Total
28988 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-0100 | 1 Brian Stanback | 1 Bslist.cgi | 2024-02-28 | 10.0 HIGH | N/A |
bslist.cgi mailing list script allows remote attackers to execute arbitrary commands via shell metacharacters in the email address. | |||||
CVE-2004-1872 | 1 Webct | 1 Webct | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in WebCT Campus Edition 4.1.1.5 allows remote attackers to inject arbitrary web script or HTML via the @import URL function in a CSS style tag. | |||||
CVE-2002-0740 | 1 Slrn Development Team | 1 Slrn | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in slrnpull for the SLRN package, when installed setuid or setgid, allows local users to gain privileges via a long -d (SPOOLDIR) argument. | |||||
CVE-2001-0774 | 1 Tripwire | 1 Tripwire | 2024-02-28 | 4.6 MEDIUM | N/A |
Tripwire 1.3.1, 2.2.1 and 2.3.0 allows local users to overwrite arbitrary files and possible gain privileges via a symbolic link attack on temporary files. | |||||
CVE-2002-0734 | 1 Michel Valdrighi | 1 B2 | 2024-02-28 | 7.5 HIGH | N/A |
b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets the $b2inc variable to point to a malicious program stored on a remote server. | |||||
CVE-2004-0304 | 1 Webcortex | 1 Webstores 2000 | 2024-02-28 | 10.0 HIGH | N/A |
SQL injection vulnerability in browse_items.asp in WebCortex WebStores 2000 6.0 allows remote attackers to gain unauthorized access and execute arbitrary commands via the Search_Text parameter. | |||||
CVE-2001-0148 | 1 Microsoft | 1 Windows Media Player | 2024-02-28 | 7.5 HIGH | N/A |
The WMP ActiveX Control in Windows Media Player 7 allows remote attackers to execute commands in Internet Explorer via javascript URLs, a variant of the "Frame Domain Verification" vulnerability. | |||||
CVE-1999-1024 | 1 Lbl | 1 Tcpdump | 2024-02-28 | 7.5 HIGH | N/A |
ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a denial of service via a packet with a zero length header, which causes an infinite loop and core dump when tcpdump prints the packet. | |||||
CVE-1999-1445 | 1 Slackware | 1 Slackware Linux | 2024-02-28 | 5.0 MEDIUM | N/A |
Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords. | |||||
CVE-2000-1158 | 1 Network Associates | 1 Sniffer Agent | 2024-02-28 | 7.5 HIGH | N/A |
NAI Sniffer Agent uses base64 encoding for authentication, which allows attackers to sniff the network and easily decrypt usernames and passwords. | |||||
CVE-2000-0695 | 1 Tech-source | 1 Raptor Gfx Pgx32 | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflows in pgxconfig in the Raptor GFX configuration tool allow local users to gain privileges via command line options. | |||||
CVE-2001-0034 | 1 Kth | 1 Kth Kerberos | 2024-02-28 | 7.2 HIGH | N/A |
KTH Kerberos IV allows local users to specify an alternate proxy using the krb4_proxy variable, which allows the user to generate false proxy responses and possibly gain privileges. | |||||
CVE-2001-0350 | 1 Microsoft | 1 Windows 2000 | 2024-02-28 | 4.6 MEDIUM | N/A |
Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability. | |||||
CVE-2002-1586 | 1 Sun | 2 Solaris, Sunos | 2024-02-28 | 2.1 LOW | N/A |
Solaris 2.5.1 through 9 allows local users to cause a denial of service (kernel panic) by setting the sd_struiowrq variable in the struioget function to null, which triggers a null dereference. | |||||
CVE-2001-1570 | 1 Microsoft | 1 Windows Xp | 2024-02-28 | 2.1 LOW | N/A |
Windows XP with fast user switching and account lockout enabled allows local users to deny user account access by setting the fast user switch to the same user (self) multiple times, which causes other accounts to be locked out. | |||||
CVE-1999-1072 | 1 Excite | 1 Ews | 2024-02-28 | 7.2 HIGH | N/A |
Excite for Web Servers (EWS) 1.1 allows local users to gain privileges by obtaining the encrypted password from the world-readable Architext.conf authentication file and replaying the encrypted password in an HTTP request to AT-generated.cgi or AT-admin.cgi. | |||||
CVE-2002-0887 | 1 Caldera | 1 Openserver | 2024-02-28 | 2.1 LOW | N/A |
scoadmin for Caldera/SCO OpenServer 5.0.5 and 5.0.6 allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using log files. | |||||
CVE-2000-0035 | 1 Great Circle Associates | 1 Majordomo | 2024-02-28 | 4.6 MEDIUM | N/A |
resend command in Majordomo allows local users to gain privileges via shell metacharacters. | |||||
CVE-2003-0448 | 1 Aboleo.net | 1 Portmon | 2024-02-28 | 3.6 LOW | N/A |
Portmon 1.7 and possibly earlier versions allows local users to read and write arbitrary files via the (1) -c (host file) or (2) -l (log file) command line options. | |||||
CVE-2004-1353 | 1 Sun | 2 Solaris, Sunos | 2024-02-28 | 7.2 HIGH | N/A |
Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role Based Access Control (RBAC), allows local users to execute certain commands with additional privileges. |