Total
28982 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-1999-0146 | 1 Ncsa | 2 Campas, Servers | 2024-02-28 | 7.5 HIGH | N/A |
The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file. | |||||
CVE-2003-1136 | 1 Chi Kien Uong | 1 Chi Kien Uong Guestbook | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook 1.51 allows remote attackers to inject arbitrary web script or HTML via (1) HTML in a posted message or (2) Javascript in an onmouseover attribute in an e-mail address or URL. | |||||
CVE-2002-2088 | 1 Mosix Project | 1 Clump Os | 2024-02-28 | 10.0 HIGH | N/A |
The MOSIX Project clump/os 5.4 creates a default VNC account without a password, which allows remote attackers to gain root access. | |||||
CVE-2004-0194 | 1 Adobe | 1 Acrobat Reader | 2024-02-28 | 7.5 HIGH | N/A |
Stack-based buffer overflow in the OutputDebugString function for Adobe Acrobat Reader 5.1 allows remote attackers to execute arbitrary code via a PDF document with XML Forms Data Format (XFDF) data. | |||||
CVE-2001-1019 | 1 Seaglass Technologies Inc. | 1 Sglmerchant | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in view_item CGI program in sglMerchant 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTML_FILE parameter. | |||||
CVE-2003-0431 | 1 Ethereal Group | 1 Ethereal | 2024-02-28 | 10.0 HIGH | N/A |
The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size, with unknown consequences. | |||||
CVE-2003-0807 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request. | |||||
CVE-2003-0349 | 1 Microsoft | 1 Windows 2000 | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll. | |||||
CVE-1999-1560 | 1 Tamu | 1 Tiger | 2024-02-28 | 7.2 HIGH | N/A |
Vulnerability in a script in Texas A&M University (TAMU) Tiger allows local users to execute arbitrary commands as the Tiger user, usually root. | |||||
CVE-2004-0248 | 1 Phpx | 1 Phpx | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into (1) keywords argument of main.inc.php, (2) body argument of help.inc.php, or (3) the subject field in Personal Messages and Forum. | |||||
CVE-2003-0134 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names. | |||||
CVE-2002-1405 | 3 Elinks, Links, University Of Kansas | 3 Elinks, Links, Lynx | 2024-02-28 | 5.0 MEDIUM | N/A |
CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters. | |||||
CVE-2002-0139 | 1 Pi-soft | 1 Spoonftp | 2024-02-28 | 7.5 HIGH | N/A |
Pi-Soft SpoonFTP 1.1 and earlier allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command. | |||||
CVE-2000-0775 | 1 Robtex | 1 Viking Server | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in RobTex Viking server earlier than 1.06-370 allows remote attackers to cause a denial of service or execute arbitrary commands via a long HTTP GET request, or long Unless-Modified-Since, If-Range, or If-Modified-Since headers. | |||||
CVE-2004-1986 | 2 Coppermine, Francisco Burzi | 2 Coppermine Photo Gallery, Php-nuke | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the startdir parameter. | |||||
CVE-2000-0979 | 1 Microsoft | 4 Windows 95, Windows 98, Windows 98se and 1 more | 2024-02-28 | 6.4 MEDIUM | N/A |
File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the "Share Level Password" vulnerability. | |||||
CVE-2000-0849 | 1 Microsoft | 1 Windows Media Services | 2024-02-28 | 2.6 LOW | N/A |
Race condition in Microsoft Windows Media server allows remote attackers to cause a denial of service in the Windows Media Unicast Service via a malformed request, aka the "Unicast Service Race Condition" vulnerability. | |||||
CVE-2004-2043 | 2 Borland Software, Firebirdsql | 3 Interbase, Interbase Superserver, Firebird | 2024-02-28 | 5.0 MEDIUM | N/A |
Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command. | |||||
CVE-1999-0932 | 1 Mediahouse Software | 1 Statistics Server | 2024-02-28 | 7.2 HIGH | N/A |
Mediahouse Statistics Server allows remote attackers to read the administrator password, which is stored in cleartext in the ss.cfg file. | |||||
CVE-2003-0225 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-28 | 5.0 MEDIUM | N/A |
The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page. |