Total
28986 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-0457 | 1 Oracle | 1 Mysql | 2024-02-28 | 4.6 MEDIUM | N/A |
The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
CVE-2001-0442 | 1 David Harris | 1 Mercury Nlm | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in Mercury MTA POP3 server for NetWare 1.48 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long APOP command. | |||||
CVE-2001-1505 | 1 Tinc | 1 Tinc | 2024-02-28 | 5.0 MEDIUM | N/A |
tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into user sessions by sniffing and replaying packets. | |||||
CVE-1999-1449 | 1 Sun | 1 Sunos | 2024-02-28 | 2.1 LOW | N/A |
SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial of service (kernel panic) by reading from the /dev/tcx0 TCX device. | |||||
CVE-2002-0681 | 1 Goahead Software | 1 Goahead Webserver | 2024-02-28 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows remote attackers to execute script as other web users via script in a URL that generates a "404 not found" message, which does not quote the script. | |||||
CVE-2001-0600 | 1 Lotus | 1 Domino R5 Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated URL requests with the same HTTP headers, such as (1) Accept, (2) Accept-Charset, (3) Accept-Encoding, (4) Accept-Language, and (5) Content-Type. | |||||
CVE-2002-0296 | 1 Tarantella | 1 Tarantella Enterprise | 2024-02-28 | 1.2 LOW | N/A |
The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file. | |||||
CVE-2000-0805 | 1 Checkpoint | 1 Firewall-1 | 2024-02-28 | 7.5 HIGH | N/A |
Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits encapsulated FWS packets, even if they do not come from a valid FWZ client, aka "Retransmission of Encapsulated Packets." | |||||
CVE-2003-0140 | 1 Mutt | 1 Mutt | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder. | |||||
CVE-2004-2256 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang (language) variable. | |||||
CVE-2001-0229 | 1 Sun | 1 Chilisoft | 2024-02-28 | 7.2 HIGH | N/A |
Chili!Soft ASP for Linux before 3.6 does not properly set group privileges when running in inherited mode, which could allow attackers to gain privileges via malicious scripts. | |||||
CVE-2001-1189 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 4.6 MEDIUM | N/A |
IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script. | |||||
CVE-2000-0112 | 1 Debian | 1 Debian Linux | 2024-02-28 | 7.2 HIGH | N/A |
The default installation of Debian GNU/Linux uses an insecure Master Boot Record (MBR) which allows a local user to boot from a floppy disk during the installation. | |||||
CVE-2004-2122 | 1 Intra Forum | 1 Intra Forum | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra Forum allows remote attackers to inject arbitrary web script or HTML via the (1) use_last_read or (2) forum parameters. | |||||
CVE-2003-0366 | 1 Lysator | 1 Lyskom-server | 2024-02-28 | 5.0 MEDIUM | N/A |
lyskom-server 2.0.7 and earlier allows unauthenticated users to cause a denial of service (CPU consumption) via a large query. | |||||
CVE-2002-0526 | 1 Inn | 1 Inn | 2024-02-28 | 7.2 HIGH | N/A |
Vulnerability in (1) inews or (2) rnews for INN 2.2.3 and earlier, related to insecure open() calls. | |||||
CVE-2003-1235 | 1 Brs | 1 Webweaver | 2024-02-28 | 5.0 MEDIUM | N/A |
BRW WebWeaver 1.03 allows remote attackers to obtain sensitive server environment information via a URL request for testcgi.exe, which lists the values of environment variables and the current working directory. | |||||
CVE-2000-0830 | 1 Microsoft | 1 Webtv | 2024-02-28 | 5.0 MEDIUM | N/A |
annclist.exe in webTV for Windows allows remote attackers to cause a denial of service by via a large, malformed UDP packet to ports 22701 through 22705. | |||||
CVE-1999-1428 | 1 Sun | 1 Solstice Adminsuite | 2024-02-28 | 6.2 MEDIUM | N/A |
Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local users to gain privileges via the save option in the Database Manager, which is running with setgid bin privileges. | |||||
CVE-2000-0413 | 1 Microsoft | 3 Frontpage, Internet Information Server, Internet Information Services | 2024-02-28 | 5.0 MEDIUM | N/A |
The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path. |