NVD List
| Id | Name | Description | Reject | CVSS Version | CVSS Score | Severity | Pub Date | Modified Date | Actions |
|---|---|---|---|---|---|---|---|---|---|
| 67407 | CVE-2005-1682 | ** DISPUTED ** JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does not properly validate the message number in the MimeMessage constructor in javax.mail.internet.InternetHeaders, which allows remote authenticated users to read other users" e-mail messages by modifying the msgno parameter. NOTE: Sun disputes this issue, stating "The report makes references to source code and files that do not exist in the mentioned products." | 2 | 2.1 | Low | 2017-01-03 | 2016-10-17 | View | |
| 58080 | CVE-2007-6059 | ** DISPUTED ** Javamail does not properly handle a series of invalid login attempts in which the same e-mail address is entered as username and password, and the domain portion of this address yields a Java UnknownHostException error, which allows remote attackers to cause a denial of service (connection pool exhaustion) via a large number of requests, resulting in a SQLNestedException. NOTE: Sun disputes this issue, stating "The report makes references to source code and files that do not exist in the mentioned products." | 2 | 5 | Medium | 2017-01-07 | 2008-11-15 | View | |
| 62911 | CVE-2006-4272 | ** DISPUTED ** Jelsoft vBulletin 3.5.4 allows remote attackers to register multiple arbitrary users and cause a denial of service (resource consumption) via a large number of requests to register.php. NOTE: the vendor has disputed this vulnerability, stating "If you have the CAPTCHA enabled then the registrations wont even go through. ... if you are talking about the flood being allowed in the first place then surely this is something that should be handled at the server level." | 2 | 7.5 | High | 2016-12-20 | 2008-09-05 | View | |
| 55960 | CVE-2007-3816 | ** DISPUTED ** JWIG might allow context-dependent attackers to cause a denial of service (service degradation) via loops of references to external templates. NOTE: this issue has been disputed by multiple third parties who state that only the application developer can trigger the issue, so no privilege boundaries are crossed. However, it seems possible that this is a vulnerability class to which an JWIG application may be vulnerable if template contents can be influenced, but this would be an issue in the application itself, not JWIG. | 2 | 7.8 | High | 2017-01-07 | 2008-09-05 | View | |
| 59773 | CVE-2006-1050 | ** DISPUTED ** Kwik-Pay Payroll 4.2.20, and possibly other versions, stores the KwikPay.mdb database file with insecure permissions, which allows local users to obtain sensitive information such as employment and payment data. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the vendor has disputed this vulnerability, stating that "The kwikpay.mdb file supplied with kwikpay is a template for the database structure of user databases created by kwikpay and to store a demonstration payroll. It does not contain any sensitive user information. When a user payroll database is opened, the encryption of the database is checked and if the database is not encrypted, the user is prompted to encrypt the database, but the choice is the customers." | 2 | 2.1 | Low | 2016-12-20 | 2008-09-05 | View |
Page 21 of 17672, showing 5 records out of 88360 total, starting on record 101, ending on 105
