Vulnerabilities (CVE)

Filtered by CWE-434
Total 2604 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-1841 1 Noguska 1 Nola 2024-02-28 5.0 MEDIUM N/A
The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions such as .php4.
CVE-2001-1099 2 Microsoft, Symantec 2 Exchange Server, Norton Antivirus 2024-02-28 5.0 MEDIUM N/A
The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
CVE-2001-0901 1 Hypermail Development 1 Hypermail 2024-02-28 7.5 HIGH N/A
Hypermail allows remote attackers to execute arbitrary commands on a server supporting SSI via an attachment with a .shtml extension, which is archived on the server and can then be executed by requesting the URL for the attachment.
CVE-2001-0340 1 Microsoft 1 Exchange Server 2024-02-28 7.5 HIGH N/A
An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.