
11502| [24244] Cholod Mysql Based Message Board mb.cgi showmessage Action SQL Injection
11503| [23963] WoltLab Burning Board class_db_mysql.php SQL Error Message XSS
11504| [23915] Netcool/NeuSecure MySQL Database Connection Restriction Bypass
11505| [23611] Aztek Forum index.php msg Variable Forced MySQL Error Information Disclosure
11506| [23526] MySQL Query NULL Charcter Logging Bypass
11507| [23157] PHP/MYSQL Timesheet changehrs.php Multiple Parameter SQL Injection
11508| [23156] PHP/MYSQL Timesheet index.php Multiple Parameter SQL Injection
11509| [22995] PAM-MySQL Authentication pam_get_item() Function Unspecified Privilege Escalation
11510| [22994] PAM-MySQL SQL Logging Facility Segfault DoS
11511| [22485] Recruitment Software admin/site.xml MySQL Authentication Credential Disclosure
11512| [22479] PHP mysqli Extension Error Message Format String
11513| [22232] PHP Pipe Variable mysql_connect() Function Overflow
11514| [21685] MySQL Auction Search Module keyword XSS
11515| [20698] Campsite notifyendsubs Cron MySQL Password Cleartext Remote Disclosure
11516| [20145] Proofpoint Protection Server Embedded MySQL Server Unpassworded root Account
11517| [19457] aMember Pro mysql.inc.php Remote File Inclusion
11518| [19377] MAXdev MD-Pro /MySQL_Tools/admin.php Path Disclosure
11519| [18899] MySQL UDF Library Arbitrary Function Load Privilege Escalation
11520| [18898] MySQL UDF LoadLibraryEx Function Nonexistent Library Load DoS
11521| [18897] MySQL on Windows UDF Create Function Traversal Privilege Escalation
11522| [18896] MySQL User-Defined Function init_syms() Function Overflow
11523| [18895] MySQL libmysqlclient.so host Parameter Remote Overflow
11524| [18894] MySQL drop database Request Remote Overflow
11525| [18622] FunkBoard mysql_install.php Email Field Arbitrary PHP Code Injection
11526| [18620] FunkBoard mysql_install.php Admin/Database Password Manipulation
11527| [18406] MySQL Eventum releases.php SQL Injection
11528| [18405] MySQL Eventum custom_fields_graph.php SQL Injection
11529| [18404] MySQL Eventum custom_fields.php SQL Injection
11530| [18403] MySQL Eventum login.php email Parameter SQL Injection Authentication Bypass
11531| [18402] MySQL Eventum get_jsrs_data.php F Parameter XSS
11532| [18401] MySQL Eventum list.php release Parameter XSS
11533| [18400] MySQL Eventum view.php id Parameter XSS
11534| [18173] MySQL on Windows USE Command MS-DOS Device Name DoS
11535| [17801] Bugzilla MySQL Replication Race Condition Information Disclosure
11536| [17223] xMySQLadmin Symlink Arbitrary File Deletion
11537| [16727] MySQL Nonexistent '--user' Error Incorrect Privilege Database Invocation
11538| [16689] MySQL mysql_install_db Symlink Arbitrary File Overwrite
11539| [16056] Plans Unspecified mySQL Remote Password Disclosure
11540| [15993] MySQL MaxDB Webtool Remote getIfHeader() WebDAV Function Remote Overflow
11541| [15817] MySQL MaxDB Web Tool getLockTokenHeader() Function Remote Overflow
11542| [15816] MySQL MaxDB Web Administration Service Malformed GET Request Overflow
11543| [15451] paNews auth.php mysql_prefix Parameter SQL Injection
11544| [14748] MySQL MS-DOS Device Names Request DoS
11545| [14678] MySQL CREATE FUNCTION Arbitrary libc Code Execution
11546| [14677] MySQL CREATE FUNCTION mysql.func Table Arbitrary Library Injection
11547| [14676] MySQL CREATE TEMPORARY TABLE Symlink Privilege Escalation
11548| [14386] phpMyAdmin mysqli.dbi.lib.php Path Disclosure
11549| [14052] Symantec Brightmail AntiSpam Multiple Default MySQL Accounts
11550| [13086] MySQL MaxDB Web Agent Malformed HTTP Header DoS
11551| [13085] MySQL MaxDB Web Agent WebDAV sapdbwa_GetUserData() Function Remote DoS
11552| [13013] MySQL mysqlaccess.sh Symlink Arbitrary File Manipulation
11553| [12919] MySQL MaxDB WebAgent websql Remote Overflow
11554| [12779] MySQL User Defined Function Privilege Escalation
11555| [12609] MySQL Eventum projects.php Multiple Parameter XSS
11556| [12608] MySQL Eventum preferences.php Multiple Parameter XSS
11557| [12607] MySQL Eventum forgot_password.php email Parameter XSS
11558| [12606] MySQL Eventum index.php email Parameter XSS
11559| [12605] MySQL Eventum Default Vendor Account
11560| [12275] MySQL MaxDB Web Tools wahttp Nonexistent File Request DoS
11561| [12274] MySQL MaxDB Web Tools WebDAV Handler Remote Overflow
11562| [11689] Roxen Web Server MySQL Socket Permission Weakness
11563| [10985] MySQL MATCH..AGAINST Query DoS
11564| [10959] MySQL GRANT ALL ON Privilege Escalation
11565| [10660] MySQL ALTER TABLE/RENAME Forces Old Permission Checks
11566| [10659] MySQL ALTER MERGE Tables to Change the UNION DoS
11567| [10658] MySQL mysql_real_connect() Function Remote Overflow
11568| [10532] MySQL MaxDB webdbm Server Field DoS
11569| [10491] AWS MySQLguest AWSguest.php Script Insertion
11570| [10244] MySQL libmysqlclient Prepared Statements API Overflow
11571| [10226] MySQLGuest AWSguest.php Multiple Field XSS
11572| [9912] PHP safe_mode MySQL Database Access Restriction Bypass
11573| [9911] Inter7 vpopmail MySQL Module Authentication Credential Disclosure
11574| [9910] MySQL mysql_change_user() Double-free Memory Pointer DoS
11575| [9909] MySQL datadir/my.cnf Modification Privilege Escalation
11576| [9908] MySQL my.ini Initialization File datadir Parameter Overflow
11577| [9907] MySQL SELECT Statement String Handling Overflow
11578| [9906] MySQL GRANT Privilege Arbitrary Password Modification
11579| [9509] teapop MySQL Authentication Module SQL Injection
11580| [9018] MySQL Backup Pro getbackup() Method Unspecified Issue
11581| [9015] MySQL mysqlhotcopy Insecure Temporary File Creation
11582| [8997] Cacti config.php MySQL Authentication Credential Cleartext Disclosure
11583| [8979] MySQL SHOW GRANTS Encrypted Password Disclosure
11584| [8889] MySQL COM_TABLE_DUMP Package Negative Integer DoS
11585| [8888] MySQL COM_CHANGE_USER Command Long Repsonse Overflow
11586| [8887] MySQL COM_CHANGE_USER Command One Character Password Brute Force
11587| [8886] MySQL libmysqlclient Library read_one_row Overflow
11588| [8885] MySQL libmysqlclient Library read_rows Overflow
11589| [7476] MySQL Protocol 4.1 Authentication Scramble String Overflow
11590| [7475] MySQL Zero-length Scrambled String Crafted Packet Authentication Bypass
11591| [7245] MySQL Pluggable Authentication Module (pam_mysql) Password Disclosure
11592| [7128] MySQL show database Database Name Exposure
11593| [6716] MySQL Database Engine Weak Authentication Information Disclosure
11594| [6605] MySQL mysqld Readable Log File Information Disclosure
11595| [6443] PowerPhlogger db_dump.php View Arbitrary mySQL Dump
11596| [6421] MySQL mysqld_multi Symlink Arbitrary File Overwrite
11597| [6420] MySQL mysqlbug Symlink Arbitrary File Overwrite
11598| [2537] MySQL sql_acl.cc get_salt_from_password Function Password Handling Remote Overflow
11599| [2144] WinMySQLadmin my.ini Cleartext Password Disclosure
11600| [653] PCCS-Linux MySQL Database Admin Tool Authentication Credential Disclosure
11601| [520] MySQL Database Name Traversal Arbitrary File Modification
11602| [380] MySQL Server on Windows Default Null Root Password
11603| [261] MySQL Short Check String Authentication Bypass
11604|_
116055432/tcp open http syn-ack Node.js Express framework
11606| vulscan: VulDB - https://vuldb.com:
11607| [105127] Express Web Framework up to 3.10/4.4 on Node.js 400 Level Response Content-Type Header cross site scripting
11608| [119217] protobufjs on Node.js proto File Regular Expression denial of service
11609| [119216] sshpk on Node.js Public Key Regular Expression denial of service
11610| [119105] mime Module on Node.js Regular Expression denial of service
11611| [119104] Debug Module on Node.js Regular Expression denial of service
11612| [119103] method-override on Node.js Regular Expression denial of service
11613| [119086] Fresh on Node.js Regular Expression Loop denial of service
11614| [119085] forwarded on Node.js Regular Expression Loop denial of service
11615| [119084] slug on Node.js Regular Expression Loop denial of service
11616| [119083] string on Node.js Regular Expression denial of service
11617| [119082] timespan on Node.js Regular Expression Loop denial of service
11618| [119081] marked on Node.js Regular Expression denial of service
11619| [119080] parsejson on Node.js Regular Expression denial of service
11620| [119079] Content module on Node.js Regular Expression denial of service
11621| [119067] no-case on Node.js Regular Expression Loop denial of service
11622| [119066] charset up to 1.0.0 on Node.js DHTTP_MAX_HEADER_SIZE Regular Expression denial of service
11623| [119055] ua-parser on Node.js Regular Expression denial of service
11624| [118919] Useragent up to 2.1.12 on Node.js Regular Expression Loop denial of service
11625| [118913] Decamelize 1.1.0/1.1.1 on Node.js Regular Expression denial of service
11626| [118440] galenframework-cli up to 2.3.0 on Node.js weak encryption
11627| [118425] Minimatch up to 3.0.1 on Node.js Regular Expression minimatch denial of service
11628| [118424] negotiator up to 0.6.0 on Node.js Regular Expression denial of service
11629| [118408] jshamcrest on Node.js Regular Expression denial of service
11630| [118407] jadedown on Node.js Regular Expression denial of service
11631| [118404] ansi2html on Node.js Regular Expression denial of service
11632| [117635] Spring Framework up to 4.3.16/5.0.5 STOMP Regular Expression denial of service
11633| [114051] Anton Myshenin aws-lambda-multipart-parser NPM Package up to 0.1.1 node.js Regular Expression denial of service
11634| [114050] Moment Module up to 2.19.2 on Node.js Regular Expression denial of service
11635| [114047] ssri Module up to 5.2.1 on Node.js Regular Expression Base64 String denial of service
11636| [107424] Tough-Cookie Module up to 2.3.2 on Node.js Regular Expression CPU Exhaustion denial of service
11637|
11638| MITRE CVE - https://cve.mitre.org:
11639| [CVE-2011-2730] VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag
11640| [CVE-2011-1484] jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application.
11641| [CVE-2011-1271] The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, and 4.0, when IsJITOptimizerDisabled is false, does not properly handle expressions related to null strings, which allows context-dependent attackers to bypass intended access restrictions, and consequently execute arbitrary code, in opportunistic circumstances by leveraging a crafted application, as demonstrated by (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework JIT Optimization Vulnerability."
11642| [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
11643| [CVE-2006-7192] Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.
11644| [CVE-2013-4946] Multiple cross-site scripting (XSS) vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to inject arbitrary web script or HTML via the (1) SelTab parameter to QV_admin.aspx, the (2) CallBack parameter to QV_grid.aspx, or the (3) HelpPage parameter to commonhelp.aspx.
11645| [CVE-2013-4945] Multiple SQL injection vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to execute arbitrary SQL commands via the (1) ASPSESSIONIDASSRATTQ, (2) TABLE_WIDGET_1, (3) TABLE_WIDGET_2, (4) browserDateTimeInfo, or (5) browserNumberInfo cookie parameter to DashBoardGUI.aspx
11646| [CVE-2013-4660] The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation.
11647| [CVE-2013-3824] Unspecified vulnerability in the Oracle Agile Collaboration Framework component in Oracle Supply Chain Products Suite 9.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Manufacturing/Mfg Parts.
11648| [CVE-2013-3823] Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.
11649| [CVE-2013-3822] Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1 allows remote attackers to affect integrity via unknown vectors related to Web Client (CS).
11650| [CVE-2013-3791] Unspecified vulnerability in Enterprise Manager (EM) Base Platform 10.2.0.5 and EM DB Control 11.1.0.7 in Oracle Enterprise Manager Grid Control allows remote attackers to affect integrity via unknown vectors related to User Interface Framework.
11651| [CVE-2013-3753] Unspecified vulnerability in Oracle Solaris 11 allows remote attackers to affect availability via vectors related to Kernel/STREAMS framework.
11652| [CVE-2013-3444] The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1
11653| [CVE-2013-3443] The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 in a Central Manager (CM) configuration allows remote attackers to execute arbitrary code via a crafted POST request, aka Bug ID CSCuh26626.
11654| [CVE-2013-3438] The web framework in the server in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to bypass intended access restrictions and read unspecified web pages via crafted parameters, aka Bug ID CSCuh86385.
11655| [CVE-2013-3420] Cross-site request forgery (CSRF) vulnerability in the web framework on the Cisco Identity Services Engine (ISE) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh25506.
11656| [CVE-2013-3416] Cross-site scripting (XSS) vulnerability in the web framework in the unified-communications management implementation in Cisco Unified Operations Manager and Unified Service Monitor allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuh47574 and CSCuh95997.
11657| [CVE-2013-3398] The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance provides different responses to requests for arbitrary pathnames depending on whether the pathname exists, which allows remote attackers to enumerate directories and files via a series of crafted requests, aka Bug ID CSCuh64574.
11658| [CVE-2013-3396] Cross-site scripting (XSS) vulnerability in the web framework in Cisco Content Security Management on Security Management Appliance (SMA) devices allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh24749.
11659| [CVE-2013-3395] Cross-site request forgery (CSRF) vulnerability in the web framework on Cisco IronPort Web Security Appliance (WSA) devices, Email Security Appliance (ESA) devices, and Content Security Management Appliance (SMA) devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuh70263, CSCuh70323, and CSCuh26634.
11660| [CVE-2013-3386] The IronPort Spam Quarantine (ISQ) component in the web framework in IronPort AsyncOS on Cisco Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019 and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (service crash or hang) via a high rate of TCP connection attempts, aka Bug IDs CSCzv25573 and CSCzv81712.
11661| [CVE-2013-3385] The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602
11662| [CVE-2013-3384] The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550
11663| [CVE-2013-3383] The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL sent over IPv4, aka Bug ID CSCzv69294.
11664| [CVE-2013-3171] The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability."
11665| [CVE-2013-3134] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework application that changes array data, aka "Array Allocation Vulnerability."
11666| [CVE-2013-3133] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Anonymous Method Injection Vulnerability."
11667| [CVE-2013-3132] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Delegate Reflection Bypass Vulnerability."
11668| [CVE-2013-3131] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability."
11669| [CVE-2013-3129] Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5
11670| [CVE-2013-2494] libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266.
11671| [CVE-2013-2398] Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Open UI Client.
11672| [CVE-2013-2266] libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.
11673| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
11674| [CVE-2013-2165] ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data.
11675| [CVE-2013-1842] SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values."
11676| [CVE-2013-1543] Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Open UI Client.
11677| [CVE-2013-1519] Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.1 allows remote attackers to affect integrity via unknown vectors.
11678| [CVE-2013-1510] Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Portal Framework.
11679| [CVE-2013-1337] Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka "Authentication Bypass Vulnerability."
11680| [CVE-2013-1336] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability."
11681| [CVE-2013-1242] Memory leak in the web framework in the server in Cisco Unified Presence (CUP) allows remote attackers to cause a denial of service (memory consumption) via malformed TCP packets, aka Bug ID CSCug38080.
11682| [CVE-2013-1227] Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCug37902.
11683| [CVE-2013-1214] The scripts editor in Cisco Unified Contact Center Express (aka Unified CCX) does not properly manage privileges for anonymous logins, which allows remote attackers to read arbitrary scripts by visiting the scripts repository directory, aka Bug ID CSCuf77546.
11684| [CVE-2013-1120] Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910.
11685| [CVE-2013-1114] Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527.
11686| [CVE-2013-1093] Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the directToPage parameter.
11687| [CVE-2013-0934] EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and modify global reports via unspecified vectors.
11688| [CVE-2013-0933] Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
11689| [CVE-2013-0932] EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and upload arbitrary files via unspecified vectors.
11690| [CVE-2013-0407] Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/DTrace Framework.
11691| [CVE-2013-0397] Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Diagnostics.
11692| [CVE-2013-0390] Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Bookmarkable Pages.
11693| [CVE-2013-0381] Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Application Framework.
11694| [CVE-2013-0376] Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Diagnostics.
11695| [CVE-2013-0370] Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.
11696| [CVE-2013-0354] Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5, and EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3, allows remote attackers to affect integrity via unknown vectors related to Policy Framework.
11697| [CVE-2013-0242] Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.
11698| [CVE-2013-0073] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability."
11699| [CVE-2013-0005] The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."
11700| [CVE-2013-0004] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."
11701| [CVE-2013-0003] Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability."
11702| [CVE-2013-0002] Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."
11703| [CVE-2013-0001] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability."
11704| [CVE-2012-6532] (1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack.
11705| [CVE-2012-6531] (1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack, a different vulnerability than CVE-2012-3363.
11706| [CVE-2012-6528] Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) themes/default/tile_search/index.tmpl.php, (2) login.php, (3) search.php, (4) password_reminder.php, (5) login.php/jscripts/infusion, (6) login.php/mods/_standard/flowplayer, (7) browse.php/jscripts/infusion/framework/fss, (8) registration.php/themes/default/ie_styles.css, (9) about.php, or (10) themes/default/social/basic_profile.tmpl.php.
11707| [CVE-2012-6109] lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.
11708| [CVE-2012-5795] The PayPal Express module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
11709| [CVE-2012-5657] The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack.
11710| [CVE-2012-5382] ** DISPUTED ** Untrusted search path vulnerability in the installation functionality in Zend Server 5.6.0 SP4, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Zend\ZendServer\share\ZendFramework\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the choice of C:\ (and the resulting unsafe PATH) is established by an administrative action that is not a default part of the Zend Server installation.
11711| [CVE-2012-5223] The proc_deutf function in includes/functions_vbseocp_abstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the char_repl parameter, which is inserted into a regular expression that is processed by the preg_replace function with the eval switch.
11712| [CVE-2012-5109] The International Components for Unicode (ICU) functionality in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a regular expression.
11713| [CVE-2012-5062] Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect integrity via unknown vectors related to User Interface Framework.
11714| [CVE-2012-4934] TomatoCart 1.1.7, when the PayPal Express Checkout module is enabled in sandbox mode, allows remote authenticated users to bypass intended payment requirements by modifying a certain redirection URL.
11715| [CVE-2012-4855] Unspecified vulnerability in the web services framework in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to cause a denial of service (login outage) via unknown vectors.
11716| [CVE-2012-4832] Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 and InfoSphere Business Glossary 8.1.1 and 8.1.2 does not have an off autocomplete attribute for the password field on the login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
11717| [CVE-2012-4816] IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows remote attackers to bypass intended Env Gen Wizard (aka Environment Generation Wizard) access restrictions by visiting context roots in HTTP sessions on port 8080.
11718| [CVE-2012-4777] The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "WPF Reflection Optimization Vulnerability."
11719| [CVE-2012-4776] The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability."
11720| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
11721| [CVE-2012-4281] Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id parameter to pages.php, (4) fid parameter to admin/airline-edit.php, or (5) cid parameter to admin/customer-edit.php.
11722| [CVE-2012-4028] Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication.
11723| [CVE-2012-4027] Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file.
11724| [CVE-2012-3551] Cross-site scripting (XSS) vulnerability in crowbar_framework/app/views/support/index.html.haml in the Crowbar barclamp in Crowbar, possibly 1.4 and earlier, allows remote attackers to inject arbitrary web script or HTML via the file parameter to /utils.
11725| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
11726| [CVE-2012-3363] Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.
11727| [CVE-2012-3298] Unspecified vulnerability in the REST services framework in IBM WebSphere Commerce 7.0 Feature Pack 4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.
11728| [CVE-2012-3230] Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Portal Framework.
11729| [CVE-2012-3229] Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Siebel Documentation.
11730| [CVE-2012-3200] Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote authenticated users to affect confidentiality, related to ROLESPRV.
11731| [CVE-2012-3162] Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows local users to affect confidentiality, related to MDS loading.
11732| [CVE-2012-3161] Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote attackers to affect integrity via unknown vectors related to Web Client (CS).
11733| [CVE-2012-3154] Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.0 allows remote authenticated users to affect confidentiality, related to ATTACH.
11734| [CVE-2012-3025] The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive information by sniffing the network.
11735| [CVE-2012-3024] Tridium Niagara AX Framework through 3.6 uses predictable values for (1) session IDs and (2) keys, which might allow remote attackers to bypass authentication via a brute-force attack.
11736| [CVE-2012-2939] Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) airline-edit.php, (2) hotel-image-add.php, or (3) hotel-add.php.
11737| [CVE-2012-2938] Multiple cross-site scripting (XSS) vulnerabilities in Travelon Express 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the holiday name field to (1) holiday_add.php or (2) holiday_view.php.
11738| [CVE-2012-2870] libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c.
11739| [CVE-2012-2585] Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, or (4) a crafted SRC attribute of an IFRAME element, or an e-mail message subject with (5) a SCRIPT element, (6) a CSS expression property in the STYLE attribute of an arbitrary element, (7) a crafted SRC attribute of an IFRAME element, (8) a crafted CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (9) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element.
11740| [CVE-2012-2584] Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon Free 12.5.4 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) the Cascading Style Sheets (CSS) expression property in conjunction with a CSS comment within the STYLE attribute of an IMG element, (2) the CSS expression property in conjunction with multiple CSS comments within the STYLE attribute of an arbitrary element, or (3) an innerHTML attribute within an XML document.
11741| [CVE-2012-2582] Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element.
11742| [CVE-2012-2578] Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a JavaScript alert function used in conjunction with the fromCharCode method, (2) a SCRIPT element, (3) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element, or (4) an innerHTML attribute within an XML document.
11743| [CVE-2012-2573] Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, (4) an ONLOAD attribute of a BODY element, (5) a crafted SRC attribute of an IFRAME element, (6) a crafted CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (7) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element.
11744| [CVE-2012-2571] Multiple cross-site scripting (XSS) vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, (4) a crafted SRC attribute of an IFRAME element, or (5) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element.
11745| [CVE-2012-2519] Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."
11746| [CVE-2012-2330] The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information (request header contents) and possibly spoof HTTP headers via a zero length string.
11747| [CVE-2012-2294] EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page.
11748| [CVE-2012-2293] Directory traversal vulnerability in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allows remote authenticated users to upload files, and consequently execute arbitrary code, via a relative path.
11749| [CVE-2012-2292] The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 does not restrict access to the Archer application, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
11750| [CVE-2012-1896] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability."
11751| [CVE-2012-1895] The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability."
11752| [CVE-2012-1855] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability."
11753| [CVE-2012-1761] Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to UI Framework.
11754| [CVE-2012-1760] Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to UI Framework.
11755| [CVE-2012-1754] Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Framework.
11756| [CVE-2012-1742] Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to UI Framework.
11757| [CVE-2012-1740] Unspecified vulnerability in the Oracle Application Express Listener component in Oracle Application Express Listener 1.1-ea, 1.1.1, 1.1.2, and 1.1.3 allows remote attackers to affect confidentiality via unknown vectors.
11758| [CVE-2012-1732] Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Framework.
11759| [CVE-2012-1728] Unspecified vulnerability in the Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Portal Framework.
11760| [CVE-2012-1708] Unspecified vulnerability in the Application Express component in Oracle Database Server 4.0 and 4.1 allows remote attackers to affect integrity via unknown vectors.
11761| [CVE-2012-1700] Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Siebel UI Framework.
11762| [CVE-2012-1605] The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument."
11763| [CVE-2012-1314] The WAAS Express feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit traffic, aka Bug ID CSCtt45381.
11764| [CVE-2012-1247] Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and earlier, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML by leveraging support for Cascading Style Sheets (CSS) expressions.
11765| [CVE-2012-1064] Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
11766| [CVE-2012-0936] Cross-site scripting (XSS) vulnerability in web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java in OpenNMS 1.8.x before 1.8.17, 1.9.93 and earlier, and 1.10.x before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via the Username field, related to login.
11767| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
11768| [CVE-2012-0712] The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression.
11769| [CVE-2012-0703] Open redirect vulnerability in Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
11770| [CVE-2012-0702] Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly determine authorization, which allows remote authenticated users to gain privileges via unspecified vectors.
11771| [CVE-2012-0662] Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input.
11772| [CVE-2012-0656] Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before 10.7.4, when the Guest account is enabled, allows physically proximate attackers to login to arbitrary accounts by entering the account name and no password.
11773| [CVE-2012-0528] Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, and 11.1.0.7, and Oracle Enterprise Manager Grid Control, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security Framework.
11774| [CVE-2012-0520] Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2, and in Oracle Enterprise Manager Grid Control 10.2.0.5 and 11.1.0.1, allows remote attackers to affect integrity via unknown vectors related to Security Framework.
11775| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
11776| [CVE-2012-0215] model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) write, (3) delete, or (4) copy rpc call.
11777| [CVE-2012-0199] Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allow remote attackers to execute arbitrary SQL commands via (1) a SOAP message to the Printer.getPrinterAgentKey function in the SoapServlet servlet, (2) the User.updateUserValue function in the register.do servlet, (3) the User.isExistingUser function in the logon.do servlet, (4) the Asset.getHWKey function in the CallHomeExec servlet, (5) the Asset.getMimeType function in the getAttachment (aka GetAttachmentServlet) servlet, (6) the addAsset.do servlet, or (7) a crafted EG2 file.
11778| [CVE-2012-0198] Stack-based buffer overflow in the RunAndUploadFile method in the Isig.isigCtl.1 ActiveX control in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allows remote attackers to execute arbitrary code via vectors related to an Asset Information file.
11779| [CVE-2012-0164] Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service (application hang) via crafted requests to a Windows Presentation Foundation (WPF) application, aka ".NET Framework Index Comparison Vulnerability."
11780| [CVE-2012-0163] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."
11781| [CVE-2012-0162] Microsoft .NET Framework 4 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Buffer Allocation Vulnerability."
11782| [CVE-2012-0161] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
11783| [CVE-2012-0160] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
11784| [CVE-2012-0124] Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors.
11785| [CVE-2012-0123] Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1498.
11786| [CVE-2012-0122] Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1393.
11787| [CVE-2012-0121] Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1392.
11788| [CVE-2012-0109] Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality and availability, related to TCP/IP.
11789| [CVE-2012-0103] Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to Kernel.
11790| [CVE-2012-0100] Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kerberos.
11791| [CVE-2012-0099] Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to sshd.
11792| [CVE-2012-0098] Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel.
11793| [CVE-2012-0097] Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect confidentiality via unknown vectors related to ksh93 Shell.
11794| [CVE-2012-0096] Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Network.
11795| [CVE-2012-0094] Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability, related to TCP/IP.
11796| [CVE-2012-0035] Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.
11797| [CVE-2012-0016] Untrusted search path vulnerability in Microsoft Expression Design
11798| [CVE-2012-0015] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability."
11799| [CVE-2012-0014] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."
11800| [CVE-2011-5174] Buffer overflow in Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules (ACM) in Intel Q67 Express, C202, C204, C206 Chipsets, and Mobile Intel QM67, and QS67 Chipset before 2nd_gen_i5_i7_SINIT_51.BIN Express
11801| [CVE-2011-5037] Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, as demonstrated by attacks against Node.js.
11802| [CVE-2011-5021] PHPIDS before 0.7 does not properly implement Regular Expression Denial of Service (ReDoS) filters, which allows remote attackers to bypass rulesets and add PHP sequences to a file via unspecified vectors.
11803| [CVE-2011-4539] dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.
11804| [CVE-2011-4314] message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.
11805| [CVE-2011-4061] Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH ELF header.
11806| [CVE-2011-3979] Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/theme_admin_setasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the setasdefault action to index.php.
11807| [CVE-2011-3874] Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand method with the wrong number of arguments, as demonstrated by zergRush to trigger a use-after-free error.
11808| [CVE-2011-3825] Zend Framework 1.11.3 in Zend Server CE 5.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Validate.php and certain other files.
11809| [CVE-2011-3734] Energine 2.3.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by core/framework/SimpleBuilder.class.php and certain other files.
11810| [CVE-2011-3543] Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to iSCSI DataMover (IDM).
11811| [CVE-2011-3542] Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to Kernel/Performance Counter BackEnd Module (pcbe).
11812| [CVE-2011-3539] Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to Zones.
11813| [CVE-2011-3537] Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel/Filesystem.
11814| [CVE-2011-3535] Unspecified vulnerability in the Solaris component in Oracle Sun Products Suite 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Remote Quota Server (rquotad).
11815| [CVE-2011-3534] Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Network Status Monitor (statd).
11816| [CVE-2011-3525] Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2 and 4.0 allows remote authenticated users to affect confidentiality, integrity, and availability, related to APEX developer user.
11817| [CVE-2011-3519] Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.2 and 12.1.3 allows remote authenticated users to affect confidentiality, related to REST Services.
11818| [CVE-2011-3515] Unspecified vulnerability in the Oracle Solaris 10 and 11 Express allows local users to affect integrity and availability via unknown vectors related to Process File System (procfs).
11819| [CVE-2011-3508] Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect confidentiality, integrity, and availability, related to LDAP library.
11820| [CVE-2011-3417] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."
11821| [CVE-2011-3416] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."
11822| [CVE-2011-3415] Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."
11823| [CVE-2011-3414] The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."
11824| [CVE-2011-3315] Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049.
11825| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
11826| [CVE-2011-2998] Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression.
11827| [CVE-2011-2894] Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.
11828| [CVE-2011-2821] Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.
11829| [CVE-2011-2728] The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.
11830| [CVE-2011-2605] CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.
11831| [CVE-2011-2583] Cisco Unified Contact Center Express (aka CCX) 8.0 and 8.5 allows remote attackers to cause a denial of service via network traffic, as demonstrated by an SEC-BE-STABLE test case, aka Bug ID CSCth33834.
11832| [CVE-2011-2564] Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth19417.
11833| [CVE-2011-2563] Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth26669.
11834| [CVE-2011-2507] libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array.
11835| [CVE-2011-2477] Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in Icinga before 1.4.1, when escape_html_tags is disabled, allow remote attackers to inject arbitrary web script or HTML via a JavaScript expression, as demonstrated by the onload attribute of a BODY element located after a check-host-alive! sequence, a different vulnerability than CVE-2011-2179.
11836| [CVE-2011-2330] Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 has an unspecified "built-in account" that is "trivially" accessed, which makes it easier for remote attackers to send requests to restricted pages via a session on TCP port 9495, a different vulnerability than CVE-2011-1220.
11837| [CVE-2011-2298] Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote attackers to affect availability, related to KSSL.
11838| [CVE-2011-2296] Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability, related to Kernel/SCTP.
11839| [CVE-2011-2295] Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability, related to Driver/USB.
11840| [CVE-2011-2294] Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote attackers to affect availability, related to SSH.
11841| [CVE-2011-2293] Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to Zones.
11842| [CVE-2011-2292] Unspecified vulnerability in Oracle Solaris 9 and 11 Express allows local users to affect confidentiality and integrity via unknown vectors related to xscreensaver.
11843| [CVE-2011-2290] Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel/sockfs.
11844| [CVE-2011-2287] Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to fingerd.
11845| [CVE-2011-2286] Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote authenticated users to affect availability, related to ZFS.
11846| [CVE-2011-2259] Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability, related to UFS.
11847| [CVE-2011-2258] Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to rksh.
11848| [CVE-2011-2244] Unspecified vulnerability in the Security Framework component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2
11849| [CVE-2011-2196] jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0
11850| [CVE-2011-1978] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability."
11851| [CVE-2011-1977] The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Control for Microsoft .NET Framework 3.5 SP1, do not properly verify functions in URIs, which allows remote attackers to read arbitrary files via special characters in a URI in an HTTP request, aka "Chart Control Information Disclosure Vulnerability."
11852| [CVE-2011-1951] lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global flag is set and when using PCRE 8.12 and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via a message that does not match a regular expression.
11853| [CVE-2011-1944] Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.
11854| [CVE-2011-1813] Google Chrome before 12.0.742.91 does not properly implement the framework for extensions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
11855| [CVE-2011-1781] SystemTap 1.4, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs stack unwinding (aka backtracing).
11856| [CVE-2011-1769] SystemTap 1.4 and earlier, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs context variable access.
11857| [CVE-2011-1715] Directory traversal vulnerability in framework/source/resource/qx/test/part/delay.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to read arbitrary files via ..%2f (encoded dot dot) sequences in the file parameter.
11858| [CVE-2011-1714] Cross-site scripting (XSS) vulnerability in framework/source/resource/qx/test/jsonp_primitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter.
11859| [CVE-2011-1710] Multiple integer overflows in the HTTP server in the Novell XTier framework 3.1.8 allow remote attackers to cause a denial of service (service crash) or possibly execute arbitrary code via crafted header length variables.
11860| [CVE-2011-1367] Unspecified vulnerability in the File Load feature in IBM Rational AppScan Standard and Express 7.8.x, 7.9.x, and 8.0.x before 8.0.0.3 allows remote attackers to execute arbitrary commands via a crafted .scan file.
11861| [CVE-2011-1320] The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server (TIP/eWAS) framework is used, does not properly delete AuthCache entries upon a logout, which might allow remote attackers to access the server by leveraging an unattended workstation.
11862| [CVE-2011-1285] The regular-expression functionality in Google Chrome before 10.0.648.127 does not properly implement reentrancy, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
11863| [CVE-2011-1253] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability."
11864| [CVE-2011-1220] Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 allows remote authenticated users to execute arbitrary code via a long opts field.
11865| [CVE-2011-1056] The installer for Metasploit Framework 3.5.1, when running on Windows, uses weak inherited permissions for the Metasploit installation directory, which allows local users to gain privileges by replacing critical files with a Trojan horse.
11866| [CVE-2011-0848] Unspecified vulnerability in the Security Framework component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2
11867| [CVE-2011-0841] Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to TCP/IP.
11868| [CVE-2011-0839] Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect availability, related to LOFS.
11869| [CVE-2011-0829] Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability, related to Kernel/SPARC.
11870| [CVE-2011-0820] Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Kernel.
11871| [CVE-2011-0813] Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel.
11872| [CVE-2011-0812] Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel.
11873| [CVE-2011-0801] Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect confidentiality and integrity via unknown vectors related to cp.
11874| [CVE-2011-0800] Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration Utilities.
11875| [CVE-2011-0762] The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.
11876| [CVE-2011-0664] Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability."
11877| [CVE-2011-0418] The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command.
11878| [CVE-2011-0384] The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug ID CSCtf01253.
11879| [CVE-2011-0383] The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug IDs CSCtf42005 and CSCtf42008.
11880| [CVE-2011-0287] Unspecified vulnerability in the BlackBerry Administration API in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 5.0.1 through 5.0.3, and BlackBerry Enterprise Server Express software 5.0.1 through 5.0.3, allows remote attackers to read text files or cause a denial of service via unknown vectors.
11881| [CVE-2011-0286] Cross-site scripting (XSS) vulnerability in webdesktop/app in the BlackBerry Web Desktop Manager component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software before 5.0.2 MR5 and 5.0.3 before MR1, and BlackBerry Enterprise Server Express software 5.0.1 and 5.0.2, allows remote attackers to inject arbitrary web script or HTML via the displayErrorMessage parameter in a ManageDevices action.
11882| [CVE-2011-0201] Off-by-one error in the CoreFoundation framework in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a CFString object that triggers a buffer overflow.
11883| [CVE-2011-0063] The _list_file_get function in lib/Majordomo.pm in Majordomo 2 20110203 and earlier allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ./.../ sequence in the "extra" parameter to the help command, which causes the regular expression to produce .. (dot dot) sequences. NOTE: this vulnerability is due to an incomplete fix for CVE-2011-0049.
11884| [CVE-2011-0006] The ima_lsm_rule_init function in security/integrity/ima/ima_policy.c in the Linux kernel before 2.6.37, when the Linux Security Modules (LSM) framework is disabled, allows local users to bypass Integrity Measurement Architecture (IMA) rules in opportunistic circumstances by leveraging an administrator's addition of an IMA rule for LSM.
11885| [CVE-2011-0001] Double free vulnerability in the iscsi_rx_handler function (usr/iscsi/iscsid.c) in the tgt daemon (tgtd) in Linux SCSI target framework (tgt) before 1.0.14, aka scsi-target-utils, allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown vectors related to a buffer overflow during iscsi login. NOTE: some of these details are obtained from third party information.
11886| [CVE-2010-5143] McAfee VirusScan Enterprise before 8.8 allows local users to disable the product by leveraging administrative privileges to execute an unspecified Metasploit Framework module.
11887| [CVE-2010-5097] Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
11888| [CVE-2010-4998] PHP remote file inclusion vulnerability in ardeaCore/lib/core/ardeaInit.php in ardeaCore PHP Framework 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the pathForArdeaCore parameter. NOTE: some of these details are obtained from third party information.
11889| [CVE-2010-4756] The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
11890| [CVE-2010-4755] The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
11891| [CVE-2010-4754] The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
11892| [CVE-2010-4687] STCAPP (aka the SCCP telephony control application) on Cisco IOS before 15.0(1)XA1 does not properly handle multiple calls to a shared line, which allows remote attackers to cause a denial of service (port hang) by simultaneously ending two calls that were controlled by CallManager Express (CME), aka Bug ID CSCtd42552.
11893| [CVE-2010-4686] CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not properly handle SIP TRUNK traffic that contains rate bursts and a "peculiar" request size, which allows remote attackers to cause a denial of service (memory consumption) by sending this traffic over a long duration, aka Bug ID CSCtb47950.
11894| [CVE-2010-4589] Cross-site scripting (XSS) vulnerability in IBM ENOVIA 6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the emxFramework.FilterParameterPattern property.
11895| [CVE-2010-4534] The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series of requests containing regular expressions, as demonstrated by a created_by__password__regex parameter.
11896| [CVE-2010-4465] Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets."
11897| [CVE-2010-4459] Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to SCTP and Kernel/sockfs.
11898| [CVE-2010-4458] Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability, related to ZFS.
11899| [CVE-2010-4457] Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to SMB and CIFS.
11900| [CVE-2010-4456] Unspecified vulnerability in Oracle Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to affect integrity via unknown vectors related to Web Mail.
11901| [CVE-2010-4446] Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to RDS and Kernel/InfiniBand.
11902| [CVE-2010-4443] Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability, related to Kernel/NFS.
11903| [CVE-2010-4442] Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to the Kernel.
11904| [CVE-2010-4440] Unspecified vulnerability in Oracle 10 and 11 Express allows local users to affect availability via unknown vectors related to the Kernel.
11905| [CVE-2010-4052] Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
11906| [CVE-2010-4051] The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
11907| [CVE-2010-4008] libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.
11908| [CVE-2010-3958] The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability."
11909| [CVE-2010-3835] MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.
11910| [CVE-2010-3694] Cross-site request forgery (CSRF) vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form.
11911| [CVE-2010-3476] Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080.
11912| [CVE-2010-3332] Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."
11913| [CVE-2010-3228] The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms does not properly perform optimizations, which allows remote attackers to execute arbitrary code via a crafted .NET application that triggers memory corruption, aka ".NET Framework x64 JIT Compiler Vulnerability."
11914| [CVE-2010-3077] Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter.
11915| [CVE-2010-3076] The filter function in php/src/include.php in Simple Management for BIND (aka smbind) before 0.4.8 does not anchor a certain regular expression, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via the username parameter to the admin login page.
11916| [CVE-2010-3008] Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 on Windows allows local users to gain privileges or cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3007.
11917| [CVE-2010-3007] Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors.
11918| [CVE-2010-2632] Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames.
11919| [CVE-2010-2604] Multiple buffer overflows in the PDF Distiller in the BlackBerry Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server 4.1.3 through 5.0.2, and Enterprise Server Express 5.0.1 and 5.0.2, allow remote attackers to execute arbitrary code via a crafted PDF file.
11920| [CVE-2010-2221] Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU.
11921| [CVE-2010-2087] Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
11922| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
11923| [CVE-2010-1942] Unspecified vulnerability in the Servlet service in Fujitsu Limited Interstage Application Server 3.0 through 7.0, as used in Interstage Application Framework Suite, Interstage Business Application Server, and Interstage List Manager, allows attackers to obtain sensitive information or force invalid requests to be processed via unknown vectors related to unspecified invalid requests and settings on the load balancing device.
11924| [CVE-2010-1941] Unspecified vulnerability in NEC WebSAM DeploymentManager 5.13 and earlier, as used in SigmaSystemCenter 2.1 Update2 and earlier, BladeSystemCenter, ExpressSystemCenter, and VirtualPCCenter 2.2 and earlier, allows remote attackers to cause a denial of service (OS shutdown or restart) via unknown vectors related to Client Service for DPM and crafted packets to port 56010.
11925| [CVE-2010-1898] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability."
11926| [CVE-2010-1871] JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.
11927| [CVE-2010-1870] The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the "#" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.
11928| [CVE-2010-1804] Unspecified vulnerability in the network bridge functionality on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 allows remote attackers to cause a denial of service (networking outage) via a crafted DHCP reply.
11929| [CVE-2010-1732] Cross-site request forgery (CSRF) vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address (updateemail action).
11930| [CVE-2010-1724] Multiple cross-site scripting (XSS) vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) func parameter to index.php, or the (2) lang parameter to index.php, which is not properly handled by ZLanguage.php.
11931| [CVE-2010-1622] SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.
11932| [CVE-2010-1583] SQL injection vulnerability in the loadByKey function in the TznDbConnection class in tzn_mysql.php in Tirzen (aka TZN) Framework 1.5, as used in TaskFreak! before 0.6.3, allows remote attackers to execute arbitrary SQL commands via the username field in a login action.
11933| [CVE-2010-1571] Directory traversal vulnerability in the bootstrap service in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), unspecified 6.0 versions, and 5.0 before 5.0(2)SR3 allows remote attackers to read arbitrary files via a crafted bootstrap message to TCP port 6295.
