Total
28982 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-1396 | 1 Nullsoft | 1 Winamp | 2024-02-28 | 2.6 LOW | N/A |
Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file. | |||||
CVE-2000-0916 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 7.5 HIGH | N/A |
FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an insufficient random number generator to generate initial TCP sequence numbers (ISN), which allows remote attackers to spoof TCP connections. | |||||
CVE-2002-0721 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-02-28 | 10.0 HIGH | N/A |
Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt. | |||||
CVE-2002-0527 | 1 Watchguard | 1 Soho Firewall | 2024-02-28 | 5.0 MEDIUM | N/A |
Watchguard SOHO firewall before 5.0.35 allows remote attackers to cause a denial of service (crash and reboot) when SOHO forwards a packet with bad IP options. | |||||
CVE-2004-1888 | 1 Aborior | 1 Encore Web Forum | 2024-02-28 | 7.5 HIGH | N/A |
display.cgi in Aborior Encore WebForum allows remote to execute arbitrary commands via shell metacharacters in the file variable. | |||||
CVE-2000-0853 | 1 Yabb | 1 Yabb | 2024-02-28 | 5.0 MEDIUM | N/A |
YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
CVE-1999-1135 | 1 Hp | 1 Hp-ux | 2024-02-28 | 7.2 HIGH | N/A |
Vulnerability in VUE 3.0 in HP 9.x allows local users to gain root privileges, as fixed by PHSS_4994 and PHSS_5438. | |||||
CVE-2003-1261 | 1 Globalscape | 1 Cuteftp | 2024-02-28 | 2.1 LOW | N/A |
Buffer overflow in CuteFTP 5.0 and 5.0.1 allows local users to cause a denial of service (crash) by copying a long URL into a clipboard. | |||||
CVE-2002-0723 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 7.5 HIGH | N/A |
Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the domain of a frame within a browser window, which allows remote attackers to read client files or invoke executable objects via the Object tag, aka "Cross Domain Verification in Object Tag." | |||||
CVE-2004-2090 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist. | |||||
CVE-2004-1809 | 1 Phpbb Group | 1 Phpbb | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) postdays parameter to viewtopic.php or (2) topicdays parameter to viewforum.php. | |||||
CVE-2003-0871 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 7.5 HIGH | N/A |
Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X Server 10.3 allows attackers to gain "unauthorized access to a system." | |||||
CVE-2001-1134 | 1 Xerox | 1 Docuprint N40 | 2024-02-28 | 5.0 MEDIUM | N/A |
Xerox DocuPrint N40 Printers allow remote attackers to cause a denial of service via malformed data, such as that produced by the Code Red worm. | |||||
CVE-2002-0878 | 1 Logisense | 2 Dns Manager System, Hawk-i | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the login form for LogiSense software including (1) Hawk-i Billing, (2) Hawk-i ASP and (3) DNS Manager allows remote attackers to bypass authentication via SQL code in the password field. | |||||
CVE-2003-0416 | 1 Bandmin | 1 Bandmin | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.cgi for Bandmin 1.4 allows remote attackers to insert arbitrary HTML or script via (1) the year parameter in a showmonth action, (2) the month parameter in a showmonth action, or (3) the host parameter in a showhost action. | |||||
CVE-2002-1922 | 1 Jelsoft | 1 Vbulletin | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in global.php in Jelsoft vBulletin 2.0.0 through 2.2.8 allows remote attackers to inject arbitrary web script or HTML via the (1) $scriptpath or (2) $url variables. | |||||
CVE-2004-0010 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.2 HIGH | N/A |
Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges. | |||||
CVE-2004-0583 | 3 Debian, Usermin, Webmin | 3 Debian Linux, Usermin, Webmin | 2024-02-28 | 5.0 MEDIUM | N/A |
The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords. | |||||
CVE-2002-0437 | 1 Stefan Frings | 1 Sms Server Tools | 2024-02-28 | 10.0 HIGH | N/A |
Smsd in SMS Server Tools (SMStools) before 1.4.8 allows remote attackers to execute arbitrary commands via shell metacharacters (backquotes) in message text, as described with the term "string format vulnerability" by some sources. | |||||
CVE-2002-0626 | 1 Polycom | 8 Viewstation 128, Viewstation 512, Viewstation Dcp and 5 more | 2024-02-28 | 10.0 HIGH | N/A |
Polycom ViewStation before 7.2.4 has a default null password for the administrator account, which allows arbitrary users to conduct unauthorized activities. |