Vulnerabilities (CVE)

Filtered by CWE-264
Total 5229 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-1877 1 Netgear 1 Fm114p 2024-02-28 7.5 HIGH N/A
NETGEAR FM114P allows remote attackers to bypass access restrictions for web sites via a URL that uses the IP address instead of the hostname.
CVE-2003-1386 1 Axis 2 2400 Video Server, 2401 Video Server 2024-02-28 6.4 MEDIUM N/A
AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to obtain sensitive information via an HTTP request to /support/messages, which displays the server's /var/log/messages file.
CVE-2001-1247 1 Php 1 Php 2024-02-28 6.4 MEDIUM N/A
PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.
CVE-2002-2324 1 Microsoft 1 Windows Xp 2024-02-28 7.2 HIGH N/A
The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) permissions, which allows local users to access restricted files and modify registry settings.
CVE-2003-1026 1 Microsoft 2 Ie, Internet Explorer 2024-02-28 9.3 HIGH N/A
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."
CVE-2004-0793 1 Debian 1 Bsdmainutils 2024-02-28 7.2 HIGH N/A
The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop root privileges when executed with the -a flag, which allows attackers to execute arbitrary commands via a calendar event file.
CVE-2003-1423 4 Linux, Microsoft, Petitforum and 1 more 4 Linux Kernel, All Windows, Petitforum and 1 more 2024-02-28 5.0 MEDIUM N/A
Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords.
CVE-2002-2265 2 Hp, Open Source Internet Solutions 2 Tru64, Open Source Internet Solutions 2024-02-28 6.4 MEDIUM N/A
Unspecified vulnerability in LDAP Module in System Authentication of Open Source Internet Solutions (OSIS) 5.4 running on Tru64 UNIX 4.0G and 4.0F allows remote attackers to gain access to arbitrary files or gain privileges via unknown attack vectors.
CVE-2002-2334 1 Joseph Allen 1 Joe 2024-02-28 3.6 LOW N/A
Joe text editor 2.8 through 2.9.7 does not remove the group and user setuid bits for backup files, which could allow local users to execute arbitrary setuid and setgid root programs when root edits scripts owned by other users.
CVE-2000-0844 13 Caldera, Conectiva, Debian and 10 more 16 Openlinux, Openlinux Ebuilder, Openlinux Eserver and 13 more 2024-02-28 10.0 HIGH N/A
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
CVE-1999-0496 1 Microsoft 1 Windows Nt 2024-02-28 7.2 HIGH N/A
A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin.
CVE-1999-0777 1 Microsoft 2 Commercial Internet System, Internet Information Server 2024-02-28 7.5 HIGH N/A
IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions.
CVE-2003-1524 1 Pgpi 1 Pgpdisk 2024-02-28 6.3 MEDIUM N/A
PGPi PGPDisk 6.0.2i does not unmount a PGP partition when the switch user function in Windows XP is used, which could allow local users to access data on another user's PGP partition.
CVE-1999-0344 1 Microsoft 1 Windows Nt 2024-02-28 7.2 HIGH N/A
NT users can gain debug-level access on a system process using the Sechole exploit.
CVE-2003-0230 1 Microsoft 2 Data Engine, Sql Server 2024-02-28 7.2 HIGH N/A
Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.
CVE-2002-2261 1 Sendmail 1 Sendmail 2024-02-28 7.5 HIGH N/A
Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relaying restrictions enforced by the 'check_relay' function by spoofing a blank DNS hostname.
CVE-2002-2283 1 Microsoft 1 Windows Xp 2024-02-28 1.9 LOW N/A
Microsoft Windows XP with Fast User Switching (FUS) enabled does not remove the "show processes from all users" privilege when the user is removed from the administrator group, which allows that user to view processes of other users.
CVE-2002-2361 1 Yahoo 1 Messenger 2024-02-28 5.8 MEDIUM N/A
The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing.
CVE-2002-2302 1 3d3.com 1 Shopfactory 2024-02-28 6.4 MEDIUM N/A
3D3.Com ShopFactory 5.5 through 5.8 allows remote attackers to modify the prices in their shopping carts by modifying the price in a hidden form field.
CVE-2002-2405 1 Checkpoint 1 Firewall-1 2024-02-28 4.9 MEDIUM N/A
Check Point FireWall-1 4.1 and Next Generation (NG), with UserAuth configured to proxy HTTP traffic only, allows remote attackers to pass unauthorized HTTPS, FTP and possibly other traffic through the firewall.