11934| [CVE-2010-1570] The computer telephony integration (CTI) server component in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), 6.0 before 6.0(1)SR1, and 5.0 before 5.0(2)SR3 allows remote attackers to cause a denial of service (CTI server and Node Manager failure) via a malformed CTI message.
11935| [CVE-2010-1330] The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.
11936| [CVE-2010-1227] Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site request forgery (CSRF) attack involving the cmd and argv parameters to cmd.msc.
11937| [CVE-2010-1158] Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.
11938| [CVE-2010-0962] The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT command.
11939| [CVE-2010-0912] Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect integrity via unknown vectors.
11940| [CVE-2010-0909] Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote authenticated users to affect confidentiality via unknown vectors.
11941| [CVE-2010-0908] Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
11942| [CVE-2010-0892] Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2.0.00.27 allows remote attackers to affect integrity via unknown vectors.
11943| [CVE-2010-0885] Unspecified vulnerability in the Sun Java System Communications Express component in Oracle Sun Product Suite 6 2005Q4 (6.2) and and 6.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Address Book.
11944| [CVE-2010-0816] Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1
11945| [CVE-2010-0743] Multiple format string vulnerabilities in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and earlier and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16 allow remote attackers to cause a denial of service (tgtd daemon crash) or possibly have unspecified other impact via vectors that involve the isns_attr_query and qry_rsp_handle functions, and are related to (a) client appearance and (b) client disappearance messages.
11946| [CVE-2010-0600] Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not properly restrict network access to an unspecified configuration file, which allows remote attackers to read passwords and unspecified other account details via a (1) XML RPC or (2) XML RPC over HTTPS session, aka Bug ID CSCtb83512.
11947| [CVE-2010-0599] Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt XML RPC sessions from operator workstations, which allows remote attackers to discover Administrator credentials by sniffing the network, aka Bug ID CSCtb83505.
11948| [CVE-2010-0598] Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt HTTP sessions from operator workstations, which allows remote attackers to discover Administrator credentials by sniffing the network, aka Bug ID CSCtb83631.
11949| [CVE-2010-0597] Unspecified vulnerability in Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 allows remote authenticated users to read or modify the device configuration, and gain privileges or cause a denial of service (device reload), via a (1) XML RPC or (2) XML RPC over HTTPS request, aka Bug ID CSCtb83618.
11950| [CVE-2010-0596] Unspecified vulnerability in Cisco Mediator Framework 2.2 before 2.2.1.dev.1 and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 allows remote authenticated users to read or modify the device configuration, and gain privileges, via a (1) HTTP or (2) HTTPS request, aka Bug ID CSCtb83607.
11951| [CVE-2010-0595] Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 has a default password for the administrative user account and unspecified other accounts, which makes it easier for remote attackers to obtain privileged access, aka Bug ID CSCtb83495.
11952| [CVE-2010-0586] Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug ID CSCsz49741, the "SCCP Request Handling Denial of Service Vulnerability."
11953| [CVE-2010-0585] Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed Skinny Client Control Protocol (SCCP) message, aka Bug ID CSCsz48614, the "SCCP Packet Processing Denial of Service Vulnerability."
11954| [CVE-2010-0557] IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials.
11955| [CVE-2010-0132] Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re input," a different vulnerability than CVE-2010-0736.
11956| [CVE-2010-0076] Unspecified vulnerability in the Application Express Application Builder component in Oracle Database 3.2.1.00.10 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
11957| [CVE-2010-0039] The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the device's IP address for arbitrary intranet TCP traffic by leveraging write access to an intranet FTP server.
11958| [CVE-2010-0019] Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability."
11959| [CVE-2010-0007] net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restrictions and configure arbitrary network-traffic filtering via a modified ebtables application.
11960| [CVE-2009-5040] CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote authenticated users to cause a denial of service (device crash) by using an extension mobility (EM) phone to interact with the menu for SNR number changes, aka Bug ID CSCta63555.
11961| [CVE-2009-4666] Multiple PHP remote file inclusion vulnerabilities in Webradev Download Protect 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[RootPath] parameter to (1) Framework/EmailTemplates.class.php, (2) Customers/PDPEmailReplaceConstants.class.php, and (3) Admin/ResellersManager.class.php in includes/DProtect/.
11962| [CVE-2009-4419] Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the SINIT Authenticated Code Module (ACM), which allows local users to bypass the Trusted Execution Technology protection mechanism and gain privileges by modifying the MCHBAR register to point to an attacker-controlled region, which prevents the SENTER instruction from properly applying VT-d protection while an MLE is being loaded.
11963| [CVE-2009-4417] The shutdown function in the Zend_Log_Writer_Mail class in Zend Framework (ZF) allows context-dependent attackers to send arbitrary e-mail messages to any recipient address via vectors related to "events not yet mailed."
11964| [CVE-2009-4363] Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via data:text/html values for the HREF attribute of an A element in an HTML e-mail message. NOTE: the vendor states that the issue is caused by "an XSS vulnerability in Firefox browsers."
11965| [CVE-2009-4261] Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0~rc2 allow (1) remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API (RAPI) and allow (2) local users to execute arbitrary programs and gain privileges via a crafted external script name supplied through a gnt-* command, related to "path sanitization errors."
11966| [CVE-2009-3853] Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, allows remote attackers to execute arbitrary code via crafted data in a TCP packet.
11967| [CVE-2009-3701] Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) phpshell.php, (2) cmdshell.php, or (3) sqlshell.php in admin/, related to the PHP_SELF variable.
11968| [CVE-2009-3695] Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of backtracking in a regular expression.
11969| [CVE-2009-3626] Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match.
11970| [CVE-2009-3402] Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote authenticated users to affect confidentiality via unknown vectors.
11971| [CVE-2009-3372] Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.
11972| [CVE-2009-3277] DataVault.Tesla/Impl/TypeSystem/AssociationHelper.cs in datavault allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of an [ (open bracket) followed by many commas, related to a certain regular expression, aka a "ReDoS" vulnerability.
11973| [CVE-2009-3276] Zoran/WinFormsAdvansed/RegeularDataToXML/Form1.cs in WinFormsAdvansed in NASD CORE.NET Terelik (aka corenet1) allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of many alphabetic characters followed by a ! (exclamation point), related to a certain regular expression, aka a "ReDoS" vulnerability.
11974| [CVE-2009-3275] Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs in Microsoft patterns & practices Enterprise Library (aka EntLib) allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of many \ (backslash) characters followed by a " (double quote), related to a certain regular expression, aka a "ReDoS" vulnerability.
11975| [CVE-2009-3237] Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5
11976| [CVE-2009-3236] The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5
11977| [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
11978| [CVE-2009-3033] Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument.
11979| [CVE-2009-3031] Stack-based buffer overflow in the BrowseAndSaveFile method in the Altiris eXpress NS ConsoleUtilities ActiveX control 6.0.0.1846 in AeXNSConsoleUtilities.dll in Symantec Altiris Notification Server (NS) 6.0 before R12, Deployment Server 6.8 and 6.9 in Symantec Altiris Deployment Solution 6.9 SP3, and Symantec Management Platform (SMP) 7.0 before SP3 allows remote attackers to execute arbitrary code via a long string in the second argument.
11980| [CVE-2009-3030] Cross-site scripting (XSS) vulnerability in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote attackers to inject arbitrary web script or HTML via vectors that trigger an error message in a response, related to an "HTML Injection issue."
11981| [CVE-2009-3029] Cross-site scripting (XSS) vulnerability in the console in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote authenticated users to inject arbitrary web script or HTML via "external client input" that triggers crafted error messages.
11982| [CVE-2009-3028] The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method.
11983| [CVE-2009-2911] SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to (1) cause a denial of service or gain privileges via a print operation with a large number of arguments that trigger a kernel stack overflow, (2) cause a denial of service via crafted DWARF expressions that trigger a kernel stack frame overflow, or (3) cause a denial of service (infinite loop) via vectors that trigger creation of large unwind tables, related to Common Information Entry (CIE) and Call Frame Instruction (CFI) records.
11984| [CVE-2009-2873] Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Express Forwarding feature are enabled, allows remote attackers to cause a denial of service (device reload) via malformed packets, aka Bug ID CSCsx70889.
11985| [CVE-2009-2872] Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco Express Forwarding feature are enabled, allows remote attackers to cause a denial of service (device reload) via a malformed packet that is not properly handled during switching from one tunnel to a second tunnel, aka Bug IDs CSCsh97579 and CSCsq31776.
11986| [CVE-2009-2865] Buffer overflow in the login implementation in the Extension Mobility feature in the Unified Communications Manager Express (CME) component in Cisco IOS 12.4XW, 12.4XY, 12.4XZ, and 12.4YA allows remote attackers to execute arbitrary code or cause a denial of service via crafted HTTP requests, aka Bug ID CSCsq58779.
11987| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
11988| [CVE-2009-2555] Heap-based buffer overflow in src/jsregexp.cc in Google V8 before 1.1.10.14, as used in Google Chrome before 2.0.172.37, allows remote attackers to execute arbitrary code in the Chrome sandbox via a crafted JavaScript regular expression.
11989| [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
11990| [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
11991| [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
11992| [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
11993| [CVE-2009-2497] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability."
11994| [CVE-2009-2416] Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.
11995| [CVE-2009-2414] Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.
11996| [CVE-2009-2404] Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.
11997| [CVE-2009-2189] The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 does not limit the rate of (1) Router Advertisement and (2) Neighbor Discovery packets, which allows remote attackers to cause a denial of service (resource consumption and device restart) by sending many packets.
11998| [CVE-2009-2048] Cross-site scripting (XSS) vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to inject arbitrary web script or HTML into the CCX database via unspecified vectors.
11999| [CVE-2009-2047] Directory traversal vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to read, modify, or delete arbitrary files via unspecified vectors.
12000| [CVE-2009-1993] Unspecified vulnerability in the Application Express component in Oracle Database 3.0.1 allows remote authenticated users to affect confidentiality and integrity, related to FLOWS_030000.WWV_EXECUTE_IMMEDIATE.
12001| [CVE-2009-1982] Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2 and 12.0.6 allows remote attackers to affect integrity via unknown vectors.
12002| [CVE-2009-1896] The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed jar files is trusted, which allows context-dependent attackers to execute arbitrary code without the untrusted-code restrictions via a crafted application, related to NetX.
12003| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
12004| [CVE-2009-1879] Cross-site scripting (XSS) vulnerability in index.template.html in the express-install templates in the SDK in Adobe Flex before 3.4, when the installed Flash version is older than a specified requiredMajorVersion value, allows remote attackers to inject arbitrary web script or HTML via the query string.
12005| [CVE-2009-1729] Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain.
12006| [CVE-2009-1635] Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to inject arbitrary web script or HTML via (1) the User.lang parameter to the login page (aka gw/webacc), (2) style expressions in a message that contains an HTML file, or (3) vectors associated with incorrect protection mechanisms against scripting, as demonstrated using whitespace between JavaScript event names and values.
12007| [CVE-2009-1536] ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."
12008| [CVE-2009-1521] Unspecified vulnerability in the Java GUI in the IBM Tivoli Storage Manager (TSM) client 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.5, 5.4.0.0 through 5.4.2.6, and 5.5.0.0 through 5.5.1.17, and the TSM Express client 5.3.3.0 through 5.3.6.5, allows attackers to read or modify arbitrary files via unknown vectors.
12009| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
12010| [CVE-2009-1219] Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allows remote attackers to cause a denial of service (daemon crash) via multiple requests to the default URI with alphabetic characters in the tzid parameter.
12011| [CVE-2009-1218] Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via (1) the fmt-out parameter to login.wcap or (2) the date parameter to command.shtml.
12012| [CVE-2009-1190] Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540.
12013| [CVE-2009-1070] Cross-site scripting (XSS) vulnerability in system/index.php in ExpressionEngine 1.6.4 through 1.6.6, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the avatar parameter.
12014| [CVE-2009-1000] The Oracle Applications Framework component in Oracle E-Business Suite 12.0.6 and 11i10CU2 uses default passwords for unspecified "FND Applications Users (not DB users)," which has unknown impact and attack vectors.
12015| [CVE-2009-0995] Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.0.6 and 11i10CU2 allows remote attackers to affect integrity via unknown vectors.
12016| [CVE-2009-0981] Unspecified vulnerability in the Application Express component in Oracle Database 11.1.0.7 allows remote authenticated users to affect confidentiality, related to APEX. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue allows remote authenticated users to obtain APEX password hashes from the WWV_FLOW_USERS table via a SELECT statement.
12017| [CVE-2009-0932] Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
12018| [CVE-2009-0877] Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the (1) Full Name or (2) Subject field.
12019| [CVE-2009-0819] sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.
12020| [CVE-2009-0714] Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for dpwingad (dpwingad.exe) in HP Data Protector Express and Express SSE 3.x before build 47065, and Express and Express SSE 4.x before build 46537, allows remote attackers cause a denial of service (application crash) or read portions of memory via one or more crafted packets.
12021| [CVE-2009-0630] The (1) Cisco Unified Communications Manager Express
12022| [CVE-2009-0419] Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-4033.
12023| [CVE-2009-0404] Multiple cross-site scripting (XSS) vulnerabilities in Bioinformatics htmLawed 1.1.3 and 1.1.4 allow remote attackers to inject arbitrary web script or HTML via invalid Cascading Style Sheets (CSS) expressions in the style attribute, which is processed by Internet Explorer 7.
12024| [CVE-2009-0362] filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service (forced authentication failures) via a crafted reverse-resolved DNS name (rhost) entry that contains a substring that is interpreted as an IP address, a different vulnerability than CVE-2007-4321.
12025| [CVE-2009-0091] Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability."
12026| [CVE-2009-0090] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
12027| [CVE-2009-0015] Unspecified vulnerability in fseventsd in the FSEvents framework in Apple Mac OS X 10.5.6 allows local users to obtain sensitive information (filesystem activities and directory names) via unknown vectors related to "credential management."
12028| [CVE-2008-7220] Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests" via unknown vectors.
12029| [CVE-2008-7123] Static code injection vulnerability in admin/configuration/modifier.php in zKup CMS 2.0 through 2.3 allows remote attackers to inject arbitrary PHP code into fichiers/config.php via a null byte (%00) in the login parameter in an ajout action, which bypasses the regular expression check.
12030| [CVE-2008-6992] GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4, allows remote attackers to bypass the SQL injection protection mechanism via a WHERE clause containing an expression such as "x=y=z", which is successfully parsed by MySQL.
12031| [CVE-2008-6531] The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole."
12032| [CVE-2008-6428] The CGI framework in Kaya 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors.
12033| [CVE-2008-6217] Cross-site scripting (XSS) vulnerability in index.php in Extrakt Framework 0.7 allows remote attackers to inject arbitrary web script or HTML via the plugins[file][id] parameter. NOTE: the provenance of this information is unknown
12034| [CVE-2008-5917] Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes.
12035| [CVE-2008-5745] Integer overflow in quartz.dll in the DirectShow framework in Microsoft Windows Media Player (WMP) 9, 10, and 11, including 11.0.5721.5260, allows remote attackers to cause a denial of service (application crash) via a crafted (1) WAV, (2) SND, or (3) MID file. NOTE: this has been incorrectly reported as a code-execution vulnerability. NOTE: it is not clear whether this issue is related to CVE-2008-4927.
12036| [CVE-2008-5590] SQL injection vulnerability in customer.forumtopic.php in Kalptaru Infotech Product Sale Framework 0.1 beta allows remote attackers to execute arbitrary SQL commands via the forum_topic_id parameter.
12037| [CVE-2008-5551] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."
12038| [CVE-2008-5446] Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows remote authenticated users to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is related to unrestricted guest access to the "About Us Page" in the Oracle Applications Framework (OAF), which allows attackers to obtain sensitive system and application environment information.
12039| [CVE-2008-5424] The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822
12040| [CVE-2008-5402] Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."
12041| [CVE-2008-5162] The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function's return values and conduct certain attacks against the GEOM framework and various network protocols, related to the Yarrow random number generator.
12042| [CVE-2008-5100] The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.
12043| [CVE-2008-5043] Multiple cross-site scripting (XSS) vulnerabilities in the web-based interface in IBM Metrica Service Assurance Framework allow remote authenticated users to inject arbitrary web script or HTML via (1) the elementid parameter in a generatedreportresults action to the ReportTree program, (2) the jnlpname parameter to the Launch program, or (3) the :tasklabel parameter to the ReportRequest program, related to the name of a report.
12044| [CVE-2008-4828] Multiple stack-based buffer overflows in dsmagent.exe in the Remote Agent Service in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, and 5.4.0.0 through 5.4.1.96, and the TSM Express client 5.3.3.0 through 5.3.6.4, allow remote attackers to execute arbitrary code via (1) a request packet that is not properly parsed by an unspecified "generic string handling function" or (2) a crafted NodeName in a dicuGetIdentifyRequest request packet, related to the (a) Web GUI and (b) Java GUI.
12045| [CVE-2008-4630] Multiple unspecified vulnerabilities in Midgard Components (MidCOM) Framework before 8.09.1 have unknown impact and attack vectors.
12046| [CVE-2008-4563] Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value.
12047| [CVE-2008-4557] plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 (aka Strawberry) allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression.
12048| [CVE-2008-4502] Multiple PHP remote file inclusion vulnerabilities in DataFeedFile (DFF) PHP Framework API allow remote attackers to execute arbitrary PHP code via a URL in the DFF_config[dir_include] parameter to (1) DFF_affiliate_client_API.php, (2) DFF_featured_prdt.func.php, (3) DFF_mer.func.php, (4) DFF_mer_prdt.func.php, (5) DFF_paging.func.php, (6) DFF_rss.func.php, and (7) DFF_sku.func.php in include/.
12049| [CVE-2008-4471] Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to overwrite arbitrary files via "..\" sequences in the argument to the SaveAS method.
12050| [CVE-2008-4033] Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."
12051| [CVE-2008-4005] Unspecified vulnerability in the Oracle Application Express component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
12052| [CVE-2008-3993] Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2 and 12.0.4 allows remote authenticated users to affect integrity via unknown vectors.
12053| [CVE-2008-3843] Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "<~/" (less-than tilde slash) sequence followed by a crafted STYLE element.
12054| [CVE-2008-3842] Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "</" (less-than slash) sequence.
12055| [CVE-2008-3656] Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.
12056| [CVE-2008-3443] The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.
12057| [CVE-2008-3253] Cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express, Standard, and Enterprise Edition 4.1.0
12058| [CVE-2008-2930] Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests with patterns, related to a single-threaded regular-expression subsystem.
12059| [CVE-2008-2929] Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Directory Server, allow remote attackers to inject arbitrary web script or HTML via input values that use % (percent) escaping.
12060| [CVE-2008-2640] Multiple cross-site scripting (XSS) vulnerabilities in the Flex 3 History Management feature in Adobe Flex 3.0.1 SDK and Flex Builder 3, and generated applications, allow remote attackers to inject arbitrary web script or HTML via the anchor identifier to (1) client-side-detection-with-history/history/historyFrame.html, (2) express-installation-with-history/history/historyFrame.html, or (3) no-player-detection-with-history/history/historyFrame.html in templates/html-templates/. NOTE: Firefox 2.0 and possibly other browsers prevent exploitation.
12061| [CVE-2008-2371] Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches.
12062| [CVE-2008-1927] Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.
12063| [CVE-2008-1855] FrameworkService.exe in McAfee Common Management Agent (CMA) 3.6.0.574 Patch 3 and earlier, as used by ePolicy Orchestrator (ePO) and ProtectionPilot (PrP), allows remote attackers to corrupt memory and cause a denial of service (CMA Framework service crash) via a long invalid method in requests for the /spin//AVClient//AVClient.csp URI, a different vulnerability than CVE-2006-5274.
12064| [CVE-2008-1822] Unspecified vulnerability in the Oracle Application Express component in Oracle Application Express 3.0.1 has unknown impact and remote attack vectors, aka APEX02.
12065| [CVE-2008-1811] Unspecified vulnerability in Oracle Application Express 3.0.1 has unspecified impact and remote authenticated attack vectors related to flows_030000.wwv_execute_immediate, aka APEX01. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that APEX01 is for insufficient authorization checks for SQL commands in the run_ddl function in flows_030000.wwv_execute_immediate, allowing privilege escalation by certain non-DBA remote authenticated users.
12066| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
12067| [CVE-2008-1717] WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to obtain the full path via invalid (1) page and (2) form parameters, which leaks the path from an exception handler when a valid class cannot be found.
12068| [CVE-2008-1716] Cross-site scripting (XSS) vulnerability in WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the (1) page and (2) form parameters, which are not properly handled when they are reflected back in an error message.
12069| [CVE-2008-1677] Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression.
12070| [CVE-2008-1676] Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate System (aka Certificate Server or RHCS) 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended restrictions and conduct man-in-the-middle attacks by submitting a certificate signing request (CSR) and using the resulting certificate.
12071| [CVE-2008-1448] The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability."
12072| [CVE-2008-1154] The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.
12073| [CVE-2008-1026] Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflow.
12074| [CVE-2008-1010] Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows remote attackers to execute arbitrary code via crafted regular expressions in JavaScript.
12075| [CVE-2008-0985] Heap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute arbitrary code via a crafted GIF file whose logical screen height and width are different than the actual height and width.
12076| [CVE-2008-0938] Unspecified vulnerability in the dynamic tracing framework (DTrace) in Sun Solaris 10 allows local users with PRIV_DTRACE_USER or PRIV_DTRACE_PROC privileges to obtain sensitive kernel information via unspecified vectors, a different vulnerability than CVE-2007-4126.
12077| [CVE-2008-0920] SQL injection vulnerability in port/modifyportform.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 allows remote authenticated users to execute arbitrary SQL commands via the portname parameter, which is not properly handled by a validation regular expression.
12078| [CVE-2008-0903] Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL.
12079| [CVE-2008-0902] Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694.
12080| [CVE-2008-0901] BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not.
12081| [CVE-2008-0900] Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.
12082| [CVE-2008-0899] Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via URLs that are not properly handled by the Unexpected Exception Page.
12083| [CVE-2008-0895] BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers.
12084| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
12085| [CVE-2008-0863] BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service's WSDL and security policies, which allows remote attackers to obtain sensitive information and potentially launch further attacks.
12086| [CVE-2008-0674] Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255.
12087| [CVE-2008-0545] Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) uri parameter to (a) yui-menu.tpl.php, (b) simple.tpl.php, and (c) advanced.tpl.php in dispatcher/framework/
12088| [CVE-2008-0521] Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to read arbitrary files via a .. (dot dot) in the uri parameter to dispatcher.php in (1) examples/dispatcher/framework/, (2) examples/dispatcher/, (3) examples/wizard/, and (4) PHP/, different vectors than CVE-2008-0545.
12089| [CVE-2008-0247] Heap-based buffer overflow in the Express Backup Server service (dsmsvc.exe) in IBM Tivoli Storage Manager (TSM) Express 5.3 before 5.3.7.3 allows remote attackers to execute arbitrary code via a packet with a large length value.
12090| [CVE-2008-0202] CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter.
12091| [CVE-2008-0201] Cross-site scripting (XSS) vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameter.
12092| [CVE-2008-0172] The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression.
12093| [CVE-2008-0171] regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression.
12094| [CVE-2008-0107] Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE)
12095| [CVE-2008-0106] Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
12096| [CVE-2008-0086] Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
12097| [CVE-2008-0085] SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE)
12098| [CVE-2008-0047] Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions.
12099| [CVE-2007-6433] The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.
12100| [CVE-2007-6408] IBM Tivoli Provisioning Manager Express provides unspecified information in error messages when (1) attempted duplication of a username occurs when creating an account or (2) when trying to login using a valid username, which makes it easier for remote attackers to enumerate usernames.
12101| [CVE-2007-6407] Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Provisioning Manager Express allow remote attackers to inject arbitrary web script or HTML via the (1) "assess modification," (2) user-id, and other unspecified fields to the /tpmx URI
12102| [CVE-2007-6345] SQL injection vulnerability in aurora framework before 20071208 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the value parameter to the pack_var function in module/db.lib/db_mysql.lib. NOTE: some of these details are obtained from third party information.
12103| [CVE-2007-6321] Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands.
12104| [CVE-2007-6067] Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.
12105| [CVE-2007-6018] IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.
12106| [CVE-2007-5715] DenyHosts 2.6 processes OpenSSH sshd "not listed in AllowUsers" log messages with an incorrect regular expression that does not match an IP address, which might allow remote attackers to avoid detection and blocking when making invalid login attempts with a username not present in AllowUsers, as demonstrated by the root username, a different vulnerability than CVE-2007-4323.
12107| [CVE-2007-5712] The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers.
12108| [CVE-2007-5470] Microsoft Expression Media stores the catalog password in cleartext in the catalog IVC file, which allows local users to obtain sensitive information and gain access to the catalog by reading the IVC file.
12109| [CVE-2007-5116] Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.
12110| [CVE-2007-4772] The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted regular expression.
12111| [CVE-2007-4771] Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information.
12112| [CVE-2007-4769] The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number.
12113| [CVE-2007-4768] Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.
12114| [CVE-2007-4767] Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code.
12115| [CVE-2007-4766] Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences.
12116| [CVE-2007-4763] PHP remote file inclusion vulnerability in dbmodules/DB_adodb.class.php in PHP Object Framework (PHPOF) 20040226 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHPOF_INCLUDE_PATH parameter.
12117| [CVE-2007-4607] Buffer overflow in the EasyMailSMTPObj ActiveX control in emsmtp.dll 6.0.1 in the Quiksoft EasyMail SMTP Object, as used in Postcast Server Pro 3.0.61, allows remote attackers to execute arbitrary code via a long argument to the SubmitToExpress method, a different vulnerability than CVE-2007-1029.
12118| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
12119| [CVE-2007-4472] Multiple buffer overflows in the Broderbund Expressit 3DGreetings Player ActiveX control could allow remote attackers to execute arbitrary code via unspecified vectors.
12120| [CVE-2007-4430] Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows context-dependent attackers to cause a denial of service (device restart and BGP routing table rebuild) via certain regular expressions in a "show ip bgp regexp" command. NOTE: unauthenticated remote attacks are possible in environments with anonymous telnet and Looking Glass access.
12121| [CVE-2007-4126] Unspecified vulnerability in the dynamic tracing framework (DTrace) on Sun Solaris 10 before 20070730 allows local users with PRIV_DTRACE_USER privileges to cause a denial of service (panic or hang) via unspecified use of certain DTrace programs.
12122| [CVE-2007-4040] Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670.
12123| [CVE-2007-4026] epesi framework before 0.8.6 does not properly verify file extensions, which allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving the gallery images upload feature. NOTE: some of these details are obtained from third party information.
12124| [CVE-2007-3992] SQL injection vulnerability in vir_login.asp in iExpress Property Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the Username parameter is covered by CVE-2006-6029. NOTE: the provenance of this information is unknown
12125| [CVE-2007-3944] Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier.
12126| [CVE-2007-3902] Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability."
12127| [CVE-2007-3897] Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.
12128| [CVE-2007-3860] Unspecified vulnerability in Oracle Application Express (formerly Oracle HTML DB) 2.2.0.00.32 up to 3.0.0.00.20 allows developers to have an unknown impact via unknown attack vectors, aka APEX01. NOTE: a reliable researcher states that this is SQL injection in the wwv_flow_security.check_db_password function due to insufficient checks for '"' characters.
12129| [CVE-2007-3627] Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) login.php, (2) auth.php, and (3) subscribe.php. NOTE: the month.php, year.php, week.php, and day.php vectors are already covered by CVE-2005-4009. NOTE: the provenance of this information is unknown
12130| [CVE-2007-3578] PHPIDS before 20070703 does not properly handle (1) arithmetic expressions and (2) unclosed comments, which allows remote attackers to inject arbitrary web script.
12131| [CVE-2007-3555] Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424.
12132| [CVE-2007-3495] Multiple cross-site scripting (XSS) vulnerabilities in the SAP Internet Communication Framework (BC-MID-ICF) in the SAP Basis component 700 before SP12, and 640 before SP20, allow remote attackers to inject arbitrary web script or HTML via certain parameters associated with the default login error page.
12133| [CVE-2007-3025] Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular expressions.
12134| [CVE-2007-2836] Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout.
12135| [CVE-2007-2765] blockhosts.py in BlockHosts before 2.0.3 does not properly parse daemon log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by logging in through ssh using a login name containing certain strings with an IP address, which is not properly handled by a regular expression, a related issue to CVE-2006-6301.
12136| [CVE-2007-2700] The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain, which allows remote authenticated users to obtain sensitive information.
12137| [CVE-2007-2699] The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files.
12138| [CVE-2007-2697] The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7.0 through SP6, 8.1 through SP5, 9.0, and 9.1, when in certain configurations, does not limit or audit failed authentication attempts, which allows remote attackers to more easily conduct brute-force attacks against the administrator password, or flood the server with login attempts and cause a denial of service.
12139| [CVE-2007-2695] The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0, and 9.1, when SecureProxy is enabled, may process "external requests on behalf of a system identity," which allows remote attackers to access administrative data or functionality.
12140| [CVE-2007-2694] Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0 GA, and 9.1 GA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
12141| [CVE-2007-2636] Unspecified vulnerability in phpTodo before 0.8.1 allows remote attackers to have an unknown impact via newlines in regular expressions to (1) index.php, (2) feed.php, (3) prefs.php, and (4) todolist.php
12142| [CVE-2007-2592] Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files.
12143| [CVE-2007-2591] usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to modify user account details and cause a denial of service (account deactivation) via the userid parameter in an update action.
12144| [CVE-2007-2590] Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1) usrmgr/userList.asp or (2) usrmgr/userStatusList.asp.
12145| [CVE-2007-2555] Unspecified vulnerability in Default.aspx in Podium CMS allows remote attackers to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to "cookie manipulation." NOTE: this issue might be cross-site scripting (XSS).
12146| [CVE-2007-2385] The Yahoo! UI framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
12147| [CVE-2007-2384] The Script.aculo.us framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
12148| [CVE-2007-2383] The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
12149| [CVE-2007-2382] The Moo.fx framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
12150| [CVE-2007-2381] The MochiKit framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
12151| [CVE-2007-2380] The Microsoft Atlas framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
12152| [CVE-2007-2379] The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
12153| [CVE-2007-2378] The Google Web Toolkit (GWT) framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
12154| [CVE-2007-2377] The Getahead Direct Web Remoting (DWR) framework 1.1.4 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
12155| [CVE-2007-2376] The Dojo framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
12156| [CVE-2007-2227] The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability."
12157| [CVE-2007-2225] A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."
12158| [CVE-2007-2164] Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or abort) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
12159| [CVE-2007-2163] Apple Safari allows remote attackers to cause a denial of service (browser crash) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
12160| [CVE-2007-2162] (1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service (browser crash or system hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
12161| [CVE-2007-2161] Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (browser hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
12162| [CVE-2007-2137] Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express 6.1.0 before Fix Pack 2, as used in Tivoli Universal Agent, Windows OS Monitoring agent, and Enterprise Portal Server, allows remote attackers to execute arbitrary code by sending a long string to a certain TCP port.
12163| [CVE-2007-2109] Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) Rules Manager and Expression Filter components (DB02) and (2) Oracle Streams (DB06). Note: as of 20070424, Oracle has not disputed reliable claims that DB02 is for a race condition in the RLMGR_TRUNCATE_MAINT trigger in the Rules Manager and Expression Filter components changing the AUTHID of a package from DEFINER to CURRENT_USER after a TRUNCATE call, and DB06 is for SQL injection in the DBMS_APPLY_USER_AGENT.SET_REGISTRATION_HANDLER procedure, which is later passed to the DBMS_APPLY_ADM_INTERNAL.ALTER_APPLY procedure, aka "Oracle Streams".
12164| [CVE-2007-2026] The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS.
12165| [CVE-2007-1982] Multiple PHP remote file inclusion vulnerabilities in Really Simple PHP and Ajax (RSPA) 2007-03-23 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) __IncludeFilePHPClass, (2) __ClassPath, and (3) __class parameters to (a) rspa/framework/Controller_v5.php, and (b) rspa/framework/Controller_v4.php.
12166| [CVE-2007-1900] CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address string.
12167| [CVE-2007-1662] Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references.
12168| [CVE-2007-1661] Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.
12169| [CVE-2007-1660] Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code.
12170| [CVE-2007-1659] Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched "\Q\E" sequences with orphan "\E" codes.
12171| [CVE-2007-1622] Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.
12172| [CVE-2007-1493] nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172.
12173| [CVE-2007-1474] Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames.
12174| [CVE-2007-1473] Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php.
12175| [CVE-2007-1467] Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form.
12176| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
12177| [CVE-2007-1003] Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption.
12178| [CVE-2007-0995] Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.
12179| [CVE-2007-0988] The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.
12180| [CVE-2007-0918] The ATOMIC.TCP signature engine in the Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service (IPS crash and traffic loss) via unspecified manipulations that are not properly handled by the regular expression feature, as demonstrated using the 3123.0 (Netbus Pro Traffic) signature.
12181| [CVE-2007-0917] The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets.
12182| [CVE-2007-0746] Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference".
12183| [CVE-2007-0742] The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier allows subdomain cookies to be accessed by the parent domain, which allows remote attackers to obtain sensitive information.
12184| [CVE-2007-0677] PHP remote file inclusion vulnerability in fw/class.Quick_Config_Browser.php in Cadre PHP Framework 20020724 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][framework_path] parameter.
12185| [CVE-2007-0614] The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (persistent application crash) via a crafted phsh hash attribute in a TXT key.
12186| [CVE-2007-0613] The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 does not check for duplicate entries when adding newly discovered available contacts, which allows remote attackers to cause a denial of service (disrupted communication) via a flood of duplicate _presence._tcp mDNS queries.
12187| [CVE-2007-0584] PHP remote file inclusion vulnerability in membres/membreManager.php in PhP Generic Library & Framework for comm (g-neric) allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
12188| [CVE-2007-0516] Yana Framework before 2.8.5a allows remote authenticated users with permissions to modify a guestbook profile to modify or delete arbitrary guestbook profiles via unspecified vectors. NOTE: The provenance of this information is unknown
12189| [CVE-2007-0162] Unsanity Application Enhancer (APE) 2.0.2 installs with insecure permissions for the (1) ApplicationEnhancer binary and the (2) /Library/Frameworks/ApplicationEnhancer.framework directory, which allows local users to gain privileges by modifying or replacing the binary or library files.
12190| [CVE-2007-0117] DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation.
12191| [CVE-2007-0043] The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".
12192| [CVE-2007-0042] Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."
12193| [CVE-2007-0041] The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.
12194| [CVE-2006-7230] Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions.
12195| [CVE-2006-7228] Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
12196| [CVE-2006-7227] Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
12197| [CVE-2006-7226] Perl-Compatible Regular Expression (PCRE) library before 6.7 does not properly calculate the compiled memory allocation for regular expressions that involve a quantified "subpattern containing a named recursion or subroutine reference," which allows context-dependent attackers to cause a denial of service (error or crash).
12198| [CVE-2006-7225] Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or crash) via a regular expression that involves a "malformed POSIX character class", as demonstrated via an invalid character after a [[ sequence.
12199| [CVE-2006-7158] Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_MSG parameter. NOTE: it is likely that this issue overlaps one of the identifiers in CVE-2006-5351.
12200| [CVE-2006-6957] PHP remote file inclusion vulnerability in addons/mod_media/body.php in Docebo 3.0.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_framework] parameter. NOTE: this issue might be resultant from a global overwrite vulnerability. This issue is similar to CVE-2006-2576 and CVE-2006-3107, but the vectors are different.
12201| [CVE-2006-6749] Buffer overflow in the parse_expression function in parse_config in OpenSER 1.1.0 allows attackers to have an unknown impact via a long str parameter.
12202| [CVE-2006-6707] Stack-based buffer overflow in the NeoTraceExplorer.NeoTraceLoader ActiveX control (NeoTraceExplorer.dll) in NeoTrace Express 3.25 and NeoTrace Pro (aka McAfee Visual Trace) 3.25 allows remote attackers to execute arbitrary code via a long argument string to the TraceTarget method. NOTE: The provenance of this information is unknown
12203| [CVE-2006-6629] lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl.
12204| [CVE-2006-6301] DenyHosts 2.5 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain strings with an IP address, which is not properly handled by a regular expression.
12205| [CVE-2006-6015] Buffer overflow in the JavaScript implementation in Safari on Apple Mac OS X 10.4 allows remote attackers to cause a denial of service (application crash) via a long argument to the exec method of a regular expression.
12206| [CVE-2006-5936] SQL injection vulnerability in dept.asp in SiteXpress E-Commerce System allows remote attackers to execute arbitrary SQL commands via the id parameter.
12207| [CVE-2006-5900] Cross-site scripting (XSS) vulnerability in the incubator/tests/Zend/Http/_files/testRedirections.php sample code in Zend Framework Preview 0.2.0 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters.
12208| [CVE-2006-5712] Cross-site scripting (XSS) vulnerability in Mirapoint WebMail allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated using the width style for an IMG element.
12209| [CVE-2006-5653] Cross-site scripting (XSS) vulnerability in the errorHTML function in the index script in Sun Java System Messenger Express 6 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers a new CVE was assigned.
12210| [CVE-2006-5652] Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an IMG element. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers, it has been assigned a new CVE.
12211| [CVE-2006-5599] Cross-site scripting (XSS) vulnerability in Oracle Application Express (formerly HTML DB) before 2.2.1 allows remote attackers to inject arbitrary HTML or web script via the WWV_FLOW_ITEM_HELP package. NOTE: it is likely that this issue overlaps one of the Oracle VulnIDs covered by CVE-2006-5351. Oracle has not publicly disputed claims by a reliable researcher that this has been fixed by the October 2006 CPU.
12212| [CVE-2006-5367] Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.7 up to 11.5.10CU2 have unknown impact and remote authenticated attack vectors, aka Vuln# (1) APPS03 in Oracle Applications Framework, (2) APPS04 in Oracle Applications Technology Stack, and (3) APPS05 in Oracle Balanced Scorecard, (4) APPS09 in Oracle Scripting, and (5) APPS10 in Oracle Trading Community.
12213| [CVE-2006-5352] Multiple unspecified vulnerabilities in Oracle Application Express 1.5 up to 1.6.1 have unknown impact and remote attack vectors, aka Vuln# (1) APEX04, (2) APEX20, and (3) APEX21.
12214| [CVE-2006-5351] Multiple unspecified vulnerabilities in Oracle Application Express (formerly Oracle HTML DB) 1.5 up to 2.0 have unknown impact and remote attack vectors, aka Vuln# (1) APEX01, (2) APEX02, (3) APEX03, (4) APEX05, (5) APEX06, (6) APEX07, (7) APEX08, (8) APEX09, (9) APEX10, (10) APEX11, (11) APEX12, (12) APEX13, (13) APEX14, (14) APEX15, (15) APEX16, (16) APEX17, (17) APEX18, (18) APEX19, (19) APEX22, (20) APEX23, (21) APEX24, (22) APEX25, (23) APEX26, (24) APEX27, (25) APEX28, (26) APEX29, (27) APEX30, (28) APEX31, (29) APEX32, (30) APEX33, (31) APEX34, and (32) APEX35. NOTE: as of 20061027, it is likely that some of these identifiers are associated with cross-site scripting (XSS) in WWV_FLOW_ITEM_HELP and NOTIFICATION_MSG, but these have been provided separate identifiers.
12215| [CVE-2006-5274] Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 allows remote attackers to cause a denial of service (CMA Framework service crash) and possibly execute arbitrary code via unspecified vectors.
12216| [CVE-2006-4859] Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contact_attach parameter in a contact option in index.php, which bypasses an insufficiently restrictive regular expression.
12217| [CVE-2006-4566] Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set ("[\\"), which leads to a buffer over-read.
12218| [CVE-2006-4565] Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a "minimal quantifier."
12219| [CVE-2006-4527] includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file inclusion attacks.
12220| [CVE-2006-4410] The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists (CRL), which allows remote attackers to access systems by using revoked certificates.
12221| [CVE-2006-4409] The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked.
12222| [CVE-2006-4408] The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification. NOTE: this issue may be similar to CVE-2006-2940.
12223| [CVE-2006-4407] The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic.
12224| [CVE-2006-4256] index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS.
12225| [CVE-2006-4032] Unspecified vulnerability in Cisco IOS CallManager Express (CME) allows remote attackers to gain sensitive information (user names) from the Session Initiation Protocol (SIP) user directory via certain SIP messages, aka bug CSCse92417.
12226| [CVE-2006-3676] admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote attackers to execute arbitrary PHP code by uploading files with a double extension and directly accessing the file in the images directory, which bypasses a regular expression check for safe file types.
12227| [CVE-2006-3623] Directory traversal vulnerability in Framework Service component in McAfee ePolicy Orchestrator agent 3.5.0.x and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the directory and filename in a PropsResponse (PackageType) request.
12228| [CVE-2006-3549] services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server.
12229| [CVE-2006-3548] Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen).
12230| [CVE-2006-3436] Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
12231| [CVE-2006-3107] Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) GLOBALS[where_framework] to (a) admin/modules/news/news_class.php and (b) admin/modules/content/content_class.php, and (2) GLOBALS[where_cms] to (c) admin/modules/block_media/util.media.php. NOTE: this issue might be resultant from a global overwrite vulnerability. This issue is similar to CVE-2006-2576, but the vectors are different.
12232| [CVE-2006-2973] Multiple SQL injection vulnerabilities in month.php in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) catid and (2) cid parameter. NOTE: this might be a duplicate of CVE-2005-4009.c.
12233| [CVE-2006-2878] The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by preg_replace with the /e (executable) modifier.
12234| [CVE-2006-2864] Multiple PHP remote file inclusion vulnerabilities in BlueShoes Framework 4.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) APP[path][applications] parameter to (a) Bs_Faq.class.php, (2) APP[path][core] parameter to (b) fileBrowserInner.php, (c) file.php, and (d) viewer.php, and (e) Bs_ImageArchive.class.php, (3) GLOBALS[APP][path][core] parameter to (f) Bs_Ml_User.class.php, or (4) APP[path][plugins] parameter to (g) Bs_Wse_Profile.class.php.
12235| [CVE-2006-2766] Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file.
12236| [CVE-2006-2576] Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) GLOBALS[where_framework] to (a) lib.simplesel.php, (b) lib.filelist.php, (c) tree.documents.php, (d) lib.repo.php, and (e) lib.php, and (2) GLOBALS[where_scs] to (f) lib.teleskill.php. NOTE: this issue might be resultant from a global overwrite vulnerability.
12237| [CVE-2006-2386] Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file.
12238| [CVE-2006-2228] Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) 4.2.0 allows remote attackers to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript event name followed by whitespace before the '=' (equals) character, which bypasses a restrictive regular expression that attempts to remove onmouseover and other events.
