Total
5229 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-1877 | 1 Netgear | 1 Fm114p | 2024-02-28 | 7.5 HIGH | N/A |
NETGEAR FM114P allows remote attackers to bypass access restrictions for web sites via a URL that uses the IP address instead of the hostname. | |||||
CVE-2003-1386 | 1 Axis | 2 2400 Video Server, 2401 Video Server | 2024-02-28 | 6.4 MEDIUM | N/A |
AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to obtain sensitive information via an HTTP request to /support/messages, which displays the server's /var/log/messages file. | |||||
CVE-2001-1247 | 1 Php | 1 Php | 2024-02-28 | 6.4 MEDIUM | N/A |
PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files. | |||||
CVE-2002-2324 | 1 Microsoft | 1 Windows Xp | 2024-02-28 | 7.2 HIGH | N/A |
The "System Restore" directory and subdirectories, and possibly other subdirectories in the "System Volume Information" directory on Windows XP Professional, have insecure access control list (ACL) permissions, which allows local users to access restricted files and modify registry settings. | |||||
CVE-2003-1026 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-28 | 9.3 HIGH | N/A |
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability." | |||||
CVE-2004-0793 | 1 Debian | 1 Bsdmainutils | 2024-02-28 | 7.2 HIGH | N/A |
The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop root privileges when executed with the -a flag, which allows attackers to execute arbitrary commands via a calendar event file. | |||||
CVE-2003-1423 | 4 Linux, Microsoft, Petitforum and 1 more | 4 Linux Kernel, All Windows, Petitforum and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords. | |||||
CVE-2002-2265 | 2 Hp, Open Source Internet Solutions | 2 Tru64, Open Source Internet Solutions | 2024-02-28 | 6.4 MEDIUM | N/A |
Unspecified vulnerability in LDAP Module in System Authentication of Open Source Internet Solutions (OSIS) 5.4 running on Tru64 UNIX 4.0G and 4.0F allows remote attackers to gain access to arbitrary files or gain privileges via unknown attack vectors. | |||||
CVE-2002-2334 | 1 Joseph Allen | 1 Joe | 2024-02-28 | 3.6 LOW | N/A |
Joe text editor 2.8 through 2.9.7 does not remove the group and user setuid bits for backup files, which could allow local users to execute arbitrary setuid and setgid root programs when root edits scripts owned by other users. | |||||
CVE-2000-0844 | 13 Caldera, Conectiva, Debian and 10 more | 16 Openlinux, Openlinux Ebuilder, Openlinux Eserver and 13 more | 2024-02-28 | 10.0 HIGH | N/A |
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen. | |||||
CVE-1999-0496 | 1 Microsoft | 1 Windows Nt | 2024-02-28 | 7.2 HIGH | N/A |
A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin. | |||||
CVE-1999-0777 | 1 Microsoft | 2 Commercial Internet System, Internet Information Server | 2024-02-28 | 7.5 HIGH | N/A |
IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions. | |||||
CVE-2003-1524 | 1 Pgpi | 1 Pgpdisk | 2024-02-28 | 6.3 MEDIUM | N/A |
PGPi PGPDisk 6.0.2i does not unmount a PGP partition when the switch user function in Windows XP is used, which could allow local users to access data on another user's PGP partition. | |||||
CVE-1999-0344 | 1 Microsoft | 1 Windows Nt | 2024-02-28 | 7.2 HIGH | N/A |
NT users can gain debug-level access on a system process using the Sechole exploit. | |||||
CVE-2003-0230 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-02-28 | 7.2 HIGH | N/A |
Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability. | |||||
CVE-2002-2261 | 1 Sendmail | 1 Sendmail | 2024-02-28 | 7.5 HIGH | N/A |
Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relaying restrictions enforced by the 'check_relay' function by spoofing a blank DNS hostname. | |||||
CVE-2002-2283 | 1 Microsoft | 1 Windows Xp | 2024-02-28 | 1.9 LOW | N/A |
Microsoft Windows XP with Fast User Switching (FUS) enabled does not remove the "show processes from all users" privilege when the user is removed from the administrator group, which allows that user to view processes of other users. | |||||
CVE-2002-2361 | 1 Yahoo | 1 Messenger | 2024-02-28 | 5.8 MEDIUM | N/A |
The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing. | |||||
CVE-2002-2302 | 1 3d3.com | 1 Shopfactory | 2024-02-28 | 6.4 MEDIUM | N/A |
3D3.Com ShopFactory 5.5 through 5.8 allows remote attackers to modify the prices in their shopping carts by modifying the price in a hidden form field. | |||||
CVE-2002-2405 | 1 Checkpoint | 1 Firewall-1 | 2024-02-28 | 4.9 MEDIUM | N/A |
Check Point FireWall-1 4.1 and Next Generation (NG), with UserAuth configured to proxy HTTP traffic only, allows remote attackers to pass unauthorized HTTPS, FTP and possibly other traffic through the firewall. |