Vulnerabilities (CVE)

Filtered by CWE-264
Total 5229 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-1111 1 Mantis 1 Mantis 2024-02-28 5.0 MEDIUM N/A
print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug summaries for bugs that would otherwise be restricted.
CVE-2004-0867 4 Kde, Microsoft, Mozilla and 1 more 5 Konqueror, Ie, Internet Explorer and 2 more 2024-02-28 7.5 HIGH N/A
Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected.
CVE-2003-0497 1 Intersystems 1 Cache Database 2024-02-28 7.2 HIGH N/A
Caché Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs.
CVE-2003-1378 1 Microsoft 2 Outlook, Outlook Express 2024-02-28 8.8 HIGH N/A
Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
CVE-2004-1338 1 Oracle 2 Database Server, Oracle9i 2024-02-28 6.5 MEDIUM N/A
The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the SDO_TXN_IDX_INSERTS table, which causes the SDO_CMT_CBK_TRIG trigger to execute the user-supplied functions.
CVE-2004-1767 1 Sun 2 Solaris, Sunos 2024-02-28 7.2 HIGH N/A
The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules (LKM), possibly involving the modload function.
CVE-2003-0857 1 Redhat 1 Enterprise Linux 2024-02-28 4.6 MEDIUM N/A
The (1) ipq_read and (2) ipulog_read functions in iptables allow local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.
CVE-2003-1081 1 Sun 2 Solaris, Sunos 2024-02-28 10.0 HIGH N/A
Aspppls for Solaris 8 allows local users to overwrite arbitrary files via a symlink attack on the .asppp.fifo temporary file.
CVE-2003-1383 1 Logicworks 1 Web Erp 2024-02-28 7.5 HIGH N/A
WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive information via an HTTP request for the logicworks.ini file, which contains the MySQL database username and password.
CVE-2002-2360 1 Webmin 1 Webmin 2024-02-28 9.3 HIGH N/A
The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests.
CVE-2002-1978 1 Darren Reed 1 Ipfilter 2024-02-28 7.5 HIGH N/A
IPFilter 3.1.1 through 3.4.28 allows remote attackers to bypass firewall rules by sending a PASV command string as the argument of another command to an FTP server, which generates a response that contains the string, causing IPFilter to treat the response as if it were a legitimate PASV command from the server.
CVE-2002-2344 1 Ensim 1 Webppliance 2024-02-28 5.0 MEDIUM N/A
Ensim WEBppliance 3.0 and 3.1 allows remote attackers to read mail intended for other users by defining an alias that is the target's email address.
CVE-2001-1371 1 Oracle 1 Application Server 2024-02-28 7.5 HIGH N/A
The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager.
CVE-2002-2356 1 Hamweather 1 Hamweather 2024-02-28 6.4 MEDIUM N/A
HAMweather 2.x allows remote attackers to modify administrative settings and obtain sensitive information via a direct request to hwadmin.cgi.
CVE-2004-0041 1 Mod Auth Shadow 1 Mod Auth Shadow 2024-02-28 7.5 HIGH N/A
The mod_auth_shadow module 1.4 and earlier does not properly enforce the expiration of a user account and password, which could allow remote authenticated users to bypass intended access restrictions.
CVE-1999-0909 1 Microsoft 4 Terminal Server, Windows 95, Windows 98se and 1 more 2024-02-28 7.5 HIGH N/A
Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability.
CVE-1999-0839 1 Microsoft 1 Ie 2024-02-28 7.2 HIGH N/A
Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled.
CVE-1999-0227 1 Microsoft 1 Windows Nt 2024-02-28 5.0 MEDIUM N/A
Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service.
CVE-2003-1358 1 Hp 1 Hp-ux 2024-02-28 7.2 HIGH N/A
rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variable to find and execute programs such as rm while operating at raised privileges, which allows local users to gain privileges by modifying the path to point to a malicious rm program.
CVE-2003-1515 1 Origo 2 Asr-8100, Asr-8400 2024-02-28 7.8 HIGH N/A
Origo ASR-8100 ADSL Router 3.21 has an administration service running on port 254 that does not require a password, which allows remote attackers to cause a denial of service by restoring the factory defaults.