12239| [CVE-2006-2168] FileProtection Express 1.0.1 and earlier allows remote attackers to bypass authentication via a cookie with an Admin value of 1.
12240| [CVE-2006-2166] Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password.
12241| [CVE-2006-2111] A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability."
12242| [CVE-2006-2059] action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a "#e" (execute) modifier.
12243| [CVE-2006-1961] Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the "show" command in the application's command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE). NOTE: other issues might be addressed by the Cisco advisory.
12244| [CVE-2006-1960] Cross-site scripting (XSS) vulnerability in the appliance web user interface in Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13 allows remote attackers to inject arbitrary web script or HTML, possibly via the displayMsg parameter to archiveApplyDisplay.jsp, aka bug ID CSCsc01095.
12245| [CVE-2006-1909] Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "../" sequences.
12246| [CVE-2006-1895] Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose ".*" regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl.
12247| [CVE-2006-1885] Multiple unspecified vulnerabilities in the Reporting Framework component in Oracle Enterprise Manager 9.0.1.5 and 9.2.0.7 have unknown impact and attack vectors, aka Vuln# (1) EM01 and (2) EM02.
12248| [CVE-2006-1737] Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression.
12249| [CVE-2006-1526] Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a "&" instead of a "*" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue.
12250| [CVE-2006-1520] Format string vulnerability in ANSI C Sender Policy Framework library (libspf) before 1.0.0-p5, when debugging is enabled, allows remote attackers to execute arbitrary code via format string specifiers, possibly in an e-mail address.
12251| [CVE-2006-1511] Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and 1.1 Framework might allow user-assisted attackers to execute arbitrary code via a .il file that calls a function with a long name.
12252| [CVE-2006-1491] Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer.
12253| [CVE-2006-1401] Multiple cross-site scripting (XSS) vulnerabilities in search.php in Calendar Express 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) allwords or (2) oneword parameter. NOTE: the provenance of this information is unknown
12254| [CVE-2006-1352] BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and WebLogic Server 6.1 SP7 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via crafted non-canonicalized XML documents.
12255| [CVE-2006-1300] Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."
12256| [CVE-2006-1260] Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check.
12257| [CVE-2006-1244] Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.
12258| [CVE-2006-0907] SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows remote attackers to execute arbitrary SQL commands via encoded /%2a (/*) sequences in the query string, which bypasses regular expressions that are intended to protect against SQL injection, as demonstrated via the kala parameter.
12259| [CVE-2006-0860] Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer Guestbox 0.6, and other versions before 0.8, allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags that follow a "http://" string, which bypasses a regular expression check, and (2) other unspecified attack vectors.
12260| [CVE-2006-0758] Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via a URL encoded expression in the query string in (1) index.php and (2) possibly certain other scripts, which is not properly cleansed when accessed from the $_SERVER['PHP_SELF'] variable.
12261| [CVE-2006-0635] Tiny C Compiler (TCC) 0.9.23 (aka TinyCC) evaluates the "i>sizeof(int)" expression to false when i equals -1, which might introduce integer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.
12262| [CVE-2006-0634] Borland C++Builder 6 (BCB6) with Update Pack 4 Enterprise edition (ent_upd4) evaluates the "i>sizeof(int)" expression to false when i equals -1, which might introduce integer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.
12263| [CVE-2006-0461] Cross-site scripting (XSS) vulnerability in core.input.php in ExpressionEngine 1.4.1 allows remote attackers to inject arbitrary web script or HTML via HTTP_REFERER (referer).
12264| [CVE-2006-0432] Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0, when an Administrator uses the WebLogic Administration Console to add custom security policies, causes incorrect policies to be created, which prevents the server from properly protecting JNDI resources.
12265| [CVE-2006-0431] Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP5 allows untrusted applications to obtain the server's SSL identity via unknown attack vectors.
12266| [CVE-2006-0430] Certain configurations of BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6, when connection filters are enabled, cause the server to run more slowly, which makes it easier for remote attackers to cause a denial of service (server slowdown).
12267| [CVE-2006-0429] BEA WebLogic Server and WebLogic Express 9.0 causes new security providers to appear active even if they have not been activated by a server reboot, which could cause an administrator to perform inappropriate, security-relevant actions.
12268| [CVE-2006-0427] Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should have been restricted.
12269| [CVE-2006-0426] BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configuration auditing is enabled and a password change occurs, stores the old and new passwords in cleartext in the DefaultAuditRecorder.log file, which could allow attackers to gain privileges.
12270| [CVE-2006-0424] BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allows remote authenticated guest users to read the server log and obtain sensitive configuration information.
12271| [CVE-2006-0422] Multiple unspecified vulnerabilities in BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allow remote attackers to access MBean attributes or cause an unspecified denial of service via unknown attack vectors.
12272| [CVE-2006-0421] By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to access other created domains, which could allow administrators to gain privileges that were not intended.
12273| [CVE-2006-0420] BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 through SP6 does not properly handle when servlets use relative forwarding, which allows remote attackers to cause a denial of service (slowdown) via unknown attack vectors that cause "looping stack overflow errors."
12274| [CVE-2006-0419] BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6 allows anonymous binds to the embedded LDAP server, which allows remote attackers to read user entries or cause a denial of service (unspecified) via a large number of connections.
12275| [CVE-2006-0391] Directory traversal vulnerability in the BOM framework in Mac OS X 10.x before 10.3.9 and 10.4 before 10.4.5 allows user-assisted attackers to overwrite or create arbitrary files via an archive that is handled by BOMArchiveHelper.
12276| [CVE-2006-0301] Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.
12277| [CVE-2006-0046] squid_redirect script in adzapper before 2006-01-29 allows remote attackers to cause a denial of service (CPU consumption) via a URL with a large number of trailing / (forward slashes), which might produce inefficient regular expressions.
12278| [CVE-2006-0014] Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.
12279| [CVE-2005-4872] Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of named capturing subpatterns, which allows context-dependent attackers to cause a denial of service (crash) via a regular expression with a large number of named subpatterns, which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
12280| [CVE-2005-4840] The Outlook Express Address Book control, when using Internet Explorer 6, allows remote attackers to cause a denial of service (NULL dereference and browser crash) by creating the OutlookExpress.AddressBook COM object, which is not intended for use within Internet Explorer.
12281| [CVE-2005-4794] Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and Subscriber Edge Services Manager (SESM) allows remote attackers to cause a denial of service (crash or instability) via a compressed DNS packet with a label length byte with an incorrect offset.
12282| [CVE-2005-4767] BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote attackers to guess the password.
12283| [CVE-2005-4766] BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not encrypt multicast traffic, which might allow remote attackers to read sensitive cluster synchronization messages by sniffing the multicast traffic.
12284| [CVE-2005-4765] BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier and 7.0 SP6 and earlier, when using the weblogic.Deployer command with the t3 protocol, does not use the secure t3s protocol even when an Administration port is enabled on the Administration server, which might allow remote attackers to sniff the connection.
12285| [CVE-2005-4764] BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out the admin user account after multiple incorrect password guesses, which allows remote attackers who know or guess the admin account name to cause a denial of service (blocked admin logins).
12286| [CVE-2005-4763] BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier, when Internet Inter-ORB Protocol (IIOP) is used, sometimes include a password in an exception message that is sent to a client or stored in a log file, which might allow remote attackers to perform unauthorized actions.
12287| [CVE-2005-4762] BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier sometimes stores the boot password in the registry in cleartext, which might allow local users to gain administrative privileges.
12288| [CVE-2005-4761] BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier log the Java command line at server startup, which might include sensitive information (passwords or keyphrases) in the server log file when the -D option is used.
12289| [CVE-2005-4760] BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, when fullyDelegatedAuthorization is enabled for a servlet, does not cause servlet deployment to fail when failures occur in authorization or role providers, which might prevent the servlet from being "fully protected."
12290| [CVE-2005-4759] BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a migration across operating system platforms, do not warn the administrative user about platform differences in URLResource case sensitivity, which might cause local users to inadvertently lose protection of Web Application pages.
12291| [CVE-2005-4758] Unspecified vulnerability in the Administration server in BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allows remote authenticated Admin users to read arbitrary files via unknown attack vectors related to an "internal servlet" accessed through HTTP.
12292| [CVE-2005-4757] BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, do not properly "constrain" a "/" (slash) servlet root URL pattern, which might allow remote attackers to bypass intended servlet protections.
12293| [CVE-2005-4756] BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not properly validate derived Principals with multiple PrincipalValidators, which might allow attackers to gain privileges.
12294| [CVE-2005-4755] BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nodemanager.config
12295| [CVE-2005-4754] BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allow remote attackers to obtain sensitive information (intranet IP addresses) via unknown attack vectors involving "network address translation."
12296| [CVE-2005-4753] BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, in certain "heavy usage" scenarios, report incorrect severity levels for an audit event, which might allow attackers to perform unauthorized actions and avoid detection.
12297| [CVE-2005-4752] BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, might allow local users to gain privileges by using the run-as deployment descriptor element to change the privileges of a web application or EJB from the Deployer security role to the Admin security role.
12298| [CVE-2005-4751] Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and WebLogic Express 9.0, 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allow remote attackers to inject arbitrary web script or HTML and gain administrative privileges via unknown attack vectors.
12299| [CVE-2005-4750] BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier allow remote attackers to cause a denial of service (server thread hang) via unknown attack vectors.
12300| [CVE-2005-4749] HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allows remote attackers to inject arbitrary HTTP headers via unspecified attack vectors.
12301| [CVE-2005-4705] BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7, when a Java client application creates an SSL connection to the server after it has already created an insecure connection, will use the insecure connection, which allows remote attackers to sniff the connection.
12302| [CVE-2005-4704] Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through SP6, and 6.1 through SP7, when SSL is intended to be used, causes an unencrypted protocol to be used in certain unspecified circumstances, which causes user credentials to be sent across the network in cleartext and allows remote attackers to gain privileges.
12303| [CVE-2005-4373] Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to obtain the full path of the application via an invalid mode parameter to community.html, which leaks the path in an error message.
12304| [CVE-2005-4372] Cross-site scripting (XSS) vulnerability in account.html in Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter.
12305| [CVE-2005-4260] Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers
12306| [CVE-2005-4190] Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag.
12307| [CVE-2005-4178] Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations.
12308| [CVE-2005-4155] registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via an e-mail address that ends in a NULL character, which bypasses the PHP regular expression check. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a vulnerability in ATutor.
12309| [CVE-2005-4010] SQL injection vulnerability in KBase Express 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to category.php and (2) search parameters to search.php.
12310| [CVE-2005-4009] Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid and (2) catid parameters to (a) day.php, (b) week.php, (c) month.php, and (d) year.php.
12311| [CVE-2005-3714] The network interface for Apple AirPort Express 6.x before Firmware Update 6.3, and AirPort Extreme 5.x before Firmware Update 5.7, allows remote attackers to cause a denial of service (unresponsive interface) via malformed packets.
12312| [CVE-2005-3472] Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files.
12313| [CVE-2005-3431] Absolute path traversal vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to read arbitrary files via a full pathname in the AttachPath field of a mail message under composition.
12314| [CVE-2005-3430] Incomplete blacklist vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions, such as (1) .unk, (2) .asa, and possibly (3) .htr and (4) .aspx, which are not filtered like the .asp extension.
12315| [CVE-2005-3429] Rockliffe MailSite Express before 6.1.22, with the option to save login information enabled, saves user passwords in plaintext in cookies, which allows local users to obtain passwords by reading the cookie file, or remote attackers to obtain the cookies via cross-site scripting (XSS) vulnerabilities.
12316| [CVE-2005-3428] Cross-site scripting (XSS) vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to inject arbitrary web script or HTML via a message body.
12317| [CVE-2005-3420] usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an "e" modifier into a preg_replace statement.
12318| [CVE-2005-3288] Mailsite Express allows remote attackers to upload and execute files with executable extensions such as ASP by attaching the file using the "compose page" feature, then accessing the file from the cache directory before saving or sending the message.
12319| [CVE-2005-3287] Incomplete blacklist vulnerability in Mailsite Express allows remote attackers to upload and possibly execute files via attachments with executable extensions such as ASPX, which are not converted to .TXT like other dangerous extensions, and which can be directly requested from the cache directory.
12320| [CVE-2005-3153] login.php in myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a whitelist regular expression and conduct SQL injection attacks via a username parameter with SQL after a null character, which causes the whitelist check to succeed but injects the SQL into a query string, a different vulnerability than CVE-2005-2838. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a myBloggie vulnerability.
12321| [CVE-2005-2554] The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) uses insecure permissions for the "Common Framework\Db" folder, which allows local users to read arbitrary files by creating a subfolder in the EPO agent web root directory.
12322| [CVE-2005-2491] Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
12323| [CVE-2005-2482] The StateToOptions function in msfweb in Metasploit Framework 2.4 and earlier, when running with the -D option (defanged mode), allows attackers to modify temporary environment variables before the "_Defanged" environment option is checked when processing the Exploit command.
12324| [CVE-2005-2368] vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels.
12325| [CVE-2005-2226] Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information.
12326| [CVE-2005-2170] The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint allows remote attackers to cause a denial of service (process exit and connection loss) by connecting to LCF and ending the connection without sending any data.
12327| [CVE-2005-2169] Directory traversal vulnerability in source.php in Quick & Dirty PHPSource Printer 1.1 and earlier allows remote attackers to read arbitrary files via ".../...//" sequences in the file parameter, which are reduced to "../" when PHPSource Printer uses a regular expression to remove "../" sequences.
12328| [CVE-2005-2151] spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption.
12329| [CVE-2005-1749] Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attackers to cause a denial of service (CPU consumption from thread looping).
12330| [CVE-2005-1748] The embedded LDAP server in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 5, allows remote anonymous binds, which may allow remote attackers to view user entries or cause a denial of service.
12331| [CVE-2005-1747] Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password.
12332| [CVE-2005-1744] BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings.
12333| [CVE-2005-1743] BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 and 7.0 through Service Pack 5 does not properly handle when a security provider throws an exception, which may cause WebLogic to use incorrect identity for the thread, or to fail to audit security exceptions.
12334| [CVE-2005-1742] BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to "shrink or reset JDBC connection pools."
12335| [CVE-2005-1336] Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows local users to execute arbitrary code via a long environment variable.
12336| [CVE-2005-1213] Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.
12337| [CVE-2005-1061] The secure script in LogWatch before 2.6-2 allows attackers to prevent LogWatch from detecting malicious activity via certain strings in the secure file that are later used as part of a regular expression, which causes the parser to crash, aka "logwatch log processing regular expression DoS."
12338| [CVE-2005-0603] viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message.
12339| [CVE-2005-0576] Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files.
12340| [CVE-2005-0289] Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, configured as a Wireless Data Service (WDS), allows remote attackers to cause a denial of service (device freeze) by connecting to UDP port 161 and before link-state change occurs.
12341| [CVE-2005-0202] Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences.
12342| [CVE-2005-0186] Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote attackers to cause a denial of service (device reboot) via a malformed packet to the SCCP port.
12343| [CVE-2004-2741] Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters.
12344| [CVE-2004-2696] BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call.
12345| [CVE-2004-2694] Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top".
12346| [CVE-2004-2629] Multiple vulnerabilities in the H.323 protocol implementation for First Virtual Communications Click to Meet Express (when used with H.323 conferencing endpoints), Click to Meet Premier, Conference Server, and V-Gate allow remote attackers to cause a denial of service, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
12347| [CVE-2004-2590] Unspecified vulnerability in meindlSOFT Cute PHP Library (aka cphplib) 0.46 has unknown impact and attack vectors, related to regular expressions.
12348| [CVE-2004-2452] Unknown vulnerability in Hitachi Cosminexus Portal Framework 01-00, 01-01, 01-02, 02-01, 02-02, 02-03, and other versions allows remote attackers to obtain sensitive information in the <ut:cache> tag library.
12349| [CVE-2004-2424] BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow remote attackers to cause a denial of service (network port comsumption) via unknown actions in HTTPS sessions, which prevents the server from releasing the network port when the session ends.
12350| [CVE-2004-2401] Stack-based buffer overflow in Ipswitch IMail Express Web Messaging before 8.05 might allow remote attackers to execute arbitrary code via an HTML message with long "tag text."
12351| [CVE-2004-2321] BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including (1) ServerStartMBean.Password and (2) NodeManagerMBean.CertificatePassword.
12352| [CVE-2004-2320] The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.
12353| [CVE-2004-2210] Multiple cross-site scripting (XSS) vulnerabilities in Express-Web Content Management System (CMS) allow remote attackers to steal cookie-based authentication information and possibly perform other exploits via the (1) n, (2) b, (3) e, or (4) a parameters to default.asp, (5) the Referer header in an HTTP request to login.asp, or (6) the email parameter to subscribe/default.asp.
12354| [CVE-2004-2137] Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow remote attackers to obtain sensitive information.
12355| [CVE-2004-2067] SQL injection vulnerability in controlpanel.php in Jaws Framework and Content Management System 0.4 allows remote attackers to execute arbitrary SQL and bypass authentication via the (1) user, (2) password, or (3) crypted_password parameters.
12356| [CVE-2004-1758] BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges.
12357| [CVE-2004-1757] BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges.
12358| [CVE-2004-1756] BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote attackers to spoof other users or servers.
12359| [CVE-2004-1755] The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after the first connection, which could allow users to gain privileges.
12360| [CVE-2004-1182] hfaxd in HylaFAX before 4.2.1, when installed with a "weak" hosts.hfaxd file, allows remote attackers to authenticate and bypass intended access restrictions via a crafted (1) username or (2) hostname that satisfies a regular expression that is matched against a hosts.hfaxd entry without a password.
12361| [CVE-2004-1081] The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and 10.3.6 does not properly restrict access to a secure text input field, which allows local users to read keyboard input from other applications within the same window session.
12362| [CVE-2004-0822] Buffer overflow in The Core Foundation framework (CoreFoundation.framework) in Mac OS X 10.2.8, 10.3.4, and 10.3.5 allows local users to execute arbitrary code via a certain environment variable.
12363| [CVE-2004-0821] The CFPlugIn in Core Foundation framework in Mac OS X allows user supplied libraries to be loaded, which could allow local users to gain privileges.
12364| [CVE-2004-0715] The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges.
12365| [CVE-2004-0713] The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remove EJB objects from remote views before the security exception is thrown.
12366| [CVE-2004-0672] Multiple cross-site scripting (XSS) vulnerabilities in the primary and management web interfaces in Netegrity IdentityMinder Web Edition 5.6 allows remote attackers to execute script as other users via (1) script that starts with %00 in the numOfExpressions parameter or (2) the mobjtype parameter.
12367| [CVE-2004-0652] BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods.
12368| [CVE-2004-0471] BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown).
12369| [CVE-2004-0470] BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name tag, which can remove intended access restrictions for the associated web application.
12370| [CVE-2004-0380] The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."
12371| [CVE-2004-0215] Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.
12372| [CVE-2003-1572] Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned applets to cause a denial of service (JVM crash) and read or write unauthorized memory locations via the ReadEnv class, as demonstrated by reading environment variables using modified .data and .size fields.
12373| [CVE-2003-1440] SpamProbe 0.8a allows remote attackers to cause a denial of service (crash) via HTML e-mail with newline characters within an href tag, which is not properly handled by certain regular expressions.
12374| [CVE-2003-1438] Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user.
12375| [CVE-2003-1437] BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access.
12376| [CVE-2003-1419] Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function.
12377| [CVE-2003-1378] Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
12378| [CVE-2003-1290] BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI).
12379| [CVE-2003-1226] BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords.
12380| [CVE-2003-1225] The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords.
12381| [CVE-2003-1224] Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing ("shoulder surfing") the screen.
12382| [CVE-2003-1223] The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (Node Manager crash) via malformed data to the Node Manager's port, as demonstrated by nmap.
12383| [CVE-2003-1222] BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow attackers to obtain the password.
12384| [CVE-2003-1221] BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions.
12385| [CVE-2003-1220] BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (proxy plugin crash) via a malformed URL.
12386| [CVE-2003-1113] The Session Initiation Protocol (SIP) implementation in IPTel SIP Express Router 0.8.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
12387| [CVE-2003-1105] Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered.
12388| [CVE-2003-1095] BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate.
12389| [CVE-2003-1094] BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user, such as in the frequent use of JNDI initial contexts, which could allow remote authenticated users to gain privileges.
12390| [CVE-2003-0733] Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application.
12391| [CVE-2003-0640] BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges.
12392| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
12393| [CVE-2003-0301] The IMAP Client for Outlook Express 6.00.2800.1106 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.
12394| [CVE-2003-0151] BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code.
12395| [CVE-2002-2202] Outlook Express 6.0 does not delete messages from dbx files, even when a user empties the Deleted items folder, which allows local users to read other users email.
12396| [CVE-2002-2177] BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two different HTTP requests, which could allow remote attackers to obtain sensitive information that was intended for other users.
12397| [CVE-2002-2175] phpSquidPass before 0.2 uses an incomplete regular expression to find a matching username in its database, which allows remote authenticated attackers to effectively delete other usernames via a short username that matches the end of the targeted username.
12398| [CVE-2002-2164] Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a long <A HREF> link.
12399| [CVE-2002-2142] An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 through 7.0.0.1, does not prepend a "/" character in certain URL patterns, which prevents the proper enforcement of role mappings and policies in applications that use the extension.
12400| [CVE-2002-2141] BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets and Enterprise JavaBeans (EJB) on more than one server, will remove the security constraints and roles on all servers for any Servlets or EJB that are used by an application that is undeployed on one server, which could allow remote attackers to conduct unauthorized activities in violation of the intended restrictions.
12401| [CVE-2002-1527] emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine the full pathname for emumail.cgi via a malformed string containing script, which generates a regular expression matching error that includes the pathname in the resulting error message.
12402| [CVE-2002-1179] Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message.
12403| [CVE-2002-1169] IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash.
12404| [CVE-2002-1168] Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response.
12405| [CVE-2002-1167] Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request.
12406| [CVE-2002-1121] SMTP content filter engines, including (1) GFI MailSecurity for Exchange/SMTP before 7.2, (2) InterScan VirusWall before 3.52 build 1494, (3) the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046 ("Message Fragmentation and Reassembly") and supported in such products as Outlook Express, which allows remote attackers to bypass content filtering, including virus checking, via fragmented emails of the message/partial content type.
12407| [CVE-2002-1030] Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections.
12408| [CVE-2002-1012] Buffer overflow in web server for Tivoli Management Framework (TMF) ManagedNode 3.6.x through 3.7.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request.
12409| [CVE-2002-1011] Buffer overflow in web server for Tivoli Management Framework (TMF) Endpoint 3.6.x through 3.7.1, before Fixpack 2, allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request.
12410| [CVE-2002-0896] The throttle capability in Swatch may fail to report certain events if (1) the same type of event occurs after the throttle period, or (2) when multiple events matching the same "watchfor" expression do not occur after the throttle period, which could allow attackers to avoid detection.
12411| [CVE-2002-0862] The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.
12412| [CVE-2002-0637] InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass virus protection via e-mail messages with headers that violate RFC specifications by having (or missing) space characters in unexpected places (aka "space gap"), such as (1) Content-Type :", (2) "Content-Transfer-Encoding :", (3) no space before a boundary declaration, or (4) "boundary= ", which is processed by Outlook Express.
12413| [CVE-2002-0505] Memory leak in the Call Telephony Integration (CTI) Framework authentication for Cisco CallManager 3.0 and 3.1 before 3.1(3) allows remote attackers to cause a denial of service (crash and reload) via a series of authentication failures, e.g. via incorrect passwords.
12414| [CVE-2002-0339] Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) enabled includes portions of previous packets in the padding of a MAC level packet when the MAC packet's length is less than the IP level packet length.
12415| [CVE-2002-0285] Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers.
12416| [CVE-2002-0233] Directory traversal vulnerability in eshare Expressions 4 Web server allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request.
12417| [CVE-2002-0152] Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.
12418| [CVE-2001-1547] Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be a virus" enabled, does not block email attachments from forwarded messages, which could allow remote attackers to execute arbitrary code.
12419| [CVE-2001-1325] Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host (WSH).
12420| [CVE-2001-1088] Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.
12421| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
12422| [CVE-2001-0999] Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script.
12423| [CVE-2001-0945] Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-mail message that contains a long line.
12424| [CVE-2001-0472] Hursley Software Laboratories Consumer Transaction Framework (HSLCTF) HTTP object allows remote attackers to cause a denial of service (crash) via an extremely long HTTP request.
12425| [CVE-2001-0145] Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook Express 5.x, allows an attacker to execute arbitrary commands via a malformed vCard birthday field.
12426| [CVE-2000-1239] The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM Tivoli Management Framework 3.7.1 sets http_disable to zero at install time, which allows remote authenticated users to bypass file permissions on Tivoli Endpoint Configuration data files via an unspecified manipulation of log files.
12427| [CVE-2000-1238] BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages.
12428| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
12429| [CVE-2000-0882] Intel Express 500 series switches allow a remote attacker to cause a denial of service via a malformed ICMP packet, which causes the CPU to crash.
12430| [CVE-2000-0764] Intel Express 500 series switches allow a remote attacker to cause a denial of service via a malformed IP packet.
12431| [CVE-2000-0653] Microsoft Outlook Express allows remote attackers to monitor a user's email by creating a persistent browser link to the Outlook Express windows, aka the "Persistent Mail-Browser Link" vulnerability.
12432| [CVE-2000-0621] Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.
12433| [CVE-2000-0567] Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date field in an email header, aka the "Malformed E-mail Header" vulnerability.
12434| [CVE-2000-0524] Microsoft Outlook and Outlook Express allow remote attackers to cause a denial of service by sending email messages with blank fields such as BCC, Reply-To, Return-Path, or From.
12435| [CVE-2000-0451] The Intel express 8100 ISDN router allows remote attackers to cause a denial of service via oversized or fragmented ICMP packets.
12436| [CVE-2000-0415] Buffer overflow in Outlook Express 4.x allows attackers to cause a denial of service via a mail or news message that has a .jpg or .bmp attachment with a long file name.
12437| [CVE-2000-0115] IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page.
12438| [CVE-2000-0105] Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers to view a user's email messages via a script that accesses a variable that references subsequent email messages that are read by the client.
12439| [CVE-2000-0036] Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability.
12440| [CVE-1999-1514] Buffer overflow in Celtech ExpressFS FTP server 2.x allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long USER command.
12441| [CVE-1999-1033] Microsoft Outlook Express before 4.72.3612.1700 allows a malicious user to send a message that contains a .., which can inadvertently cause Outlook to re-enter POP3 command mode and cause the POP3 session to hang.
12442| [CVE-1999-1016] Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell.
12443| [CVE-1999-1009] The Disney Go Express Search allows remote attackers to access and modify search information for users by connecting to an HTTP server on the user's system.
12444| [CVE-1999-0967] Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol.
12445| [CVE-1999-0477] The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly.
12446| [CVE-1999-0455] The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly.
12447|
12448| SecurityFocus - https://www.securityfocus.com/bid/:
12449| [49543] Spring Framework Expression Language JSP Attributes Handling Information Disclosure Vulnerability
12450| [104521] Cisco TelePresence Video Communication Server Expressway Denial of Service Vulnerability
12451| [104468] Node.js CVE-2018-7162 Denial of Service Vulnerability
12452| [104463] Node.js CVE-2018-7164 Denial of Service Vulnerability
12453| [104427] Node.js 'Forwarded' Module CVE-2017-16118 Denial of Service Vulnerability
12454| [104260] Spring Framework CVE-2018-1257 Denial-Of-Service Vulnerability
12455| [104222] Spring Security and Spring Framework CVE-2018-1258 Authorization Bypass Vulnerability
12456| [104072] Microsoft .NET Framework Device Guard CVE-2018-1039 Local Security Bypass Vulnerability
12457| [103771] Pivotal Spring Framework CVE-2018-1275 Incomplete Fix Remote Code Execution Vulnerability
12458| [103701] SAP Control Center and Cockpit Framework XML External Entity Injection Vulnerability
12459| [103699] Pivotal Spring Framework CVE-2018-1271 Directory Traversal Vulnerability
12460| [103697] Pivotal Spring Framework CVE-2018-1272 Remote Privilege Escalation Vulnerability
12461| [103696] Pivotal Spring Framework CVE-2018-1270 Remote Code Execution Vulnerability
12462| [103255] Google Android Media framework Multiple Remote Code Execution Vulnerabilities
12463| [103131] Cisco Data Center Analytics Framework CVE-2018-0145 Cross Site Scripting Vulnerability
12464| [103122] Cisco Data Center Analytics Framework CVE-2018-0146 Cross Site Request Forgery Vulnerability
12465| [103017] Google Android Media Framework CVE-2017-13241 Information Disclosure Vulnerability
12466| [103016] Google Android Media Framework CVE-2017-13229 Multiple Remote Code Execution Vulnerabilities
12467| [103012] Google Android Media Framework CVE-2017-13239 Information Disclosure Vulnerability
12468| [103011] Google Android Media Framework CVE-2017-13240 Information Disclosure Vulnerability
12469| [102976] Google Android Media Framework Component Multiple Security Vulnerabilities
12470| [102960] Cisco Data Center Analytics Framework CVE-2018-0128 HTML Injection Vulnerability
12471| [102959] Cisco Data Center Analytics Framework CVE-2018-0129 Cross Site Scripting Vulnerability
12472| [102839] Google Android Framework CVE-2017-0846 Information Disclosure Vulnerability
12473| [102761] Google Android Media Framework CVE-2017-13187 Information Disclosure Vulnerability
12474| [102683] Oracle Financial Services Analytical Applications Reconciliation Framework Security Vulnerability
12475| [102563] Oracle Application Express CVE-2018-2699 Remote Security Vulnerability
12476| [102529] Google Android Media Framework CVE-2017-13201 Information Disclosure Vulnerability
12477| [102526] Google Android Media Framework CVE-2017-13207 Information Disclosure Vulnerability
12478| [102524] Google Android Media Framework Denial of Service and Information Disclosure Vulnerabilities
12479| [102523] Google Android Media Framework CVE-2017-13206 Information Disclosure Vulnerability
12480| [102522] Google Android Media Framework Denial of Service and Information Disclosure Vulnerabilities
12481| [102521] Google Android Media Framework CVE-2017-13202 Information Disclosure Vulnerability
12482| [102421] Google Android Media Framework Component CVE-2017-13183 Local Privilege Escalation Vulnerability
12483| [102414] Google Android Media Framework Component Multiple Security Vulnerabilities
12484| [102387] Microsoft .NET Framework CVE-2018-0764 Remote Denial of Service Vulnerability
12485| [102380] Microsoft .NET Framework CVE-2018-0786 Security Bypass Vulnerability
12486| [102131] Google Android Framework Multiple Privilege Escalation Vulnerabilities
12487| [102126] Google Android Media Framework Components Multiple Security Vulnerabilities
12488| [101897] Node.js ejs Package 'ejs.renderFile()' Function Remote Code Execution Vulnerability
12489| [101893] Node.js ejs Package 'ejs.renderFile()' function Denial of Service Vulnerability
12490| [101889] Node.js ejs Package 'ejs.renderFile()' function Cross Site Scripting Vulnerability
12491| [101881] Node.js CVE-2017-14919 Denial of Service Vulnerability
12492| [101775] Google Android Framework Multiple Privilege Escalation Vulnerabilities
12493| [101717] Google Android Media Framework Multiple Security Vulnerabilities
12494| [101627] HP ArcSight ESM and ArcSight ESM Express CVE-2017-14356 SQL Injection Vulnerability
12495| [101525] Cisco Expressway Series and Cisco TelePresence VCS CVE-2017-12287 Denial of Service Vulnerability
12496| [101514] Cisco Unified Contact Center Express CVE-2017-12288 Cross Site Scripting Vulnerability
12497| [101260] Node.js CVE-2015-7384 Unspecified Denial of Service Vulnerability
12498| [101190] Google Android Media Framework Multiple Security Vulnerabilities
12499| [101185] Node.js 'tough-cookie' Module CVE-2017-15010 Denial of Service Vulnerability
12500| [101151] Google Android Media Framework Multiple Security Vulnerabilities
12501| [101088] Google Android Media Framework Components Multiple Security Vulnerabilities
12502| [101086] Google Android Framework CVE-2017-0806 Security Bypass Vulnerability
12503| [101056] Node.js CVE-2017-14849 Security Bypass Vulnerability
12504| [100935] HP ArcSight ESM and ArcSight ESM Express Multiple Security Vulnerabilities
12505| [100742] Microsoft Windows .NET Framework CVE-2017-8759 Remote Code Execution Vulnerability
12506| [100691] Node.js 'qs' Module CVE-2017-1000048 Denial of Service Vulnerability
12507| [100673] Google Android Framework CVE-2017-0752 Privilege Escalation Vulnerability
12508| [100649] Google Android Media Framework Multiple Security Vulnerabilities
12509| [100385] Cisco Ultra Services Framework CVE-2017-6771 Information Disclosure Vulnerability
12510| [100220] Google Android Framework CVE-2017-0712 Privilege Escalation Vulnerability
12511| [100204] Google Android Media Framework Multiple Security Vulnerabilities
12512| [100090] Microsoft Windows Express Compressed Fonts CVE-2017-8691 Remote Code Execution Vulnerability
