Total
28982 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-0159 | 1 Samhain Labs | 1 Hsftp | 2024-02-28 | 7.5 HIGH | N/A |
Format string vulnerability in hsftp 1.11 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via file names containing format string characters that are not properly handled when executing an "ls" command. | |||||
CVE-2001-1152 | 1 Baltimore Technologies | 1 Websweeper | 2024-02-28 | 7.5 HIGH | N/A |
Baltimore Technologies WEBsweeper 4.02, when used to manage URL blacklists, allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters. | |||||
CVE-2001-0696 | 1 Netwin | 1 Surgeftp | 2024-02-28 | 5.0 MEDIUM | N/A |
NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a denial of service (crash) via a CD command to a directory with an MS-DOS device name such as con. | |||||
CVE-2003-0308 | 2 Debian, Sendmail | 2 Debian Linux, Sendmail | 2024-02-28 | 7.2 HIGH | N/A |
The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl. | |||||
CVE-1999-0017 | 9 Caldera, Freebsd, Gnu and 6 more | 11 Openlinux, Freebsd, Inet and 8 more | 2024-02-28 | 7.5 HIGH | N/A |
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. | |||||
CVE-2004-2107 | 1 Finjan Software | 1 Surfingate | 2024-02-28 | 7.5 HIGH | N/A |
Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not authenticate FHTTP commands on TCP port 3141, which allows remote attackers to use the finjan-parameter-type header to (1) restart the service, (2) use the getlastmsg command to view log information, or (3) use the online command to force a policy update from the database server. | |||||
CVE-2004-1627 | 1 Code-crafters | 1 Ability Server | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in Ability Server 2.25, 2.32, 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long APPE command. | |||||
CVE-2001-1185 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 6.2 MEDIUM | N/A |
Some AIO operations in FreeBSD 4.4 may be delayed until after a call to execve, which could allow a local user to overwrite memory of the new process and gain privileges. | |||||
CVE-2004-1482 | 1 Bnc | 1 Bnc | 2024-02-28 | 7.5 HIGH | N/A |
The sbuf_getmsg function in BNC incorrectly handles backspace characters, which could allow remote attackers to bypass authentication and gain access to arbitrary scripts. | |||||
CVE-2001-0163 | 1 Cisco | 1 Aironet Ap340 | 2024-02-28 | 4.6 MEDIUM | N/A |
Cisco AP340 base station produces predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. | |||||
CVE-2000-0961 | 1 Netscape | 2 Messaging Server, Netscape Messaging Server Multiplexor | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch 2 allows local users to execute arbitrary commands via a long LIST command. | |||||
CVE-2004-1755 | 1 Bea | 1 Weblogic Server | 2024-02-28 | 7.5 HIGH | N/A |
The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after the first connection, which could allow users to gain privileges. | |||||
CVE-2001-0602 | 1 Lotus | 1 Domino R5 Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated (>400) URL requests for DOS devices. | |||||
CVE-2002-1588 | 1 Sun | 1 Openwindows | 2024-02-28 | 5.0 MEDIUM | N/A |
Mailtool for OpenWindows 3.6, 3.6.1, and 3.6.2 allows remote attackers to cause a denial of service (mailtool segmentation violation and crash) via a malformed mail attachment. | |||||
CVE-1999-0009 | 11 Bsdi, Caldera, Data General and 8 more | 13 Bsd Os, Openlinux, Dg Ux and 10 more | 2024-02-28 | 10.0 HIGH | N/A |
Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. | |||||
CVE-2001-1209 | 1 Abe Timmerman | 1 Zml.cgi | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in zml.cgi allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
CVE-2002-0341 | 1 Novell | 1 Groupwise | 2024-02-28 | 5.0 MEDIUM | N/A |
GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, allows remote attackers to determine the full pathname of the web server via an HTTP request with an invalid HTMLVER parameter. | |||||
CVE-2000-0992 | 2 Openbsd, Ssh | 2 Openssh, Ssh | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack. | |||||
CVE-2004-1895 | 1 Suse | 1 Suse Linux | 2024-02-28 | 2.1 LOW | N/A |
YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to overwrite arbitrary files via a symlink attack on you-$USER/cookies. | |||||
CVE-2004-0168 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 10.0 HIGH | N/A |
Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related to "notification logging." |