Total
28986 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-1797 | 1 Freznoshop | 1 Freznoshop | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in search.php for FreznoShop 1.3.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
CVE-2004-1873 | 1 Alan Ward | 1 A-cart | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in category.asp in A-CART Pro and A-CART 2.0 allows remote attackers to gain privileges via the catcode parameter. | |||||
CVE-2004-0775 | 1 Widcomm | 2 Bluetooth Communication Software, Btstackserver | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in products such as BTStackServer 1.3.2.7 and 1.4.2.10, Windows XP and Windows 98 with MSI Bluetooth Dongles, and HP IPAQ 5450 running WinCE 3.0, allows remote attackers to execute arbitrary code via certain service requests. | |||||
CVE-2003-0617 | 1 Hugo Rabson | 1 Mindi | 2024-02-28 | 4.6 MEDIUM | N/A |
mindi 0.58 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files. | |||||
CVE-2004-1478 | 2 Hitachi, Macromedia | 4 Cosminexus Enterprise, Cosminexus Server, Coldfusion and 1 more | 2024-02-28 | 7.5 HIGH | N/A |
JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session. | |||||
CVE-2002-1415 | 1 Webeasymail | 1 Webeasymail | 2024-02-28 | 5.0 MEDIUM | N/A |
Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in SMTP requests. | |||||
CVE-2002-0948 | 1 Scripts For Educators | 1 Makebook | 2024-02-28 | 7.5 HIGH | N/A |
Scripts For Educators MakeBook 2.2 CGI program allows remote attackers to execute script as other visitors, or execute server-side includes (SSI) as the web server, via the (1) Name or (2) Email parameters, which are not properly filtered. | |||||
CVE-2002-0319 | 1 Powie | 1 Pforum | 2024-02-28 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in edituser.php for pforum 1.14 and earlier allows remote attackers to execute script and steal cookies from other users via Javascript in a username. | |||||
CVE-2000-0627 | 1 Blackboard | 1 Courseinfo | 2024-02-28 | 7.5 HIGH | N/A |
BlackBoard CourseInfo 4.0 does not properly authenticate users, which allows local users to modify CourseInfo database information and gain privileges by directly calling the supporting CGI programs such as user_update_passwd.pl and user_update_admin.pl. | |||||
CVE-2000-0907 | 1 Etype | 1 Eserv | 2024-02-28 | 7.5 HIGH | N/A |
EServ 2.92 Build 2982 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via long HELO and MAIL FROM commands. | |||||
CVE-2004-0376 | 1 Oftpd | 1 Oftpd | 2024-02-28 | 5.0 MEDIUM | N/A |
oftpd 0.3.6 and earlier allows remote attackers to cause a denial of service (crash) via a PORT command with a large value. | |||||
CVE-2001-0084 | 1 Gnome | 1 Gtk | 2024-02-28 | 7.2 HIGH | N/A |
GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program. | |||||
CVE-2002-0106 | 1 Bea | 1 Weblogic Server | 2024-02-28 | 5.0 MEDIUM | N/A |
BEA Systems Weblogic Server 6.1 allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name. | |||||
CVE-2002-1837 | 1 Ids | 1 Ids | 2024-02-28 | 5.0 MEDIUM | N/A |
The getAlbumToDisplay function in idsShared.pm for Image Display System (IDS) 0.81 allows remote attackers to determine the existence of arbitrary directories via ".." sequences in the album parameter, which generates different error messages depending on whether the directory exists or not. | |||||
CVE-2001-0210 | 1 Carey Internet Service | 1 Commerce.cgi | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in commerce.cgi CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack in the page parameter. | |||||
CVE-1999-0033 | 5 Ibm, Ncr, Sco and 2 more | 7 Aix, Mp-ras, Open Desktop and 4 more | 2024-02-28 | 7.2 HIGH | N/A |
Command execution in Sun systems via buffer overflow in the at program. | |||||
CVE-2004-1485 | 2 Gnu, Tftp | 2 Inetutils, Tftp | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote malicious DNS servers to execute arbitrary code via a large DNS response that is handled by the gethostbyname function. | |||||
CVE-2001-0496 | 2 Mandrakesoft, Redhat | 2 Mandrake Linux, Linux | 2024-02-28 | 4.6 MEDIUM | N/A |
kdesu in kdelibs package creates world readable temporary files containing authentication info, which can allow local users to gain privileges. | |||||
CVE-1999-0264 | 1 Miva | 1 Htmlscript | 2024-02-28 | 5.0 MEDIUM | N/A |
htmlscript CGI program allows remote read access to files. | |||||
CVE-2001-0759 | 1 Jetico | 1 Bestcrypt | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in bctool in Jetico BestCrypt 0.8.1 and earlier allows local users to execute arbitrary code via a file or directory with a long pathname, which is processed during an unmount. |