12513| [100083] IBM Worklight Framework CVE-2017-1500 Cross Site Scripting Vulnerability
12514| [99959] Node.js CVE-2017-11499 Denial of Service Vulnerability
12515| [99512] Cisco Ultra Services Framework AutoVNF Symbolic Link Handling Information Disclosure Vulnerability
12516| [99478] Google Android Media Framework Multiple Security Vulnerabilities
12517| [99470] Google Android Framework Multiple Remote Code Execution Vulnerabilities
12518| [99440] Cisco Ultra Services Framework CVE-2017-6711 Unauthorized Access Vulnerability
12519| [99436] Cisco Ultra Services Framework Staging Server Arbitrary Command Execution Vulnerability
12520| [99242] ExpressionEngine CVE-2017-0897 Insufficient Entropy Weakness
12521| [99201] Cisco Unified Contact Center Express CVE-2017-6722 Access Bypass Vulnerability
12522| [99033] SAP NetWeaver Composite Application Framework and Business Cross Site Scripting Vulnerability
12523| [99001] Cisco Ultra Services Framework CVE-2017-6680 Remote Security Bypass Vulnerability
12524| [98990] Cisco Ultra Services Framework Staging Server Default Credentials Security Bypass Vulnerability
12525| [98988] Cisco Ultra Services Framework CVE-2017-6686 Default Credentials Security Bypass Vulnerability
12526| [98981] Cisco Ultra Services Framework Element Manager CVE-2017-6687 Insecure Default Password Vulnerability
12527| [98980] Cisco Ultra Services Framework CVE-2017-6692 Insecure Default Password Vulnerability
12528| [98977] Cisco Ultra Services Framework CVE-2017-6681 Information Disclosure Vulnerability
12529| [98868] Google Android Media Framework Multiple Memory Corruption Vulnerabilities
12530| [98133] Google Android Framework Apis CVE-2017-0598 Information Disclosure Vulnerability
12531| [98126] Google Android Framework Apis CVE-2017-0593 Privilege Escalation Vulnerability
12532| [98117] Microsoft .NET Framework CVE-2017-0248 Security Bypass Vulnerability
12533| [97576] SAP Composite Application Framework Authorization Tool XML External Entity Injection Vulnerability
12534| [97565] SAP NetWeaver Java Archiving Framework Unspecified Cross Site Scripting Vulnerability
12535| [97469] Cisco Mobility Express 2800 and 3800 Series CVE-2016-9197 Local Security Bypass Vulnerability
12536| [97447] Microsoft Windows .NET Framework CVE-2017-0160 Remote Code Execution Vulnerability
12537| [97422] Cisco Mobility Express Software CVE-2017-3834 Default Credentials Security Bypass Vulnerability
12538| [97167] Yii framework CVE-2017-7271 Cross Site Scripting Vulnerability
12539| [97102] Node.js CVE-2014-9772 Cross Site Scripting Vulnerability
12540| [97014] Cisco Application-Hosting Framework CVE-2017-3852 Arbitrary File Creation Vulnerability
12541| [97013] Cisco Application-Hosting Framework CVE-2017-3851 Directory Traversal Vulnerability
12542| [96909] Cisco Mobility Express 1800 Access Point Series CVE-2017-3831 Authentication Bypass Vulnerability
12543| [96496] Node.js Minimatch Package 'pattern' Parameter Denial of Service Vulnerability
12544| [96436] Node.js mustache.js Package CVE-2015-8862 Cross Site Scripting Vulnerability
12545| [96435] Node.js send Package CVE-2015-8859 Information Disclosure Vulnerability
12546| [96434] Node.js handlebars.js Package CVE-2015-8861 Cross Site Scripting Vulnerability
12547| [96410] Node.js uglify-js Package CVE-2015-8857 Security Bypass Vulnerability
12548| [96409] Node.js uglify-js Package CVE-2015-8858 Denial of Service Vulnerability
12549| [96392] Node.js CVE-2015-8856 Cross Site Scripting Vulnerability
12550| [96389] Node.js ms Package CVE-2015-8315 Denial of Service Vulnerability
12551| [96225] Node-serialize Package For Node.js 'unserialize()' Function Remote Code Execution Vulnerability
12552| [96223] Serialize-to-js For Node.js 'deserialize()' Function Arbitrary Code Execution Vulnerability
12553| [96096] Google Android Framework APIs CVE-2017-0421 Information Disclosure Vulnerability
12554| [96056] Google Android Framework APIs Multiple Privilege Escalation Vulnerabilities
12555| [95786] Cisco Expressway Series and Cisco TelePresence VCS CVE-2017-3790 Denial of Service Vulnerability
12556| [95633] Cisco Mobility Express 2800 and 3800 Access Points CVE-2016-9220 Denial of Service Vulnerability
12557| [95631] Cisco Mobility Express 2800 and 3800 Access Points CVE-2016-9221 Denial of Service Vulnerability
12558| [95243] Google Android Framework APIs CVE-2017-0383 Remote Privilege Escalation Vulnerability
12559| [95144] Zend Framework 'zend-mail' Component Remote Code Execution Vulnerability
12560| [95072] Spring Framework CVE-2016-9878 Directory Traversal Vulnerability
12561| [95069] NetApp Snap Creator Framework CVE-2016-7172 Local Information Disclosure Vulnerability
12562| [94741] Microsoft .NET Framework CVE-2016-7270 Information Disclosure Vulnerability
12563| [94702] Google Android Framework APIs CVE-2016-6770 Remote Privilege Escalation Vulnerability
12564| [94255] Teradata Studio Express CVE-2016-7490 Insecure Temporary File Creation Vulnerability
12565| [94173] Google Android Framework APIs CVE-2016-6715 Privilege Escalation Vulnerability
12566| [93483] Node.js CVE-2016-5325 CRLF Injection Vulnerability
12567| [93307] Google Android Framework Listener CVE-2016-3921 Privilege Escalation Vulnerability
12568| [93302] Google Android Framework APIs CVE-2016-3912 Privilege Escalation Vulnerability
12569| [93191] Node.js CVE-2016-7099 Security Bypass Vulnerability
12570| [92993] Zend Framework CVE-2016-4861 Multiple SQL Injection Vulnerabilities
12571| [92402] WebNMS Framework Multiple Security Vulnerabilities
12572| [92274] Cisco TelePresence Video Communication Server Expressway Command Injection Vulnerability
12573| [92249] Google Android Framework APIs CVE-2016-2497 Remote Privilege Escalation Vulnerability
12574| [91994] Oracle Siebel UI Framework CVE-2016-5464 Remote Security Vulnerability
12575| [91988] Oracle Siebel UI Framework CVE-2016-5463 Remote Security Vulnerability
12576| [91981] Oracle Siebel UI Framework CVE-2016-5450 Remote Security Vulnerability
12577| [91973] Oracle Siebel UI Framework CVE-2016-5468 Remote Security Vulnerability
12578| [91954] Oracle Siebel UI Framework CVE-2016-5451 Remote Security Vulnerability
12579| [91894] Oracle Application Express CVE-2016-3467 Remote Security Vulnerability
12580| [91885] Oracle Application Express CVE-2016-3448 Remote Security Vulnerability
12581| [91802] Zend Framework 'Zend_Db_Select' Multiple SQL Injection Vulnerabilities
12582| [91769] KDE Frameworks CVE-2016-3100 Weak Permissions Local Privilege Escalation Vulnerability
12583| [91753] IBM SDK for Node.js CVE-2014-9748 Local Denial of Service Vulnerability
12584| [91687] Spring Security and Spring Framework CVE-2016-5007 Security Bypass Vulnerability
12585| [91669] Cisco Video Communication Server and Expressway CVE-2016-1444 Authentication Bypass Vulnerability
12586| [91655] Google Android Framework APIs CVE-2016-3759 Remote Privilege Escalation Vulnerability
12587| [91644] Google Android Parcels Framework APIs CVE-2016-3750 Privilege Escalation Vulnerability
12588| [91601] Microsoft .NET Framework CVE-2016-3255 XML External Entity Information Disclosure Vulnerability
12589| [91388] NetApp Snap Creator Framework CVE-2016-5372 Unspecified Cross-Site Request Forgery Vulnerability
12590| [91385] NetApp Snap Creator Framework CVE-2016-5710 Clickjacking Vulnerability
12591| [91246] Play Framework Cross Site Request Forgery Vulnerability
12592| [91070] TERASOLUNA Server Framework for Java CVE-2016-1183 Information Disclosure Vulnerability
12593| [90853] Spring Framework CVE-2015-3192 Denial-Of-Service Vulnerability
12594| [90852] Spring Framework CVE-2015-5211 Arbitrary Command Execution Vulnerability
12595| [90644] IBM SDK for Node.js CVE-2015-8860 Insecure Temporary File Creation Vulnerability
12596| [90339] Outlook Express CVE-2004-2694 Security Bypass Vulnerability
12597| [90026] Microsoft .NET Framework CVE-2016-0149 Information Disclosure Vulnerability
12598| [89856] Node.js CVE-2016-3956 Security Bypass Vulnerability
12599| [89599] Outlook Express CVE-2002-2202 Local Security Vulnerability
12600| [89248] MailSite Express CVE-2005-3288 Remote Security Vulnerability
12601| [89246] MailSite Express CVE-2005-3287 Remote Security Vulnerability
12602| [88692] .NET Framework CVE-2002-0409 Remote Security Vulnerability
12603| [88602] Outlook Express Book Control CVE-2005-4840 Denial-Of-Service Vulnerability
12604| [88431] MailSite Express CVE-2005-3428 Cross-Site Scripting Vulnerability
12605| [88427] MailSite Express CVE-2005-3429 Cross-Site Scripting Vulnerability
12606| [88359] Go Express Search CVE-1999-1009 Remote Security Vulnerability
12607| [87999] Calendar Express CVE-2005-4009 SQL-Injection Vulnerability
12608| [87512] Tivoli Storage Manager Express CVE-2009-3854 Remote Security Vulnerability
12609| [87300] Tivoli Storage Manager Express CVE-2006-6309 Denial-Of-Service Vulnerability
12610| [87122] Microsoft Outlook Express CVE-2003-0301 Denial-Of-Service Vulnerability
12611| [86957] Semver CVE-2015-8855 Regular Expression Denial of Service Vulnerability
12612| [86956] Node.js Marked Package CVE-2015-8854 Denial of Service Vulnerability
12613| [86716] Yana Framework CVE-2007-0516 Remote Security Vulnerability
12614| [86526] Zend Framework Multiple Insufficient Entropy Vulnerabilities
12615| [86214] Microsoft Atlas framework CVE-2007-2380 Denial-Of-Service Vulnerability
12616| [86201] Prototype Framework CVE-2007-2383 Denial-Of-Service Vulnerability
12617| [86200] Mochikit Framework CVE-2007-2381 Denial-Of-Service Vulnerability
12618| [85842] Google Android Framework CVE-2016-2426 Information Disclosure Vulnerability
12619| [85699] WordPress Titan Framework Plugin CVE-2014-6444 Multiple Cross Site Scripting Vulnerabilities
12620| [85515] Outlook Express CVE-2007-4040 Remote Security Vulnerability
12621| [84743] .NET Framework CVE-2008-5100 Security Bypass Vulnerability
12622| [84596] HP ArcSight ESM and ESM Express CVE-2016-1990 Unspecified Local Privilege Escalation Vulnerability
12623| [84492] HP ArcSight ESM and ArcSight ESM Express CVE-2016-1992 Information Disclosure Vulnerability
12624| [84357] HP ArcSight ESM and ArcSight ESM Express CVE-2016-1991 Arbitrary File Download Vulnerability
12625| [84075] Microsoft .NET Framework CVE-2016-0132 Security Bypass Vulnerability
12626| [83697] Application Framework CVE-2006-4256 Cross-Site Scripting Vulnerability
12627| [83619] Zend Framework Preview CVE-2006-5900 Cross-Site Scripting Vulnerability
12628| [83282] Node.js CVE-2016-2086 HTTP Request Smuggling Vulnerability
12629| [83141] Node.js CVE-2016-2216 HTTP Response Splitting Vulnerability
12630| [83046] Outlook Express CVE-1999-0967 Remote Security Vulnerability
12631| [82918] Outlook Express CVE-2001-1547 Remote Security Vulnerability
12632| [82738] Microsoft .NET Framework CVE-2016-0047 Information Disclosure Vulnerability
12633| [82717] Microsoft .NET Framework CVE-2016-0033 Stack Overflow Denial of Service Vulnerability
12634| [82421] .NET Framework CVE-2005-0509 Cross-Site Scripting Vulnerability
12635| [82400] Cisco Finesse Desktop and Unified Contact Center Express Unauthorized Access Vulnerability
12636| [82334] Tivoli Storage Manager Express CVE-2009-3854 Remote Security Vulnerability
12637| [82242] EXPRESSCLUSTER X CVE-2016-1145 Directory Traversal Vulnerability
12638| [82008] Cisco Unity Connection Web Framework CVE-2016-1300 Cross Site Scripting Vulnerability
12639| [81798] Cisco Unified Contact Center Express CVE-2016-1298 Cross Site Scripting Vulnerability
12640| [81525] Tivoli Provisioning Manager Express CVE-2007-6407 Cross-Site Scripting Vulnerability
12641| [80955] .NET Framework CVE-2008-3842 Cross-Site Scripting Vulnerability
12642| [80929] .NET Framework CVE-2008-3843 Cross-Site Scripting Vulnerability
12643| [80625] Java System Communications Express CVE-2009-0877 Cross-Site Scripting Vulnerability
12644| [80462] Horde Application Framework CVE-2009-3237 Cross-Site Scripting Vulnerability
12645| [80247] Tivoli Storage Manager Express CVE-2010-4604 Local Security Vulnerability
12646| [79312] Tivoli Storage Manager Express CVE-2009-3855 Remote Security Vulnerability
12647| [79197] Joomla! Framework Session Package CVE-2015-8566 Remote Code Execution Vulnerability
12648| [79185] Framework CVE-2009-4417 Remote Security Vulnerability
12649| [79088] Cisco TelePresence Video Communication Server Expressway Unauthorized Access Vulnerability
12650| [78817] Cisco Emergency Responder Web Framework CVE-2015-6407 Arbitrary File Upload Vulnerability
12651| [78701] Google Android Media Framework CVE-2015-6628 Remote Privilege Escalation Vulnerability
12652| [78698] Google Android Native Frameworks Library CVE-2015-6622 Multiple Privilege Escalation Vulnerabilities
12653| [78589] Metasploit Framework CVE-2011-1056 Local Security Vulnerability
12654| [78476] Unified Contact Center Express (CCX) CVE-2011-2583 Denial-Of-Service Vulnerability
12655| [78464] Tivoli Management Framework CVE-2011-2330 Remote Security Vulnerability
12656| [78209] Node.js CVE-2015-6764 Out of Bounds Denial of Service Vulnerability
12657| [78207] Node.js CVE-2015-8027 Unspecified Denial of Service Vulnerability
12658| [78090] Payflow Pro Express Checkout CVE-2012-5798 Remote Security Vulnerability
12659| [78088] Paypal Express Module CVE-2012-5795 Remote Security Vulnerability
12660| [77998] Spring Framework CVE-2013-7315 Denial-Of-Service Vulnerability
12661| [77975] Spring Framework CVE-2014-3625 Directory Traversal Vulnerability
12662| [77690] Zend Framework CAPTCHA Challenge Insufficient Entropy Vulnerability
12663| [77688] Zend Framework CVE-2015-7503 Information Disclosure Vulnerability
12664| [77482] Microsoft .NET Framework CVE-2015-6115 ASLR Security Bypass Vulnerability
12665| [77479] Microsoft .NET Framework CVE-2015-6099 Cross Site Scripting Vulnerability
12666| [77474] Microsoft .NET Framework CVE-2015-6096 XML Handling Information Disclosure Vulnerability
12667| [77056] Cisco TelePresence Video Communication Server Expressway Local Security Bypass Vulnerability
12668| [77054] Cisco TelePresence Video Communication Server Expressway Local Privilege Escalation Vulnerability
12669| [76901] TYPO3 Zend Framework Integration Extension File Disclosure Vulnerability
12670| [76784] Zend Framework MsSql and SQLite Multiple SQL Injection Vulnerabilities
12671| [76777] VBox Satellite Express CVE-2015-6923 Arbitrary Memory Write Privilege Escalation Vulnerability
12672| [76567] Microsoft .NET Framework Model View Controller CVE-2015-2526 Remote Denial of Service Vulnerability
12673| [76560] Microsoft .NET Framework CVE-2015-2504 Remote Privilege Escalation Vulnerability
12674| [76534] Cisco TelePresence Video Communication Server Expressway Local Command Injection Vulnerability
12675| [76481] Cisco TelePresence Video Communication Server Expressway Information Disclosure Vulnerability
12676| [76408] Cisco TelePresence Video Communication Server Expressway Arbitrary Code Execution Vulnerability
12677| [76399] Cisco TelePresence Video Communication Server Expressway Command Execution Vulnerability
12678| [76395] Cisco TelePresence Video Communication Server Expressway Command Injection Vulnerability
12679| [76366] Cisco TelePresence Video Communication Server Expressway Unauthorized Access Vulnerability
12680| [76353] Cisco TelePresence Video Communication Server Expressway Unauthorized Access Vulnerability
12681| [76352] Cisco TelePresence Video Communication Server Expressway Denial of Service Vulnerability
12682| [76351] Cisco TelePresence Video Communication Server Expressway Denial of Service Vulnerability
12683| [76350] Cisco TelePresence Video Communication Server Expressway Information Disclosure Vulnerability
12684| [76347] Cisco TelePresence Video Communication Server Expressway Denial of Service Vulnerability
12685| [76326] Cisco TelePresence Video Communication Server Expressway Information Disclosure Vulnerability
12686| [76270] Microsoft .NET Framework CVE-2015-2481 Privilege Escalation Vulnerability
12687| [76269] Microsoft .NET Framework CVE-2015-2480 Privilege Escalation Vulnerability
12688| [76268] Microsoft .NET Framework CVE-2015-2479 Privilege Escalation Vulnerability
12689| [76187] PCRE Regular Expression Handling Heap Buffer Overflow Vulnerability
12690| [76063] RETIRED: Microsoft .NET Framework Integer Overflow Vulnerability
12691| [75891] Oracle Agile PLM Framework CVE-2015-2644 Remote Security Vulnerability
12692| [75876] Oracle Siebel UI Framework CVE-2015-2587 Remote Security Vulnerability
12693| [75875] Oracle Siebel UI Framework CVE-2015-2649 Remote Security Vulnerability
12694| [75865] Oracle Application Express CVE-2015-2586 Remote Security Vulnerability
12695| [75864] Oracle Application Express CVE-2015-2655 HTML Injection Vulnerability
12696| [75845] Oracle Application Express CVE-2015-2585 Remote Security Vulnerability
12697| [75556] Node.js 'unicode.cc' Denial of Service Vulnerability
12698| [75349] Cisco Data Center Analytics Framework CVE-2015-4189 Cross Site Request Forgery Vulnerability
12699| [74704] Netty and Play Framework CVE-2015-2156 Session Hijacking Vulnerability
12700| [74663] Yii framework CVE-2015-3397 Cross Site Scripting Vulnerability
12701| [74626] SAP Business Rules Framework CVE-2015-3979 Unspecified Arbitrary Code Execution Vulnerability
12702| [74487] Microsoft .NET Framework CVE-2015-1673 Remote Privilege Escalation Vulnerability
12703| [74482] Microsoft .NET Framework CVE-2015-1672 Remote Denial of Service Vulnerability
12704| [74205] HotspotExpress HotExBilling Manager CVE-2015-3319 Information Disclosure Vulnerability
12705| [74054] HP Support Solution Framework CVE-2015-2114 Unspecified Remote Information Disclosure Vulnerability
12706| [74010] Microsoft .NET Framework CVE-2015-1648 Information Disclosure Vulnerability
12707| [73941] HotspotExpress HotExBilling Manager 'hotspotlogin.cgi' Cross Site Scripting Vulnerability
12708| [73036] Spring Framework CVE-2015-0201 Predictable Session ID Generation Weakness
12709| [72807] Drupal SMS Framework Module Cross Site Scripting Vulnerability
12710| [72270] Zend Framework Session Validators Security Bypass Vulnerability
12711| [72211] Oracle Siebel CVE-2015-0417 Remote Siebel UI Framework Vulnerability
12712| [72209] Oracle Siebel CVE-2015-0388 Remote Siebel UI Framework Vulnerability
12713| [72197] Oracle Siebel CVE-2015-0419 Remote Siebel UI Framework Vulnerability
12714| [72195] Oracle Siebel CVE-2014-6596 Remote Siebel UI Framework Vulnerability
12715| [72192] Oracle Siebel CVE-2015-0369 Remote Siebel UI Framework Vulnerability
12716| [72064] Node.js 'serve-static' Module Open Redirection Vulnerability
12717| [72057] Cisco TelePresence Video Communication Server and Expressway Remote Denial of Service Vulnerability
12718| [71431] Yii framework CmsInput Extension 'CmsInput.php' Cross Site Scripting Vulnerability
12719| [71054] Node.js dns-sync Library Arbitrary Command Execution Vulnerability
12720| [70979] Microsoft .NET Framework CVE-2014-4149 Remote Privilege Escalation Vulnerability
12721| [70875] EllisLab ExpressionEngine Core CVE-2014-5387 Multiple SQL Injection Vulnerabilities
12722| [70592] Cisco TelePresence VCS and Expressway CVE-2014-3370 Denial of Service Vulnerability
12723| [70590] Cisco TelePresence VCS and Expressway CVE-2014-3369 Remote Denial of Service Vulnerability
12724| [70589] Cisco TelePresence Video Communication Server (VCS) and Expressway Denial of Service Vulnerability
12725| [70378] Zend Framework CVE-2014-8088 Authentication Bypass Vulnerability
12726| [70351] Microsoft .NET Framework 'iriParsing' Remote Code Execution Vulnerability
12727| [70313] Microsoft .NET Framework ClickOnce CVE-2014-4073 Remote Privilege Escalation Vulnerability
12728| [70312] Microsoft .NET Framework CVE-2014-4122 ASLR Security Bypass Vulnerability
12729| [70115] Node.js qs Module Denial of Service Vulnerability
12730| [70113] Node.js qs Module Denial of Service Vulnerability
12731| [70105] Node.js syntax-error module 'eval()' Function Arbitrary Code Execution Vulnerability
12732| [70100] Node.js 'lib/send.js' Directory Traversal Vulnerability
12733| [70087] Slim PHP Framework 'SessionCookie.php' PHP Object Injection Vulnerability
12734| [70011] Zend Framework Sqlsrv Driver Multiple SQL Injection Vulnerabilities
12735| [69739] Cisco Unified Communications Manager Web Framework Cross Site Scripting Vulnerability
12736| [69659] Python robotframework-pabot Insecure Temporary File Creation Vulnerability
12737| [69603] Microsoft .NET Framework CVE-2014-4072 Remote Denial of Service Vulnerability
12738| [69462] RETIRED: IBM SDK for Node.js CVE-2014-5256 Remote Denial of Service Vulnerability
12739| [69145] Microsoft .NET Framework CVE-2014-4062 ASLR Security Bypass Vulnerability
12740| [68877] Cisco Security Manager Web Framework CVE-2014-3326 SQL Injection Vulnerability
12741| [68625] Oracle Siebel UI Framework CVE-2014-2491 Remote Security Vulnerability
12742| [68614] Oracle Siebel UI Framework CVE-2014-4205 Remote Security Vulnerability
12743| [68604] Oracle Siebel UI Framework CVE-2014-4230 Remote Security Vulnerability
12744| [68395] Yii Framework 'CDetailView' Attribute Arbitrary PHP Code Execution Vulnerability
12745| [68095] Spring Framework CVE-2014-0225 Remote Information Disclosure Vulnerability
12746| [68042] Spring Framework Unspecified Directory Traversal Vulnerability
12747| [68031] Zend Framework 'Zend_Db_Select::order()' Function SQL Injection Vulnerability
12748| [67902] DevExpress ASP.NET File Manager CVE-2014-2575 Directory Traversal Vulnerability
12749| [67677] NICE Recording eXpress Multiple Security Vulnerabilities
12750| [67624] TYPO3 Extbase Framework Information Disclosure Vulnerability
12751| [67569] Cisco Security Manager Web Framework Cross Site Scripting Vulnerability
12752| [67555] Cisco Identity Services Engine Web Framework CVE-2014-3275 SQL Injection Vulnerability
12753| [67286] Microsoft .NET Framework TypeFilterLevel CVE-2014-1806 Remote Privilege Escalation Vulnerability
12754| [67269] Red Hat JBoss Web Framework Kit Multiple Cross Site Scripting Vulnerabilities
12755| [67102] Cisco Unified Contact Center Express CVE-2014-2180 Arbitrary File Upload Vulnerability
12756| [67011] SAP Business Object Processing Framework for ABAP Security Bypass Vulnerability
12757| [66971] Zend Framework HTML Attributes Multiple Cross Site Scripting Vulnerabilities
12758| [66869] Oracle Agile PLM Framework CVE-2014-2445 Remote Security Vulnerability
12759| [66867] Oracle Agile PLM Framework CVE-2014-2464 Remote Security Vulnerability
12760| [66861] Oracle Agile PLM Framework CVE-2014-2466 Remote Security Vulnerability
12761| [66855] Oracle Agile PLM Framework CVE-2014-2467 Remote Security Vulnerability
12762| [66848] Oracle Siebel UI Framework CVE-2014-2468 Remote Security Vulnerability
12763| [66834] Oracle Agile PLM Framework CVE-2014-2465 Remote Security Vulnerability
12764| [66362] IBM Cognos Express CVE-2013-5444 Local Information Disclosure Vulnerability
12765| [66361] IBM Cognos Express CVE-2013-5445 Information Disclosure Vulnerability
12766| [66358] Zend Framework Multiple Information Disclosure and Security Bypass Vulnerabilities
12767| [66357] IBM Cognos Express CVE-2013-5443 Cross Site Request Forgery Vulnerability
12768| [66148] Spring Framework CVE-2014-0054 Multiple XML External Entity Injection Vulnerabilities
12769| [66137] Spring Framework 'FormTag.java' Cross Site Scripting Vulnerability
12770| [65802] Cisco Unified Contact Center Express CVE-2014-0746 Information Disclosure Vulnerability
12771| [65798] Cisco Unified Contact Center Express CVE-2014-0745 Cross Site Request Forgery Vulnerability
12772| [65797] Cisco Unified Contact Center Express CVE-2014-2102 Information Disclosure Vulnerability
12773| [65617] IBM WebSphere Dashboard Framework Security Bypass Vulnerability
12774| [65574] Restlet Framework XML Entity Expansion Denial of Service Vulnerability
12775| [65418] Microsoft .NET Framework CVE-2014-0295 ASLR Security Bypass Vulnerability
12776| [65417] Microsoft .NET Framework CVE-2014-0257 Remote Privilege Escalation Vulnerability
12777| [65415] Microsoft .NET Framework CVE-2014-0253 Remote Denial of Service Vulnerability
12778| [65101] Cisco TelePresence Video Communication Server Expressway Man in the Middle Vulnerability
12779| [65062] NCH Software Express Burn Plus '.EBP' File Handling Buffer Overflow Vulnerability
12780| [65051] Red Hat JBoss Web Framework Kit Information Disclosure Vulnerability
12781| [65049] Red Hat JBoss Web Framework Kit XML External Entity Information Disclosure Vulnerability
12782| [64948] Spring Framework 'JavaScriptUtils.javaScriptEscape()' Method Cross Site Scripting Vulnerability
12783| [64947] Spring Framework CVE-2013-6429 Multiple XML External Entity Injection Vulnerabilities
12784| [64417] IBM FileNet Business Process Framework XML Entity Parsing Information Disclosure Vulnerability
12785| [64208] Google Android Framework Fragment Injection Local Security Bypass Vulnerability
12786| [64028] Spring Framework 'JavaScriptUtils.javaScriptEscape()' Function Security Bypass Vulnerability
12787| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
12788| [63771] Limonade framework 'limonade.php' Local File Disclosure Vulnerability
12789| [63747] ZK Framework CVE-2013-5966 Cross Site Scripting Vulnerability
12790| [63486] Zend Framework IP Address Spoofing Multiple Security Vulnerabilities
12791| [63440] Horde Application Framework Cross Site Request Forgery Vulnerability
12792| [63229] Node.js CVE-2013-4450 Denial of Service Vulnerability
12793| [63186] Zikula Application Framework CVE-2013-6168 'returnpage' Parameter Cross Site Scripting Vulnerability
12794| [63045] Oracle Siebel CRM Siebel UI Framework CVE-2013-5768 Remote Security Vulnerability
12795| [63042] Oracle Siebel CRM Siebel UI Framework CVE-2013-5835 Remote Security Vulnerability
12796| [62820] Microsoft .NET Framework CVE-2013-3860 Remote Denial of Service Vulnerability
12797| [62807] Microsoft .NET Framework CVE-2013-3861 Remote Denial of Service Vulnerability
12798| [62785] McAfee Managed Agent 'FrameworkService.exe' Remote Denial of Service Vulnerability
12799| [62352] Play Framework XML External Entities Information Disclosure Vulnerability
12800| [62000] Restlet Framework Object Deserialization Remote Code Execution Vulnerability
12801| [61951] Spring Framework CVE-2013-4152 Multiple XML External Entity Injection Vulnerabilities
12802| [61787] Play Framework Session Encoding Spoofing Security Vulnerability
12803| [61741] Tridium Niagara AX Framework CVE-2012-3025 Information Disclosure Vulnerability
12804| [61694] Restlet Framework XML Deserialization Remote Code Execution Vulnerability
12805| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
12806| [61237] Oracle Agile PLM Framework CVE-2013-3823 Remote Security Vulnerability
12807| [61216] Oracle Agile Collaboration Framework CVE-2013-3824 Remote Security Vulnerability
12808| [61208] Oracle Agile PLM Framework CVE-2013-3822 Remote Security Vulnerability
12809| [61147] BMC Service Desk Express (SDE) Multiple SQL Injection and Cross Site Scripting Vulnerabilities
12810| [60937] Microsoft .NET Framework CVE-2013-3171 Remote Privilege Escalation Vulnerability
12811| [60935] Microsoft .NET Framework CVE-2013-3134 Remote Code Execution Vulnerability
12812| [60934] Microsoft .NET Framework CVE-2013-3133 Remote Privilege Escalation Vulnerability
12813| [60933] Microsoft .NET Framework CVE-2013-3132 Remote Privilege Escalation Vulnerability
12814| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
12815| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
12816| [59790] Microsoft .NET Framework CVE-2013-1337 Authentication Bypass Vulnerability
12817| [59789] Microsoft .NET Framework XML Digital Signature CVE-2013-1336 Security Bypass Vulnerability
12818| [59358] Cisco Unified Contact Center Express CVE-2013-1214 Information Disclosure Vulnerability
12819| [59134] Oracle Siebel CRM Siebel UI Framework CVE-2013-1510 Remote Vulnerability
12820| [59117] Oracle Siebel CRM Siebel UI Framework CVE-2013-2398 Remote Security Vulnerability
12821| [59098] Oracle Siebel CRM Siebel UI Framework CVE-2013-1543 Remote Security Vulnerability
12822| [59041] Hero Framework CVE-2013-2649 Multiple Cross-Site Scripting Vulnerabilities
12823| [58530] Zend Framework Multiple Security Vulnerabilities
12824| [57980] Zend Framework CVE-2012-6531 Multiple Remote Arbitrary File Access Vulnerabilities
12825| [57977] Zend Framework CVE-2012-6532 Multiple Remote Denial of Service Vulnerabilities
12826| [57847] Microsoft .NET Framework CVE-2013-0073 Remote Privilege Escalation Vulnerability
12827| [57678] Cisco Unity Express CVE-2013-1120 Cross Site Request Forgery Vulnerability
12828| [57677] Cisco Unity Express CVE-2013-1114 Cross Site Scripting Vulnerability
12829| [57656] SAP NetWeaver J2EE AdapterFramework Servlet Information Disclosure Vulnerability
12830| [57409] Oracle Agile PLM Framework CVE-2013-0370 Remote Security Vulnerability
12831| [57126] Microsoft .NET Framework CVE-2013-0002 Remote Privilege Escalation Vulnerability
12832| [57124] Microsoft .NET Framework CVE-2013-0001 Information Disclosure Vulnerability
12833| [57114] Microsoft .NET Framework CVE-2013-0003 Remote Privilege Escalation Vulnerability
12834| [57113] Microsoft .NET Framework CVE-2013-0004 Remote Privilege Escalation Vulnerability
12835| [57035] Hero Framework Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
12836| [57008] IBM Rational Automation Framework Security Bypass Vulnerability
12837| [56982] Zend Framework 'Zend_Feed' Component Information Disclosure Vulnerabilities
12838| [56881] Smartphone Pentest Framework Multiple Remote Command Execution Vulnerabilities
12839| [56707] Smartphone Pentest Framework CVE-2012-5697 Local Insecure File Permissions Vulnerability
12840| [56705] Smartphone Pentest Framework Multiple Security Vulnerabilities
12841| [56620] Yii Framework 'Search' Form Field SQL Injection Vulnerability
12842| [56464] Microsoft .NET Framework CVE-2012-4777 Remote Privilege Escalation Vulnerability
12843| [56463] Microsoft .NET Framework CVE-2012-4776 Remote Code Execution Vulnerability
12844| [56462] Microsoft .NET Framework CVE-2012-2519 DLL Loading Arbitrary Code Execution Vulnerability
12845| [56456] Microsoft .NET Framework CVE-2012-1896 Information Disclosure Vulnerability
12846| [56455] Microsoft .NET Framework CVE-2012-1895 Security Bypass Vulnerability
12847| [56333] TomatoCart PayPal Express Checkout Module Security Bypass Vulnerability
12848| [56030] Oracle Siebel UI Framework CVE-2012-3230 Remote Security Vulnerability
12849| [56014] Oracle Siebel UI Framework CVE-2012-3229 Remote Security Vulnerability
12850| [55978] Oracle E-Business Suite CVE-2012-3162 Local Oracle Applications Framework Vulnerability
12851| [55976] Oracle Agile PLM Framework CVE-2012-3154 Remote Security Vulnerability
12852| [55971] Oracle Agile PLM Framework CVE-2012-3161 Remote Security Vulnerability
12853| [55636] Zend Framework Multiple Cross Site Scripting Vulnerabilities
12854| [55254] Atlassian Bamboo OGNL Expression Injection Vulnerability
12855| [55242] Express Burn Project File Heap Based Buffer Overflow Vulnerability
12856| [55108] Atlassian JIRA FishEye and Crucible Plugins 'Third Party Frameworks' Security Bypass Vulnerability
12857| [55042] Niagara Framework Session Hijacking Vulnerability
12858| [54498] Oracle Application Express CVE-2012-1740 Remote Security Vulnerability
12859| [54472] MetaSploit Framework 'pcap_log' Plugin Local Privilege Escalation Vulnerability
12860| [54454] Niagara Framework Directory Traversal Vulnerability
12861| [54192] Zend Framework 'Zend_XmlRpc' Class Information Disclosure Vulnerability
12862| [53861] Microsoft .NET Framework Function Pointer Execution Remote Code Execution Vulnerability
12863| [53713] Restlet Framework XML External Entity Information Disclosure Vulnerability
12864| [53674] Yellow Duck Framework Local File Disclosure Vulnerability
12865| [53500] Travelon Express CMS Multiple Remote Vulnerabilities
12866| [53416] Node.js HTTP Parser Information Disclosure Vulnerability
12867| [53363] Microsoft .NET Framework Index Comparison Denial Of Service Vulnerability
12868| [53358] Microsoft .NET Framework Serialization CVE-2012-0162 Remote Code Execution Vulnerability
12869| [53357] Microsoft .NET Framework Serialization CVE-2012-0161 Remote Code Execution Vulnerability
12870| [53356] Microsoft .NET Framework Input Serialization CVE-2012-0160 Remote Code Execution Vulnerability
12871| [53204] Microsoft .NET Framework Parameter Validation Remote Integer Overflow Vulnerability
12872| [53104] Oracle Database Server CVE-2012-1708 Remote Application Express Vulnerability
12873| [53039] Joomla! JA T3 Framework Component Directory Traversal Vulnerability
12874| [52921] Microsoft .NET Framework Parameter Validation Remote Code Execution Vulnerability
12875| [52431] HP Data Protector Express Multiple Remote Code Execution Vulnerabilities
12876| [52375] Microsoft Expression 'wintab32.dll' DLL Loading Arbitrary Code Execution Vulnerability
12877| [52252] IBM Tivoli Provisioning Manager Express ActiveX Control Remote Code Execution Vulnerability
12878| [52248] Tivoli Provisioning Manager Express for Software Distribution Multiple SQL Injection Vulnerabilities
12879| [52121] SystemTap DWARF Expression Local Denial of Service Vulnerability
12880| [51940] Microsoft Silverlight & .NET Framework Heap Corruption Remote Code Execution Vulnerability
12881| [51938] Microsoft Silverlight & .NET Framework Unmanaged Objects Remote Code Execution Vulnerability
12882| [51762] FishEye and Crucible Webwork 2 Framework Remote Code Injection Vulnerability
12883| [51367] ExpressView Browser Plug-in Multiple Integer Overflow and Remote Code Execution Vulnerabilities
12884| [51203] Microsoft .NET Framework ASP.NET Forms CVE-2011-3417 Security Bypass Vulnerability
12885| [51202] Microsoft .NET Framework CVE-2011-3415 Form Authentication URI Open Redirection Vulnerability
12886| [51201] Microsoft .NET Framework CVE-2011-3416 ASP.NET Forms Authentication Bypass Vulnerability
12887| [50971] ISC DHCP Regular Expressions Denial of Service Vulnerability
12888| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
12889| [50846] Oracle Mojarra EL Expression Evaluation Security Bypass Vulnerability
12890| [50799] IBM System Storage TS3100 and TS3200 Tape Library Express Security Bypass Vulnerability
12891| [50714] JRuby Regular Expression Engine Cross Site Scripting Vulnerability
12892| [50363] Novell XTier Framework HTTP Header Remote Integer Overflow Vulnerability
12893| [50315] MetaSploit Framework 'project[name]' Field HTML Injection Vulnerability
12894| [50233] Oracle E-Business Suite CVE-2011-3519 Remote Oracle Applications Framework Vulnerability
12895| [50197] Oracle Database CVE-2011-3525 Remote Application Express Vulnerability
12896| [50110] Microsoft .NET Framework 'SaveAs()' Function Security Bypass Vulnerability
12897| [49999] Microsoft Silverlight & .NET Framework Inheritance Restriction Remote Code Execution Vulnerability
12898| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
12899| [49637] Microsoft .NET Framework ASP.NET '__VIEWSTATE' Replay Security Bypass Vulnerability
12900| [49536] Spring Framework and Spring Security Remote Security Bypass Vulnerability
12901| [49518] Microsoft Excel Conditional Expression CVE-2011-1989 Remote Code Execution Vulnerability
12902| [49491] Zikula Application Framework 'themename' Parameter Cross Site Scripting Vulnerability
12903| [48991] Microsoft .NET Framework 'System.Net.Sockets' Namespace Security Bypass Vulnerability
12904| [48985] Microsoft .NET Framework Chart Control Information Disclosure Vulnerability
12905| [48742] Oracle Database Server and Enterprise Manager Grid CVE-2011-2244 Security Framework Vulnerability
12906| [48739] Oracle Enterprise Manager Grid Control Security Framework Session Modification Vulnerability
12907| [48716] JBoss Seam Expression Language (EL) CVE-2011-2196 Remote Code Execution Vulnerability
12908| [48212] Microsoft Silverlight & .NET Framework Invalid Array Offset Remote Code Execution Vulnerability
12909| [48191] Horde Authentication Framework Composite Driver Authentication Bypass Vulnerability
12910| [48049] IBM Tivoli Management Framework 'opts' Argument Stack Buffer Overflow Vulnerability
12911| [47934] SystemTap DWARF Expression Handling Two Divide-By-Zero Denial of Service Vulnerabilities
12912| [47919] Zend Framework 'PDO_MySql' Security Bypass Vulnerability
12913| [47902] CiscoWorks Common Services Framework Help Servlet Cross Site Scripting Vulnerability
12914| [47834] Microsoft .NET Framework JIT Compiler Optimization NULL String Remote Code Execution Vulnerability
12915| [47783] Kay Framework Attribute Exchange Remote Security Bypass Vulnerability
12916| [47516] JBoss Seam Expression Language (EL) Remote Code Execution Vulnerability
12917| [47444] Oracle Sun Solaris 11 Express CVE-2011-0841 Remote Vulnerability
12918| [47223] Microsoft .NET Framework x86 JIT compiler Stack Corruption Remote Code Execution Vulnerability
12919| [46848] Zend Framework 'Zend_Tool_Project_Context_Zf_ViewScriptFile' Cross Site Scripting Vulnerability
12920| [46300] MetaSploit Framework Inherited Permission File Overwrite Local Privilege Escalation Vulnerability
12921| [45896] Oracle Sun Java System Communications Express CVE-2010-4456 Remote Web Mail Vulnerability
12922| [45864] Oracle Solaris 11 Express CVE-2010-4457 Remote CIFS Vulnerability
12923| [45830] SmoothWall Express 'ipinfo.cgi' Cross Site Scripting Vulnerability
12924| [45765] Cisco IOS CallManager Express (CME) (CVE-2009-5040) Denial of Service Vulnerability
12925| [45740] Macro Express Pro '.mxe' File Buffer Overflow Vulnerability
12926| [45617] libxml2 'XPATH' Expressions Memory Corruption Vulnerability
12927| [45391] IBM ENOVIA 'emxFramework.FilterParameterPattern' Cross Site Scripting Vulnerability
12928| [44799] Apple Mobile OfficeImport Framework Excel Record Memory Corruption Vulnerability
12929| [43910] Backbone Technology Expression Cross Site Scripting Vulnerabilities
12930| [43880] WebNMS Framework 'ReportViewAction.do' Cross Site Scripting Vulnerability
12931| [43781] Microsoft .NET Framework JIT Compiler Optimization Remote Code Execution Vulnerability
12932| [43316] Microsoft .NET Framework ASP.NET Padding Oracle Information Disclosure Vulnerability
12933| [43113] HP Data Protector Express (CVE-2010-3008) Local Privilege Escalation Vulnerability
12934| [43105] HP Data Protector Express Local Privilege Escalation Vulnerability
12935| [43017] RocketTheme Gantry Joomla! Framework 'moduleid' Parameter SQL Injection Vulnerability
12936| [43001] Horde Application Framework 'icon_browser.php' Cross-Site Scripting Vulnerability
12937| [42340] Play! Framework Directory Traversal Vulnerability
12938| [42295] Microsoft Silverlight & .NET Framework CLR Virtual Method Delegate Code Execution Vulnerability
12939| [42042] WebKit Regular Expression Handling Remote Memory Corruption Vulnerability
12940| [41994] JBoss Seam Parameterized EL Expressions Remote Code Execution Vulnerability
12941| [41887] EasyMail Objects 'SubmitToExpress()' Method Remote Stack Buffer Overflow Vulnerability
12942| [41625] Oracle E-Business Suite CVE-2010-0909 Remote Oracle Applications Framework Vulnerability
12943| [41621] Oracle Application Express CVE-2010-0892 Remote Vulnerability
12944| [41605] Oracle E-Business Suite CVE-2010-0908 Remote Oracle Applications Framework Vulnerability
12945| [41604] Oracle E-Business Suite CVE-2010-0912 Remote Oracle Applications Framework Vulnerability
12946| [41340] Open Text ECM 'Expression Builder' Cross Site Scripting Vulnerability
12947| [40954] Spring Framework 'class.classLoader' Code Injection Vulnerability
12948| [40684] Cisco Unified Contact Center Express CTI Messages Denial of Service Vulnerability
12949| [40680] Cisco Unified Contact Center Express Bootstrap Service Directory Traversal Vulnerability
12950| [40487] Microsoft Internet Explorer CSS 'expression' Remote Denial of Service Vulnerability
12951| [40052] RETIRED: Microsoft Windows Outlook Express and Windows Mail Integer Overflow Vulnerability
12952| [39974] PCRE Regular Expression Compiling Workspace Buffer Overflow Vulnerability
12953| [39927] Microsoft Outlook Express And Windows Mail Common Library Integer Overflow Vulnerability
12954| [39793] TaskFreak! Tirzen Framework 'LoadByKey()' SQL Injection Vulnerability
12955| [39717] Zikula Application Framework 'lang' Parameter Cross Site Scripting Vulnerability
12956| [39461] Oracle Sun Java System Communications Express CVE-2010-0885 Remote Address Book Vulnerability
12957| [39053] ViewVC Regular Expression Search Cross Site Scripting Vulnerability
12958| [38940] Cisco IOS For Communication Manager Express SCCP (CVE-2010-0586) Denial of Service Vulnerability
12959| [38936] Cisco IOS For Communication Manager Express SCCP (CVE-2010-0585) Denial of Service Vulnerability
12960| [38786] PostNuke FormExpress Module 'form_id' Parameter SQL Injection Vulnerability
12961| [38765] Trouble Ticket Express File Attachment Module Arbitrary Command Execution Vulnerability
12962| [38434] Website Baker 'framework/class.wb.php' Security Bypass Vulnerability
12963| [38084] IBM Cognos Express Hardcoded Credentials Security Bypass Vulnerability
12964| [37809] Zend Framework Multiple Input Validation Vulnerabilities and Security Bypass Weakness
12965| [37735] Oracle Application Express CVE-2010-0076 Remote Application Express Application Builder Vulnerabilit
12966| [37490] Calendar Express 'catid' Parameter SQL Injection Vulnerability
12967| [37351] Horde Application Framework Administration Interface 'PHP_SELF' Cross-Site Scripting Vulnerability
12968| [36926] Prototype JavaScript Framework Cross-Site Ajax Request Vulnerability
12969| [36812] Perl UTF-8 Regular Expression Processing Remote Denial of Service Vulnerability
12970| [36764] Oracle E-Business Suite CVE-2009-3402 Remote Oracle Applications Framework Vulnerability
12971| [36759] Oracle Database CVE-2009-1993 Application Express Unspecified Vulnerability
12972| [36648] Microsoft GDI+ .NET Framework Remote Code Execution Vulnerability
12973| [36618] Microsoft Silverlight and .NET Framework CLR Interface Handling Remote Code Execution Vulnerability
12974| [36617] Microsoft .NET Framework Type Verification Remote Code Execution Vulnerability
12975| [36611] Microsoft .NET Framework Pointer Verification Remote Code Execution Vulnerability
12976| [36571] Symantec SecurityExpressions Audit and Compliance Server Error Message HTML Injection Vulnerability
12977| [36570] Symantec SecurityExpressions Audit and Compliance Server Cross Site Scripting Vulnerability
12978| [36562] Sun Solaris IP(7P) Module and STREAMS Framework Local Denial Of Service Vulnerability
12979| [36498] Cisco Unified Communications Manager Express Extension Mobility Buffer Overflow Vulnerability
12980| [36346] Symantec Altiris eXpress NS SC Download ActiveX Control Arbitrary File Download Vulnerability
12981| [35924] PHP Fuzzer Framework Default Location Insecure Temporary File Creation Vulnerability
