Total
28988 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-0557 | 1 Lagarde | 1 Storefront | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in login.asp for StoreFront 6.0, and possibly earlier versions, allows remote attackers to obtain sensitive user information via SQL statements in the password field. | |||||
CVE-1999-1083 | 1 T. Hauck | 1 Jana Web Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Jana proxy web server 1.45 allows remote attackers to ready arbitrary files via a .. (dot dot) attack. | |||||
CVE-2002-2050 | 1 Modlogan | 1 Modlogan | 2024-02-28 | 2.1 LOW | N/A |
Directory traversal vulnerability in processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used with the splitby option, allows local users to overwrite arbitrary files via a .. (dot dot) in the hostname of a log entry. | |||||
CVE-2002-1280 | 1 Iss | 1 Realsecure Event Collector | 2024-02-28 | 5.0 MEDIUM | N/A |
Memory leak in RealSecure Event Collector 6.5 allows attackers to cause a denial of service (memory consumption and crash). | |||||
CVE-2000-1214 | 3 Immunix, Iputils, Redhat | 3 Immunix, Iputils, Linux | 2024-02-28 | 4.6 MEDIUM | N/A |
Buffer overflows in the (1) outpack or (2) buf variables of ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, may allow local users to gain privileges. | |||||
CVE-2002-0129 | 1 Efax | 1 Efax | 2024-02-28 | 2.1 LOW | N/A |
efax 0.9 and earlier, when installed setuid root, allows local users to read arbitrary files via the -d option, which prints the contents of the file in a warning message. | |||||
CVE-2000-1238 | 1 Bea | 1 Weblogic Server | 2024-02-28 | 7.5 HIGH | N/A |
BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages. | |||||
CVE-2003-0156 | 1 Cross Referencer | 1 Lxr | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Cross-Referencing Linux (LXR) allows remote attackers to read arbitrary files via .. (dot dot) sequences in the v parameter. | |||||
CVE-2003-0511 | 1 Cisco | 1 Ios | 2024-02-28 | 5.0 MEDIUM | N/A |
The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL. | |||||
CVE-2004-0573 | 1 Microsoft | 5 Frontpage, Office, Publisher and 2 more | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website. | |||||
CVE-2001-0268 | 2 Netbsd, Openbsd | 2 Netbsd, Openbsd | 2024-02-28 | 7.2 HIGH | N/A |
The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table (LDT) with a target that specifies an arbitrary kernel address. | |||||
CVE-2001-0474 | 2 Brian Paul, Mandrakesoft | 2 Mesa, Mandrake Linux | 2024-02-28 | 2.1 LOW | N/A |
Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/glxmemory file. | |||||
CVE-2004-0303 | 1 Fools Workshop | 1 Owls Workshop | 2024-02-28 | 5.0 MEDIUM | N/A |
OWLS 1.0 allows remote attackers to retrieve arbitrary files via absolute pathnames in (1) the file parameter in /glossaries/index.php, (2) the filename parameter in /readings/index.php, or (3) the filename parameter in /multiplechoice/resultsignore.php, as demonstrated using /etc/passwd. | |||||
CVE-2004-2186 | 1 Mediawiki | 1 Mediawiki | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance. | |||||
CVE-2003-0047 | 1 Van Dyke Technologies | 3 Entunnel, Securecrt, Securefx | 2024-02-28 | 4.6 MEDIUM | N/A |
SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials. | |||||
CVE-2001-1372 | 1 Oracle | 1 Application Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message. | |||||
CVE-1999-0703 | 3 Bsdi, Freebsd, Openbsd | 3 Bsd Os, Freebsd, Openbsd | 2024-02-28 | 3.6 LOW | N/A |
OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices. | |||||
CVE-2003-1060 | 1 Sun | 2 Solaris, Sunos | 2024-02-28 | 5.0 MEDIUM | N/A |
The NFS Server for Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (UFS panic) via certain invalid UFS requests, which triggers a null dereference. | |||||
CVE-2004-1841 | 1 Ms Analysis | 1 Website Traffic Analyzer | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL via the referer field in an HTTP request. | |||||
CVE-2004-0444 | 1 Symantec | 5 Client Firewall, Client Security, Norton Antispam and 2 more | 2024-02-28 | 10.0 HIGH | N/A |
Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall 2002 through 2004, Norton AntiSpam 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 through 2.0 allow remote attackers to cause a denial of service or execute arbitrary code via (1) a manipulated length byte in the first-level decoding routine for NetBIOS Name Service (NBNS) that modifies an index variable and leads to a stack-based buffer overflow, (2) a heap-based corruption problem in an NBNS response that is missing certain RR fields, and (3) a stack-based buffer overflow in the DNS component via a Resource Record (RR) with a long canonical name (CNAME) field composed of many smaller components. |