Total
28982 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0261 | 1 Microsoft | 1 Windows 2000 | 2024-02-28 | 2.1 LOW | N/A |
| Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files. | |||||
| CVE-2002-0957 | 1 Iss | 1 Blackice Agent | 2024-02-28 | 5.0 MEDIUM | N/A |
| The default configuration of BlackICE Agent 3.1.eal and 3.1.ebh has a high tcp.maxconnections setting, which could allow remote attackers to cause a denial of service (memory consumption) via a large number of connections to the BlackICE system that consumes more resources than intended by the user. | |||||
| CVE-2001-1084 | 1 Macromedia | 1 Jrun | 2024-02-28 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message. | |||||
| CVE-2002-1294 | 1 Microsoft | 1 Java Virtual Machine | 2024-02-28 | 7.5 HIGH | N/A |
| The Microsoft Java implementation, as used in Internet Explorer, can provide HTML object references to applets via Javascript, which allows remote attackers to cause a denial of service (crash due to illegal memory accesses) and possibly conduct other unauthorized activities via an applet that uses those references to access proprietary Microsoft methods. | |||||
| CVE-2000-0449 | 1 Omnis | 1 Studio | 2024-02-28 | 10.0 HIGH | N/A |
| Omnis Studio 2.4 uses weak encryption (trivial encoding) for encrypting database fields. | |||||
| CVE-2004-2235 | 1 Moodle | 1 Moodle | 2024-02-28 | 10.0 HIGH | N/A |
| Unknown vulnerability in Moodle before 1.2 has unknown impact and attack vectors, related to improper filtering of text. | |||||
| CVE-2003-0382 | 2 Debian, Michael Jennings | 2 Debian Linux, Eterm | 2024-02-28 | 4.6 MEDIUM | N/A |
| Buffer overflow in Eterm 0.9.2 allows local users to gain privileges via a long ETERMPATH environment variable. | |||||
| CVE-1999-1403 | 1 Ibm | 1 Tivoli Opc Tracker Agent | 2024-02-28 | 7.2 HIGH | N/A |
| IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files, directories, and IPC message queues with insecure permissions (world-readable and world-writable), which could allow local users to disrupt operations and possibly gain privileges by modifying or deleting files. | |||||
| CVE-2000-0079 | 1 W3c | 1 Cern Httpd | 2024-02-28 | 7.5 HIGH | N/A |
| The W3C CERN httpd HTTP server allows remote attackers to determine the real pathnames of some commands via a request for a nonexistent URL. | |||||
| CVE-2004-1749 | 1 Toplayer | 1 Attack Mitigator | 2024-02-28 | 5.0 MEDIUM | N/A |
| Attack Mitigator IPS 5500 3.11.008, and possibly other versions, when configured in a one-armed routing configuration, allows remote attackers to cause a denial of service (CPU consumption) via a large number of HTTP requests. | |||||
| CVE-1999-0413 | 1 Sgi | 1 Irix | 2024-02-28 | 7.2 HIGH | N/A |
| A buffer overflow in the SGI X server allows local users to gain root access through the X server font path. | |||||
| CVE-2004-2040 | 1 E107 | 1 E107 | 2024-02-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) "email article to a friend" field, (3) "submit news" field, or (4) avmsg parameter to usersettings.php. | |||||
| CVE-2003-0781 | 1 Ecartis | 1 Ecartis | 2024-02-28 | 10.0 HIGH | N/A |
| Unknown vulnerability in ecartis before 1.0.0 does not properly validate user input, which allows attackers to obtain mailing list passwords. | |||||
| CVE-2003-0809 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-28 | 7.5 HIGH | N/A |
| Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page. | |||||
| CVE-2004-0399 | 1 University Of Cambridge | 1 Exim | 2024-02-28 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification. | |||||
| CVE-2003-1085 | 1 Thomson | 2 Tcm Cable Modem, Tcw Cable Modem | 2024-02-28 | 5.0 MEDIUM | N/A |
| The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ST42.03.0a allows remote attackers to cause a denial of service (unstable service) via a long GET request, possibly caused by a buffer overflow. | |||||
| CVE-2004-2240 | 1 Phorum | 1 Phorum | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php. | |||||
| CVE-2004-0419 | 3 Gentoo, X.org, Xfree86 Project | 3 Linux, X11r6, Xdm | 2024-02-28 | 7.5 HIGH | N/A |
| XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions. | |||||
| CVE-2002-0351 | 1 Matt Blaze | 1 Cfs | 2024-02-28 | 7.5 HIGH | N/A |
| Buffer overflows in CFS daemon (cfsd) before 1.3.3-8.1, and 1.4x before 1.4.1-5, allow remote attackers to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2002-1623 | 1 Checkpoint | 1 Vpn-1 Firewall-1 | 2024-02-28 | 5.0 MEDIUM | N/A |
| The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses before the password is supplied or (2) sniffing, as originally reported for FireWall-1 SecuRemote. | |||||