12982| [35891] Mozilla Firefox and Seamonkey Regular Expression Parsing Heap Buffer Overflow Vulnerability
12983| [35722] Google Chrome JavaScript Regular Expression Handling Remote Code Execution Vulnerability
12984| [35706] Cisco Unified Contact Center Express CRS Administration Interface Directory Traversal Vulnerability
12985| [35705] Cisco Unified Contact Center Express (CCX) Arbitrary Script Injection Vulnerability
12986| [35693] Oracle E-Business Suite CVE-2009-1982 Remote Oracle Applications Framework Vulnerability
12987| [35393] Zend Framework 'Zend_View::render()' Directory Traversal Vulnerability
12988| [34955] HP Data Protector Express 'dpwinsup.dll' Privilege Escalation Vulnerability
12989| [34702] Scorpio Framework 'baseAdminSite' Security Bypass Vulnerability
12990| [34314] Hitachi uCosminexus Portal Framework Multiple Vulnerabilities
12991| [34193] ExpressionEngine Avtaar Name HTML Injection Vulnerability
12992| [34155] Sun Java System Communications Express 'UWCMain' Cross Site Scripting Vulnerability
12993| [34154] Sun Java System Communications Express 'search.xml' Cross Site Scripting Vulnerability
12994| [34140] Sun Java System Messenger Express 'error' Parameter Cross-Site Scripting Vulnerability
12995| [34083] Sun Java System Communications Express Multiple HTML Injection Vulnerabilities
12996| [34077] IBM Tivoli Storage Manager Express and Enterprise Server Remote Buffer Overflow Vulnerability
12997| [33972] MySQL XPath Expression Remote Denial Of Service Vulnerability
12998| [33631] htmLawed CSS Expressions Unspecified Cross-Site Scripting Vulnerability
12999| [32780] Internet Explorer 8 CSS 'expression' Property Cross Site Scripting Filter Bypass Weakness
13000| [32702] Microsoft Outlook Express Malformed MIME Message Denial Of Service Vulnerability
13001| [32672] Kalptaru Infotech Product Sale Framework 'forum_topic_id' Parameter SQL Injection Vulnerability
13002| [31971] Extrakt Framework 'index.php' Cross Site Scripting Vulnerability
13003| [31829] Midgard Components Framework Multiple Unspecified Vulnerabilities
13004| [31644] DFFFrameworkAPI 'DFF_config[dir_include]' Parameter Multiple Remote File Include Vulnerabilities
13005| [31107] Horde Application Framework Forward Slash Insufficient Filtering Cross-Site Scripting Vulnerability
13006| [30585] Microsoft Outlook Express And Windows Mail MHTML Handler Information Disclosure Vulnerability
13007| [30263] Spring Framework Multiple Remote Vulnerabilities
13008| [30087] PCRE Regular Expression Heap Based Buffer Overflow Vulnerability
13009| [29476] Kaya CGI Framework HTTP Header Cross Site Scripting Vulnerability
13010| [28928] Perl Unicode '\Q...\E' Quoting Construct Regular Expression Buffer Overflow Vulnerability
13011| [28815] Apple Safari WebKit JavaScript Regular Expression Repetition Counts Buffer Overflow Vulnerability
13012| [28692] Wayport CyberCenter Express Authentication Bypass Vulnerability
13013| [28649] Sun Java System Messenger Express 'sid' Cross-Site Scripting Vulnerability
13014| [28591] Cisco Unified Communications Disaster Recovery Framework Remote Command Execution Vulnerability
13015| [28573] McAfee Common Management Agent 'FrameworkService.exe' Remote Denial of Service Vulnerability
13016| [28338] Apple Safari WebKit JavaScript Regular Expression Handling Buffer Overflow Vulnerability
13017| [28228] McAfee Framework ePolicy Orchestrator '_naimcomn_Log' Remote Format String Vulnerability
13018| [28153] Horde Framework Theme File Include Vulnerability
13019| [27942] Sun Solaris DTrace Dynamic Tracing Framework Information Disclosure Vulnerability
13020| [27325] Boost Library Regular Expression Remote Denial of Service Vulnerabilities
13021| [27235] IBM Tivoli Storage Manager Express Remote Heap Overflow Vulnerability
13022| [27128] ExpressionEngine HTTP Response Splitting and Cross Site Scripting Vulnerabilities
13023| [26898] PHP Security Framework Multiple Input Validation Vulnerabilities
13024| [26829] aurora framework Db_mysql.LIB SQL Injection Vulnerability
13025| [26800] Roundcube Webmail CSS Expression Input Validation Vulnerability
13026| [26727] PCRE Perl Compatible Regular Expression Subpattern Memory Allocation Denial Of Service Vulnerability
13027| [26725] PCRE Perl Compatible Regular Expressions Library POSIX Denial Of Service Vulnerability
13028| [26724] IBM Tivoli Provisioning Manager Express Username User Enumeration Weakness
13029| [26715] IBM Tivoli Provisioning Manager Express Multiple Cross Site Scripting Vulnerabilities
13030| [26550] PCRE Regular Expression Library UTF-8 Options Multiple Remote Denial of Service Vulnerabilities
13031| [26462] PCRE Regular Expression Library Multiple Integer and Buffer Overflow Vulnerabilities
13032| [26350] Perl Unicode Regular Expression Buffer Overflow Vulnerability
13033| [26346] PCRE Regular Expression Library Multiple Security Vulnerabilities
13034| [26194] Phpbasic basicFramework Includes.PHP Remote File Include Vulnerability
13035| [25996] Microsoft Expression Media Plaintext Password Storage Weakness
13036| [25908] Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability
13037| [24993] iExpress Munch Pro Login SQL Injection Vulnerability
13038| [24992] iExpress Property Pro Vir_Login.ASP SQL Injection Vulnerability
13039| [24811] Microsoft .NET Framework JIT Compiler Remote Buffer Overflow Vulnerability
13040| [24791] Microsoft .Net Framework Multiple Null Byte Injection Vulnerabilities
13041| [24778] Microsoft .NET Framework PE Loader Remote Buffer Overflow Vulnerability
13042| [24674] SAP Internet Communication Framework Multiple Cross-Site Scripting Vulnerabilities
13043| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
13044| [24444] Microsoft Windows CE .NET Compact Framework Components Multiple Vulnerabilities
13045| [24410] Microsoft Outlook Express Content Disposition Parsing Information Disclosure Vulnerability
13046| [24392] Microsoft Outlook Express MHTML URL Parsing Information Disclosure Vulnerability
13047| [23928] PHP Todo List Manager Regular Expressions Multiple Security Bypass Vulnerabilities
13048| [23558] IBM Tivoli Monitoring Express Universal Agent Multiple Heap Buffer Overflow Vulnerabilities
13049| [22985] Horde Framework and IMP Cleanup Cron Script Arbitrary File Deletion Vulnerability
13050| [22984] Horde Framework Login.PHP Cross-Site Scripting Vulnerability
13051| [22578] Calendar Express Search.PHP Cross-Site Scripting Vulnerability
13052| [22178] Yana Framework Guestbook Unspecified Security Bypass Vulnerability
13053| [21899] Apple DiskManagement Framework BOM Local Privilege Escalation Vulnerability
13054| [21706] OpenSER Parse_Expression Remote Buffer Overflow Vulnerability
13055| [21501] Microsoft Outlook Express Windows Address Book Contact Record Remote Code Execution Vulnerability
13056| [21059] SiteXpress E-Commerce System Dept.ASP SQL Injection Vulnerability
13057| [21053] Apple Safari JavaScript Regular Expression Match Remote Denial of Service Vulnerability
13058| [20840] Mirapoint Web Mail Expression() HTML Injection Vulnerability
13059| [20838] iPlanet Messaging Server Messenger Express Expression() HTML Injection Vulnerability
13060| [20832] Sun Java System Messenger Express Cross-Site Scripting Vulnerability
13061| [20753] Microsoft .NET Framework Request Filtering Bypass Vulnerability
13062| [20450] BlueShoes Framework GoogleSearch.PHP Remote File Include Vulnerability
13063| [19309] Cisco CallManager Express SIP User Directory Information Disclosure Vulnerability
13064| [19302] G3 Content Management Framework HTML Injection Vulnerability
13065| [18979] McAfee EPolicy Orchestrator Framework Service Directory Traversal Vulnerability
13066| [18845] Horde Application Framework Services Multiple Cross-Site Scripting Vulnerabilities
13067| [18771] Microsoft Internet Explorer OutlookExpress.AddressBook Denial of Service Vulnerability
13068| [18436] Horde Application Framework Multiple Cross-Site Scripting Vulnerabilities
13069| [18386] Adaptive Website Framework Remote File Include Vulnerability
13070| [18314] Calendar Express Month.PHP SQL Injection Vulnerability
13071| [18261] BlueShoes Framework Multiple Remote File Include Vulnerabilities
13072| [17786] FileProtection Express Authentication Bypass Vulnerability
13073| [17775] Cisco Unity Express Expired Password Privilege Escalation Vulnerability
13074| [17717] Outlook Express/Windows Mail MHTML URI Handler Information Disclosure Vulnerability
13075| [17459] Microsoft Outlook Express Windows Address Book File Parsing Buffer Overflow Vulnerability
13076| [17243] Microsoft .NET Framework SDK MSIL Tools Buffer Overflow Vulnerabilities
13077| [17240] Calendar Express Multiple Cross-Site Scripting Vulnerabilities
13078| [17168] WebLogic Server and WebLogic Express Invalid Login Attempts Weakness
13079| [17163] BEA WebLogic Server and WebLogic Express HTTP Response Splitting Vulnerability
13080| [17117] Horde Application Framework Go.PHP Information Disclosure Vulnerability
13081| [17085] IBM Tivoli Lightweight Client Framework Information Disclosure Vulnerability
13082| [16377] PMachine ExpressionEngine HTTP Referrer HTML Injection Vulnerability
13083| [16215] BEA WebLogic Server and WebLogic Express MBean Remote Information Disclosure Vulnerability
13084| [15937] Adaptive Website Framework Cross-Site Scripting Vulnerability
13085| [15810] Horde Application Framework CSV File Upload Code Execution Vulnerability
13086| [15806] Horde Application Framework Input Validation Vulnerabilities
13087| [15635] KBase Express Multiple SQL Injection Vulnerabilities
13088| [15271] Sun Java System Communications Express Information Disclosure Vulnerability
13089| [15231] Rockliffe MailSite Express Information Disclosure Vulnerability
13090| [15230] Rockliffe MailSite Express Arbitrary Script File Upload Vulnerability
13091| [15229] Rockliffe MailSite Express Message Body HTML Injection Vulnerability
13092| [15129] Rockliffe MailSite Express Arbitrary File Upload Vulnerability
13093| [15052] BEA WebLogic Server and WebLogic Express Multiple Vulnerabilities
13094| [14620] PCRE Regular Expression Heap Overflow Vulnerability
13095| [14505] Calendar Express Search.PHP Cross-Site Scripting Vulnerability
13096| [14504] Calendar Express Multiple SQL Injection Vulnerabilities
13097| [14455] Metasploit Framework MSFWeb Defanged Mode Restriction Bypass Vulnerability
13098| [14225] Microsoft Outlook Express Multiple Vulnerabilities
13099| [14194] IBM Tivoli Management Framework Endpoint Remote Denial Of Service Vulnerability
13100| [14075] Adobe Acrobat/Adobe Reader Safari Frameworks Folder Permission Escalation Vulnerability
13101| [13951] Microsoft Outlook Express NNTP Response Parsing Buffer Overflow Vulnerability
13102| [13837] Microsoft Outlook Express Attachment Processing File Extension Obfuscation Vulnerability
13103| [13717] BEA WebLogic Server and WebLogic Express Multiple Remote Vulnerabilities
13104| [13400] BEA WebLogic Server And WebLogic Express Administration Console Cross-Site Scripting Vulnerability
13105| [13202] Apple WebCore Framework XMLHttpRequests Remote Code Execution Vulnerability
13106| [12943] Horde Application Framework Parent Page Title Cross-Site Scripting Vulnerability
13107| [12548] BEA WebLogic Server And WebLogic Express Authentication Failure Information Disclosure Weakness
13108| [11546] Horde Application Framework Help Window Unspecified Cross-Site Scripting Vulnerability
13109| [11447] Microsoft Outlook Express Plaintext Email Security Policy Bypass Vulnerability
13110| [11426] Express-Web Content Management System Unspecified Cross-Site Scripting Vulnerability
13111| [11128] Cosminexus Portal Framework Information Disclosure Vulnerability
13112| [11040] Microsoft Outlook Express BCC Field Information Disclosure Vulnerability
13113| [10711] Microsoft Outlook Express Malformed Email Header Denial Of Service Vulnerability
13114| [10692] Microsoft Outlook Express Message Window Script Execution Vulnerability
13115| [10624] BEA WebLogic Server And WebLogic Express Application Role Unauthorized Access Vulnerability
13116| [10545] BEA WebLogic Server And WebLogic Express Java RMI Incorrect Session Inheritance Vulnerability
13117| [10544] BEA WebLogic Server And WebLogic Express Remote Denial of Service Vulnerability
13118| [10345] Microsoft Outlook Express URI Obfuscation Vulnerability
13119| [10328] BEA WebLogic Server And WebLogic Express Lowered Security Settings Vulnerability
13120| [10327] BEA WebLogic Server and WebLogic Express Denial of Service Vulnerability
13121| [10188] BEA WebLogic Server And WebLogic Express Configuration Log Files Plain Text Password Vulnerability
13122| [10185] BEA WebLogic Server/Express EJB Object Removal Denial Of Service Vulnerability
13123| [10184] BEA WebLogic Server and WebLogic Express Illegal URI Pattern Potential Bypass Vulnerability
13124| [10144] Microsoft Outlook/Outlook Express Remote Denial Of Service Vulnerability
13125| [10132] BEA WebLogic Server and WebLogic Express Certificate Chain User Impersonation Vulnerability
13126| [10131] BEA WebLogic Server/Express Potential Password Disclosure Weakness
13127| [10106] Ipswitch IMail Express Web Messaging Buffer Overrun Vulnerability
13128| [10098] Microsoft Outlook Express Malformed EML File Denial of Service Vulnerability
13129| [9709] Multiple Outlook/Outlook Express Predictable File Location Weaknesses
13130| [9673] Microsoft Outlook Express Arbitrary Program Execution Vulnerability
13131| [9506] WebLogic Server and Express HTTP TRACE Credential Theft Vulnerability
13132| [9503] BEA WebLogic Server/Express Potential Administrator Password Disclosure Weakness
13133| [9502] BEA WebLogic Server and Express SSL Client Privilege Escalation Vulnerability
13134| [9107] Microsoft Outlook Express MHTML Redirection Local File Parsing Vulnerability
13135| [9105] Microsoft Outlook Express MHTML Forced File Execution Vulnerability
13136| [9034] Multiple BEA WebLogic Server/Express Denial of Service and Information Disclosure Vulnerabilities
13137| [8760] SquirrelMail CSS JavaScript Expression MSIE Script Code Injection Vulnerability
13138| [8399] Horde Application Framework Account Hijacking Vulnerability
13139| [8320] BEA WebLogic Server and WebLogic Express User Impersonation Vulnerability
13140| [8281] Microsoft Outlook Express Script Execution Weakness
13141| [8143] Multiple BEA WebLogic Server/Express Vulnerabilities
13142| [8056] Zope Error-Handling Framework Cross-Site Scripting Vulnerability
13143| [7612] Sun Java Media Framework Unspecified Denial of Service Vulnerability
13144| [6959] Netscape JavaScript Regular Expression Denial Of Service Vulnerability
13145| [6923] Microsoft Outlook and Outlook Express Arbitrary Program Execution Vulnerability
13146| [6717] BEA Systems WebLogic Server and Express Session Sharing Vulnerability
13147| [5971] BEA WebLogic Server/Express/Integration Application Migration Security Policy Weakness
13148| [5944] Microsoft Outlook Express S/MIME Buffer Overflow Vulnerability
13149| [5846] BEA WebLogic Server and Express Inadvertent Security Removal Weakness
13150| [5819] BEA WebLogic Server and Express HTTP Response Information Disclosure Vulnerability
13151| [5682] Alleged Outlook Express Link Denial of Service Vulnerability
13152| [5473] Microsoft Outlook Express MHTML URL Handler File Rendering Vulnerability
13153| [5350] Microsoft Outlook Express XML File Attachment Script Execution Vulnerability
13154| [5277] Microsoft Outlook Express Spoofable File Extensions Vulnerability
13155| [5274] Microsoft Outlook Express SMTP Over TLS Information Disclosure Vulnerability
13156| [5235] IBM Tivoli Management Framework Endpoint Buffer Overflow Vulnerability
13157| [5233] IBM Tivoli Management Framework ManagedNode Buffer Overrun Vulnerability
13158| [5224] Pingtel Expressa Arbitrary Application Installation Vulnerability
13159| [5223] Pingtel Expressa Arbitrary Firmware Upgrade Vulnerability
13160| [5221] Pingtel Expressa Admin Account Login Session Timeout Vulnerability
13161| [5220] Pingtel Expressa Web Server Cross-Site Scripting Vulnerability
13162| [5214] Pingtel Expressa Default Blank Administrator Password Vulnerability
13163| [5159] BEA Systems WebLogic Server and Express Race Condition Denial of Service Vulnerability
13164| [4734] BEA WebLogic Server and Express File Disclosure Vulnerability
13165| [4733] BEA Systems WebLogic Server and Express Password Disclosure Vulnerability
13166| [4653] Microsoft Internet Explorer/Outlook Express XBM Handling DoS Vulnerability
13167| [4646] BEA Systems WebLogic Server and Express Null Character DOS Device Denial of Service Vulnerability
13168| [4645] BEA Systems WebLogic Server and Express URL Parsing Source Code Disclosure Vulnerability
13169| [4643] BEA Systems WebLogic Server and Express URL Parsing Path Disclosure Vulnerability
13170| [4584] Microsoft Outlook Express DOS Device Denial of Service Vulnerability
13171| [4191] Cisco IOS Cisco Express Forwarding Session Information Leakage Vulnerability
13172| [4092] Outlook Express Attachment Carriage Return/Linefeed Encapsulation Filtering Bypass Vulnerability
13173| [4029] eshare Expressions Directory Traversal Vulnerability
13174| [3611] Microsoft Outlook Express for Macintosh Buffer Overflow Vulnerability
13175| [3334] Microsoft Outlook Express 6 Plain Text Message Script Execution Vulnerability
13176| [3271] Outlook Express 6 Attachment Security Bypass Vulnerability
13177| [2823] Microsoft Outlook Express Address Book Spoofing Vulnerability
13178| [1647] Intel Express Switch 500 Series Malformed ICMP Packet DoS Vulnerability
13179| [1609] Intel Express Switch 500 series DoS
13180| [1502] Microsoft Outlook Express Persistent Mail-Browser Link Vulnerability
13181| [1501] Microsoft Outlook / Outlook Express Cache Bypass Vulnerability
13182| [1481] Microsoft Outlook / Outlook Express GMT Field Buffer Overflow Vulnerability
13183| [1394] Microsoft Internet Explorer and Outlook/Outlook Express Remote File Write Vulnerability
13184| [1378] BEA Systems WebLogic Server and Express Source Code Disclosure Vulnerability
13185| [1228] Intel Express 8100 ISDN Router Fragmented ICMP Vulnerability
13186| [1195] Microsoft Outlook 98 / Outlook Express 4.x Long Filename Vulnerability
13187| [962] MS Outlook Express 5 Javascript Email Access Vulnerability
13188| [883] Microsoft Outlook Express for MacOS HTML Attachment Automatic Download Vulnerability
13189| [800] Microsoft Outlook Express For Mac Download Vulnerability
13190| [749] Celtech ExpressFS USER Buffer Overflow Vulnerability
13191| [533] Microsoft Outlook Express for MacOS Change Current User Vulnerability
13192| [252] Outlook Express POP Denial of Service Vulnerability
13193|
13194| IBM X-Force - https://exchange.xforce.ibmcloud.com:
13195| [69688] Spring Framework expression information disclosure
13196| [86322] Restlet Framework XML deserialization code execution
13197| [86122] Multiple Cisco content network and video delivery products framework command execution
13198| [86121] Cisco Wide Area Application Services framework code execution
13199| [85756] Apache Struts OGNL expression command execution
13200| [85690] Oracle Solaris Kernel/STREAMS framework denial of service
13201| [85677] Oracle Agile PLM Framework Security information disclosure
13202| [85676] Oracle Agile Product Framework Folders & Files Attachment information disclosure
13203| [85675] Oracle Agile Collaboration Framework Manufacturing/Mfg Parts unspecified
13204| [85674] Oracle Agile PLM Framework Web Client (CS) unspecified
13205| [85666] Oracle Enterprise Manager Grid Control User Interface Framework unspecified
13206| [85635] BMC Service Desk Express multiple cross-site scripting
13207| [85634] BMC Service Desk Express multiple SQL injection
13208| [85242] Microsoft .NET Framework and Microsoft Silverlight privilege escalation
13209| [85241] Microsoft .NET Framework and Microsoft Silverlight code execution
13210| [85240] Microsoft .NET Framework and Microsoft Silverlight code execution
13211| [85239] Microsoft .NET Framework and Microsoft Silverlight privilege escalation
13212| [85238] Microsoft .NET Framework and Microsoft Silverlight privilege escalation
13213| [85237] Microsoft .NET Framework and Microsoft Silverlight code execution
13214| [84725] Horde Application Framework unspecified cross-site scripting
13215| [83879] Microsoft .NET Framework security bypass
13216| [83878] Microsoft .NET Framework spoofing
13217| [83685] Cisco Unified Contact Center Express information disclosure
13218| [83488] Oracle Siebel CRM Siebel UI Framework information disclosure
13219| [83484] Oracle Siebel CRM Siebel UI Framework information disclosure
13220| [83483] Oracle Siebel CRM Siebel UI Framework unspecified
13221| [83442] Oracle Database Application Express unspecified
13222| [83401] Hero Framework login and forgot_password pages cross-site scripting
13223| [82894] Zend Framework Zend\Db SQL injection
13224| [82893] Zend Framework Zend\Validate\Csrf component information disclosure
13225| [82892] Zend Framework Zend\Mvc data manipulation
13226| [82216] Fluid Extbase Development Framework extension for TYPO3 unserialize() code execution
13227| [82215] Fluid Extbase Development Framework extension for TYPO3 unspecified command execution
13228| [82103] Zend Framework SimpleXMLElement classes information disclosure
13229| [82102] Zend Framework circular references denial of service
13230| [81806] Cisco Unity Express unspecified cross-site request forgery
13231| [81805] Cisco Unity Express unspecified cross-site scripting
13232| [81751] Vaadin Framework Map parameter cross-site scripting
13233| [81667] Microsoft .NET Framework WinForms privilege escalation
13234| [81587] Kohana Framework Filebrowser.php directory traversal
13235| [81300] Oracle Siebel CRM Siebel UI Framework information disclosure
13236| [81277] Oracle Agile PLM Framework Security information disclosure
13237| [81276] Oracle E-Business Applications Framework unspecified
13238| [81273] Oracle E-Business Applications Framework unspecified
13239| [81268] Oracle E-Business Applications Framework security bypass
13240| [81267] Oracle Enterprise Manager User Interface Framework unspecified
13241| [81264] Oracle Enterprise Manager Policy Framework unspecified
13242| [80871] Microsoft .NET Framework permission privilege escalation
13243| [80870] Microsoft .NET Framework S.D.S.P. privilege escalation
13244| [80869] Microsoft .NET Framework Windows Forms privilege escalation
13245| [80868] Microsoft .NET Framework information disclosure
13246| [80866] Microsoft .NET Framework OData denial of service
13247| [80797] Hero Framework unspecified cross-site request forgery
13248| [80796] Hero Framework login and search pages cross-site scripting
13249| [80718] Zend Framework Zend_Feed information disclosure
13250| [80605] Smartphone Pentest Framework command execution
13251| [80315] Smartphone Pentest Framework btinstall privilege escalation
13252| [80314] Smartphone Pentest Framework config information disclosure
13253| [80313] Smartphone Pentest Framework guessPassword.pl cross-site request forgery
13254| [80312] Smartphone Pentest Framework multiple SQL injections
13255| [80311] Smartphone Pentest Framework frameworkgui command execution
13256| [80277] JRuby expression engine cross-site scripting
13257| [80266] Prado PHP Framework functional_tests.php directory traversal
13258| [80265] Yii Framework search form SQL injection
13259| [79956] PayPal Express module in osCommerce SSL spoofing
13260| [79735] IBM WebSphere Commerce Web Services framework denial of service
13261| [79692] Microsoft .NET Framework reflection privilege escalation
13262| [79691] Microsoft .NET Framework Web proxy code execution
13263| [79690] Microsoft .NET Framework DLL code execution
13264| [79689] Microsoft .NET Framework output information disclosure
13265| [79688] Microsoft .NET Framework reflection privilege escalation
13266| [79346] Oracle Siebel UI Framework Siebel Documentation information disclosure
13267| [79345] Oracle Siebel UI Framework Portal Framework information disclosure
13268| [79332] Oracle Agile PLM Framework ROLESPRV information disclosure
13269| [79331] Oracle Agile PLM Framework ATTACH information disclosure
13270| [79330] Oracle Agile PLM Framework Web Client (CS) unspecified
13271| [79326] Oracle E-Business Applications Framework information disclosure
13272| [79202] vOlk-Botnet Framework multiple cross-site scripting
13273| [79200] vOlk Botnet Framework pag and pais parameter SQL injection
13274| [78761] Zend Framework multiple scripts cross-site scripting
13275| [78379] IBM Rational Automation Framework Environment Wizard security bypass
13276| [78056] Express Burn .ebp file buffer overflow
13277| [77877] FishEye and Crucible third-party frameworks security bypass
13278| [77789] Niagara Framework information disclosure
13279| [77294] IBM WebSphere Commerce REST services framework security bypass
13280| [77149] Tridium Niagara AX Framework security bypass
13281| [77039] Oracle Siebel CRM UI Framework information disclosure
13282| [77038] Oracle Siebel CRM UI Framework information disclosure
13283| [77037] Oracle Siebel CRM UI Framework unspecified
13284| [77036] Oracle Siebel CRM UI Framework denial of service
13285| [77035] Oracle Siebel CRM UI Framework denial of service
13286| [77034] Oracle Siebel CRM Portal Framework unspecified
13287| [76992] Oracle Application Express APEX Listener information disclosure
13288| [76969] Metasploit Framework pcap_log privilege escalation
13289| [76947] Niagara Framework URL directory traversal
13290| [76743] Microsoft .NET Framework tilde denial of service
13291| [76533] Zend Framework Zend_XmlRpc class information disclosure
13292| [75941] Microsoft .NET Framework function code execution
13293| [75935] Restlet Framework XML entities unspecified
13294| [75865] Yellow Duck Framework index.php information disclosure
13295| [75674] WEB MART Internet Explorer CSS expressions cross-site scripting
13296| [75542] Travelon Express multiple file upload
13297| [75541] Travelon Express holiday_add.php and holiday_view.php cross-site scripting
13298| [75540] Travelon Express multiple scripts SQL injection
13299| [75493] Apple Mac OS X Security framework integer overflow
13300| [75487] Apple Mac OS X LoginUIFramework security bypass
13301| [75437] Node.js HTTP parser information disclosure
13302| [75339] Cisco Unified Contact Center Express network traffic denial of service
13303| [75134] Microsoft .NET Framework index denial of service
13304| [75133] Microsoft .NET Framework buffer code execution
13305| [75098] Microsoft .NET Framework EncoderParameter buffer overflow
13306| [74942] Oracle Database Application Express unspecified
13307| [74909] JA T3-Framework component for Joomla! index.php directory traversal
13308| [74527] TYPO3 Extbase framework unserialize() code execution
13309| [74377] Microsoft .NET Framework parameter code execution
13310| [74376] Microsoft .NET Framework input code execution
13311| [74375] Microsoft .NET Framework serialization code execution
13312| [73948] HP Data Protector Express code execution
13313| [73947] HP Data Protector Express code execution
13314| [73946] HP Data Protector Express code execution
13315| [73945] HP Data Protector Express code execution
13316| [73905] Jam Trax Express DLL code execution
13317| [73535] Microsoft Expression Design code execution
13318| [73034] IBM Tivoli Provisioning Manager Express for Software Distribution multiple SQL injection
13319| [73033] IBM Tivoli Provisioning Manager Express for Software Distribution ActiveX control (Isig.isigCtl.1) buffer overflow
13320| [72878] FishEye and Crucible Webwork 2 framework code injection
13321| [72848] Microsoft .NET Framework buffer overflow
13322| [72847] Microsoft .NET Framework and Microsoft Silverlight unmanaged objects code execution
13323| [72395] ExpressView Browser Plug-in SID file code execution
13324| [72394] ExpressView Browser Plug-in npexview.dll buffer overflow
13325| [71808] Microsoft .NET Framework SaveAs() security bypass
13326| [71711] Apache Struts OGNL expression code execution
13327| [71587] Hero Framework events script cross-site scripting
13328| [71577] CodeIgniter and ExpressionEngine xss_clean() cross-site scripting
13329| [71026] IBM TS3100 and TS3200 Tape Library Express Web management console authentication bypass
13330| [70976] Novell XTier Framework HTTP Header integer overflow
13331| [70799] Oracle Database Server Application Express APEX developer user unspecified
13332| [70795] Oracle E-Business Suite Oracle Applications Framework REST Services unspecified
13333| [70309] Zend Framework in Zend Server CE Validate.php path disclosure
13334| [70136] Mozilla Firefox, Thunderbird, and SeaMonkey YARR regular expression library denial of service
13335| [69687] Spring Framework and Spring Security object security bypass
13336| [69644] Zikula Application Framework index.php cross-site scripting
13337| [69496] Microsoft Excel expression code execution
13338| [68828] Microsoft .NET Framework socket information disclosure
13339| [68732] JBoss Seam Expression Language code execution
13340| [68212] Apple Mac OS X CoreFoundation framework buffer overflow
13341| [67959] Horde_Auth Framework composite authentication driver security bypass
13342| [67896] Google Chrome extension framework code execution
13343| [67858] IBM Tivoli Management Framework Tivoli Endpoint code execution
13344| [67752] Microsoft .NET Framework and Microsoft Silverlight XAML code execution
13345| [67539] Zend Framework MySQL PDO security bypass
13346| [67523] Cisco Unified Operations Manager Common Services Framework Help Servlet cross-site scripting
13347| [67411] Microsoft .NET Framework JIT compiler code execution
13348| [67360] Kay Framework Attribute Exchange (AX) security bypass
13349| [67269] Horde Application Framework Sql.php security bypass
13350| [67268] Horde Application Framework xss.php cross-site scripting
13351| [66951] Oracle Solaris Express TCP/IP unspecified
13352| [66949] Oracle Solaris Express LOFS unspecified
13353| [66944] Oracle Solaris Express Kernel/SPARC unspecified
13354| [66936] Oracle Solaris Express Kernel unspecified
13355| [66933] Oracle Solaris Express Kernel unspecified
13356| [66932] Oracle Solaris Express Kernel unspecified
13357| [66088] Zend Framework view script cross-site scripting
13358| [66010] Linux SCSI target framework (tgt) iscsi_rx_handler() denial of service
13359| [65171] Qcodo Development Framework unspecified path disclosure
13360| [64908] Microsoft .NET Framework JIT code execution
13361| [64815] Sun Java System Communications Express Web Mail unauthorized access
13362| [64729] SmoothWall Express reboot cross-site request forgery
13363| [64728] SmoothWall Express ipinfo.cgi cross-site scripting
13364| [64681] Cisco IOS CallManager Express denial of service
13365| [64562] Macro Express MXE buffer overflow
13366| [64311] Dassault Systemes ENOVIA emxFramework.FilterParameterPattern cross-site scripting
13367| [62493] Backbone Technology Expression section_copy_id parameter cross-site scripting
13368| [62265] MySQL expression values denial of service
13369| [62146] Microsoft .NET Framework JIT compiler code execution
13370| [62100] Horde Application Framework icon_browser.php cross-site request forgery
13371| [62099] Horde Application Framework icon_browser.php cross-site scripting
13372| [61869] OTRS regular expression denial of service
13373| [61711] HP Data Protector Express and HP Data Protector Express Single Server Edition DtbClsLogin buffer overflow
13374| [61710] HP Data Protector Express and HP Data Protector Express Single Server Edition PrvRecvRqu() denial of service
13375| [61625] Horde Application Framework subdir cross-site scripting
13376| [61470] Seagull PHP Framework multiple file include
13377| [61469] Seagull PHP Framework index.php SQL injection
13378| [61038] Play! Framework public directory traversal
13379| [60794] JBoss Seam expressions code execution
13380| [60766] Apple Safari regular expressions code execution
13381| [60735] Microsoft .NET Framework CLR code execution
13382| [60366] Diem Content Management Framework article_form_filter[name][text] parameter cross-site scripting
13383| [60364] Diem Content Management Framework value parameter cross-site scripting
13384| [60363] Diem Content Management Framework text parameter cross-site scripting
13385| [60319] Oracle E-Business Suite Oracle Applications Framework component unspecified
13386| [60316] Oracle E-Business Suite Oracle Applications Framework component unspecified
13387| [60314] Oracle E-Business Suite Oracle Applications Framework component unspecified
13388| [60298] Oracle Database Server Application Express component unspecified
13389| [60159] Open Text ECM Expression Builder cross-site scripting
13390| [59573] Spring Framework WebappClassLoader code execution
13391| [59415] ardeaCore PHP Framework ardeaInit.php file include
13392| [59277] Cisco Unified Contact Center Express bootstrap directory traversal
13393| [59276] Cisco Unified Contact Center Express CTI denial of service
13394| [59069] Microsoft Internet Explorer CSS expression denial of service
13395| [58334] Zikula Application Framework index.php cross-site request forgery
13396| [58224] Zikula Application Framework index.php cross-site scripting
13397| [58172] Microsoft Outlook Express and Windows Mail client integer overflow
13398| [58045] Perl regular expression engine integer overflow
13399| [57987] Sun Java System Communications Express subject cross-site request forgery
13400| [57749] Oracle Sun Product Suite Sun Java System Communications Express unspecified
13401| [57496] Linux SCSI Target Framework isns.c format string
13402| [57402] ViewVC regular expression search cross-site scripting
13403| [57054] Trouble Ticket Express ttx.cgi directory traversal
13404| [56989] ContentExpress module for PHP-Nuke index.php SQL injection
13405| [56884] Trouble Ticket Express ttx.cgi code execution
13406| [56883] Trouble Ticket Express ttx.cgi directory traversal
13407| [56549] Hitachi Cosminexus products Portal Framework cross-site scripting
13408| [56401] IBM Cognos Express Tomcat default password
13409| [56086] IBM Cognos Express Tomcat Manager default password
13410| [55782] SAP BusinessObjects framework cross-site scripting
13411| [55656] Zend Framework Zend_Json_Encoder cross-site scripting
13412| [55655] Zend Framework Zend_Json_Encoder cross-site scripting
13413| [55654] Zend Framework Zend_Service_ReCaptcha_MailHide cross-site scripting
13414| [55653] Zend Framework Zend_File_Transfer weak security
13415| [55646] Zend Framework Zend_Filter_StripTags cross-site scripting
13416| [55644] Zend Framework Zend_Dojo_View_Helper_Editor cross-site scripting
13417| [55643] Zend Framework multiple components cross-site scripting
13418| [55592] Oracle Database Application Express Application Builder information disclosure
13419| [55558] Calendar Express search.php cross-site scripting
13420| [55312] My Book express.php path disclosure
13421| [55187] Zend Framework Zend_Log_Writer_Mail weak security
13422| [55083] Calendar Express year.php SQL injection
13423| [53939] Perl UTF-8 expressions denial of service
13424| [53861] Oracle E-Business Suite Applications Framework component unspecified
13425| [53842] Oracle Database Application Express component unspecified
13426| [53669] Symantec SecurityExpressions Audit and Compliance Server error response cross-site scripting
13427| [53668] Symantec SecurityExpressions Audit and Compliance Server console cross-site scripting
13428| [53652] Prototype JavaScript framework (prototypejs) AJAX unspecified
13429| [53529] Microsoft Windows GDI+ .NET Framework API code execution
13430| [53448] Cisco IOS Communications Manager Express (CME) extension buffer overflow
13431| [53202] Horde Application Framework form library file overwrite
13432| [53179] Altirix eXpress NS SC Download ActiveX control code execution
13433| [53106] obophix FrameWork fonctions_racine.php file include
13434| [52784] Simple CMS FrameWork index.php SQL injection
13435| [52780] Microsoft .NET Framework CLR code execution
13436| [52254] PHP Fuzzer Framework output file code execution
13437| [52113] ASP.NET Framework component of Microsoft Windows HTTP denial of service
13438| [51890] Credit Card Number Pattern Found (American Express)
13439| [51765] Oracle E-Business Suite Applications Framework component unspecified
13440| [51731] Cisco Unified Contact Center Express (Cisco Unified CCX) server administration interface directory traversal
13441| [51730] Cisco Unified Contact Center Express (Cisco Unified CCX) server administrative interface cross-site scripting
13442| [51306] Zend Framework Zend_View::render() directory traversal
13443| [51250] WebNMS Framework report/ReportViewAction.do cross-site scripting
13444| [50965] IBM FileNet Content Manager Web Services Extensible Authentication Framework (WSEAF) security bypass
13445| [50689] Novell GroupWise WebAccess style expressions cross-site scripting
13446| [50658] Sun Java System Communications Express search.html and UWCMain cross-site scripting
13447| [50114] Scorpio Framework baseAdminSite security bypass
13448| [50083] Spring Framework data denial of service
13449| [50043] Oracle E-Business Suite Applications Framework unspecified system integrity
13450| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
13451| [49359] ExpressionEngine avatar cross-site scripting
13452| [49287] Sun Java System Messenger Express error cross-site scripting
13453| [49197] Sun Java System Communications Express message cross-site scripting
13454| [49188] IBM Tivoli Storage Manager Express adsmdll.dll buffer overflow
13455| [48517] htmLawed CSS expressions cross-site scripting
13456| [48294] Microsoft .NET Framework Type check code execution
13457| [48293] Microsoft .NET Framework CAS verification code execution
13458| [47992] Oracle E-Business Suite Applications Framework About Us Page information disclosure
13459| [47277] Microsoft Internet Explorer CSS expression property XSS filter bypass
13460| [47144] Product Sale Framework customer.forumtopic.php SQL injection
13461| [46695] Microsoft .NET Framework SN weak security
13462| [46499] IBM Metrica Service Assurance Framework ReportRequest cross-site scripting
13463| [46495] IBM Metrica Service Assurance Framework ReportTree and Launch cross-site scripting
13464| [46186] Extrakt Framework index.php cross-site scripting
13465| [45962] Midgard Components Framework multiple unspecified vulnerabilities
13466| [45907] Oracle Database Application Express component privilege escalation
13467| [45897] Oracle E-Business Suite Applications Framework component unspecified
13468| [45764] DFFFrameworkAPI DFF_config[dir_include] file include
13469| [44737] Red Hat Directory Server Directory Server Administration Express and Directory Server Gateway cross-site scripting
13470| [44281] BEA WebLogic Server and WebLogic Express LDAP denial of service
13471| [43778] Firebird expression denial of service
13472| [43411] Seagull PHP Framework config.php file upload
13473| [42774] Kaya CGI framework header injection
13474| [42679] Microsoft Outlook Express MHTML information disclosure
13475| [42332] Red Hat Directory Server and Fedora Directory Server regular expression buffer overflow
13476| [42054] Oracle E-Business Suite Applications Framework component unspecified information disclosure
13477| [42041] Oracle Application Express unspecified unauthorized access
13478| [41988] Oracle Application Express privilege escalation
13479| [41714] WoltLab Burning Board WoltLab Community Framework page and form parameters cross-site scripting
13480| [41713] WoltLab Burning Board WoltLab Community Framework exception handling information disclosure
13481| [41632] Multiple Cisco Devices Disaster Recovery Framework (DRF) command execution
13482| [41597] McAfee Common Management Agent FrameworkService.exe denial of service
13483| [41321] Apple Safari WebKit JavaScript regular expressions buffer overflow
13484| [41178] McAfee ePolicy Orchestrator Framework Service format string
13485| [40992] WebKit regular expression code execution
13486| [40772] Sun Solaris DTrace dynamic tracing framework information disclosure
13487| [40707] BEA WebLogic Server and WebLogic Express WSDL information disclosure
13488| [40702] BEA WebLogic and WebLogic Express servlet unauthorized access
13489| [40700] BEA WebLogic Server and WebLogic Express JMS messages security bypass
13490| [40697] BEA WebLogic Server and WebLogic Express login page session hijacking
13491| [40696] BEA WebLogic Server and WebLogic Express administration console cross-site scripting
13492| [40695] BEA WebLogic Server and WebLogic Express account lockout security bypass
13493| [40694] BEA WebLogic Server and WebLogic Express HttpClusterServlet and HttpProxyServlet privilege escalation
13494| [40692] BEA WebLogic Server and WebLogic Express proxy plugin denial of service
13495| [39663] ExpressionEngine index.php CRLF header injection
13496| [39604] IBM Tivoli Storage Manager (TSM) Express server buffer overflow
13497| [39498] PostgreSQL complex regular expressions denial of service
13498| [39497] PostgreSQL regular expressions denial of service
13499| [39442] ExpressionEngine index.php cross-site scripting
13500| [39084] PHPSecurityFramework multiple SQL injection
13501| [39083] PHPSecurityFramework base.inc.php remote file include
13502| [38999] aurora framework db_mysql.lib SQL injection
13503| [38866] IBM Tivoli Provisioning Manager Express username information disclosure
13504| [38864] IBM Tivoli Provisioning Manager Express multiple cross-site scripting
13505| [38713] Microsoft Internet Explorer ActiveX setExpression code execution
13506| [38582] PCRE regular expressions UTF-8 denial of service
13507| [38581] PCRE malformed regular expression multiple integer overflows
13508| [38426] PCRE malformed regular expression multiple integer overflows
13509| [38324] Microsoft Outlook and Outlook Express URI handling command execution
13510| [38274] PCRE non-UTF-8 regular expressions denial of service
13511| [38272] PCRE \Q\E regular expressions code execution
13512| [38270] Perl Unicode regular expressions buffer overflow
13513| [37396] php basic basicFramework id SQL injection
13514| [37395] php basic basicFramework includes file include
13515| [37044] Microsoft Expression Media password information disclosure
13516| [36811] Microsoft Outlook Express and Windows Mail NNTP response code execution
13517| [36472] Broderbund Expressit 3DGreetings Player ActiveX control buffer overflow
13518| [36321] BEA Weblogic Server and WebLogic Express headers denial of service
13519| [36319] BEA Weblogic Server and WebLogic Express unspecified denial of service
13520| [36307] Quiksoft EasyMail Objects ActiveX SubmitToExpress buffer overflow
13521| [35596] epesi framework upload feature file upload
13522| [35519] PHPIDS arithmetic expression and unclosed comment cross-site scripting
13523| [35499] Oracle Application Express CHECK_DB_PASSWORD SQL injection
13524| [35107] SAP Internet Communication Framework multiple cross-site scripting
