Total
28982 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-1999-0706 | 2 Isc, Redhat | 2 Inn, Linux | 2024-02-28 | 7.5 HIGH | N/A |
Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables. | |||||
CVE-2004-1758 | 1 Bea | 1 Weblogic Server | 2024-02-28 | 4.6 MEDIUM | N/A |
BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges. | |||||
CVE-2001-0642 | 1 Incredimail | 1 Incredimail | 2024-02-28 | 2.1 LOW | N/A |
Directory traversal vulnerability in IncrediMail version 1400185 and earlier allows local users to overwrite files on the local hard drive by appending .. (dot dot) sequences to filenames listed in the content.ini file. | |||||
CVE-2000-0811 | 1 Cgi Script Center | 1 Auction Weaver | 2024-02-28 | 5.0 MEDIUM | N/A |
Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the username or bidfile form fields. | |||||
CVE-2003-1294 | 1 Xscreensaver | 1 Xscreensaver | 2024-02-28 | 2.1 LOW | N/A |
Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwrite arbitrary files via a symlink attack. | |||||
CVE-1999-0148 | 1 Sgi | 1 Irix | 2024-02-28 | 7.5 HIGH | N/A |
The handler CGI program in IRIX allows arbitrary command execution. | |||||
CVE-2001-0833 | 1 Oracle | 1 Database Server | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable, aka the "Oracle Trace Collection Security Vulnerability." | |||||
CVE-2001-0090 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 5.1 MEDIUM | N/A |
The Print Templates feature in Internet Explorer 5.5 executes arbitrary custom print templates without prompting the user, which could allow an attacker to execute arbitrary ActiveX controls, aka the "Browser Print Template" vulnerability. | |||||
CVE-2002-1889 | 1 Logsurfer | 1 Logsurfer | 2024-02-28 | 5.0 MEDIUM | N/A |
Off-by-one buffer overflow in the context_action function in context.c of Logsurfer 1.41 through 1.5a allows remote attackers to cause a denial of service (crash) via a malformed log entry. | |||||
CVE-2004-0622 | 1 Apple | 1 Mac Os X | 2024-02-28 | 2.1 LOW | N/A |
Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions does not properly clear memory for login (aka Loginwindow.app), Keychain, or FileVault passwords, which could allow the root user or an attacker with physical access to obtain sensitive information by reading memory. | |||||
CVE-2004-1468 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2024-02-28 | 7.5 HIGH | N/A |
The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message. | |||||
CVE-2003-0119 | 1 Ibm | 1 Aix | 2024-02-28 | 7.5 HIGH | N/A |
The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet socket when communicating with the loadmodule, which allows remote attackers to directly connect to the daemon and conduct unauthorized activities. | |||||
CVE-1999-1591 | 1 Microsoft | 2 Internet Information Server, Visual Interdev | 2024-02-28 | 7.5 HIGH | N/A |
Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0. | |||||
CVE-2004-0817 | 9 Conectiva, Enlightenment, Imagemagick and 6 more | 16 Linux, Imlib, Imlib2 and 13 more | 2024-02-28 | 7.5 HIGH | N/A |
Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file. | |||||
CVE-2002-1183 | 1 Microsoft | 3 Windows 98, Windows 98se, Windows Nt | 2024-02-28 | 7.5 HIGH | N/A |
Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862). | |||||
CVE-2004-2174 | 1 Early Impact | 1 Productcart | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Custva.asp in EarlyImpact ProductCart allows remote attackers to inject arbitrary Javascript via the redirectUrl parameter. | |||||
CVE-1999-1030 | 1 Behold Software | 1 Web Page Counter | 2024-02-28 | 5.0 MEDIUM | N/A |
counter.exe 2.70 allows a remote attacker to cause a denial of service (hang) via an HTTP request that ends in %0A (newline), which causes a malformed entry in the counter log that produces an access violation. | |||||
CVE-1999-1054 | 1 Globetrotter | 1 Flexlm | 2024-02-28 | 5.0 MEDIUM | N/A |
The default configuration of FLEXlm license manager 6.0d, and possibly other versions, allows remote attackers to shut down the server via the lmdown command. | |||||
CVE-1999-0267 | 1 Ncsa | 1 Ncsa Httpd | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution. | |||||
CVE-2002-2081 | 1 Microsoft | 2 Site Server, Site Server Commerce | 2024-02-28 | 5.0 MEDIUM | N/A |
cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp. |