Total
28989 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-0413 | 1 Sun | 1 One Application Server | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the webapps-simple sample application for (1) Sun ONE Application Server 7.0 for Windows 2000/XP or (2) Sun Java System Web Server 6.1 allows remote attackers to insert arbitrary web script or HTML via an HTTP request that generates an "Invalid JSP file" error, which inserts the text in the resulting error message. | |||||
CVE-1999-0255 | 2024-02-28 | 10.0 HIGH | N/A | ||
Buffer overflow in ircd allows arbitrary command execution. | |||||
CVE-2001-1301 | 2 Gnu, Xemacs | 2 Emacs, Xemacs | 2024-02-28 | 1.2 LOW | N/A |
rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file. | |||||
CVE-2000-0220 | 1 Zonelabs | 1 Zonealarm | 2024-02-28 | 5.0 MEDIUM | N/A |
ZoneAlarm sends sensitive system and network information in cleartext to the Zone Labs server if a user requests more information about an event. | |||||
CVE-2003-0147 | 3 Openpkg, Openssl, Stunnel | 3 Openpkg, Openssl, Stunnel | 2024-02-28 | 5.0 MEDIUM | N/A |
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). | |||||
CVE-2001-1349 | 1 Sendmail | 1 Sendmail | 2024-02-28 | 3.7 LOW | N/A |
Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers. | |||||
CVE-2003-1149 | 1 Symantec | 1 Norton Internet Security | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Symantec Norton Internet Security 2003 6.0.4.34 allows remote attackers to inject arbitrary web script or HTML via a URL to a blocked site, which is displayed on the blocked sites error page. | |||||
CVE-2003-0487 | 1 Kerio | 1 Kerio Mailserver | 2024-02-28 | 7.5 HIGH | N/A |
Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a long showuser parameter in the do_subscribe module, (2) a long folder parameter in the add_acl module, (3) a long folder parameter in the list module, and (4) a long user parameter in the do_map module. | |||||
CVE-2001-0409 | 1 Vim Development Group | 1 Vim | 2024-02-28 | 2.1 LOW | N/A |
vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory. | |||||
CVE-2005-0192 | 1 Realnetworks | 2 Realone Player, Realplayer | 2024-02-28 | 2.6 LOW | N/A |
Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an RJS filename. | |||||
CVE-2001-1489 | 1 Microsoft | 1 Ie | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images. | |||||
CVE-2002-2005 | 1 Sun | 1 Java Web Start | 2024-02-28 | 7.5 HIGH | N/A |
Unknown vulnerability in Java web start 1.0.1_01, 1.0.1, 1.0 and 1.0.1.01 (HP-UX 11.x only) allows attackers to gain access to restricted resources via unknown attack vectors. | |||||
CVE-1999-0124 | 1 University Of Minnesota | 1 Gopherd | 2024-02-28 | 10.0 HIGH | N/A |
Vulnerabilities in UMN gopher and gopher+ versions 1.12 and 2.0x allow an intruder to read any files that can be accessed by the gopher daemon. | |||||
CVE-2001-0300 | 1 Oracle | 1 Internet Directory | 2024-02-28 | 2.1 LOW | N/A |
oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack. | |||||
CVE-2002-1736 | 1 Markus Triska | 1 Cginews | 2024-02-28 | 5.0 MEDIUM | N/A |
Unknown vulnerability in CGINews before 1.06 allow remote attackers to read arbitrary files via "unfiltered user input." | |||||
CVE-2004-2195 | 1 Zanfi Solutions | 1 Zanfi Cms Lite | 2024-02-28 | 5.0 MEDIUM | N/A |
PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite 1.1 allows remote attackers to execute arbitrary PHP code via the inc parameter. | |||||
CVE-2004-0364 | 1 Symantec | 1 Norton Internet Security | 2024-02-28 | 7.5 HIGH | N/A |
The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Security 2004 is marked safe for scripting, which allows remote attackers to execute arbitrary programs via the LaunchURL method. | |||||
CVE-2000-0208 | 1 Htdig | 1 Htdig | 2024-02-28 | 5.0 MEDIUM | N/A |
The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch. | |||||
CVE-2004-2181 | 1 Wowbb | 1 Wowbb Web Forum | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remote attackers to execute arbitrary SQL commands via the (1) sort_by or (2) page parameters to view_user.php, or the (3) forum_id parameter to view_topic.php. NOTE: the sort_by vector was later reported to be present in WowBB 1.65. | |||||
CVE-2002-1044 | 1 Ultrafunk | 1 Popcorn | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Subject field. |