13525| [34755] Microsoft Internet Explorer Outlook Express Address Book object denial of service
13526| [34639] Microsoft .NET Framework JIT Compiler service buffer overflow
13527| [34638] Microsoft .NET Framework NULL byte termination information disclosure
13528| [34637] Microsoft .NET Framework PE Loader service buffer overflow
13529| [34365] BEA Weblogic Server and WebLogic Express unspecified cross-site scripting
13530| [34291] BEA Weblogic Server and WebLogic Express LDAP brute force
13531| [34289] BEA WebLogic Server and WebLogic Express Administration Console insecure permissions
13532| [34288] BEA Weblogic Server and WebLogic Express configToScript information disclosure
13533| [34286] BEA WebLogic Server and WebLogic Express configuration information disclosure
13534| [34282] BEA WebLogic Server and WebLogic Express HttpProxyServlet and HttpClusterServlet unauthorized access
13535| [34278] BEA WebLogic Server and WebLogic Express SSL port denial of service
13536| [34275] phpTodo multiple .php scripts regular expressions security bypass
13537| [33800] Apple Mac OS X VideoConference framework buffer overflow
13538| [33013] Horde Application Framework login.php cross-site scripting
13539| [32005] Cadre PHP Web Framework class.Quick_Config_Browser.php file include
13540| [31895] PhP Generic Library and Framework membreManager.php file include
13541| [31837] Apple Mac OS X CFNetwork framework denial of service
13542| [31671] Yana Framework Guestbook unspecified security bypass
13543| [31603] BEA WebLogic Server and WebLogic Express proxy plug-in for Netscape Enterprise Server denial of service
13544| [31596] BEA WebLogic Server, WebLogic Express, WebLogic Platform, and BEA JRockit return address buffer overflow
13545| [31588] BEA WebLogic Server and WebLogic Express on Solaris 9 socket denial of service
13546| [31586] BEA WebLogic Server and WebLogic Express malformed header denial of service
13547| [31585] BEA WebLogic Server and WebLogic Express HTTP request information disclosure
13548| [31579] BEA WebLogic Server and WebLogic Express EJB security bypass
13549| [31578] BEA WebLogic Server and WebLogic Express EJB privilege escalation
13550| [31577] BEA WebLogic Server and WebLogic Express WSEE runtime security bypass
13551| [31576] BEA WebLogic Server and WebLogic Express jar update privilege escalation
13552| [31574] BEA WebLogic Server and WebLogic Express web.xml denial of service
13553| [31571] BEA WebLogic Server and WebLogic Express config.xml weak security
13554| [31569] BEA WebLogic Server and WebLogic Express .ear information disclosure
13555| [31563] BEA WebLogic Server and WebLogic Express WS-Security man-in-the-middle
13556| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
13557| [31035] OpenSER parse_expression buffer overflow
13558| [30770] Publicera Php5 Framework InputFilter::getString() function cross-site scripting
13559| [30769] Publicera Php5 Framework database classes SQL injection
13560| [30632] Apple Mac OS X Security Framework X.509 public key denial of service
13561| [30630] Apple Mac OS X Security Framework Secure Transport weak security
13562| [30265] SiteXpress E-commerce System dept.asp SQL injection
13563| [30108] Oracle Application Express WWV_FLOW_ITEM_HELP cross-site scripting
13564| [30107] Oracle Application Express NOTIFICATION_MSG cross-site scripting
13565| [30106] Oracle Application Express WWV_FLOW_UTILITIES SQL injection
13566| [30071] Zend Framework Preview testRedirections.php cross-site scripting
13567| [29929] Sun iPlanet Messaging Server Messenger Express expression cross-site scripting
13568| [29928] Mirapoint Web Mail expression() cross-site scripting
13569| [29860] Microsoft .NET Framework request filtering insecure
13570| [29429] BlueShoes Framework GoogleSearch.php file include
13571| [29227] Microsoft Outlook Express Windows Address Book (WAB) buffer overflow
13572| [28955] Mozilla Firefox, Thunderbird, and SeaMonkey JavaScript expression buffer overflow
13573| [28878] AIM Express detected
13574| [28658] Microsoft ASP.NET Framework HTTP cross-site scripting
13575| [28411] Horde Application Framework and Horde IMP index.php cross-site scripting
13576| [28409] Horde Application Framework and Horde IMP search.php cross-site scripting
13577| [28185] Cisco CallManager Express SIP information disclosure
13578| [27738] McAfee ePolicy Orchestrator EPO Framework service directory traversal
13579| [27599] Microsoft Internet Explorer OutlookExpress.AddressBook ActiveX object denial of service
13580| [27590] Horde Application Framework HTTP GET request tunneling cross-site scripting
13581| [27589] Horde Application Framework dereferrer, help, and problem reporting functions cross-site scripting
13582| [27586] BEA WebLogic Server or BEA WebLogic Express is running
13583| [27168] Horde Application Framework test.php and problem.inc cross-site scripting
13584| [26908] BlueShoes Framework multiple scripts file include
13585| [26802] Microsoft ASP.NET Framework App_Code folder information disclosure
13586| [26225] FileProtection Express authentication bypass
13587| [26165] Cisco Unity Express (CUE) expired account privilege escalation
13588| [26056] Oracle Enterprise Manager Reporting Framework unauthorized access
13589| [25808] Multiple Mozilla products JavaScript regular expression memory corruption
13590| [25535] Microsoft Outlook Express Windows Address Book file buffer overflow
13591| [25516] Horde Application Framework help viewer command execution
13592| [25467] Calendar Express search.php cross-site scripting
13593| [25348] BEA WebLogic Server and Express XML parser denial of service
13594| [25239] Horde Application Framework services/go.php information disclosure
13595| [24302] BEA WebLogic Server and Express SSL identity exposure
13596| [24301] BEA WebLogic Server and Express connection filter denial of service
13597| [24296] ExpressionEngine core.input.php cross-site scripting
13598| [24295] BEA WebLogic Server and Express log file information disclosure
13599| [24294] BEA WebLogic Server and Express Java MBean unauthorized access
13600| [24290] BEA WebLogic Server and Express password information disclosure
13601| [24011] Apple AirPort Express and Extreme network interface denial of service
13602| [23309] KBase Express multiple scripts allow SQL injection
13603| [23205] Horde Application Framework MIME viewer cross-site scripting
13604| [23129] Microsoft Outlook Express news server information disclosure
13605| [23061] Horde Application Framework error message cross-site scripting
13606| [22941] Sun Java Communications Express configuration file information disclosure
13607| [22908] Rockliffe`s MailSite Express AttachPath obtain information
13608| [22907] Rockliffe`s MailSite Express attachment script execution
13609| [22906] Rockliffe`s MailSite Express cookie plaintext password
13610| [22770] MailSite Express allows attached file to be uploaded
13611| [22719] BEA WebLogic Server and Express invalid login brute force
13612| [22718] BEA WebLogic Server and Express servlet relative forwarding denial of service
13613| [22716] BEA WebLogic Server and Express HTTP request smuggling
13614| [22595] BEA WebLogic Server and Express MBean file audits may fail
13615| [22593] BEA WebLogic Server and Express multicast message information disclosure
13616| [22592] BEA WebLogic Server and Express weblogic.Deployer information disclosure
13617| [22591] BEA WebLogic Server and Express allows admin user to be locked out
13618| [22590] BEA WebLogic Server and Express IIOP protocol information disclosure
13619| [22588] BEA WebLogic Server and Express password disclosure
13620| [22586] BEA WebLogic Server and Express system properties disclosure
13621| [22584] BEA WebLogic Server and Express fullyDelegateAuthorization could allow access to servlet
13622| [22582] BEA WebLogic Server and Express Configuration Wizard information disclosure
13623| [22579] BEA WebLogic Server and Express security policy import
13624| [22577] BEA WebLogic Server and Express restriction of servlet allows access to files
13625| [22575] BEA WebLogic Server and Express internal servlet allows unauthorized access
13626| [22574] BEA WebLogic Server and Express privilege escalation
13627| [22573] BEA WebLogic Server and Express passphrase in plain text
13628| [22572] BEA WebLogic Server and Express IP address disclosure
13629| [22571] BEA WebLogic Server and Express audit events allow security bypass
13630| [22569] BEA WebLogic Server and Express Deployer allows elevated privileges
13631| [22568] BEA WebLogic Server and Express connection disclosure
13632| [22567] BEA WebLogic Server and Express SSL password disclosure
13633| [22563] BEA WebLogic Server and Express thread handling denial of service
13634| [22041] BEA WebLogic Server and Express LDAP anonymous bind information disclosure
13635| [21984] BEA WebLogic Server and Express View Error Log cross-site scripting
13636| [21744] Calendar Express allwords parameter cross-site scripting
13637| [21741] PHP Lite Calendar Express multiple scripts SQL injection
13638| [21351] IBM Tivoli Management Framework endpoint denial of service
13639| [20830] Microsoft Outlook Express NNTP Response Parsing buffer overflow
13640| [20802] BEA WebLogic Server and Express login page cross-site scripting
13641| [20793] BEA WebLogic Server and Express Web application allows unauthorized access
13642| [20769] BEA WebLogic Server and Express loop denial of service
13643| [20708] BEA WebLogic Server and Express error page cross-site scripting
13644| [20706] BEA WebLogic Server and Express incorrect cookie parsing
13645| [20704] BEA WebLogic Server and Express identity thread manipulation
13646| [20703] BEA WebLogic Server and Express JDBC pool modification
13647| [20693] Microsoft ASP.NET Framework SQL injection
13648| [20692] Microsoft ASP.NET Framework full path disclosure
13649| [20409] Microsoft ASP.NET Framework ViewState replay
13650| [20408] Microsoft ASP.NET Framework _VIEWSTATE denial of service
13651| [20390] Apple Mac OS X Foundation Framework buffer overflow
13652| [19539] BEA WebLogic Server and Express banner has been enabled
13653| [19373] Microsoft Internet Explorer and Outlook Express status bar spoofing
13654| [19321] BEA Web Logic Server and Express authentication disclosure
13655| [19190] PhxStudent15.ocx ActiveX control can be used to modify Outlook Express accounts
13656| [18865] Apple AirPort Extreme and Express WDS denial of service
13657| [17881] Horde Application Framework help window cross-site scripting
13658| [17737] Express-Web cross-site scripting
13659| [17644] Microsoft ASP.NET Framework bypass security
13660| [17360] BEA WebLogic Server and Express allow access to restricted URLs
13661| [17359] BEA WebLogic Server and Express RMI admin command execute
13662| [17358] BEA WebLogic Server and Express utilities and tasks plaintext password
13663| [17357] BEA WebLogic Server and Express password disclosure
13664| [17356] BEA WebLogic Server and Express HTTP version disclosure
13665| [17354] BEA WebLogic Server and Express errors result in incomplete security
13666| [17352] BEA WebLogic Server and Express Active Directory LDAP fails to remove admin privileges
13667| [17350] BEA WebLogic Server and Express JNDI unbinding objects to obtain information
13668| [17348] BEA WebLogic Server and Express administration port plaintext information
13669| [17278] Hitachi Cosminexus Portal Framework information disclosure
13670| [17098] Microsoft Outlook Express address information disclosure
13671| [16708] Microsoft Outlook Express code execution
13672| [16585] Microsoft Outlook Express malformed email header denial of service
13673| [16534] BEA WebLogic Server and Express bypass asterisk role
13674| [16421] BEA WebLogic Server and Express allows unexpected user identity
13675| [16419] BEA WebLogic Server and Express SSL denial of service
13676| [16168] Microsoft Outlook Express SMTP usernames and passwords disclosure
13677| [16123] BEA WebLogic Server and Express unauthorized access to Web applications
13678| [16121] BEA WebLogic Server and Express bypass server policy
13679| [16102] Microsoft Internet Explorer and Outlook Express A HREF URL spoofing
13680| [15928] BEA WebLogic Server and Express allows EJB object deletion
13681| [15927] BEA WebLogic Server and Express URL pattern syntax information disclosure
13682| [15865] BEA WebLogic Server and Express allows administrator or operator privileges
13683| [15862] BEA WebLogic Server and Express custom trust manager certificate spoofing
13684| [15861] BEA WebLogic Server and Express Authentication provider allows elevated privileges
13685| [15860] BEA WebLogic Server and Express config.xml files stores usernames and passwords in plain text
13686| [15841] Ipswitch IMail Express HTML message buffer overflow
13687| [15809] Microsoft Outlook Express MS04-013 patch is not installed
13688| [15705] Microsoft Outlook Express MHTML URL allows execution of code
13689| [15698] Microsoft Internet Explorer and Outlook Express URL FORM spoofing
13690| [14962] BEA WebLogic Server and Express users with Operator permissions information disclosure
13691| [14961] BEA WebLogic Server and Express config.xml file stores password in plain text
13692| [14959] BEA WebLogic Server and Express HTTP TRACE cross-site scripting
13693| [14957] BEA WebLogic Server and Express managed server password disclosure
13694| [14364] HelpExpress opens advertisements and obtains information
13695| [14142] SIP Express Router REGISTERs denial of service
13696| [13747] BEA WebLogic Server and Express using the T3S protocol allows network monitoring to obtain information
13697| [12947] Horde Application Framework could disclose session ID
13698| [12920] BEA WebLogic Server and Express, WebLogic Integration, and Liquid Data console application cross-site scripting
13699| [12799] BEA WebLogic Server and Express could allow an attacker to gain elevated privileges
13700| [12020] Sun Java Media Framework Java Virtual Machine could allow unauthorized privileges
13701| [11632] MyTaxexpress .ret file could allow an attacker to obtain sensitive information
13702| [10947] monopd messaging framework buffer overflow
13703| [10500] Microsoft Outlook Express fails to delete messages from dbx files
13704| [10454] IBM Web Traffic Express (WTE) HTTP header injection cross-site scripting
13705| [10453] IBM Web Traffic Express (WTE) HTML tag cross-site scripting
13706| [10452] IBM Web Traffic Express (WTE) /cgi-bin/helpout.exe denial of service
13707| [10338] Microsoft Outlook Express S/MIME certificate buffer overflow
13708| [10067] Microsoft Outlook Express "
13709| [10033] Microsoft Outlook Express S/MIME spoofed CA certificate man-in-the-middle attack
13710| [9724] Microsoft Outlook Express could allow the execution of XML files within the Temporary Internet File (TIF) directory
13711| [9643] Microsoft Outlook Express malformed MIME headers could allow file type, size, and icon spoofing
13712| [9556] IBM Tivoli Management Framework TMR ManagedNode buffer overflow
13713| [9555] IBM Tivoli Management Framework TMR Endpoint buffer overflow
13714| [9089] Microsoft Internet Explorer and Outlook Express BGSOUND tag could allow an attacker to obtain sensitive information
13715| [9088] Microsoft Internet Explorer and Outlook Express IFRAME tag could allow attacker to send data to a DOS device
13716| [9087] Microsoft Internet Explorer and Outlook Express BGSOUND DOS device reference could cause a denial of service
13717| [8969] Microsoft Internet Explorer and Outlook Express malformed XBM file denial of service
13718| [8926] Microsoft Outlook Express POP3 message containing two "
13719| [8808] Microsoft Outlook Express allows attacker to create false attachment by changing icon
13720| [8296] Cisco IOS using Cisco Express Forwarding could allow an attacker to obtain sensitive information
13721| [8198] Microsoft Outlook Express <
13722| [8079] eShare Expressions "
13723| [7670] Microsoft Outlook Express allows blocked attachments to be opened when the message is forwarded
13724| [7648] Microsoft Outlook Express for Macintosh long message line buffer overflow
13725| [7118] Microsoft Outlook Express "
13726| [7052] Microsoft Outlook Express 6 file attachment security feature bypass
13727| [6655] Microsoft Outlook and Outlook Express Address Book allows attacker to spoof emails
13728| [5588] BEA WebLogic Server and Express could allow users to bypass authentication
13729| [5490] Intel Express Switch 500 series malformed ICMP packet denial of service
13730| [5175] Microsoft Outlook and Outlook Express vCards buffer overflow
13731| [5154] Intel Express Switch 550F malformed IP header denial of service
13732| [5013] Microsoft Outlook and Outlook Express cache bypass
13733| [4818] Intel Express 8100 ISDN Router remote denial of service
13734| [4446] Microsoft Outlook Express filename overflow could allow attacker to execute files
13735| [3955] Disney`s Go Express search program could expose the user`s privacy
13736| [2685] Microsoft Outlook Express long file name patch not applied
13737| [1740] ColdFusion Expression Evaluator allows remote file manipulation
13738| [1627] Squid regular expression ACLs can be bypassed
13739|
13740| Exploit-DB - https://www.exploit-db.com:
13741| [30983] ExpressionEngine 1.2.1 HTTP Response Splitting and Cross Site Scripting Vulnerabilities
13742| [30893] PHP Security Framework Multiple Input Validation Vulnerabilities
13743| [30877] Roundcube Webmail 0.1 CSS Expression Input Validation Vulnerability
13744| [30707] Phpbasic basicFramework 1.0 Includes.PHP Remote File Include Vulnerability
13745| [30281] Microsoft .Net Framework <= 2.0 - Multiple Null Byte Injection Vulnerabilities
13746| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
13747| [29921] Zend-Framework - Full Info Disclosure
13748| [29746] Horde Framework and IMP 2.x/3.x Cleanup Cron Script Arbitrary File Deletion Vulnerability
13749| [29745] Horde Framework <= 3.1.3 Login.PHP Cross-Site Scripting Vulnerability
13750| [29606] Calendar Express Search.PHP Cross-Site Scripting Vulnerability
13751| [29010] SiteXpress E-Commerce System Dept.ASP SQL Injection Vulnerability
13752| [29007] Apple Safari 2.0.4 JavaScript Regular Expression Match Remote Denial of Service Vulnerability
13753| [28891] Mirapoint Web Mail Expression() HTML Injection Vulnerability
13754| [28890] iPlanet Messaging Server Messenger Express Expression() HTML Injection Vulnerability
13755| [28887] Sun Java System 6.x Messenger Express Cross-Site Scripting Vulnerability
13756| [28781] BlueShoes Framework 4.6 GoogleSearch.PHP Remote File Include Vulnerability
13757| [28144] Microsoft Internet Explorer 6.0 OutlookExpress.AddressBook Denial of Service Vulnerability
13758| [28008] Adaptive Website Framework 1.11 Remote File Include Vulnerability
13759| [27990] Calendar Express 2.2 Month.PHP SQL Injection Vulnerability
13760| [27745] Outlook Express 5.5/6.0,Windows Mail MHTML URI Handler Information Disclosure Vulnerability
13761| [27476] Microsoft .NET Framework SDK 1.0/1.1 MSIL Tools Buffer Overflow Vulnerabilities
13762| [27127] PMachine ExpressionEngine 1.4.1 HTTP Referrer HTML Injection Vulnerability
13763| [26806] BMC Service Desk Express 10.2.1.95 - Multiple Vulnerabilities
13764| [26654] KBase Express 1.0 - Multiple SQL Injection Vulnerabilities
13765| [26115] Calendar Express 2.2 Search.PHP Cross-Site Scripting Vulnerability
13766| [26114] PHP Lite Calendar Express 2.2 subscribe.php cid Parameter SQL Injection
13767| [26113] PHP Lite Calendar Express 2.2 auth.php cid Parameter SQL Injection
13768| [26112] PHP Lite Calendar Express 2.2 login.php cid Parameter SQL Injection
13769| [25784] Microsoft Outlook Express 4.x/5.x/6.0 Attachment Processing File Extension Obfuscation Vulnerability
13770| [25546] BEA WebLogic Server 8.1 And WebLogic Express Administration Console Cross-Site Scripting Vulnerability
13771| [24687] Microsoft Outlook Express 4.x/5.x/6.0 Plaintext Email Security Policy Bypass Vulnerability
13772| [24449] Cisco Unity Express Multiple Vulnerabilities
13773| [24436] Kohana Framework 2.3.3 - Directory Traversal Vulnerability
13774| [24158] Oracle Application Framework Diagnostic Mode Bypass Vulnerability
13775| [24118] Microsoft Outlook Express 6.0 URI Obfuscation Vulnerability
13776| [24002] Microsoft Outlook Express 6.0 - Remote Denial of Service Vulnerability
13777| [23401] Microsoft Outlook Express 6.0 MHTML Forced File Execution Vulnerability (2)
13778| [23400] Microsoft Outlook Express 6.0 MHTML Forced File Execution Vulnerability (1)
13779| [22959] Microsoft Outlook Express 5/6 Script Execution Weakness
13780| [22937] PRADO PHP Framework 3.2.0 Arbitrary File Read Vulnerability
13781| [22877] Yii Framework 1.1.8 Search SQL Injection Vulnerability
13782| [22287] Netscape 7.0 JavaScript Regular Expression Denial of Service Vulnerability
13783| [22280] Microsoft Outlook2000/Express 6.0 Arbitrary Program Execution Vulnerability
13784| [21932] Microsoft Outlook Express 5.5/6.0 S/MIME Buffer Overflow Vulnerability
13785| [21891] vOlk Botnet Framework 4.0 - Multiple Vulnerabilities
13786| [21789] Alleged Outlook Express 5/6 Link Denial of Service Vulnerability
13787| [21711] Microsoft Outlook Express 5/6 MHTML URL Handler File Rendering Vulnerability
13788| [21662] Microsoft Outlook Express 6 XML File Attachment Script Execution Vulnerability
13789| [21631] Microsoft Outlook Express 5/6 Spoofable File Extensions Vulnerability
13790| [21432] BEA Systems WebLogic Server and Express 7.0 Null Character DoS
13791| [21419] Microsoft Outlook Express 5.5 DoS Device Denial of Service Vulnerability
13792| [21096] Outlook Express 6 Attachment Security Bypass Vulnerability
13793| [20870] Express Burn Plus 4.58 - EBP Project File Handling Buffer Overflow PoC
13794| [20571] Microsoft Outlook 2000 0/98 0/Express 5.5 Concealed Attachment Vulnerability
13795| [20079] Microsoft Outlook 97/98/2000, Outlook Express 4.0/5.0 GMT Field Buffer Overflow (2)
13796| [20078] Microsoft Outlook 97/98/2000, Outlook Express 4.0/5.0 GMT Field Buffer Overflow (1)
13797| [20027] BEA Systems WebLogic Express 3.1.8/4/5 Source Code Disclosure
13798| [19951] QuickCommerce 2.5/3.0,Cart32 2.5 a/3.0,Shop Express 1.0,StoreCreator 3.0 Web Shopping Cart Hidden Form Field Vulnerability
13799| [19943] Intel Corporation Express 8100 ISDN Router Fragmented ICMP Vulnerability
13800| [19738] MS Outlook Express 5 Javascript Email Access Vulnerability
13801| [19603] MS IE 4.x/5.0,Outlook 2000 0/98 0/Express 4.x ActiveX CAB File Execution
13802| [19575] .Net Framework Tilde Character DoS
13803| [19408] Zend Framework Local File Disclosure
13804| [19207] Microsoft Outlook Express 4.27.3110/4.72.3120 POP Denial of Service Vulnerability
13805| [18871] Travelon Express CMS 6.2.2 - Multiple Vulnerabilities
13806| [18777] .NET Framework EncoderParameter Integer Overflow Vulnerability
13807| [18727] IBM Tivoli Provisioning Manager Express for Software Distribution Isig.isigCtl.1 ActiveX RunAndUploadFile() Method Overflow
13808| [17995] NoNumber Framework Joomla! Plugin Multiple Vulnerabilities
13809| [16764] IBM Tivoli Storage Manager Express CAD Service Buffer Overflow
13810| [16428] IBM Tivoli Storage Manager Express RCA Service Buffer Overflow
13811| [16421] IBM Tivoli Storage Manager Express CAD Service Buffer Overflow
13812| [16379] Microsoft Outlook Express NNTP Response Parsing Buffer Overflow
13813| [16116] Qcodo Development Framework 0.3.3 Full Info Disclosure
13814| [16006] SmoothWall Express 3.0 - Multiple Vulnerabilities
13815| [15959] Macro Express Pro 4.2.2.1 MXE File Syntactic Analysis Buffer Overflow PoC
13816| [15840] ardeaCore 2.25 - PHP Framework Remote File Inclusion
13817| [15544] Web Wiz NewsPad Express Edition 1.03 Database File Disclosure Vulnerability
13818| [14911] Gantry Framework 3.0.10 (Joomla) Blind SQL Injection Exploit
13819| [14602] Play! Framework <= 1.0.3.1 Directory Transversal Vulnerability
13820| [13918] Spring Framework arbitrary code execution
13821| [12564] Microsoft Windows Outlook Express and Windows Mail Integer Overflow
13822| [11784] PostNuke FormExpress Module Blind SQL Injection
13823| [11723] Trouble Ticket Express <= 3.01 Remote Code Execution/Directory Traversal
13824| [10902] Nero Express 7.9.6.4 - Local Heap PoC
13825| [10758] Calendar Express 2.0 - SQL Injection Vulnerability
13826| [9627] Enlightenment - Linux Null PTR Dereference Exploit Framework
13827| [9527] Simple CMS FrameWork <= 1.0 (page) Remote SQL Injection Vuln
13828| [8333] Sun Calendar Express Web Server - (DoS/XSS) Multiple Remote Vulns
13829| [7368] Product Sale Framework 0.1b (forum_topic_id) SQL Injection Vulnerability
13830| [6700] DFF PHP Framework API (Data Feed File) RFI Vulnerabilities
13831| [5945] Seagull PHP Framework <= 0.6.4 (fckeditor) Arbitrary File Upload Exploit
13832| [5643] Ajax framework (lang) Local File Inclusion Vulnerability
13833| [5343] Mcafee EPO 4.0 FrameworkService.exe Remote Denial of Service Exploit
13834| [4573] IBM Tivoli Storage Manager 5.3 Express CAD Service BoF Exploit
13835| [3237] Cadre PHP Framework Remote File Include Vulnerability
13836| [3217] PhP Generic library & framework (include_path) RFI Vulnerability
13837| [1870] BlueShoes Framework <= 4.6 - Remote File Include Vulnerabilities
13838| [1066] MS Outlook Express NNTP Buffer Overflow Exploit (MS05-030)
13839| [315] MS Outlook Express Javascript Execution Vulnerability
13840| [313] MS Outlook Express Window Opener Vulnerability
13841|
13842| OpenVAS (Nessus) - http://www.openvas.org:
13843| [903000] Microsoft Expression Design Remote Code Execution Vulnerability (2651018)
13844| [902934] Microsoft .NET Framework Remote Code Execution Vulnerability (2745030)
13845| [902841] Microsoft .NET Framework Remote Code Execution Vulnerability (2706726)
13846| [902833] Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)
13847| [902832] MS Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578)
13848| [902828] Microsoft .NET Framework Remote Code Execution Vulnerability (2671605)
13849| [902811] Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vulnerabilities (2651026)
13850| [902806] Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420)
13851| [902672] Joomla! JA T3 Framework Component Directory Traversal Vulnerability
13852| [902581] Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2604930)
13853| [902552] Microsoft .NET Framework Chart Control Information Disclosure Vulnerability (2567943)
13854| [902551] Microsoft .NET Framework Information Disclosure Vulnerability (2567951)
13855| [902523] Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2514842)
13856| [902522] Microsoft .NET Framework Remote Code Execution Vulnerability (2538814)
13857| [902518] Microsoft .NET Framework Security Bypass Vulnerability
13858| [902502] Microsoft .NET Framework Remote Code Execution Vulnerability (2484015)
13859| [902294] Metasploit Framework Local Privilege Escalation Vulnerability
13860| [902293] Metasploit Framework Version Detection (Windows)
13861| [902193] Microsoft .NET Framework XML HMAC Truncation Vulnerability (981343)
13862| [900241] Microsoft Outlook Express and Windows Mail Remote Code Execution Vulnerability (978542)
13863| [900031] Security Update for Outlook Express (951066)
13864| [864539] Fedora Update for php-ZendFramework FEDORA-2012-9979
13865| [864533] Fedora Update for php-ZendFramework FEDORA-2012-9978
13866| [863119] Fedora Update for php-ZendFramework FEDORA-2011-7388
13867| [863118] Fedora Update for php-ZendFramework FEDORA-2011-7409
13868| [862903] Fedora Update for php-ZendFramework FEDORA-2011-2678
13869| [862890] Fedora Update for php-ZendFramework FEDORA-2011-2689
13870| [861950] Fedora Update for php-ZendFramework FEDORA-2010-8495
13871| [861941] Fedora Update for php-ZendFramework FEDORA-2010-8498
13872| [861735] Fedora Update for php-ZendFramework FEDORA-2010-0601
13873| [861712] Fedora Update for php-ZendFramework FEDORA-2010-0652
13874| [855581] Solaris Update for USB and Audio Framework 109896-37
13875| [855502] Solaris Update for Solaris Crypto Framework 118919-21
13876| [855395] Solaris Update for USB Drivers and Framework 115553-29
13877| [855234] Solaris Update for Solaris Crypto Framework 118918-24
13878| [855200] Solaris Update for USB and Audio Framework 109897-20
13879| [855006] Solaris Update for USB Drivers and Framework 115554-25
13880| [831061] Mandriva Update for kolab-horde-framework MDVSA-2010:108 (kolab-horde-framework)
13881| [803116] PRADO PHP Framework 'sr' Parameter Multiple Directory Traversal Vulnerabilities
13882| [801716] Microsoft Outlook Express/Windows Mail MHTML URI Handler Information Disclosure Vulnerability (929123)
13883| [801713] Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability (941202)
13884| [800967] Perl UTF-8 Regular Expression Processing DoS Vulnerability (Windows)
13885| [800263] ExpressionEngine CMS Cross Site Scripting Vulnerability
13886| [800262] ExpressionEngine CMS Version Detection
13887| [800083] Microsoft Outlook Express Malformed MIME Message DoS Vulnerability
13888| [103251] Zikula Application Framework 'themename' Parameter Cross Site Scripting Vulnerability
13889| [100787] Horde Application Framework 'icon_browser.php' Cross-Site Scripting Vulnerability
13890| [100757] Play! Framework Directory Traversal Vulnerability
13891| [100562] ViewVC Regular Expression Search Cross Site Scripting Vulnerability
13892| [72503] FreeBSD Ports: ZendFramework
13893| [71484] Debian Security Advisory DSA 2505-1 (zendframework)
13894| [69768] FreeBSD Ports: ZendFramework
13895| [67296] FreeBSD Ports: ZendFramework
13896| [66821] FreeBSD Ports: ZendFramework
13897| [64235] Fedora Core 10 FEDORA-2009-2823 (php-ZendFramework)
13898| [63430] FreeBSD Ports: ZendFramework
13899| [58523] Debian Security Advisory DSA 1352-1 (pdfkit.framework)
13900| [56284] Debian Security Advisory DSA 979-1 (pdfkit.framework)
13901| [56282] Debian Security Advisory DSA 972-1 (pdfkit.framework)
13902| [56220] Debian Security Advisory DSA 961-1 (pdfkit.framework)
13903| [19749] Calendar Express Multiple Flaws
13904| [11965] SIP Express Router Register Buffer Overflow
13905| [11964] SIP Express Router Missing To in ACK DoS
13906|
13907| SecurityTracker - https://www.securitytracker.com:
13908| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
13909| [1028851] Cisco Wide Area Application Services Web Service Framework Bug Lets Remote Users Execute Arbitrary Code
13910| [1028537] Cisco Unified Presence Web Framework Bug Lets Remote Users Deny Service
13911| [1028075] Cisco Unity Express Input Validation Hole Permits Cross-Site Request Forgery Attacks
13912| [1028074] Cisco Unity Express Input Validation Hole Permits Cross-Site Scripting Attacks
13913| [1027553] Zend Framework Input Validation Flaws Permit Cross-Site Scripting Attacks
13914| [1027270] Oracle Application Express Listener Discloses Data to Remote Users
13915| [1027208] Zend Framework XML Entity Processing Flaw Lets Remote Users View Files
13916| [1027036] Microsoft .NET Framework Serialization Bugs Let Remote Users Execute Arbitrary Code
13917| [1027009] Cisco Unified Contact Center Express Unspecified Flaw Lets Remote Users Deny Service
13918| [1026796] HP Data Protector Express Bugs Let Remote Users Deny Service and Execute Arbitrary Code
13919| [1026791] Microsoft Expression Design DLL Loading Error Lets Remote Users Execute Arbitrary Code
13920| [1026393] ISC DHCP Regular Expressions Bug Lets Remote Users Deny Service
13921| [1025581] IBM Tivoli Management Framework Buffer Overflow in 'lcfd.exe' Lets Remote Authenticated Users Execute Arbitrary Code
13922| [1024777] Horde Application Framework Input Validation Flaw in Displaying vCard Attachments Permits Cross-Site Scripting Attacks
13923| [1024543] Microsoft .NET Framework JIT Compiler Memory Access Error Lets Remote Users Execute Arbitrary Code
13924| [1024410] HP Data Protector Express Bugs Let Local Users Deny Service or Execute Arbitrary Code
13925| [1024409] HP Data Protector Express Bugs Let Local Users Deny Service or Execute Arbitrary Code
13926| [1024399] Horde Application Framework Input Validation Flaw in 'icon_browser.php' Permits Cross-Site Scripting Attacks
13927| [1024305] Microsoft .NET Framework Virtual Method Delegate Processing Error Lets Remote Users Execute Arbitrary Code
13928| [1024253] JBoss Seam Input Validation Flaw in Processing JBoss Expression Language Expressions Lets Remote Users Execute Arbitrary Code
13929| [1024082] Cisco Unified Contact Center Express Directory Traversal Flaw Lets Remote Users View Arbitrary Files on the Target System
13930| [1024081] Cisco Unified Contact Center Express CTI Server Bug Lets Remote Users Deny Service
13931| [1023972] Microsoft Outlook Express Integer Overflow in Processing POP3/IMAP Responses Lets Remote Users Execute Arbitrary Code
13932| [1023879] Sun Java System Communications Express Address Book Access Control Flaw Lets Remote Users View Files on the Target System
13933| [1023636] IBM Cognos Express Default Management Account Lets Remote User Access the System
13934| [1023365] Horde Application Framework Input Validation Flaw in Administrator Scripts Permits Cross-Site Scripting Attacks
13935| [1022989] Symantec SecurityExpressions Audit and Compliance Server Input Validation Hole Permits Cross-Site Scripting Attacks
13936| [1022973] Solaris Bug in Solaris IP(7P) Module and STREAMS Framework Lets Local Users Deny Service
13937| [1022932] Cisco Unified Communications Manager Express Buffer Overflow Lets Remote Users Execute Arbitrary Code
13938| [1022921] Horde Application Framework 'Horde_Form_Type_image' Bug May Let Remote Users Overwrite Files
13939| [1022633] Network Security Services Library Heap Overflow in Regular Expression Parser Lets Remote Users Execute Arbitrary Code
13940| [1022569] Cisco Unified Contact Center Express Express Administration Pages Permit Script Injection and Directory Traversal Attacks
13941| [1022266] Sun Java System Communications Express Input Validation Flaw in 'search.xml' and 'UWCMain' Permits Cross-Site Scripting Attacks
13942| [1022220] HP Data Protector Express Lets Local Users Gain Elevated Privileges and Deny Service
13943| [1021837] IBM Tivoli Storage Manager Express Heap Overflow in 'adsmdll.dll' Lets Remote Users Execute Arbitrary Code
13944| [1021786] MySQL Bug in ExtractValue()/UpdateXML() in Processing XPath Expressions Lets Remote Authenticated Users Deny Service
13945| [1021724] Mac OS X FSEvents Framework Bug Discloses Filesystem Activity to Local Users
13946| [1020772] Red Hat Directory Server Administration Express and Directory Server Gateway Input Validation Hole Permits Cross-Site Scripting Attacks
13947| [1020679] Microsoft Outlook Express MTHML Redirect Bug Lets Remote Users Obtain Information
13948| [1020566] Horde Application Framework Input Validation Hole in Contact Names Permits Cross-Site Scripting Attacks
13949| [1019870] Safari WebKit Bug in Processing JavaScript Regular Expressions Lets Remote Users Execute Arbitrary Code
13950| [1019768] Cisco Unified Communications Disaster Recovery Framework Lets Remote Users Execute Arbitrary Commadns
13951| [1019439] WebLogic Server and WebLogic Express Session Security Bug Lets Remote Authenticated Users Gain Elevated Privileges
13952| [1019269] ICU Regular Expression Processing Bug May Let Users Execute Arbitrary Code
13953| [1019182] IBM Tivoli Storage Manager Express Server Heap Overflow Lets Remote Users Execute Arbitrary Code
13954| [1019045] IBM Tivoli Provisioning Manager Express Input Validation Hole Permits Cross-Site Scripting Attacks
13955| [1018786] Microsoft Outlook Express Bug in Processing NNTP Responses Lets Remote Users Execute Arbitrary Code
13956| [1018233] Outlook Express MHTML Protocol Handler Content-Disposition Bug Lets Remote Users Obtain Information
13957| [1018231] Outlook Express MHTML Protocol Handler Redirect Bug Lets Remote Users Obtain Information
13958| [1017933] IBM Tivoli Monitoring Express Heap Overflow in Universal Agent Lets Remote Users Execute Arbitrary Code
13959| [1017785] Horde Application Framework Cleanup Script Lets Local Users Delete Files
13960| [1017775] Horde Application Framework Input Validation Flaw in 'NLS.php' Permits Cross-Site Scripting Attacks
13961| [1017369] Microsoft Outlook Express Buffer Overflow in Processing Windows Address Book Files Let Remote Users Execute Arbitrary Code
13962| [1017298] Mac OS X Security Framework May Use Weaker or No Encryption, Fail to Check CRLs, and Let Remote Users Deny Service
13963| [1016713] Horde Application Framework Input Validation Holes in 'index.php' and IMP's 'search.php' Permit Cross-Site Scripting Attacks
13964| [1016654] Microsoft Outlook Express MHTML Parsing Error Lets Remote Users Execute Arbitrary Code
13965| [1016627] Cisco CallManager Express Lets Remote Users Determine SIP User Names
13966| [1016442] Horde Application Framework Input Validation Hole Permits Cross-Site Scripting Attacks
13967| [1016310] Horde Application Framework Multiple Input Validation Holes Permit Cross-Site Scripting Attacks
13968| [1016259] Docebo Include File Flaw in GLOBALS['where_framework'] and GLOBALS['where_cms'] Parameters Let Remote Users Execute Arbitrary Code
13969| [1016015] Cisco Unity Express Lets Remote Authenticated Users Gain Administrative Privileges
13970| [1016005] Microsoft Outlook Express 'mhtml:' Redirect URL Processing Lets Remote Users Bypass Security Domains
13971| [1015898] Microsoft Outlook Express Buffer Overflow in Processing Windows Address Books Lets Remote Users Execute Arbitrary Code
13972| [1015841] Horde Application Framework Bug Lets Remote Users Execute Arbitrary Code
13973| [1015509] F-Secure Personal Express Overflow in Processing ZIP Archives Lets Remote Users Execute Arbitrary Code
13974| [1015135] Sun Java System Communications Express Discloses Configuration File to Remote Users
13975| [1015117] RockLiffe MailSite Express WebMail Discloses WebMail Files to Remote Users and Permits Cross-Site Scripting Attacks
13976| [1015063] MailSite Express Lets Remote Users Upload Scripting Files and Execute Them
13977| [1014424] Tivoli Management Framework Endpoint Service (lcfd) Lets Remote Users Deny Service
13978| [1014200] Microsoft Outlook Express Buffer Overflow in NNTP Response Parser Lets Remote Users Execute Arbitrary Code
13979| [1014045] Cisco Unity Express Can Be Crashed With Specially Crafted Compressed DNS Data
13980| [1013763] LogWatch Regular Expression Error May Let Users Deny Service to Avoid Detection
13981| [1013594] Horde Application Framework Input Validation in Page Title Lets Remote Users Conduct Cross-Site Scripting Attacks
13982| [1013140] F-Secure Personal Express Buffer Overflow in Processing ARJ Archives Lets Remote Users Execute Arbitrary Code
13983| [1011959] Horde Application Framework Input Validation Bug in Help Window Lets Remote Users Conduct Cross-Site Scripting
13984| [1011550] Express-Web Input Validation Error Lets Remote Users Conduct Cross-Site Scripting Attacks
13985| [1011171] Cosminexus Portal Framework May Disclose Cached Content to the Wrong User
13986| [1011067] Microsoft Outlook Express May Disclose 'bcc:' Recipient Addresses
13987| [1010166] Microsoft Outlook Express Mail Troubleshooting Function May Disclose SMTP Password to Local Users
13988| [1009743] Microsoft Outlook Express Can Be Crashed By Remote Users With Specially Crafted EML File
13989| [1009603] Microsoft Outlook Express Does Not Correctly Display Links With Embedded FORM Data
13990| [1009014] Vim Folding Expression Modeline Lets Remote Users Execute Arbitrary Shell Commands on the Target User's System
13991| [1008866] WebLogic Server and Express Input Validation Flaw in Processing HTTP TRACE Requests Permits Cross-Site Scripting
13992| [1008813] Cisco IP Call Center Express Default Configuration on IBM Servers Grants Administrative Access to Remote Users
13993| [1008682] BEA WebLogic Server and Express Ant Tasks May Disclose the Administrator Password
13994| [1007306] Microsoft Outlook Express Again Executes Scripting Code in Plain Text E-mail Messages
13995| [1007131] BEA WebLogic Server and Express May Disclose 'Admin' Password to 'Operator' Users
13996| [1007130] Rockliffe MailSite Express Discloses Attachments to Remote Users
13997| [1006809] Microsoft Outlook Express Lets Remote Users Silently Install Arbitrary Code Using Audio and Media Files
13998| [1006808] Microsoft Outlook Express May Be Affected by W32/Palyh@MM Mass-Mailing Worm
13999| [1006777] Java Media Framework Bug May Let Remote Applets Crash the Java Virtual Machine or Gain Unauthorized Privileges
14000| [1006771] Microsoft Outlook Express Integer Overflow Lets Remote IMAP Servers Cause the Client to Crash
14001| [1006748] Microsoft Outlook Express May Be Affected by W32.Fizzer.A@mm Mass-Mailing Worm
14002| [1006310] BEA WebLogic Server and Express Access Control Bug Lets Remote Authenticated Users Delete Empty Sub-Contexts
14003| [1006306] WebLogic Server and Express Authentication Flaw May Let Remote Users Access Administrative Functions
14004| [1006148] Microsoft Outlook Express Security Domain Flaw Lets Remote Users Silently Install and Execute Arbitrary Code
14005| [1006141] iptel.org SIP Express Router SIP Protocol Bugs Let Remote Users Deny Service
14006| [1006017] BEA WebLogic Server and Express Access Control Error May Disclose Passwords to Local Users
14007| [1005511] Prometheus Web Application Framework Include Path Bug Lets Remote Users Execute Arbitrary PHP Commands
14008| [1005489] Microsoft Outlook Express May Fail to Delete E-mail Messages from Local Storage
14009| [1005472] IBM Web Traffic Express Caching Proxy Server Allows Cross-Site Scripting Attacks
14010| [1005471] IBM Web Traffic Express Caching Proxy Server Can Be Crashed By Remote Users
14011| [1005405] Microsoft Outlook Express Buffer Overflow in Parsing S/MIME Messages Lets Remote Users Execute Arbitrary Code
14012| [1005310] BEA Systems WebLogic Server and Express May Return a Response to the Wrong Remote User
14013| [1005207] Microsoft Outlook Express Can Be Crashed By Remote Users Sending HTML Mail With Long Links Embedded
14014| [1004862] Microsoft Outlook Express Flaw in Parsing XML Using Internet Explorer Allows a Remote User to Silently Deliver and Install an Executable on a Target User's Computer
14015| [1004805] Microsoft Outlook Express (and Possibly Outlook) Has File Attachment Name Bugs That Let Remote Users Send Malicious Mail to Bypass Attachment Type Filters and Modify the Apparent File Name and File Size
14016| [1004778] IBM's Tivoli Management Framework Endpoint and ManagedNode Component Buffer Overflows Let Remote Users Crash the Service and Execute Arbitrary Code with High Privileges
14017| [1004278] BEA Systems WebLogic Server and Express May Disclose an Administrative Password to Local Users
14018| [1004051] Microsoft Outlook Express for Mac OS Has Buffer Overflow in Processing the 'file://' URL That Allows Remote Users to Cause Arbitrary Code to Be Executed
14019| [1003677] Cisco IOS-based Devices That Use Cisco Express Forwarding (CEF) May Leak Data from One Packet into Another Packet in Certain Situations
