Total
28982 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-1041 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-28 | 7.5 HIGH | N/A |
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475. | |||||
CVE-2004-0212 | 2 Avaya, Microsoft | 8 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 5 more | 2024-02-28 | 10.0 HIGH | N/A |
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share. | |||||
CVE-2004-0233 | 3 Sgi, Slackware, Utempter | 3 Propack, Slackware Linux, Utempter | 2024-02-28 | 2.1 LOW | N/A |
Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files. | |||||
CVE-2004-0801 | 4 Conectiva, Linuxprinting.org, Sun and 1 more | 4 Linux, Foomatic-filters, Java Desktop System and 1 more | 2024-02-28 | 7.5 HIGH | N/A |
Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands. | |||||
CVE-2000-1062 | 1 Hp | 1 Jetdirect | 2024-02-28 | 5.0 MEDIUM | N/A |
Buffer overflow in the FTP service in HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service. | |||||
CVE-2001-0958 | 1 Trend Micro | 2 Interscan Emanager, Interscan Viruswall | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflows in eManager plugin for Trend Micro InterScan VirusWall for NT 3.51 and 3.51J allow remote attackers to execute arbitrary code via long arguments to the CGI programs (1) register.dll, (2) ContentFilter.dll, (3) SFNofitication.dll, (4) register.dll, (5) TOP10.dll, (6) SpamExcp.dll, and (7) spamrule.dll. | |||||
CVE-2002-0781 | 1 Novell | 1 Bordermanager | 2024-02-28 | 5.0 MEDIUM | N/A |
RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a GET request to port 9090 followed by a series of carriage returns, which causes proxy.nlm to ABEND. | |||||
CVE-2001-0897 | 1 Infopop | 1 Ultimate Bulletin Board | 2024-02-28 | 5.0 MEDIUM | N/A |
Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) before 5.47e allows remote attackers to steal user cookies via an [IMG] tag that references an about: URL with an onerror field. | |||||
CVE-2001-1484 | 1 Alcatel | 2 Adsl Modem 1000, Speed Touch Adsl Modem | 2024-02-28 | 7.5 HIGH | N/A |
Alcatel ADSL modems allow remote attackers to access the Trivial File Transfer Protocol (TFTP) to modify firmware and configuration via a bounce attack from a system on the local area network (LAN) side, which is allowed to access TFTP without authentication. | |||||
CVE-2003-0620 | 1 Andries Brouwer | 1 Man | 2024-02-28 | 4.6 MEDIUM | N/A |
Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable. | |||||
CVE-2002-1791 | 1 Sgi | 1 Irix | 2024-02-28 | 2.1 LOW | N/A |
SGI IRIX 6.5 through 6.5.17 creates temporary desktop files with world-writable permissions, which allows local users to overwrite or corrupt those files. | |||||
CVE-1999-0790 | 1 Netscape | 1 Communicator | 2024-02-28 | 2.6 LOW | N/A |
A remote attacker can read information from a Netscape user's cache via JavaScript. | |||||
CVE-2004-1989 | 2 Coppermine, Francisco Burzi | 2 Coppermine Photo Gallery, Php-nuke | 2024-02-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc. | |||||
CVE-2000-0447 | 1 Network Associates | 1 Webshield | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in WebShield SMTP 4.5.44 allows remote attackers to execute arbitrary commands via a long configuration parameter to the WebShield remote management service. | |||||
CVE-1999-0688 | 1 Hp | 1 Hp-ux | 2024-02-28 | 4.6 MEDIUM | N/A |
Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x. | |||||
CVE-2001-0633 | 1 Sun | 1 Chilisoft | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Sun Chili!Soft ASP on multiple Unixes allows a remote attacker to read arbitrary files above the web root via a '..' (dot dot) attack in the sample script 'codebrws.asp'. | |||||
CVE-2000-0229 | 4 Alessandro Rubini, Debian, Redhat and 1 more | 4 Gpm, Debian Linux, Linux and 1 more | 2024-02-28 | 7.2 HIGH | N/A |
gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root. | |||||
CVE-2002-0854 | 1 Suse | 1 Suse Linux | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflows in ISDN Point to Point Protocol (PPP) daemon (ipppd) in the i4l package on SuSE 7.3, 8.0, and possibly other operating systems, may allow local users to gain privileges. | |||||
CVE-2000-0344 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 5.0 MEDIUM | N/A |
The knfsd NFS server in Linux kernel 2.2.x allows remote attackers to cause a denial of service via a negative size value. | |||||
CVE-2002-1190 | 1 Cisco | 1 Unity Server | 2024-02-28 | 7.5 HIGH | N/A |
Cisco Unity 2.x and 3.x uses well-known default user accounts, which could allow remote attackers to gain access and place arbitrary calls. |