Total
28982 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-1946 | 1 Cherokee | 1 Cherokee Httpd | 2024-02-28 | 4.6 MEDIUM | N/A |
Format string vulnerability in the PRINT_ERROR function in common.c for Cherokee Web Server 0.4.16 and earlier allows local users to execute arbitrary code via format string specifiers in the -C command line argument. NOTE: it is not clear whether this issue could be exploited remotely, or if Cherokee is running at escalated privileges. Therefore it might not be a vulnerability. | |||||
CVE-2004-1359 | 1 Sun | 2 Solaris, Sunos | 2024-02-28 | 4.6 MEDIUM | N/A |
Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 allow local users to execute arbitrary code as the uucp user. | |||||
CVE-2004-1081 | 1 Apple | 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more | 2024-02-28 | 2.1 LOW | N/A |
The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and 10.3.6 does not properly restrict access to a secure text input field, which allows local users to read keyboard input from other applications within the same window session. | |||||
CVE-1999-0890 | 1 Ihtml Merchant | 1 Ihtml Merchant | 2024-02-28 | 7.5 HIGH | N/A |
iHTML Merchant allows remote attackers to obtain sensitive information or execute commands via a code parsing error. | |||||
CVE-2004-1461 | 1 Cisco | 2 Secure Access Control Server, Secure Acs Solution Engine | 2024-02-28 | 7.5 HIGH | N/A |
Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address. | |||||
CVE-2002-0525 | 1 Isc | 1 Inn | 2024-02-28 | 10.0 HIGH | N/A |
Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses. | |||||
CVE-2003-0145 | 1 Lbl | 1 Tcpdump | 2024-02-28 | 5.0 MEDIUM | N/A |
Unknown vulnerability in tcpdump before 3.7.2 related to an inability to "Handle unknown RADIUS attributes properly," allows remote attackers to cause a denial of service (infinite loop), a different vulnerability than CAN-2003-0093. | |||||
CVE-2000-0351 | 1 Sco | 1 Unixware | 2024-02-28 | 4.6 MEDIUM | N/A |
Some packaging commands in SCO UnixWare 7.1.0 have insecure privileges, which allows local users to add or remove software packages. | |||||
CVE-2003-0902 | 1 Minimalist | 1 Minimalist | 2024-02-28 | 7.5 HIGH | N/A |
Unknown vulnerability in minimalist mailing list manager 2.4, 2.2, and possibly other versions, allows remote attackers to execute arbitrary commands. | |||||
CVE-2000-1033 | 1 Cat Soft | 1 Serv-u | 2024-02-28 | 7.5 HIGH | N/A |
Serv-U FTP Server allows remote attackers to bypass its anti-hammering feature by first logging on as a valid user (possibly anonymous) and then attempting to guess the passwords of other users. | |||||
CVE-2003-0120 | 1 Mhc-utils | 1 Mhc-utils | 2024-02-28 | 1.2 LOW | N/A |
adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local users to overwrite arbitrary files via a symlink attack on a default temporary directory with a predictable name. | |||||
CVE-2004-0576 | 1 Gnu | 1 Radius | 2024-02-28 | 5.0 MEDIUM | N/A |
The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the -enable-snmp option, allows remote attackers to cause a denial of service (server crash) via malformed SNMP messages containing an invalid OID. | |||||
CVE-2004-0528 | 1 Netscape | 1 Navigator | 2024-02-28 | 5.0 MEDIUM | N/A |
Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. | |||||
CVE-2004-0470 | 1 Bea | 1 Weblogic Server | 2024-02-28 | 7.5 HIGH | N/A |
BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name tag, which can remove intended access restrictions for the associated web application. | |||||
CVE-2004-1567 | 1 Silent-storm | 1 Silent-storm Portal | 2024-02-28 | 7.5 HIGH | N/A |
profile.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers to gain privileges by setting the mail parameter to 1, which is the value for an administrator. | |||||
CVE-2000-0662 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 5.0 MEDIUM | N/A |
Internet Explorer 5.x and Microsoft Outlook allows remote attackers to read arbitrary files by redirecting the contents of an IFRAME using the DHTML Edit Control (DHTMLED). | |||||
CVE-2003-1083 | 1 Tildeslash | 1 Monit | 2024-02-28 | 10.0 HIGH | N/A |
Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request. | |||||
CVE-1999-1124 | 1 Allaire | 1 Coldfusion | 2024-02-28 | 7.5 HIGH | N/A |
HTTP Client application in ColdFusion allows remote attackers to bypass access restrictions for web pages on other ports by providing the target page to the mainframeset.cfm application, which requests the page from the server, making it look like the request is coming from the local host. | |||||
CVE-2004-1421 | 1 Whm | 1 Whm Autopilot | 2024-02-28 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities (1) step_one.php, (2) step_one_tables.php, (3) step_two_tables.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the server_inc parameter to reference a URL on a remote web server that contains the code. | |||||
CVE-2002-0246 | 1 Caldera | 1 Unixware | 2024-02-28 | 7.2 HIGH | N/A |
Format string vulnerability in the message catalog library functions in UnixWare 7.1.1 allows local users to gain privileges by modifying the LC_MESSAGE environment variable to read other message catalogs containing format strings from setuid programs such as vxprint. |