Total
28990 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0807 | 1 Mozilla | 1 Bugzilla | 2024-02-28 | 7.5 HIGH | N/A |
Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi. | |||||
CVE-1999-1223 | 1 Microsoft | 1 Internet Information Server | 2024-02-28 | 5.0 MEDIUM | N/A |
IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / (forward slash) characters. | |||||
CVE-2001-0574 | 1 Jason Rahaim | 1 Mp3mystic | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in MP3Mystic prior to 1.04b3 allows a remote attacker to download arbitrary files via a '..' (dot dot) in the URL. | |||||
CVE-2003-1079 | 1 Sun | 2 Solaris, Sunos | 2024-02-28 | 5.0 MEDIUM | N/A |
Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC, and 2.5.1 through 8 for x86, allows remote attackers to cause a denial of service (memory consumption) via certain arguments in RPC calls that cause large amounts of memory to be allocated. | |||||
CVE-1999-1369 | 1 Realnetworks | 1 Realserver | 2024-02-28 | 4.6 MEDIUM | N/A |
Real Media RealServer (rmserver) 6.0.3.353 stores a password in plaintext in the world-readable rmserver.cfg file, which allows local users to gain privileges. | |||||
CVE-2002-1822 | 1 Ibm | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the path to the web root directory and other sensitive information, which is leaked in an error mesage when a request is made for a non-existent Java Server Page (JSP). | |||||
CVE-2000-0648 | 1 Texas Imperial Software | 1 Wftpd | 2024-02-28 | 5.0 MEDIUM | N/A |
WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of service by executing the RENAME TO (RNTO) command before a RENAME FROM (RNFR) command. | |||||
CVE-1999-0506 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-02-28 | 7.2 HIGH | N/A |
A Windows NT domain user or administrator account has a default, null, blank, or missing password. | |||||
CVE-1999-1424 | 1 Sun | 1 Solstice Adminsuite | 2024-02-28 | 6.2 MEDIUM | N/A |
Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions when adding new users to the NIS+ password table, which allows local users to gain root access by modifying their password table entries. | |||||
CVE-2002-1943 | 1 Safetp | 1 Safetp Server | 2024-02-28 | 5.0 MEDIUM | N/A |
SafeTP 1.46, when network address translation (NAT) is being used, leaks the internal IP address of the FTP server in a response to a passive mode (PASV) file transfer request. | |||||
CVE-2000-0384 | 1 Intel | 2 Netstructure 7110, Netstructure 7180 | 2024-02-28 | 10.0 HIGH | N/A |
NetStructure 7110 and 7180 have undocumented accounts (servnow, root, and wizard) whose passwords are easily guessable from the NetStructure's MAC address, which could allow remote attackers to gain root access. | |||||
CVE-2000-0664 | 1 Analogx | 1 Simpleserver Www | 2024-02-28 | 5.0 MEDIUM | N/A |
AnalogX SimpleServer:WWW 1.06 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack that uses the %2E URL encoding for the dots. | |||||
CVE-2004-2008 | 1 Adam Webb | 1 Nukejokes | 2024-02-28 | 4.6 MEDIUM | N/A |
SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to execute arbitrary SQL via the jokeid parameter. | |||||
CVE-2002-0973 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 4.6 MEDIUM | N/A |
Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the (1) accept, (2) getsockname, and (3) getpeername system calls, and the (4) vesa FBIO_GETPALETTE ioctl. | |||||
CVE-2001-0482 | 1 Argus Systems | 1 Pitbull Lx | 2024-02-28 | 7.2 HIGH | N/A |
Configuration error in Argus PitBull LX allows root users to bypass specified access control restrictions and cause a denial of service or execute arbitrary commands by modifying kernel variables such as MaxFiles, MaxInodes, and ModProbePath in /proc/sys via calls to sysctl. | |||||
CVE-2001-0039 | 1 Ipswitch | 1 Imail | 2024-02-28 | 5.0 MEDIUM | N/A |
IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of service using the SMTP AUTH command by sending a base64-encoded user password whose length is between 80 and 136 bytes. | |||||
CVE-2002-1712 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3. | |||||
CVE-2002-1735 | 1 Davin Mccall | 1 Dlogin | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in dlogin 1.0a could allow local users to gain privileges via unknown attack vectors. | |||||
CVE-2002-0007 | 1 Mozilla | 1 Bugzilla | 2024-02-28 | 10.0 HIGH | N/A |
CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server. | |||||
CVE-2001-1091 | 1 Netbsd | 1 Netbsd | 2024-02-28 | 7.2 HIGH | N/A |
The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 do not properly drop privileges, which could allow local users to gain privileges via the RCMD_CMD environment variable. |