Total
28982 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-2044 | 1 Xqus | 1 X-stat | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the phpinfo action. | |||||
CVE-2002-1905 | 1 Polycom | 1 Viavideo | 2024-02-28 | 5.0 MEDIUM | N/A |
Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request. | |||||
CVE-1999-0058 | 1 Php | 1 Php | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in PHP cgi program, php.cgi allows shell access. | |||||
CVE-2000-0142 | 1 Netopia | 1 Timbuktu Pro | 2024-02-28 | 5.0 MEDIUM | N/A |
The authentication protocol in Timbuktu Pro 2.0b650 allows remote attackers to cause a denial of service via connections to port 407 and 1417. | |||||
CVE-2004-1828 | 1 Belchior Foundry | 1 Vcard | 2024-02-28 | 5.0 MEDIUM | N/A |
Vcard 2.9 and possibly other versions does not require authorization to run uninstall.php, which could allow remote attackers to uninstall Vcard and delete database tables via a direct request to uninstall.php. | |||||
CVE-2002-1073 | 1 Atrium Software | 1 Mercur Mailserver | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in the control service for MERCUR Mailserver 4.2 allows remote attackers to execute arbitrary code via a long password. | |||||
CVE-1999-0223 | 1 Sun | 1 Sunos | 2024-02-28 | 2.1 LOW | N/A |
Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry. | |||||
CVE-2000-0614 | 1 Suse | 1 Suse Linux | 2024-02-28 | 10.0 HIGH | N/A |
Tnef program in Linux systems allows remote attackers to overwrite arbitrary files via TNEF encoded compressed attachments which specify absolute path names for the decompressed output. | |||||
CVE-1999-1231 | 1 Ssh | 1 Ssh2 | 2024-02-28 | 5.0 MEDIUM | N/A |
ssh 2.0.12, and possibly other versions, allows valid user names to attempt to enter the correct password multiple times, but only prompts an invalid user name for a password once, which allows remote attackers to determine user account names on the server. | |||||
CVE-2004-0734 | 1 Extropia | 1 Extropia Webstore | 2024-02-28 | 7.5 HIGH | N/A |
Web_Store.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter. | |||||
CVE-2004-0828 | 1 Ibm | 1 Aix | 2024-02-28 | 2.1 LOW | N/A |
The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and 5.3 does not properly drop privileges before executing the -f option, which allows local users to modify or create arbitrary files. | |||||
CVE-2001-0453 | 1 Brs | 1 Webweaver | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in BRS WebWeaver HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack in the (1) syshelp, (2) sysimages, or (3) scripts directories. | |||||
CVE-2000-0660 | 1 Alt-n | 1 Worldclient | 2024-02-28 | 5.0 MEDIUM | N/A |
The WDaemon web server for WorldClient 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
CVE-2002-2206 | 1 Symantec | 1 Norton Antivirus | 2024-02-28 | 7.8 HIGH | N/A |
The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001 allows local users to cause a denial of service (CPU consumption and crash) via a long username with multiple /localhost entries. | |||||
CVE-2000-0283 | 1 Sgi | 1 Irix | 2024-02-28 | 6.4 MEDIUM | N/A |
The default installation of IRIX Performance Copilot allows remote attackers to access sensitive system information via the pmcd daemon. | |||||
CVE-2001-0703 | 1 Arcadia | 1 Arcadia Internet Store | 2024-02-28 | 5.0 MEDIUM | N/A |
tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to cause a denial of service via a URL request with an MS-DOS device name in the template parameter. | |||||
CVE-2003-1290 | 1 Bea | 1 Weblogic Server | 2024-02-28 | 5.0 MEDIUM | N/A |
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI). | |||||
CVE-2004-0792 | 1 Andrew Tridgell | 1 Rsync | 2024-02-28 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files. | |||||
CVE-1999-1080 | 1 Sun | 1 Sunos | 2024-02-28 | 7.2 HIGH | N/A |
rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to gain root privileges by mounting a floppy or CD-ROM that contains a setuid program and running volcheck, when the file systems do not have the nosuid option specified in rmmount.conf. | |||||
CVE-2002-1740 | 1 Alt-n | 2 Mdaemon, Worldclient | 2024-02-28 | 2.1 LOW | N/A |
Buffer overflow in WorldClient.cgi in WorldClient in Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to execute arbitrary code via a long folder name (NewFolder parameter). |