Total
28988 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-0069 | 1 Hd Soft | 1 Windows Ftp Server | 2024-02-28 | 7.5 HIGH | N/A |
Format string vulnerability in HD Soft Windows FTP Server 1.6 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username, which is processed by the wscanf function. | |||||
CVE-2003-1195 | 1 Vienuke | 1 Vieboard | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in getmember.asp in VieBoard 2.6 Beta 1 allows remote attackers to execute arbitrary SQL commands via the msn variable. | |||||
CVE-2003-1161 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.2 HIGH | N/A |
exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, was modified to contain a backdoor, which could allow local users to elevate their privileges by passing __WCLONE|__WALL to the sys_wait4 function. | |||||
CVE-2004-0324 | 1 Confirm | 1 Confirm | 2024-02-28 | 7.5 HIGH | N/A |
Confirm 0.62 and earlier could allow remote attackers to execute arbitrary code via an e-mail header that contains shell metacharacters such as ", `, |, ;, or $. | |||||
CVE-2001-0960 | 2 Broadcom, Ca | 3 Arcserve Backup, Arcserve Backup 2000, Arcserve Backup 2000 | 2024-02-28 | 10.0 HIGH | N/A |
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 stores the backup agent user name and password in cleartext in the aremote.dmp file in the ARCSERVE$ hidden share, which allows local and remote attackers to gain privileges. | |||||
CVE-2004-1060 | 2 Icmp, Tcp | 2 Icmp, Tcp | 2024-02-28 | 5.0 MEDIUM | N/A |
Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities. | |||||
CVE-2002-1982 | 1 Icecast | 1 Icecast | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the list_directory function in Icecast 1.3.12 allows remote attackers to determine if a directory exists via a .. (dot dot) in the GET request, which returns different error messages depending on whether the directory exists or not. | |||||
CVE-2002-1518 | 1 Sgi | 1 Irix | 2024-02-28 | 3.6 LOW | N/A |
mv in IRIX 6.5 creates a directory with world-writable permissions while moving a directory, which could allow local users to modify files and directories. | |||||
CVE-1999-1311 | 1 Hp | 1 Hp-ux | 2024-02-28 | 4.6 MEDIUM | N/A |
Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows local users to bypass authentication and gain privileges. | |||||
CVE-2004-1953 | 1 Phprofession | 1 Phprofession | 2024-02-28 | 5.0 MEDIUM | N/A |
phProfession 2.5 allows remote attackers to gain sensitive information via a direct HTTP request to upload.php, which reveals the path in a PHP error message. | |||||
CVE-1999-0508 | 2024-02-28 | 4.6 MEDIUM | N/A | ||
An account on a router, firewall, or other network device has a default, null, blank, or missing password. | |||||
CVE-2002-2313 | 1 Qualcomm | 1 Eudora | 2024-02-28 | 8.8 HIGH | N/A |
Eudora email client 5.1.1, with "use Microsoft viewer" enabled, allows remote attackers to execute arbitrary programs via an HTML email message containing a META refresh tag that references an embedded .mhtml file with ActiveX controls that execute a second embedded program, which is processed by Internet Explorer. | |||||
CVE-1999-0104 | 4 Caldera, Hp, Microsoft and 1 more | 5 Openlinux, Hp-ux, Windows 95 and 2 more | 2024-02-28 | 5.0 MEDIUM | N/A |
A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2. | |||||
CVE-1999-1176 | 2 Aaron Ledbetter, Jidentd | 2 Cidentd, Jidentd | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in cidentd ident daemon allows local users to gain root privileges via a long line in the .authlie script. | |||||
CVE-2004-0295 | 1 Transsoft | 1 Broker Ftp Server | 2024-02-28 | 5.0 MEDIUM | N/A |
TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a denial of service (CPU consumption) via an open idle connection. | |||||
CVE-2000-0573 | 1 Hp | 1 Hp-ux | 2024-02-28 | 10.0 HIGH | N/A |
The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command. | |||||
CVE-2004-1643 | 1 Progress | 1 Ws Ftp Server | 2024-02-28 | 5.0 MEDIUM | N/A |
WS_FTP 5.0.2 allows remote authenticated users to cause a denial of service (CPU consumption) via a CD command that contains an invalid path with a "../" sequence. | |||||
CVE-2002-0108 | 1 Allaire | 1 Forums | 2024-02-28 | 7.5 HIGH | N/A |
Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote authenticated users to spoof messages as other users by modifying the hidden form fields for the name and e-mail address. | |||||
CVE-2000-0313 | 1 Openbsd | 1 Openbsd | 2024-02-28 | 4.6 MEDIUM | N/A |
Vulnerability in OpenBSD 2.6 allows a local user to change interface media configurations. | |||||
CVE-2002-1377 | 1 Vim Development Group | 1 Vim | 2024-02-28 | 4.6 MEDIUM | N/A |
vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt. |