14020| [1003463] eshare Expressions Web Site Software Discloses Files on the Hard Drive to Remote Users
14021| [1003434] Microsoft ASP.NET Web Application Framework Allows Cross Site Scritping Attacks and Discloses Path Information to Remote Users
14022| [1002890] Outlook Express for Macintosh May Crash While Downloading POP3 Mail Containing a Long Line
14023| [1002808] Outlook Express Secure Password Authentication Method is Vulnerable to Man-in-the-Middle Attacks
14024| [1002413] Microsoft Outlook Express Will Execute Active Scripting in Plain Text E-mail Messages, Circumventing Some Scripting Controls
14025| [1002348] Outlook Express Lets Remote Users Send Malicious Attachments That Will Bypass Security Features
14026| [1001687] Microsoft Outlook Express May Allow A Remote User to Obtain E-mail Destined for a Different User
14027| [1001380] Microsoft Internet Explorer and Outlook Express May Execute Arbitrary Code Without User Authorization or Intervention
14028| [1001209] Microsoft Telnet Can Be Crashed Locally, Causing Other Applications Including Outlook Express To Crash
14029| [1001147] Microsoft Outlook Express Crashes When Reading Certain E-mail Messages
14030| [1001134] IBM's Consumer Transaction Framework Can Be Crashed By Remote Users
14031|
14032| OSVDB - http://www.osvdb.org:
14033| [75264] Spring Framework Expression Language (EL) MVC Tag Parsing Information Disclosure
14034| [96003] Atlassian Confluence OGNL Expression Handling Double Evaluation Error Remote Code Execution
14035| [95878] Cisco Multiple Content Network / Video Delivery Products Web Framework Command Line Interface Remote Command Execution
14036| [95877] Cisco Wide Area Application Services (WAAS) Web Service Framework Crafted Request Handling Remote Code Execution
14037| [95827] 389 Directory Server Search Filter Expression Evaluation Crafted Query Handling Information Disclosure
14038| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
14039| [95303] Oracle Solaris Kernel/STREAMS framework Subcomponent Unspecified Remote DoS
14040| [95290] Oracle Agile PLM Framework Security Subcomponent Unspecified Remote Information Disclosure
14041| [95288] Oracle Agile Collaboration Framework Manufacturing/Mfg Parts Subcomponent Unspecified Remote Issue
14042| [95287] Oracle Agile PLM Framework Web Client (CS) Subcomponent Unspecified Remote Issue
14043| [95279] Oracle Enterprise Manager Grid Control Enterprise Manager Base Platform Component User Interface Framework Subcomponent Unspecified Remote Issue
14044| [95277] Oracle Hyperion BI+ Intelligence Service Subcomponent raframework/ihtml/GetResource ResourceName Parameter Traversal Arbitrary File Access
14045| [95185] BMC Service Desk Express /SDE/QV_admin.aspx SelTab Parameter XSS
14046| [95184] BMC Service Desk Express /SDE/QV_grid.aspx CallBack Parameter XSS
14047| [95183] BMC Service Desk Express /SDE/commonhelp.aspx Helppage Parameter XSS
14048| [95182] BMC Service Desk Express /SDE/DashBoardGUI.aspx Multiple Parameter SQL Injection
14049| [95181] BMC Service Desk Express /SDE/login.aspx UID Parameter SQL Injection
14050| [94959] Microsoft .NET Framework / Silverlight Multidimensional Arrays Small Structure Handling Arbitrary Code Execution
14051| [94957] Microsoft .NET Framework Delegate Object Serialization Permission Validation Privilege Escalation
14052| [94956] Microsoft .NET Framework Small Structure Array Allocation Remote Code Execution
14053| [94955] Microsoft .NET Framework Anonymous Method Injection Reflection Objection Permission Validation Privilege Escalation
14054| [94954] Microsoft .NET Framework Delegate Reflection Bypass Reflection Objection Permission Validation Privilege Escalation
14055| [94656] JS-YAML Module for Node.js !!js/function Tag Handling Arbitrary Code Execution
14056| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
14057| [94609] Cisco Multiple Product Web Framework GUI HTTP / HTTPS Request Handling Remote DoS
14058| [94605] Cisco Multiple Product Web Framework Crafted URL Handling Remote Command Execution
14059| [94604] Cisco Multiple Product Web Framework IronPort Spam Quarantine (ISQ) Function TCP Connection Request Saturation Remote DoS
14060| [94603] Cisco Web Security Appliance Web Framework Crafted URL Handling Remote Command Execution
14061| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
14062| [93876] Novell ZENworks Configuration Management zcc-framework.jar fwdToURL Parameter Arbitrary Site Redirect
14063| [93763] Horde Application Framework Smartphone Portal XSS
14064| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
14065| [93302] Microsoft .NET Framework WCF Endpoint Authentication Unspecified Policy Requirement Weakness Authentication Bypass
14066| [93301] Microsoft .NET Framework XML File Signature Validation Spoofing Weakness
14067| [93185] Cisco Unified Presence (CUP) Web Framework Malformed TCP Packet Handling Memory Exhaustion Remote DoS
14068| [92632] Cisco Unified Contact Center Express (CCX) Editor Script Repository Disclosure
14069| [92419] Oracle Application Express Unspecified Remote Issue
14070| [92418] Oracle Siebel CRM Siebel UI Framework Component Open UI Client Subcomponent Unspecified Remote Issue
14071| [92415] Oracle Siebel CRM Siebel UI Framework Component Open UI Client Subcomponent Unspecified Remote Information Disclosure
14072| [92411] Oracle Siebel CRM Siebel UI Framework Component Portal Framework Subcomponent Unspecified Remote Information Disclosure
14073| [92229] Hero Framework /users/forgot_password error Parameter XSS
14074| [91712] ISC BIND Crafted Regular Expression Handling Memory Exhaustion Remote DoS
14075| [91616] Hero Framework /users/login username Parameter XSS
14076| [91614] Zend Framework Zend\View\Helper\ServerUrl Helper URL Generation Weakness
14077| [91613] Zend Framework Multiple Class HTTP Header Proxy Information Handling Spoofing Weakness
14078| [91612] Zend Framework Zend\Session\Validator\RemoteAddr Proxy URL Detection Weakness
14079| [91608] Libxslt xsltCompileLocationPathPattern Invalid XPath Expression Processing Double-free DoS Weakness
14080| [91480] Zend Framework Zend\Mvc RouteMatch Captured Routing Parameter Manipulation
14081| [91479] Zend Framework Zend\Validate\Csrf mt_rand() Predictable CSRF Token Generation
14082| [91478] Zend Framework Zend\Db\Adapter\Platform Multiple Method Unspecified SQL Injection
14083| [91020] Intel SOA Expressway XSLT Processor Malformed XML Handling DoS
14084| [90836] IBM WebSphere Commerce Web Services Framework Unspecified Remote DoS
14085| [90412] Fluid Extbase Development Framework (fed) Extension for TYPO3 Unserialize() Function Unspecified Remote Command Execution
14086| [90261] Zend Framework DOCTYPE XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
14087| [90130] Microsoft .NET Framework Windows Form Object Creation Callback Function Arbitrary Code Execution
14088| [89936] Adobe Flash Player / AIR SWF Content Regular Expression Parsing Heap Overflow
14089| [89841] Cisco Unity Express /Web/SA3/AddHoliday.do holiday.description Parameter XSS
14090| [89837] Cisco Unity Express /Web/SA2/ScriptList.do gui_pagenotableData Parameter XSS
14091| [89836] Cisco Unity Express /Web/SA/SaveConfiguration.do Multiple Action CSRF
14092| [89694] SAP NetWeaver Web Application Server (WAS) AdapterFramework Servlet Information Disclosure
14093| [89636] IBM InfoSphere Information Services Framework (ISF) Insecure Authorization Controls Remote Privilege Escalation
14094| [89607] Kohana Framework /master/classes/Kohana/Filebrowser.php path Parameter Traversal Arbitrary File Access
14095| [89317] Rack Regular Expressions Engine Content-Disposition Header Parsing Infinite Loop Remote DoS
14096| [89245] Oracle Solaris Kernel/DTrace Framework Subcomponent Unspecified Local DoS
14097| [89240] Oracle Siebel CRM Siebel UI Framework Subcomponent Unspecified Remote Information Disclosure
14098| [89217] Oracle Agile PLM Framework Security Subcomponent Unspecified Remote Information Disclosure
14099| [89216] Oracle E-Business Suite Oracle Applications Framework Component Bookmarkable Pages Subcomponent Unspecified Remote Issue
14100| [89213] Oracle E-Business Suite Oracle Applications Framework Component Diagnostics Subcomponent Unspecified Remote Issue
14101| [89209] Oracle E-Business Suite Oracle CRM Technical Foundation Component Application Framework Subcomponent Unspecified Remote Issue
14102| [89208] Oracle E-Business Suite Oracle Applications Framework Component Diagnostics Subcomponent /OA_HTML/RF.jsp Unauthorized Diagnostic Mode Manipulation
14103| [89207] Oracle Enterprise Manager Grid Control Enterprise Manager Base Platform Component User Interface Framework Subcomponent Unspecified Remote Issue
14104| [89204] Oracle Enterprise Manager Grid Control Enterprise Manager Base Platform Component Policy Framework Subcomponent /em/console/ecm/policy/policyViewSettings pagename Parameter HTTP Response Splitting
14105| [88968] Microsoft .NET Framework Replace() Function Open Data Protocol (OData) HTTP Request Parsing Remote DoS
14106| [88965] Microsoft .NET Framework Double Construction Privilege Escalation
14107| [88964] Microsoft .NET Framework System.DirectoryServices.Protocols.SortRequestControl.GetValue() Method this.keys.Length Parameter Heap Buffer Overflow
14108| [88963] Microsoft .NET Framework Windows Forms (WinForms) Component System.Drawing.Imaging.EncoderParameters.ConvertToMemory() Method this.param.Length Parameter Multiple Application Handling Heap Buffer Overflow
14109| [88962] Microsoft .NET Framework System Drawing Memory Pointer Handling CAS Bypass Information Disclosure
14110| [88733] Hero Framework Name Manipulation CSRF
14111| [88732] Hero Framework search q Parameter XSS
14112| [88731] Hero Framework users/login username Parameter XSS
14113| [88553] IBM Rational Automation Framework (RAF) Web UI Authentication Bypass
14114| [88522] Zend Framework Zend_Feed_Rss / Zend_Feed_Atom XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
14115| [88521] Zend Framework Zend_Feed::import() Factory Method XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
14116| [88457] Smartphone Pentest Framework directdownload.pl Remote Command Execution
14117| [88456] Smartphone Pentest Framework androidwebkit.pl Remote Command Execution
14118| [88280] ExpressionEngine swfupload_f9.swf movieName Parameter XSS
14119| [88087] Fortinet FortiWeb /waf/pcre_expression/validate Multiple Parameter XSS
14120| [88041] ExpressionEngine Arbitrary String Parsing Unspecified Issue
14121| [88035] ExpressionEngine Arbitrary Private Message Attachment Deletion
14122| [88032] ExpressionEngine register_globals Unspecified PHP Global Variable Manipulation
14123| [88030] ExpressionEngine Session Class Unspecified SQL Injection
14124| [88029] ExpressionEngine Post-delivery Private Message Content Manipulation
14125| [88028] ExpressionEngine Plugin Manager Unspecified Issue
14126| [88027] ExpressionEngine Private Message / Forum Attachment Predictable URL Weakness
14127| [88026] ExpressionEngine XML-RPC Library Unspecified Issue
14128| [88022] ExpressionEngine CP Home page Unauthorized Entry Title Disclosure
14129| [87964] IBM Rational Automation Framework was_common_configure_create_ssl_certs SSL Certificate Creation Unencrypted Password Weakness
14130| [87852] Smartphone Pentest Framework (SPF) /frameworkgui/getDatabase.pl Multiple Parameter SQL Injection
14131| [87851] Smartphone Pentest Framework (SPF) /frameworkgui/SEAttack.pl modemNoDD Parameter SQL Injection
14132| [87850] Smartphone Pentest Framework (SPF) /frameworkgui/sendSMS.pl Multiple Parameter SQL Injection
14133| [87849] Smartphone Pentest Framework (SPF) /frameworkgui/takePic.pl Multiple Parameter SQL Injection
14134| [87848] Smartphone Pentest Framework (SPF) /frameworkgui/CSAttack.pl modemNoDD2 Parameter SQL Injection
14135| [87847] Smartphone Pentest Framework (SPF) /frameworkgui/escalatePrivileges.pl Multiple Parameter SQL Injection
14136| [87846] Smartphone Pentest Framework (SPF) /frameworkgui/getContacts.pl Multiple Parameter SQL Injection
14137| [87828] Yii Framework Search Form SQL Injection
14138| [87770] ExpressionEngine Template Manager Unspecified Issue
14139| [87769] ExpressionEngine Forgot Password Functionality Error Message Email Address Enumeration
14140| [87768] ExpressionEngine Multiple Authentication Field Autocomplete Weakness Authentication Bypass
14141| [87751] ExpressionEngine Edit Only Group New Entry Creation Restriction Bypass
14142| [87750] ExpressionEngine Member Module Unspecified XSS
14143| [87746] ExpressionEngine Unspecified XSS
14144| [87745] ExpressionEngine redirect Function Unspecified CRLF Injection
14145| [87727] ExpressionEngine Mail List Subscriber Mass Unsubscribe Weakness
14146| [87711] ExpressionEngine Unprivileged User Super Admin Account Manipulation
14147| [87710] ExpressionEngine Unspecified XSS
14148| [87709] ExpressionEngine Unspecified CSRF
14149| [87699] ExpressionEngine Pending Member Privilege Escalation
14150| [87698] ExpressionEngine Discussion Forum Module mod.forum_core.php IP Restriction Bypass
14151| [87697] ExpressionEngine Malformed Request Search Function DoS
14152| [87689] ExpressionEngine Comment Preview Unspecified Issue
14153| [87688] ExpressionEngine Unspecified XSS
14154| [87687] ExpressionEngine Unspecified Email Module Recipient Parameter Manipulation
14155| [87685] ExpressionEngine File Upload Unspecified XSS
14156| [87682] ExpressionEngine Unspecified Arbitrary Code Execution
14157| [87674] ExpressionEngine Guest User Unspecified Privilege Escalation
14158| [87673] ExpressionEngine Private Message Attachment Upload SQL Error Message Path Disclosure
14159| [87667] Premier Election Solutions (Diebold) ExpressPoll Operating System Unauthorized Upgrade
14160| [87663] ExpressionEngine Content Edit Page Access Privilege Bypass
14161| [87662] ExpressionEngine Member Groups Access Role Unprivileged File Manager Directory Access
14162| [87661] ExpressionEngine Themes Folder Permission Weakness Arbitrary Theme Manipulation
14163| [87660] ExpressionEngine Info Accessory SSL Error Message Path Disclosure
14164| [87659] ExpressionEngine Unspecified Privilege Escalation
14165| [87502] Zend Framework Development Environment Error View (error/error.phtml) Request Parameters XSS
14166| [87479] Zend Framework Zend_Filter_StripTags Whitespace / Newline Injection XSS Filter Bypass
14167| [87356] Oracle MySQL do_div_mod DIV Expression Handling Remote DoS
14168| [87328] Smartphone Pentest Framework (SPF) /frameworkgui/ Permission Weakness Local Arbitrary File Manipulation
14169| [87327] Smartphone Pentest Framework (SPF) Multiple Function CSRF
14170| [87326] Smartphone Pentest Framework (SPF) frameworkgui/config Configuration File Direct Request Remote Information Disclosure
14171| [87325] Smartphone Pentest Framework (SPF) /frameworkgui/attachMobileModem.pl Multiple Parameter SQL Injection
14172| [87324] Smartphone Pentest Framework (SPF) /frameworkgui/attach2Agents.pl Multiple Parameter SQL Injection
14173| [87323] Smartphone Pentest Framework (SPF) /frameworkgui/attach2agents.pl Multiple Parameter Remote Command Execution
14174| [87322] Smartphone Pentest Framework (SPF) /frameworkgui/attachMobileModem.pl Multiple Parameter Remote Command Execution
14175| [87321] Smartphone Pentest Framework (SPF) /frameworkgui/guessPassword.pl ipAddressTB Parameter Remote Command Execution
14176| [87320] Smartphone Pentest Framework (SPF) /frameworkgui/CSAttack.pl Multiple Parameter Remote Command Execution
14177| [87319] Smartphone Pentest Framework (SPF) /frameworkgui/SEAttack.pl Multiple Parameter Remote Command Execution
14178| [87267] Microsoft .NET Framework WPF Reflection Optimization Object Permission Handling Arbitrary Code Execution
14179| [87266] Microsoft .NET Framework Web Proxy Setting Auto-Discovery (WPAD) Handling Remote Code Execution
14180| [87265] Microsoft .NET Framework Path Subversion Arbitrary DLL Injection Code Execution
14181| [87264] Microsoft .NET Framework Partially Trusted Code Function Handling Information Disclosure
14182| [87263] Microsoft .NET Framework Reflection Object Permission Handling Arbitrary Code Execution
14183| [87245] Zend Framework Multiple Class XML DOCTYPE Declaration Handling XEE Injection DoS
14184| [86991] Archin Theme for WordPress /wordpress/wp-content/themes/archin/hades_framework/option_panel/ajax.php Configuration Option Manipulation
14185| [86988] WPsc-MijnPress Plugin for WordPress mijnpress_plugin_framework.php rwflush Parameter XSS
14186| [86883] TomatoCart PayPal Express Checkout Module Redirection URL Modification Payment Requirement Bypass
14187| [86670] Android vold Daemon Crafted FrameworkCommand Local Privilege Escalation (zergRush)
14188| [86383] Oracle Siebel CRM Siebel UI Framework Component Portal Framework Subcomponent Unspecified Remote Information Disclosure
14189| [86382] Oracle Siebel CRM Siebel UI Framework Component Siebel Documentation Subcomponent Unspecified Remote Information Disclosure
14190| [86326] Oracle Agile PLM Framework ROLESPRV Subcomponent Unspecified Remote Information Disclosure
14191| [86325] Oracle Agile PLM Framework Web Client (CS) Subcomponent Unspecified Remote Issue
14192| [86324] Oracle Agile PLM Framework ATTACH Subcomponent Unspecified Remote Information Disclosure
14193| [86318] Oracle E-Business Suite Oracle Applications Framework Component MDS loading Subcomponent Unspecified Local Information Disclosure
14194| [86249] Condor condor_history Constraint Expression Handling Overflow
14195| [85873] Smartphone Pentest Framework (SPF) remoteAttack.pl ipAddressTB Parameter Remote Code Execution
14196| [85741] IBM WebSphere Commerce Enterprise REST Services Framework Unspecified Access Restriction Bypass
14197| [85689] Zend Framework Zend\Tag\Cloud\Decorator Unspecified XSS
14198| [85688] Zend Framework Zend\Uri Unspecified XSS
14199| [85687] Zend Framework Zend\View\Helper\HeadStyle Unspecified XSS
14200| [85686] Zend Framework Zend\View\Helper\Navigation\Sitemap Unspecified XSS
14201| [85685] Zend Framework Zend\View\Helper\Placeholder\Container\AbstractStandalone Unspecified XSS
14202| [85684] Zend Framework Zend\Log\Formatter\Xml Unspecified XSS
14203| [85683] Zend Framework Zend\Feed\PubSubHubbub Unspecified XSS
14204| [85049] Atlassian Bamboo Struts / Freemarker Templates OGNL Expression Parsing Remote Command Execution
14205| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
14206| [84981] Oracle Java SE / JRE java.beans.Expression Class Privileged Class Reflection Handling Remote Code Execution
14207| [84966] Express Burn EBP File Handling Overflow
14208| [84809] Atlassian FishEye / Crucible Third-Party Framework Anonymous Signup / Access Enabling
14209| [84753] Tridium NiagaraAX Framework Plaintext Credential Storage
14210| [84752] Tridium NiagaraAX Framework Predictable Session ID Generation Brute Force Weakness
14211| [84478] Android Framework Zero Permission Android Application Multiple Function Information Disclosure
14212| [84477] Android Framework Zero Permission Android Application URI ACTION_VIEW Intent Data Exfiltration
14213| [84359] Django Authentication Framework Multiple View Redirection Functionality data: Scheme URL XSS
14214| [84087] FreePBX admin/modules/framework/bin/gen_amp_conf.php Direct Request Plaintext Admin Credential Disclosure
14215| [83950] Oracle Application Express Listener Unspecified Remote Information Disclosure
14216| [83923] Oracle Siebel CRM UI Framework Subcomponent Unspecified Remote Issue
14217| [83922] Oracle Siebel CRM UI Framework Subcomponent Unspecified Remote DoS (2012-1742)
14218| [83921] Oracle Siebel CRM Portal Framework Subcomponent Unspecified Remote Issue
14219| [83920] Oracle Siebel CRM UI Framework Subcomponent Unspecified Remote Information Disclosure (2012-1754)
14220| [83919] Oracle Siebel CRM UI Framework Subcomponent Unspecified Remote Information Disclosure (2012-1732)
14221| [83918] Oracle Siebel CRM UI Framework Subcomponent Unspecified Remote DoS (2012-1760)
14222| [83816] Tridium NiagaraAX Framework Unspecified Traversal Arbitrary File Access
14223| [83815] Tridium NiagaraAX Framework Insecure Credential Storage Information Disclosure
14224| [83720] Microsoft .NET Framework Crafted Tilde (~) Request Resource Consumption Remote DoS
14225| [83529] Docebo class.dashboard_lms.php where_framework Parameter Remote File Inclusion
14226| [83493] Magix CMS framework/js/ckeditor/plugins/pdw_file_browser/swfupload/upload.php Multiple File Extension Upload Arbitrary Code Execution
14227| [83492] Magix CMS framework/js/tiny_mce/plugins/pdw_file_browser/swfupload/upload.php Multiple File Extension Upload Arbitrary Code Execution
14228| [83221] Zend Framework SimpleXMLElement Class External Entity XML (XXE) Data Parsing Arbitrary File Disclosure
14229| [82902] User Meta Plugin for WordPress framework/helper/uploader.php File Upload PHP Code Execution
14230| [82859] Microsoft .NET Framework Memory Access Function Pointer Handling Memory Corruption
14231| [82574] Yellow Duck Framework index.php id Parameter Arbitrary File Access
14232| [82571] Perl-Compatible Regular Expression (PCRE) String Minimum Length Calculation Overflow
14233| [82570] Perl-Compatible Regular Expression (PCRE) pcregrep Long Line Handling Overflow
14234| [82569] Perl-Compatible Regular Expression (PCRE) Non-UTF-8 Repeated Unicode Property Match DoS
14235| [82568] Perl-Compatible Regular Expression (PCRE) Conditional Group Handling Infinite Loop DoS
14236| [82567] Perl-Compatible Regular Expression (PCRE) pcre_study() Function Group Zero Qualifier Handling DoS
14237| [82480] Perl-Compatible Regular Expression (PCRE) Recursive Subpattern Handling Infinite Loop DoS
14238| [82397] Restlet Framework XML External Entity Parsing (XXE) Unspecified Remote Issue
14239| [82225] Apple Mac OS X Security Framework Unspecified Remote Memory Corruption
14240| [82223] Apple Mac OS X LoginUIFramework Race Condition Guest User Login Handling Authentication Bypass
14241| [81889] Travelon Express Multiple Script Arbitrary File Upload
14242| [81888] Travelon Express admin/holiday-view.php holiday name Field XSS
14243| [81887] Travelon Express admin/holiday-add.php holiday name Field XSS
14244| [81886] Travelon Express admin/customer-edit.php cid Parameter SQL Injection
14245| [81885] Travelon Express admin/airline-edit.php fid Parameter SQL Injection
14246| [81884] Travelon Express holiday_book.php hid Parameter SQL Injection
14247| [81883] Travelon Express pages.php id Parameter SQL Injection
14248| [81882] Travelon Express holiday.php hid Parameter SQL Injection
14249| [81842] Cisco Unified Contact Center Express (CCX) Network Traffic Parsing Remote DoS
14250| [81737] Node.js HTTP Parser String Parsing HTTP Header Disclosure
14251| [81734] Microsoft .NET Framework Untrusted User Input Serialization Remote Code Execution
14252| [81733] Microsoft .NET Framework Partially Trusted Assembly Object Serialization Remote Code Execution
14253| [81722] Microsoft .NET Framework Buffer Allocation XBAP / .NET Application Handling Remote Code Execution
14254| [81721] Microsoft .NET Framework WPF Application Index Value Comparison Request Parsing Remote DoS
14255| [81394] Oracle Database Server Application Express Component Unspecified Remote Issue
14256| [81180] JA T3 Framework Component for Joomla! index.php file Parameter Traversal Arbitrary File Access
14257| [81133] Microsoft .NET Framework CRL (Common Language Runtime) Function Parameter Parsing Remote Code Execution
14258| [80759] TYPO3 Extbase Framework Missing HMAC Arbitrary Object Unserialization Weakness
14259| [80702] Cisco IOS Wide Area Application Services (WAAS) Express Feature Message Parsing Remote DoS
14260| [80105] HP Data Protector Express dpwindtb.dll Folder Creation Remote Overflow
14261| [80104] HP Data Protector Express Unspecified Remote Code Execution (2012-0123)
14262| [80103] HP Data Protector Express dpwinsdr.exe Opcode 0x330 Parsing Remote Overflow
14263| [80102] HP Data Protector Express dpwinsdr.exe Opcode 0x320 Parsing Remote Overflow
14264| [80001] Microsoft Expression Design Path Subversion Arbitrary DLL Injection Code Execution
14265| [79735] IBM Tivoli Provisioning Manager Express for Software Distribution Isig.isigCtl.1 ActiveX RunAndUploadFile() Method Boundary Error Remote Overflow
14266| [79734] IBM Tivoli Provisioning Manager Express for Software Distribution getAttachment Servlet Asset.getMimeType() Function SQL Injection
14267| [79733] IBM Tivoli Provisioning Manager Express for Software Distribution CallHomeExec Servlet Asset.getHWKey() Function SQL Injection
14268| [79732] IBM Tivoli Provisioning Manager Express for Software Distribution logon.do Servlet User.isExistingUser() Function SQL Injection
14269| [79731] IBM Tivoli Provisioning Manager Express for Software Distribution register.do Servlet User.updateUserValue() Function SQL Injection
14270| [79730] IBM Tivoli Provisioning Manager Express for Software Distribution SoapServlet Servlet Printer.getPrinterAgentKey SQL Injection
14271| [79673] SystemTap Invalid Pointer DWARF Expression Parsing Local DoS
14272| [79261] Microsoft .NET Framework / Silverlight Buffer Length Calculation XAML Browser Application Handling Remote Memory Corruption
14273| [79260] Microsoft .NET Framework / Silverlight Unmanaged Object XAML Browser Application Handling Remote Code Execution
14274| [78693] Barracuda Backup Expressions Module Unspecified XSS
14275| [78665] Android libsysutils FrameworkListener::dispatchCommand Method Application Handling Buffer Overflow
14276| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
14277| [78454] OpenNMS web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java Username Field XSS
14278| [78250] ExpressView Browser Plug-In (MrSID) Multiple Uninitialized Object Pointer SID Image File Handling Remote Code Execution
14279| [78249] ExpressView Browser Plug-In (MrSID) Multiple SID Image File Handling Remote Overflow
14280| [78076] PHPIDS Regular Expression Denial of Service (ReDoS) Filter Weakness PHP Sequence File Manipulation
14281| [78057] Microsoft .NET Framework ASP.NET Hash Collision Web Form Post Parsing Remote DoS
14282| [78056] Microsoft .NET Framework Forms Authentication Sliding Expiry Cached Content Parsing Remote Code Execution
14283| [78055] Microsoft .NET Framework ASP.NET Username Parsing Authentication Bypass
14284| [78054] Microsoft .NET Framework Forms Authentication Return URL Handling Arbitrary Site Redirect
14285| [77951] Mozilla Multiple Products YARR Regular Expression Library Javascript Parsing Remote Code Execution
14286| [77593] Apache Struts Conversion Error OGNL Expression Injection
14287| [77584] ISC DHCP Regular Expressions dhcpd.conf DHCP Request Packet Parsing Remote DoS
14288| [77490] Novell XTier Framework HTTP Server Component Header Parsing Remote Overflow
14289| [77462] Hero Framework Template File Events month Parameter XSS
14290| [77414] ExpressionEngine Unspecified XSS
14291| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
14292| [77373] Oracle Mojarra Java Bean includeViewParameters Parsing EL Expression Security Weakness
14293| [77315] IBM System Storage TS3100 / TS3200 Tape Library Express Library Admin Authentication Bypass
14294| [77297] JBoss Enterprise SOA Platform JRuby scripting_chain Application Regular Expressions XSS
14295| [77071] Atlassian Confluence Seraph Web Framework HTTP Header Injection
14296| [76527] Oracle E-Business Suite REST Services Component Unspecified Remote Applications Framework Data Disclosure
14297| [76516] Oracle Database Application Express Component Unspecified Remote Code Execution
14298| [76214] Microsoft .NET Framework / Silverlight Class Inheritance Restriction Web Page Handling Remote Code Execution
14299| [76160] Elastix PBX admin/modules/framework/bin/generate_hints.php Extension Enumeration
14300| [75914] Zend Framework / Server Multiple Script Direct Request Path Disclosure
14301| [75837] Mozilla Firefox Regular Expression Unspecified Underflow
14302| [75560] Libxml2 xmlXPathCompOpEval Invalid XPath Expression Error Handling Double-free Issue
14303| [75386] Microsoft Office Excel Unspecified Conditional Expression Parsing Excel File Handling Memory Corruption
14304| [75263] Spring Framework Multiple Unspecified Object Deserialization Arbitrary Command Execution
14305| [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS
14306| [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS
14307| [75226] Zikula Application Framework index.php themename Parameter XSS
14308| [75008] GNU C Library (glibc) glob Expression Pathname Matching Remote DoS (2010-4756)
14309| [75007] GNU C Library (glibc) glob Expression Pathname Matching Remote DoS (2010-4754)
14310| [74916] Linux SCSI Target Framework (tgt) tgt daemon (tgtd) iscsi_rx_handler() Function Double-free
14311| [74777] Cisco Unified Communications Manager Service Advertisement Framework (SAF) Packet Parsing Remote DoS (2011-2564)
14312| [74776] Cisco Unified Communications Manager Service Advertisement Framework (SAF) Packet Parsing Remote DoS (2011-2563)
14313| [74695] Libxml2 xmlXPathCompOpEvalPositionalPredicate Invalid XPath Expression Error Handling Double Free Issue
14314| [74404] Microsoft .NET Framework System.Net.Sockets Code Access Security Bypass Information Disclosure
14315| [74403] Microsoft .NET Framework Chart Control Special URI Character GET Request Parsing Remote Information Disclosure
14316| [74277] JBoss Seam jboss-seam.jar FacesMessages Expression Language Statement Remote Java Code Execution
14317| [73932] Oracle Enterprise Manager Grid Control Security Framework Authentication Unspecified Remote Issue
14318| [73929] Oracle Enterprise Manager Grid Control Security Framework User Model Unspecified Remote Issue
14319| [73741] Kay Framework Attribute Exchange Signature Verification Failure AX Information Manipulation
14320| [73387] Zend Framework PDO_MySql Character Set Security Bypass
14321| [73381] IBM WebSphere Application Server (WAS) Security Component TIP/eWAS Framework AuthCache Entry Remote Access Bypass
14322| [73340] vsftpd ls.c vsf_filename_passes_filter STAT Command glob Expression Remote DoS
14323| [73223] IBM Tivoli Management Framework Endpoint Built-in Account Default HTTP Password Remote Restricted Page Access
14324| [72957] Horde_Auth Framework Composite Driver Authentication Bypass
14325| [72932] Microsoft .NET Framework JIT Object Validation Arbitrary Code Execution
14326| [72931] Microsoft .NET Framework / Silverlight Array Offset Remote Code Execution
14327| [72783] Google Chrome Extension Framework Stale Pointer Unspecified Issue
14328| [72713] IBM Tivoli Management Framework Endpoint lcfd.exe opts Field Overflow
14329| [72599] Cisco TelePresence Java Servlet Framework Crafted Request Unauthenticated Command Execution (2011-0384)
14330| [72598] Cisco TelePresence Java Servlet Framework Crafted Request Unauthenticated Command Execution (2011-0383)
14331| [72493] Google Chrome Regular-Expression Reentry Implementation Memory Corruption
14332| [72413] CiscoWorks Common Services Framework Help Servlet cwhp/device.center.do device Parameter XSS
14333| [72242] Exponent CMS framework/modules/pixidou/download.php file Parameter Traversal Arbitrary File Access
14334| [72123] Horde framework/Text_Filter/lib/Horde/Text/Filter/Xss.php Unspecified XSS
14335| [72122] Horde framework/Share/lib/Horde/Share/Object/Sql.php Guest User Access Restriction Bypass
14336| [71782] Microsoft .NET Framework x86 JIT Compiler XAML Browser Application (XBAP) Processing Stack Corruption
14337| [71721] qooxdoo framework/source/resource/qx/test/part/delay.php file Parameter Traversal Arbitrary File Access
14338| [71720] qooxdoo framework/source/resource/qx/test/jsonp_primitive.php callback Parameter XSS
14339| [71719] eyeOS framework/source/resource/qx/test/part/delay.php file Parameter Traversal Arbitrary File Access
14340| [71718] eyeOS framework/source/resource/qx/test/jsonp_primitive.php callback Parameter XSS
14341| [71665] Microsoft .NET Framework on XP KB982671 Persistent Firewall Disablement
14342| [71013] .NET Framework Runtime Optimization Service Insecure File Permissions Privilege Escalation
14343| [70857] Metasploit Framework on Windows Insecure Filesystem Permissions Local Privilege Escalation
14344| [70751] Zikula Application Framework User Permissions Modification CSRF
14345| [70586] Oracle Sun Products Suite Sun Java System Communications Express Component Web Mail Unspecified Remote Issue
14346| [70497] SmoothWall Express shutdown.cgi System Reboot CSRF
14347| [70496] SmoothWall Express cgi-bin/ipinfo.cgi IP Parameter XSS
14348| [70348] Cisco IOS CallManager Express (CME) SIP TRUNK Traffic Rate Burst Request Size Remote DoS
14349| [70341] Cisco IOS CallManager Express (CME) Extension Mobility Phone SNR Number Change Remote DoS
14350| [70086] Embedthis Appweb Ejscript Web Framework XSS
14351| [70023] IBM ENOVIA emxFramework.FilterParameterPattern Property XSS
14352| [69861] Expression CMS Multiple Parameter XSS
14353| [69394] MySQL Temporary Table Expression Re-Evaluation DoS
14354| [69159] Horde Application Framework Preference Form CSRF
14355| [68791] Camtasia Studio ExpressShow SWF Files Unspecified XSS
14356| [68556] Microsoft .NET Framework x64 JIT Compiler Unprivileged Application Remote Code Execution
14357| [68064] OTRS (Open Ticket Request System) Crafted Email Regular Expression Processing DoS
14358| [67975] HP Data Protector Express dpwinsup PrvRecvRqu() Function NULL Dereference Remote DoS
14359| [67974] HP Data Protector Express on Linux libdplindtb.so DtbClsLogin() Function Overflow
14360| [67973] HP Data Protector Express on Windows dpwindtb.dll DtbClsLogin() Function Overflow
14361| [67839] Horde Application Framework util/icon_browser.php subdir Parameter XSS
14362| [67804] Seagull PHP Framework fog/lib/pear/Config/Container.php includeFile Parameter Remote File Inclusion
14363| [67783] Microsoft Windows SDK for Windows 7 / .NET Framework 4 GraphEdit Path Subversion Arbitrary DLL Injection Code Execution
14364| [67689] Seagull PHP Framework index.php/user/password frmQuestion Parameter SQL Injection
14365| [67503] Microsoft Outlook Express Path Subversion Arbitrary DLL Injection Code Execution
14366| [67028] Play Framework public/ Traversal Arbitrary File Access
14367| [66993] Microsoft .NET Framework / Silverlight CLR Virtual Delegate Handling Remote Code Execution
14368| [66881] JBoss Seam 2 JBoss Expression Language Crafted URL Arbitrary Code Execution
14369| [66856] WebKit emitDisjunction Regular Expression Interpretation Memory Corruption
14370| [66346] Oracle E-Business Suite Applications Framework Component Unspecified Remote Issue (2010-0912)
14371| [66343] Oracle E-Business Suite Applications Framework Unspecified Remote Information Disclosure (2010-0909)
14372| [66342] Oracle E-Business Suite Applications Framework Unspecified Remote Issue (2010-0908)
14373| [66331] Oracle Database Server Application Express Component Unspecified Remote Issue (2010-0892)
14374| [66253] Diem Content Management Framework Blog Items Filter Module article_form_filter[name][text] Parameter XSS
14375| [66252] Diem Content Management Framework dmCore Script text Parameter XSS
14376| [66251] Diem Content Management Framework Page Metas Managing Script value Parameter XSS
14377| [65993] Open Text ECM Expression Builder Unspecified XSS
14378| [65991] Linux SCSI Target Framework (tgt) iSNS Message Remote Overflow
14379| [65661] Spring Framework class.classLoader.URLs[0]=jar: Crafted JAR File HTTP Request Arbitrary Code Execution
14380| [65430] Oracle Mojarra Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
14381| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
14382| [65376] MS IE Style Expression Handling Unspecified DoS
14383| [65285] Cisco Unified Contact Center Express (CCX) Traversal Arbitrary File Access
14384| [65284] Cisco Unified Contact Center Express (CCX) CTI Server Component Malformed Message Remote DoS
14385| [64799] Oracle Sun Products Suite Sun Java System Communications Express Component cmd.msc Message Box Deletion CSRF
14386| [64530] Microsoft Outlook Express / Windows Mail STAT Response Overflow
14387| [64447] Tirzen Framework (TZN) tzn_mysql.php Username Parameter SQL Injection Authentication Bypass
14388| [64397] Perl-Compatible Regular Expression (PCRE) pcre_compile.c. compile_branch() Function Overflow
14389| [64269] Zikula Application Framework Users Module CSRF
14390| [64096] Zikula Application Framework index.php func Parameter XSS
14391| [64095] Zikula Application Framework ZLanguage.php lang Parameter XSS
14392| [64071] Oracle Sun Product Suite Sun Java System Communications Express Component Address Book Unspecified Remote Information Disclosure
14393| [63520] Oracle Sun Products Suite Sun Java System Communications Express Component Message Subject Field XSS
14394| [63418] Linux SCSI Target Framework (tgt) usr/iscsi/isns.c Multiple Function Format String
14395| [63313] ViewVC Regular Expression Search Functionality XSS
14396| [63177] Cisco IOS Unified Communications Manager Express SCCP Message Handling Unspecified Remote DoS (CSCsz49741)
14397| [63176] Cisco IOS Unified Communications Manager Express SCCP Message Handling Unspecified Remote DoS (CSCsz48614)
14398| [63172] Mime Mail Module for Drupal PCRE Regular Expression Engine Arbitrary PHP Code Execution
14399| [62997] Trouble Ticket Express ttx.cgi fid Parameter Arbitrary Command Execution
14400| [62788] Download Protect Framework/EmailTemplates.class.php GLOBALS[RootPath] Parameter Remote File Inclusion
14401| [62585] Hitachi Multiple Products uCosminexus Portal Framework Unspecified XSS
14402| [62581] WebsiteBaker framework/class.wb.php print_error() Function Security Bypass
14403| [62118] IBM Cognos Express Tomcat Manager Hardcoded Credentials
14404| [62027] PHP Fuzzer Framework Insecure File Creation Local Privilege Escalation
14405| [61959] SAP BusinessObjects AdminTools/querybuilder/logonform.jsp framework Parameter XSS
14406| [61958] SAP BusinessObjects AdminTools/querybuilder/ie.jsp framework Parameter XSS
14407| [61731] Oracle Database Application Express Application Builder HTTP Unspecified Remote Issue
14408| [61707] Zend Framework Zend_Service_ReCaptcha_MailHide Function email Argument XSS
14409| [61706] Zend Framework Zend_Json_Encoder Forward Slash XSS
14410| [61705] Zend Framework Zend_Dojo_View_Helper_Editor Function HTML DIV Tag XSS
14411| [61704] Zend Framework Zend_Filter_StripTags Function Whitelisted HTML Comment Bypass XSS
14412| [61703] Zend Framework Zend_File_Transfer Function MIME Type Unspecified Weakness
14413| [61702] Zend Framework Multiple Function Encoded Request XSS
14414| [61340] Zend Framework Zend_Log_Writer_Mail Class shutdown Function Arbitrary Mail Relay
14415| [59502] Microsoft IE / Outlook Express Crafted XML Stylesheet (XSL) Arbitrary Script Execution
14416| [59394] Mozilla Multiple Browsers Proxy Auto-configuration (PAC) File Regular Expression Parsing Arbitrary Code Execution
14417| [59128] Oracle E-Business Suite Applications Framework Unspecified Remote Information Disclosure
14418| [59108] Oracle Database Application Express FLOWS_030000. WWV_EXECUTE_IMMEDIATE Unspecified Remote Issue
14419| [58851] Microsoft .NET Framework / Silverlight Crafted Application Memory Manipulation Arbitrary Code Execution
14420| [58850] Microsoft .NET Framework Object Casting Manipulation Arbitrary Code Execution
14421| [58849] Microsoft .NET Framework Crafted Application Managed Pointer Access Arbitrary Code Execution
14422| [58651] Symantec SecurityExpressions Audit and Compliance Server Unspecified XSS
14423| [58650] Symantec SecurityExpressions Audit and Compliance Server Unspecified HTML Injection
14424| [58564] Premier Election Solutions (Diebold) ExpressPoll Audit Log Voter Privacy Violation
14425| [58563] Premier Election Solutions (Diebold) ExpressPoll DB3 Database Unauthorized Manipulation
14426| [58562] Premier Election Solutions (Diebold) ExpressPoll Boot Loader / OS Unauthorized Upgrade
14427| [58552] Premier Election Solutions (Diebold) EMP / ExpressPoll Server Log Integrity Weakness
14428| [58450] Solaris STREAMS Framework Unspecified Local DoS
14429| [58335] Cisco IOS Unified Communications Manager Express (CME) Extension Mobility Feature Login Component Remote Overflow
14430| [58334] Cisco IOS Cisco Express Forwarding Malformed Packet Handling Remote DoS (2009-2873)
14431| [58333] Cisco IOS Cisco Express Forwarding Malformed Packet Handling Remote DoS (2009-2872)
14432| [58228] ipMonitor Malformed Regular Expression Backreference Handling DoS
14433| [58109] Horde Application Framework Numeric Preference Type XSS
14434| [58108] Horde Application Framework MIME Viewer Text Part Rendering XSS
14435| [58107] Horde Application Framework Form Library Image Form Field Arbitrary File Overwrite
14436| [57893] Symantec Altiris eXpress NS SC Download Altiris.AeXNSPkgDL.1 ActiveX (AeXNSPkgDLLib.dll) DownloadAndInstall() Method Arbitrary Code Execution
14437| [57638] Microsoft Outlook Express IMAP Client literal_size Remote Overflow
14438| [57340] Adobe Flex SDK express-install Templates index.template.html Query String XSS
14439| [57062] Microsoft IE STYLE Element / CSS Expression Property Double Content Injection XSS Filter Bypass
14440| [56972] OpenJDK IcedTea Java Web Start Framework JAR File Trust Weakness Privilege Escalation
14441| [56905] Microsoft .NET Framework Request Scheduling Crafted HTTP Request Remote DoS
14442| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
14443| [55939] Google Chrome JavaScript Regular Expressions Evaluation Memory Corruption
14444| [55937] Cisco Unified Contact Center Express (CCX) Database Unspecified XSS
14445| [55936] Cisco Unified Contact Center Express (CCX) Customer Response Solutions (CRS) Administration Interface Traversal Arbitrary File Manipulation
14446| [55900] Oracle E-Business Suite Applications Framework /OA_HTML/OA.jsp Multiple Parameter XSS
14447| [55198] Zend Framework Zend_View::render() Function Traversal Local File Inclusion
14448| [54641] Novell GroupWise WebAccess Unfiltered Style Expressions XSS
14449| [54610] Sun Java System Communications Express uwc/abs/search.xml abperson_displayName Parameter XSS
14450| [54609] Sun Java System Communications Express uwc/base/UWCMain URL Parameter XSS
14451| [54509] HP Data Protector Express dpwinsup Module Crafted Traffic Remote Memory Disclosure
14452| [53941] Scorpio Framework baseAdminSite Implementation view Action Object Restriction Bypass
14453| [53940] Spring Framework RegEx Serialized Data Handling CPU Consumption DoS
14454| [53754] Oracle E-Business Suite Applications Framework Unspecified Remote Issue
14455| [53738] Oracle Database Application Express (APEX) FLOWS_030000.WWV_FLOW_USER User Password Hash Disclosure
14456| [53540] Horde Application Framework framework/Text_Filter/Filter/xss.php Style Attributes XSS
14457| [52930] Benjile PHP Security Framework lib/common/SecureHttpRequest.class.php SQL Injection Protection Bypass
14458| [52929] Benjile PHP Security Framework lib/control/AuthentificationController.class.php SQL Injection
14459| [52928] Benjile PHP Security Framework lib/base.inc.php Multiple Parameter Remote File Inclusion
14460| [52845] ExpressionEngine system/index.php avatar Parameter XSS
14461| [52718] Sun Java System Communications Express Multiple Field XSS
14462| [52707] Atlassian JIRA Enterprise Edition Webwork 1 Framework Dynamic URL Transformation Security Bypass
14463| [52617] IBM Tivoli Storage Manager (TSM) Express adsmdll.dll Length Value Handling Remote Overflow
14464| [52282] Extrakt Framework index.php plugins[file][id] Parameter XSS
14465| [51973] Apple Mac OS X FSEvents Framework fseventsd Credential Management Local Information Disclosure
14466| [51887] Horde Multiple Products framework/Image/Image.php Horde_ImageDriver Name Traversal Local File Inclusion
14467| [51650] htmLawed Crafted CSS Expressions XSS
14468| [51329] Oracle E-Business Suite Applications Framework System Configuration Remote Information Disclosure
14469| [51314] Oracle BEA WebLogic Server / Express Console Unspecified Privilege Escalation
14470| [51313] Oracle BEA WebLogic Server / Express JSP Servlets Unspecified Information Disclosure
14471| [51312] Oracle BEA WebLogic Server / Express Web Services Unspecified Policy Bypass
14472| [50974] Microsoft Outlook Express InetComm.dll MimeOleClearDirtyTree Function Malformed Email Header Handling Infinite Loop DoS
14473| [50851] Product Sale Framework customer.forumtopic.php forum_topic_id Parameter SQL Injection
14474| [50620] ColdFusion Application Server Expression Evaluator openfile.cfm Arbitrary File Upload
14475| [50302] Microsoft .NET Framework Strong Name Implementation DLL File Public Key Token Subversion Multiple Mechanism Authentication Bypass
14476| [49843] IBM Metrica Service Assurance Framework ReportRequest :tasklabel Parameter XSS
14477| [49842] IBM Metrica Service Assurance Framework Launch jnlpname Parameter XSS
14478| [49841] IBM Metrica Service Assurance Framework ReportTree elementid Parameter XSS
14479| [49732] XWork ParameterInterceptor OGNL Expression Arbitrary SSO Modification
14480| [49442] IBM Tivoli Storage Manager (TSM) Express for Microsoft SQL SQL CAD Data Protection (dsmcat.exe) Remote Overflow
14481| [49329] Oracle Database Application Express (APEX) Session Creation Unspecified Remote Issue
14482| [49308] Oracle E-Business Suite Applications Framework Unspecified Remote Issue
14483| [49176] Midgard Components Framework Multiple Unspecified Issues
14484| [48962] DataFeedFile (DFF) PHP Framework API DFF_sku.func.php DFF_config[dir_include] Parameter Remote File Inclusion
14485| [48961] DataFeedFile (DFF) PHP Framework API DFF_rss.func.php DFF_config[dir_include] Parameter Remote File Inclusion
14486| [48960] DataFeedFile (DFF) PHP Framework API DFF_paging.func.php DFF_config[dir_include] Parameter Remote File Inclusion
14487| [48959] DataFeedFile (DFF) PHP Framework API DFF_mer_prdt.func.php DFF_config[dir_include] Parameter Remote File Inclusion
14488| [48958] DataFeedFile (DFF) PHP Framework API DFF_mer.func.php DFF_config[dir_include] Parameter Remote File Inclusion
14489| [48957] DataFeedFile (DFF) PHP Framework API DFF_featured_prdt.func.php DFF_config[dir_include] Parameter Remote File Inclusion
14490| [48956] DataFeedFile (DFF) PHP Framework API DFF_affiliate_client_API.php DFF_config[dir_include] Parameter Remote File Inclusion
14491| [48174] Red Hat Directory Server Directory Server Administration Express Interface adminutil Library Unspecified XSS
14492| [47292] Firebird 2 Crafted Expression Handling Unspecified Memory Corruption
14493| [46931] Microsoft Outlook/Express Unspecified URI Handling Arbitrary Command Injection
14494| [46690] Perl-Compatible Regular Expression (PCRE) pcre_compile.c Crafted Pattern Handling Overflow
14495| [46312] Prototype JavaScript Framework prototype.js Cross-site Ajax Request Unspecified Issue
14496| [46311] Prototype JavaScript Framework prototype.js script Tag Cross-site JSON String Information Disclosure
14497| [45882] Kaya CGI Framework HTTP Header XSS
14498| [45757] PHPIDS Arithmetic Expressions Handling XSS
14499| [44978] Red Hat Directory Server slapd LDAP Search Regular Expression Handler Overflow
14500| [44501] Oracle Application Express HTTP Unspecified Remote Issue
14501| [44500] Oracle Application Express flows_030000.wwv_execute_immediate Unspecified Remote Issue
14502| [44489] Oracle Applications Framework HTTP Unspecified Remote Information Disclosure
14503| [44266] WoltLab Community Framework (WCF) Multiple Parameter XSS
14504| [44265] WoltLab Community Framework (WCF) Multiple Variable Path Disclosure
14505| [44161] McAfee Common Management Agent (CMA) Framework Service Crafted Request Remote DoS
14506| [44117] RoundCube Webmail Style Sheet Expression Commands XSS
14507| [44053] Sympa wwsympa/wwsympa.fcgi arcsearch Malformed Expression Remote DoS
14508| [44032] Cisco Unified Communications Disaster Recovery Framework (DRF) Arbitrary Remote Command Execution
14509| [43697] IBM Tivoli Provisioning Manager Express Login Error Username Enumeration
14510| [43696] IBM Tivoli Provisioning Manager Express Account Creation Username Enumeration
14511| [43693] IBM Tivoli Provisioning Manager Express assess modification Unspecified XSS
14512| [43419] ExpressionEngine index.php URL Parameter CLRF Injection HTTP Response Splitting
14513| [43376] CUPS CGI Backend IPP Request Search Expression Handling (cgiCompileSearch) Remote Overflow
14514| [43328] Prototype (prototypejs) Framework JavaScript Object Notation (JSON) Crafted HTML Remote Data Disclosure
14515| [43327] Moo.fx Framework JavaScript Object Notation (JSON) Crafted HTML Remote Data Disclosure
14516| [43326] MochiKit Framework JavaScript Object Notation (JSON) Crafted HTML Remote Data Disclosure
14517| [43325] Microsoft Atlas Framework JavaScript Object Notation (JSON) Crafted HTML Remote Data Disclosure
14518| [43324] Yahoo! UI Framework JavaScript Object Notation (JSON) Crafted HTML Remote Data Disclosure
14519| [43323] Dojo Framework JavaScript Object Notation (JSON) Crafted HTML Remote Data Disclosure
14520| [43322] Direct Web Remoting (DWR) Framework JavaScript Object Notation (JSON) Crafted HTML Remote Data Disclosure
14521| [43321] Google Web Toolkit (GWT) Framework JavaScript Object Notation (JSON) Crafted HTML Remote Data Disclosure
14522| [43320] jQuery Framework JavaScript Object Notation (JSON) Crafted HTML Remote Data Disclosure
14523| [43319] Script.aculo.us Framework JavaScript Object Notation (JSON) Crafted HTML Remote Data Disclosure
14524| [43182] Google Android SDK WebKit Framework GIF Library GIF Handling Overflow
14525| [42853] McAfee ePolicy Orchestrator Framework Service Crafted UDP Packet Handling Format String
14526| [42631] JBoss Seam org.jboss.seam.framework.Query Class getRenderedEjbql Method order Variable Arbitrary Arbitrary EJBQL Command Execution
14527| [42101] MVEL set-expression Compiler Virtual Objects (Maps) Unspecified Code Injection
14528| [42021] Solaris 10 DTrace Dynamic Tracing Framework Kernel Tracing Information Disclosure
14529| [41989] Perl-Compatible Regular Expression (PCRE) Character Class Handling Remote Overflow
14530| [41585] ExpressionEngine index.php URL Parameter XSS
14531| [41417] Bubbling Library examples/dispatcher/framework/dispatcher.php uri Parameter Traversal Arbitrary File Access
14532| [41313] Oracle Application Express (APEX) NOTIFICATION_MSG Parameter XSS
14533| [40902] TCL in PostgreSQL Regular Expression Parser Crafted Doubly-nested State Regexp Parsing DoS
14534| [40766] Perl-Compatible Regular Expression (PCRE) Singleton Unicode Sequence Handling Overflow
14535| [40765] Perl-Compatible Regular Expression (PCRE) Unmatched Brackets / Parentheses Search Crafted Regexp DoS
14536| [40764] Perl-Compatible Regular Expression (PCRE) Character Class Calculation overflow
14537| [40763] Perl-Compatible Regular Expression (PCRE) Unmatched "
14538| [40761] Perl-Compatible Regular Expression (PCRE) Non-UTF-8 Mode Pattern Matching Information Disclosure
14539| [40760] Perl-Compatible Regular Expression (PCRE) \P Sequence DoS
14540| [40759] Perl-Compatible Regular Expression (PCRE) Unspecified Escape (backslash) Sequence DoS
14541| [40758] Perl-Compatible Regular Expression (PCRE) Compiled UTF-8 Options Pattern DoS
14542| [40757] Perl-Compatible Regular Expression (PCRE) Malformed POSIX Character Class Regexp DoS
14543| [40756] Perl-Compatible Regular Expression (PCRE) Regexp Subpattern Handling Overflow
14544| [40755] Perl-Compatible Regular Expression (PCRE) Compiled Memory Allocation Miscalculation Failure DoS
14545| [40754] Perl-Compatible Regular Expression (PCRE) Crafted Regexp Parsing Overflow
14546| [40753] Perl-Compatible Regular Expression (PCRE) Named Capturing Subpatterns Counting DoS
14547| [40752] Perl-Compatible Regular Expression (PCRE) Subpattern Recursive Reference DoS
14548| [40751] Perl-Compatible Regular Expression (PCRE) Subpattern Unlimited Repeat DoS
14549| [40527] Seagull PHP Framework optimizer.php files Parameter Traversal Arbitrary File Access
14550| [40409] Perl Regular Expression Engine (regcomp.c) Polymorphic opcode Support UTF Regexp Handling Remote Overflow
14551| [40353] IBM Tivoli Storage Manager (TSM) Express Backup Server service (dsmsvc.exe) Packet Handling Remote Overflow
14552| [40286] Oracle E-Business Suite Applications Framework Unspecified Remote Information Disclosure
14553| [39970] Oracle Application Express wwv_flow_security.check_db_password Function SQL Injection
14554| [39925] Oracle Database Rules Manager Expression Filter RLMGR_TRUNCATE_MAINT Trigger Race Condition
14555| [39145] aurora framework db_mysql.lib pack_var() value Parameter SQL Injection
14556| [39118] Microsoft IE Object setExpression Function Memory Corruption
14557| [38943] PHP Lite Calendar Express subscribe.php cid Parameter SQL Injection
14558| [38942] PHP Lite Calendar Express auth.php cid Parameter SQL Injection
14559| [38941] PHP Lite Calendar Express login.php cid Parameter SQL Injection
14560| [38905] Django Internationalization Framework USE_I18N Option Multiple HTTP Request Remote DoS
14561| [38600] epesi framework Gallery Image Unrestricted File Upload
14562| [38495] Microsoft IE Outlook Express Address Book Activex DoS
14563| [38486] Microsoft Expression Media IVC File Cleartext Catalog Password Disclosure
14564| [38418] PHP Object Framework dbmodules/DB_adodb.class.php PHPOF_INCLUDE_PATH Parameter Remote File Inclusion
14565| [38335] EasyMail Objects EasyMailSMTPObj ActiveX (emsmtp.dll) SubmitToExpress Method Arbitrary Code Execution
14566| [38154] phpBasic basicFramework includes.php root Parameter Remote File Inclusion
14567| [37779] Broderbund Expressit 3DGreetings Player ActiveX Multiple Unspecified Overflows
14568| [37749] SAP Internet Communication Framework (BC-MID-ICF) Default Login Error Page XSS
14569| [37104] Cisco IOS Regular Expressions (Regexp) Processing DoS
14570| [36453] Apple Safari / iPhone WebKit Perl-Compatible Regular Expressions (PCRE) Multiple Overflows
14571| [36101] McAfee Multiple Products ePolicy Orchestrator CMA Framework Service Remote Overflow
14572| [35956] Microsoft .NET Framework Just In Time (JIT) Compiler Service Unspecified Arbitrary Code Execution
14573| [35955] Microsoft .NET Framework NULL Byte URL Arbitrary File Access
14574| [35954] Microsoft .NET Framework PE Loader Service Unspecified Arbitrary Code Execution
14575| [35346] Microsoft Outlook Express / Windows Mail MHTML Content Disposition Parsing Cross Domain Information Disclosure
14576| [35345] Microsoft Outlook Express / Windows Mail URL Parsing Cross Domain Information Disclosure
14577| [35284] phpTodo Unspecified Regular Expression Newline Injection
14578| [35269] Microsoft ASP .NET Framework Comment Enclosure Handling Request Weakness
14579| [35020] IBM Tivoli Monitoring Express kde.dll Remote Overflow
14580| [34870] Apple Mac OS X VideoConference Framework Crafted SIP Packet Remote Overflow
14581| [34866] Apple Mac OS X WebFoundation Framework Subdomain Cookie Information Disclosure
14582| [34656] RSPA rspa/framework/Controller_v4.php Multiple Parameter Remote File Inclusion
14583| [34655] RSPA rspa/framework/Controller_v5.php Multiple Parameter Remote File Inclusion
14584| [34180] Calendar Express search.php allwords Parameter XSS
14585| [33820] Mirapoint WebMail expression CSS XSS
14586| [33631] Cadre PHP Framework fw/class.Quick_Config_Browser.php GLOBALS[config][framework_path] Parameter Remote File Inclusion
14587| [33320] OpenSER parse_config parse_expression Function Overflow
14588| [32620] Sun iPlanet Messaging Server Expression CSS XSS
14589| [32399] NeoTrace Express/Pro NeoTraceExplorer.NeoTraceLoader ActiveX TraceTarget Method Overflow
14590| [31615] Yana Framework Guestbook Unspecified Authorization Bypass
14591| [31503] Oracle Application Express Authenticated Unspecified Remote Information Disclosure
14592| [31502] Oracle Application Express Authenticated Unspecified Issue (APEX34)
14593| [31501] Oracle Application Express Unauthenticated Complex Unspecified Issue (APEX33)
14594| [31500] Oracle Application Express Unauthenticated Complex Unspecified Issue (APEX32)
14595| [31499] Oracle Application Express Unauthenticated Complex Unspecified Issue (APEX31)
14596| [31498] Oracle Application Express Authenticated Unspecified Issue (APEX30)
14597| [31497] Oracle Application Express Authenticated Unspecified Issue (APEX29)
14598| [31496] Oracle Application Express Unauthenticated Unspecified Issue (APEX28)
14599| [31495] Oracle Application Express Unauthenticated Unspecified Issue (APEX27)
14600| [31494] Oracle Application Express Unauthenticated Unspecified Issue (APEX26)
14601| [31493] Oracle Application Express Unspecified Unauthenticated Remote Partial DoS
14602| [31492] Oracle Application Express Unauthenticated Unspecified Issue (APEX24)
14603| [31491] Oracle Application Express Unauthenticated Unspecified Issue (APEX23)
14604| [31490] Oracle Application Express Unauthenticated Unspecified Issue (APEX22)
14605| [31489] Oracle Application Express Unauthenticated Unspecified Issue (APEX21)
14606| [31488] Oracle Application Express Unauthenticated Unspecified Issue (APEX20)
14607| [31487] Oracle Application Express Simple Unspecified Issue (APEX19)
14608| [31486] Oracle Application Express Simple Unspecified Issue (APEX18)
14609| [31485] Oracle Application Express Unspecified Unauthenticated Remote Complete DoS
14610| [31484] Oracle Application Express Developer SQL Workshop Unspecified Issue (APEX16)
14611| [31483] Oracle Application Express Developer SQL Workshop Unspecified Issue (APEX15)
14612| [31482] Oracle Application Express Unauthenticated Complex Unspecified Issue (APEX14)
14613| [31481] Oracle Application Express Unauthenticated Complex Unspecified Issue (APEX13)
14614| [31480] Oracle Application Express Unauthenticated Complex Unspecified Issue (APEX12)
14615| [31479] Oracle Application Express synonym Creation Unspecified Authenticated Issue
14616| [31478] Oracle Application Express htmldb_plsql_job Unspecified Authenticated Issue
14617| [31477] Oracle Application Express Unauthenticated Simple Unspecified Issue (APEX09)
14618| [31476] Oracle Application Express Unauthenticated Simple Unspecified Issue (APEX08)
14619| [31475] Oracle Application Express Unauthenticated Simple Unspecified Issue (APEX07)
14620| [31474] Oracle Application Express Unauthenticated Simple Unspecified Issue (APEX06)
14621| [31473] Oracle Application Express Unauthenticated Simple Unspecified Issue (APEX05)
14622| [31472] Oracle Application Express Unauthenticated Complex Unspecified Issue (APEX04)
14623| [31471] Oracle Application Express Unauthenticated Complex Unspecified Issue (APEX03)
14624| [31470] Oracle Application Express Unauthenticated Complex Unspecified Issue (APEX02)
14625| [31469] Oracle Application Express Unauthenticated Simple Unspecified Issue (APEX01)
14626| [31416] Oracle E-Business Suite Applications Framework HTTP Unspecified Issue
14627| [31218] Zend Framework Preview testRedirections.php XSS
14628| [30821] Microsoft Outlook Express Windows Address Book Contact Record Code Execution
14629| [30731] Apple Mac OS X Security Framework Secure Transport Cipher Negotiation Weakness
14630| [30730] Apple Mac OS X Security Framework Crafted X.509 Certificate Handling Remote DoS
14631| [30729] Apple Mac OS X Security Framework Online Certificate Status Protocol (OCSP) Revoked Certificate Weakness
14632| [30728] Apple Mac OS X Security Framework Certificate Revocation List (CRL) Search Weakness
14633| [30425] SiteXpress E-Commerce System dept.asp id Parameter SQL Injection
14634| [30151] Sun Java System Messenger Express errorHTML Function XSS
14635| [29431] Microsoft .NET Framework AutoPostBack Property Unspecified XSS
14636| [28458] IBM Tivoli Lightweight Client Framework HTTP http_disable Default Setting Weakness
14637| [27760] Cisco CallManager Express SIP Message User Enumeration
14638| [27153] Microsoft .NET Framework Crafted Request Access Restriction Bypass
14639| [26836] Microsoft IE OutlookExpress.AddressBook COM Object NULL Dereference
14640| [26711] Docebo CMS lib.php GLOBALS[where_framework] Parameter Remote File Inclusion
14641| [26710] Docebo CMS body.php GLOBALS[where_framework] Parameter Remote File Inclusion
14642| [26708] Docebo CMS content_class.php GLOBALS[where_framework] Parameter Remote File Inclusion
14643| [26707] Docebo CMS news_class.php GLOBALS[where_framework] Parameter Remote File Inclusion
14644| [26640] PHP Lite Calendar Express month.php Multiple Parameter SQL Injection
14645| [26002] BlueShoes Framework websearchengine/Bs_Wse_Profile.class.php APP[path][plugins] Parameter Remote File Inclusion
14646| [26001] BlueShoes Framework mailinglist/Bs_Ml_User.class.php GLOBALS[APP][path][core] Parameter Remote File Inclusion
14647| [26000] BlueShoes Framework imagearchive/Bs_ImageArchive.class.php?APP[path][core] Parameter Remote File Inclusion
14648| [25999] BlueShoes Framework filemanager/viewer.php?APP[path][core] Parameter Remote File Inclusion
14649| [25998] BlueShoes Framework filemanager/file.php?APP[path][core] Parameter Remote File Inclusion
14650| [25997] BlueShoes Framework filebrowser/fileBrowserInner.php?APP[path][core] Parameter Remote File Inclusion
14651| [25996] BlueShoes Framework faq/Bs_Faq.class.php?APP[path][applications] Parameter Remote File Inclusion
14652| [25613] FileProtection Express Crafted Cookie Authentication Bypass
14653| [25165] Cisco Unity Express Arbitrary User Expired Password Modification
14654| [24830] Oracle Enterprise Manager CORE: Reporting Framework Unspecified HTTP Information Disclosure
14655| [24829] Oracle Enterprise Manager CORE: Reporting Framework Unspecified HTTP Issue
14656| [24661] Mozilla Multiple Products Javascript Regular Expression Parsing Overflow
14657| [24519] Microsoft Outlook Express Windows Address Book (.wab) Processing Overflow
14658| [24208] Microsoft .NET Framework ILDASM Overflow
14659| [24207] Microsoft .NET Framework ILASM .il File Processing Overflow
14660| [24161] Calendar Express search.php Multiple Parameter XSS
14661| [23675] enTrac ExpressPay SLE4442 Chip Card Authentication Bypass
14662| [22724] ExpressionEngine index.php $_SERVER['HTTP_REFERER'] XSS
14663| [22682] Rockliffe MailSite Express Cookie Plaintext Password Storage
14664| [22606] Oracle E-Business Suite/Applications Applications Framework HTTP Unspecified Authenticated Issue
14665| [21915] Adaptive Website Framework (AWF) Unspecified Script mode Variable Path Disclosure
14666| [21914] Adaptive Website Framework (AWF) Multiple Templates page Parameter XSS
14667| [21607] Horde Framework CSV Import Multiple Field Arbitrary Script Execution
14668| [21606] Horde Framework Multiple Field XSS
14669| [21405] PHP Lite Calendar Express year.php Multiple Parameter SQL Injection
14670| [21404] PHP Lite Calendar Express month.php Multiple Parameter SQL Injection
14671| [21403] PHP Lite Calendar Express week.php Multiple Parameter SQL Injection
14672| [21402] PHP Lite Calendar Express day.php Multiple Parameter SQL Injection
14673| [21341] Omnistar KBase Express category.php id Parameter SQL Injection
14674| [21340] Omnistar KBase Express search.php search Parameter SQL Injection
14675| [20490] Rockliffe MailSite Express WebMail AttachPath Arbitrary Attachment Access
14676| [20489] Rockliffe MailSite Express WebMail File Upload Arbitrary Command Execution
14677| [20488] Rockliffe MailSite Express WebMail Email Message Body XSS
14678| [20448] Sun Java System Communications Express Remote Configuration File Disclosure
14679| [20083] Hitachi Cosminexus Portal Framework Cached Content Manipulation
14680| [20064] Rockliffe MailSite Express Attachment Arbitrary File Upload
14681| [19654] mwcollect Perl-Compatible Regular Expression (PCRE) Usage Unspecified DoS
14682| [19200] Express-Web Content Management System default.asp email Parameter XSS
14683| [19199] Express-Web Content Management System login.asp referer XSS
14684| [18906] Perl-Compatible Regular Expression (PCRE) Quantifier Value Processing Overflow
14685| [18780] Apple Mac OS X Server CoreFoundation Framework Command Line Overflow
14686| [18779] Apple Mac OS X CoreFoundation Framework Gregorian Date Processing Algorithmic Complexity DoS
14687| [18638] PHP Lite Calendar Express search.php allwords Parameter XSS
14688| [18495] Metasploit Framework msfweb Defanged Mode Remote Bypass
14689| [18241] Microsoft Outlook Express begin Keyword Message Handling DoS
14690| [18019] Oracle Express Server Unauthenticated Trivial Remote DoS
14691| [17778] IBM Tivoli Management Framework Endpoint lcfd Process Connection Saturation DoS
14692| [17606] Adobe Reader/Acrobat for Mac OS Updater Safari Frameworks Privilege Escalation
14693| [17472] mwcollect HoD Bind Crafted Perl-Compatible Regular Expression (PCRE) Request DoS
14694| [17306] Microsoft Outlook Express NNTP LIST Command Remote Overflow
14695| [16077] Apple Mac OS X Foundation Framework Environment Variable Overflow
14696| [16014] IBM Web Traffic Express Caching Proxy Server HTTP GET Request XSS
14697| [13884] Hursley Software Laboratories Consumer Transaction Framework Long HTTP Request DoS
14698| [13550] Celtech ExpressFS FTP Server Long USER Command Overflow
14699| [12864] Apple AirPort Express/Extreme WDS UDP DoS
14700| [11957] Microsoft Outlook Express Troubleshooting Feature SMTP Auth Credential Disclosure
14701| [11956] Microsoft Outlook/Express Message body NUL Character DoS
14702| [11954] Microsoft Outlook Express .dbx Deleted E-mail Persistence
14703| [11953] Microsoft Outlook Express A HREF Link Overflow DoS
14704| [11952] Microsoft Outlook Express S/MIME CA Certificate Spoofing
14705| [11950] Microsoft Outlook Express MIME Header Manipulation File Extension Spoofing Weakness
14706| [11948] Microsoft IE/Outlook Express IFRAME Tag Parsing Remote DoS
14707| [11942] Microsoft Outlook Express Email Forward Blocked Attachment Access
14708| [11941] Microsoft Outlook Express HTML Frame base64 Attachment Security Bypass
14709| [11938] Microsoft Outlook Express Attachment Filename Overflow
14710| [11422] Microsoft Outlook Express S/MIME Parsing Routine Remote Overflow
14711| [11419] Microsoft Outlook Express Header Carriage Return Filter Bypass
14712| [11418] Microsoft Outlook Express text/plain MIME Content Embedded SCRIPT Tag Command Execution
14713| [11417] Microsoft Outlook/Express VCard Handler Remote Overflow
14714| [11416] Microsoft Outlook/Express Blank Header DoS
14715| [11415] Microsoft Outlook Express Forced POP3 Command Mode DoS
14716| [11164] Horde Application Framework Help Window Multiple Parameter XSS
14717| [10865] Intel Express 500 Series Switches Malformed ICMP DoS
14718| [10765] Express-Web Content Management System default.asp Multiple Parameter XSS
14719| [9904] Squid Internet Object Cache Regular Expression ACL Bypass
14720| [9825] Disney Go Express Search HTTP Information Disclosure
14721| [9739] Cosminexus Portal Framework Cached Content Modification
14722| [9225] IBM Web Traffic Express Caching Proxy Server Location: Header XSS
14723| [9224] Cute PHP Library Unspecified Regular Expressions Issue
14724| [9167] Microsoft Outlook Express BCC: Recipient Information Disclosure
14725| [8662] eshare Expressions Unspecified Traversal Arbitrary File Access
14726| [7902] Microsoft IE / Outlook Express Active Scripting Arbitrary E-mail Message Access
14727| [7793] Microsoft Outlook Express Header Validation DoS
14728| [7096] Microsoft Outlook Express Mac OS Auto HTML Download
14729| [7055] Microsoft Outlook Express for Mac OS E-mail Long Line DoS
14730| [6768] IBM Tivoli Management Framework ManagedNode Web Server GET Request Remote Overflow
14731| [6767] IBM Tivoli Management Framework Endpoint Web Server GET Request Remote Overflow
14732| [6121] Microsoft Outlook Express BASE HREF Web Content Loading
14733| [5795] HP Web JetAdmin Framework:CheckPassword Authentication Bypass
14734| [5792] HP Web JetAdmin framework.ini Password Disclosure
14735| [5791] HP Web JetAdmin framework.ini Path Disclosure
14736| [5243] Ipswitch IMail Express Web Messaging Buffer Overflow
14737| [2213] Java Media Framework Unsigned Applet Privilege Escalation
14738| [2048] PCexpress BBS Backdoor Password
14739| [1528] Intel Express Switch 500 Series Malformed IP Packet Remote DoS
14740| [1475] Microsoft Outlook/Express Cache Bypass
14741| [1467] Microsoft Outlook/Express GMT Field Buffer Overflow
14742| [1414] BEA WebLogic Server/Express file Servlet Source Code Disclosure
14743| [1344] Intel Express 8100 ISDN Router Fragmented ICMP Parsing Remote DoS
14744| [806] Cisco IOS Cisco Express Forwarding (CEF) Previous Packet Information Disclosure
14745|_
147468083/tcp open http syn-ack nginx
14747|_http-server-header: nginx
14748| vulscan: VulDB - https://vuldb.com:
14749| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
14750| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
14751| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
14752| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
14753| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
14754| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
14755| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
14756| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
14757| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
14758| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
14759| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
14760| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
14761| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
14762| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
14763| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
14764| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
14765| [67677] nginx up to 1.7.3 SSL weak authentication
14766| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls() privilege escalation
14767| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
14768| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
14769| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
14770| [65364] nginx up to 1.1.13 Default Configuration information disclosure
14771| [8671] nginx up to 1.4 proxy_pass denial of service
14772| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
14773| [7247] nginx 1.2.6 Proxy Function spoofing
14774| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
14775| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
14776| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
14777| [59645] nginx up to 0.8.9 Heap-based memory corruption
14778| [87037] nginx on Windows :$DATA privilege escalation
14779| [53592] nginx 0.8.36 memory corruption
14780| [53590] nginx up to 0.8.9 unknown vulnerability
14781| [51533] nginx 0.7.64 Terminal privilege escalation
14782| [50905] nginx up to 0.8.9 directory traversal
14783| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
14784| [50043] nginx up to 0.8.10 memory corruption
14785|
14786| MITRE CVE - https://cve.mitre.org:
14787| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
14788| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
14789| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
14790| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
14791| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
14792| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
14793| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
14794| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
14795| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
14796| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
14797| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
14798| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
14799| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
14800|
14801| SecurityFocus - https://www.securityfocus.com/bid/:
14802| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
14803| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
14804| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
14805| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
14806| [82230] nginx Multiple Denial of Service Vulnerabilities
14807| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
14808| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
14809| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
14810| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
14811| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
14812| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
14813| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
14814| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
14815| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
14816| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
14817| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
14818| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
14819| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
14820| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
14821| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
14822| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
14823| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
14824| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
14825| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
14826| [40420] nginx Directory Traversal Vulnerability
14827| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
14828| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
14829| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
14830| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
14831| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
14832|
14833| IBM X-Force - https://exchange.xforce.ibmcloud.com:
14834| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
14835| [84172] nginx denial of service
14836| [84048] nginx buffer overflow
14837| [83923] nginx ngx_http_close_connection() integer overflow
14838| [83688] nginx null byte code execution
14839| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
14840| [82319] nginx access.log information disclosure
14841| [80952] nginx SSL spoofing
14842| [77244] nginx and Microsoft Windows request security bypass
14843| [76778] Naxsi module for Nginx nx_extract.py directory traversal
14844| [74831] nginx ngx_http_mp4_module.c buffer overflow
14845| [74191] nginx ngx_cpystrn() information disclosure
14846| [74045] nginx header response information disclosure
14847| [71355] nginx ngx_resolver_copy() buffer overflow
14848| [59370] nginx characters denial of service
14849| [59369] nginx DATA source code disclosure
14850| [59047] nginx space source code disclosure
14851| [58966] nginx unspecified directory traversal
14852| [54025] nginx ngx_http_parse.c denial of service
14853| [53431] nginx WebDAV component directory traversal
14854| [53328] Nginx CRC-32 cached domain name spoofing
14855| [53250] Nginx ngx_http_parse_complex_uri() function code execution
14856|
14857| Exploit-DB - https://www.exploit-db.com:
14858| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
14859| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
14860| [25499] nginx 1.3.9-1.4.0 DoS PoC
14861| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
14862| [14830] nginx 0.6.38 - Heap Corruption Exploit
14863| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
14864| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
14865| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
14866| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
14867| [9829] nginx 0.7.61 WebDAV directory traversal
14868|
14869| OpenVAS (Nessus) - http://www.openvas.org:
14870| [864418] Fedora Update for nginx FEDORA-2012-3846
14871| [864310] Fedora Update for nginx FEDORA-2012-6238
14872| [864209] Fedora Update for nginx FEDORA-2012-6411
14873| [864204] Fedora Update for nginx FEDORA-2012-6371
14874| [864121] Fedora Update for nginx FEDORA-2012-4006
14875| [864115] Fedora Update for nginx FEDORA-2012-3991
14876| [864065] Fedora Update for nginx FEDORA-2011-16075
14877| [863654] Fedora Update for nginx FEDORA-2011-16110
14878| [861232] Fedora Update for nginx FEDORA-2007-1158
14879| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
14880| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
14881| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
14882| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
14883| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
14884| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
14885| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
14886| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
14887| [100659] nginx Directory Traversal Vulnerability
14888| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
14889| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
14890| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
14891| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
14892| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
14893| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
14894| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
14895| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
14896| [71297] FreeBSD Ports: nginx
14897| [71276] FreeBSD Ports: nginx
14898| [71239] Debian Security Advisory DSA 2434-1 (nginx)
14899| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
14900| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
14901| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
14902| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
14903| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
14904| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
14905| [64894] FreeBSD Ports: nginx
14906| [64869] Debian Security Advisory DSA 1884-1 (nginx)
14907|
14908| SecurityTracker - https://www.securitytracker.com:
14909| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
14910| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
14911| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
14912| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
14913|
14914| OSVDB - http://www.osvdb.org:
14915| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
14916| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
14917| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
14918| [92796] nginx ngx_http_close_connection Function Crafted r->
14919| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
14920| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
14921| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
14922| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
14923| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
14924| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
14925| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
14926| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
14927| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
14928| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
14929| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
14930| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
14931| [62617] nginx Internal DNS Cache Poisoning Weakness
14932| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
14933| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
14934| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
14935| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
14936| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
14937| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
14938| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
14939| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
14940| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
14941| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
14942|_
14943OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
14944Aggressive OS guesses: Linux 3.10 - 4.11 (92%), HP P2000 G3 NAS device (91%), Linux 3.2 - 4.9 (91%), Linux 3.16 - 4.6 (90%), Linux 2.6.32 (90%), Ubiquiti AirMax NanoStation WAP (Linux 2.6.32) (90%), Linux 3.7 (90%), Ubiquiti AirOS 5.5.9 (90%), Linux 4.4 (90%), Ubiquiti Pico Station WAP (AirOS 5.2.6) (89%)
14945No exact OS matches for host (test conditions non-ideal).
14946TCP/IP fingerprint:
14947SCAN(V=7.70%E=4%D=7/20%OT=21%CT=25%CU=%PV=N%DS=13%DC=T%G=N%TM=5D32A9A9%P=x86_64-pc-linux-gnu)
14948SEQ(SP=106%GCD=1%ISR=10C%TI=Z%CI=Z%II=I%TS=A)
14949OPS(O1=M44FST11NW7%O2=M44FST11NW7%O3=M44FNNT11NW7%O4=M44FST11NW7%O5=M44FST11NW7%O6=M44FST11)
14950WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)
14951ECN(R=Y%DF=Y%TG=40%W=7210%O=M44FNNSNW7%CC=Y%Q=)
14952T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
14953T2(R=N)
14954T3(R=N)
14955T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
14956T5(R=Y%DF=Y%TG=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
14957T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
14958T7(R=N)
14959U1(R=N)
14960IE(R=Y%DFI=N%TG=40%CD=S)
14961
14962Uptime guess: 2.645 days (since Wed Jul 17 10:13:47 2019)
14963Network Distance: 13 hops
14964TCP Sequence Prediction: Difficulty=262 (Good luck!)
14965IP ID Sequence Generation: All zeros
14966Service Info: Host: server.domain.com; OS: Unix
14967
14968TRACEROUTE (using proto 1/icmp)
14969HOP RTT ADDRESS
149701 171.30 ms 10.252.200.1
149712 172.48 ms 213.184.122.97
149723 171.49 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
149734 171.68 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
149745 222.71 ms bzq-179-124-153.cust.bezeqint.net (212.179.124.153)
149756 221.14 ms ae23-0.fra20.core-backbone.com (5.56.18.217)
149767 237.55 ms ae5-2074.ams10.core-backbone.com (81.95.2.138)
149778 233.68 ms core-backbone.serverius.nl (5.56.20.171)
149789 234.42 ms 185.8.179.21
1497910 233.71 ms 185.8.179.25
1498011 244.37 ms 185.8.177.35
1498112 233.62 ms 5.45.66.7
1498213 234.54 ms 37.1.201.205
14983
14984NSE: Script Post-scanning.
14985NSE: Starting runlevel 1 (of 2) scan.
14986Initiating NSE at 01:42
14987Completed NSE at 01:42, 0.00s elapsed
14988NSE: Starting runlevel 2 (of 2) scan.
14989Initiating NSE at 01:42
14990Completed NSE at 01:42, 0.00s elapsed
14991Read data files from: /usr/bin/../share/nmap
14992OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
14993Nmap done: 1 IP address (1 host up) scanned in 243.66 seconds
14994 Raw packets sent: 81 (6.656KB) | Rcvd: 47 (3.373KB)
14995#######################################################################################################################################
14996Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-20 01:42 EDT
14997NSE: Loaded 45 scripts for scanning.
14998NSE: Script Pre-scanning.
14999Initiating NSE at 01:42
15000Completed NSE at 01:42, 0.00s elapsed
15001Initiating NSE at 01:42
15002Completed NSE at 01:42, 0.00s elapsed
15003Initiating Parallel DNS resolution of 1 host. at 01:42
15004Completed Parallel DNS resolution of 1 host. at 01:42, 0.02s elapsed
15005Initiating UDP Scan at 01:42
15006Scanning teen18topic.com (37.1.201.205) [14 ports]
15007Discovered open port 53/udp on 37.1.201.205
15008Completed UDP Scan at 01:42, 2.46s elapsed (14 total ports)
15009Initiating Service scan at 01:42
15010Scanning 12 services on teen18topic.com (37.1.201.205)
15011Service scan Timing: About 16.67% done; ETC: 01:51 (0:08:05 remaining)
15012Completed Service scan at 01:43, 102.57s elapsed (12 services on 1 host)
15013Initiating OS detection (try #1) against teen18topic.com (37.1.201.205)
15014Retrying OS detection (try #2) against teen18topic.com (37.1.201.205)
15015Initiating Traceroute at 01:43
15016Completed Traceroute at 01:43, 7.21s elapsed
15017Initiating Parallel DNS resolution of 1 host. at 01:43
15018Completed Parallel DNS resolution of 1 host. at 01:43, 0.00s elapsed
15019NSE: Script scanning 37.1.201.205.
15020Initiating NSE at 01:44
15021Completed NSE at 01:44, 7.12s elapsed
15022Initiating NSE at 01:44
15023Completed NSE at 01:44, 1.01s elapsed
15024Nmap scan report for teen18topic.com (37.1.201.205)
15025Host is up (0.20s latency).
15026
15027PORT STATE SERVICE VERSION
1502853/udp open domain (unknown banner: get lost)
15029| fingerprint-strings:
15030| DNSVersionBindReq:
15031| version
15032| bind
15033| lost
15034| NBTStat:
15035|_ CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
1503667/udp open|filtered dhcps
1503768/udp open|filtered dhcpc
1503869/udp open|filtered tftp
1503988/udp open|filtered kerberos-sec
15040123/udp open|filtered ntp
15041137/udp filtered netbios-ns
15042138/udp filtered netbios-dgm
15043139/udp open|filtered netbios-ssn
15044161/udp open|filtered snmp
15045162/udp open|filtered snmptrap
15046389/udp open|filtered ldap
15047520/udp open|filtered route
150482049/udp open|filtered nfs
150491 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
15050SF-Port53-UDP:V=7.70%I=7%D=7/20%Time=5D32A9B2%P=x86_64-pc-linux-gnu%r(DNSV
15051SF:ersionBindReq,41,"\0\x06\x85\0\0\x01\0\x01\0\x01\0\0\x07version\x04bind
15052SF:\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0\0\t\x08get\x20lost\xc0\x0c\0
15053SF:\x02\0\x03\0\0\0\0\0\x02\xc0\x0c")%r(DNSStatusRequest,C,"\0\0\x90\x04\0
15054SF:\0\0\0\0\0\0\0")%r(NBTStat,32,"\x80\xf0\x80\x15\0\x01\0\0\0\0\0\0\x20CK
15055SF:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\0\0!\0\x01");
15056Too many fingerprints match this host to give specific OS details
15057
15058TRACEROUTE (using port 137/udp)
15059HOP RTT ADDRESS
150601 171.10 ms 10.252.200.1
150612 ... 3
150624 169.72 ms 10.252.200.1
150635 171.53 ms 10.252.200.1
150646 171.53 ms 10.252.200.1
150657 171.54 ms 10.252.200.1
150668 171.54 ms 10.252.200.1
150679 171.55 ms 10.252.200.1
1506810 171.59 ms 10.252.200.1
1506911 ... 18
1507019 169.53 ms 10.252.200.1
1507120 170.16 ms 10.252.200.1
1507221 ... 27
1507328 169.41 ms 10.252.200.1
1507429 ...
1507530 169.91 ms 10.252.200.1
15076
15077NSE: Script Post-scanning.
15078Initiating NSE at 01:44
15079Completed NSE at 01:44, 0.00s elapsed
15080Initiating NSE at 01:44
15081Completed NSE at 01:44, 0.00s elapsed
15082Read data files from: /usr/bin/../share/nmap
15083OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
15084Nmap done: 1 IP address (1 host up) scanned in 126.36 seconds
15085 Raw packets sent: 134 (11.618KB) | Rcvd: 43 (5.060KB)
15086#######################################################################################################################################
15087 Anonymous JTSEC #OpChildSafety Full Recon #2