Total
28982 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0833 | 1 Qualcomm | 1 Eudora | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a multi-part message with a long boundary string. | |||||
CVE-2002-1403 | 1 Phystech | 1 Dhcpcd | 2024-02-28 | 7.2 HIGH | N/A |
dhcpcd DHCP client daemon 1.3.22 and earlier allows local users to execute arbitrary code via shell metacharacters that are fed from a dhcpd .info script into a .exe script. | |||||
CVE-2000-1211 | 1 Zope | 1 Zope | 2024-02-28 | 7.5 HIGH | N/A |
Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities. | |||||
CVE-2003-0323 | 1 Michael Sandrof | 1 Ircii | 2024-02-28 | 7.5 HIGH | N/A |
Multiple buffer overflows in ircII 20020912 allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via responses that are not properly fed to the my_strcat function by (1) ctcp_buffer, (2) cannot_join_channel, (3) status_make_printable for Statusbar drawing, (4) create_server_list, and possibly other functions. | |||||
CVE-2004-2146 | 1 Pd9 Software | 1 Megabbs | 2024-02-28 | 5.0 MEDIUM | N/A |
CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows attackers to conduct HTTP response splitting attacks via the fid parameter in a writenew action to thread-post.asp. | |||||
CVE-2004-0706 | 1 Mozilla | 1 Bugzilla | 2024-02-28 | 2.1 LOW | N/A |
Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, which could allow local users to view the password in the web server log files. | |||||
CVE-2002-1925 | 1 Tiny Software | 1 Tiny Personal Firewall | 2024-02-28 | 5.0 MEDIUM | N/A |
Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to cause a denial of service (crash) by via SYN, UDP, ICMP and TCP portscans when the administrator selects the Log tab of the Personal Firewall Agent module. | |||||
CVE-1999-0258 | 1 Microsoft | 2 Windows 95, Windows Nt | 2024-02-28 | 5.0 MEDIUM | N/A |
Bonk variation of teardrop IP fragmentation denial of service. | |||||
CVE-2001-0048 | 1 Microsoft | 1 Windows 2000 | 2024-02-28 | 7.2 HIGH | N/A |
The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability. | |||||
CVE-2003-0020 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. | |||||
CVE-2002-1423 | 1 Ilia Alshanetsky | 1 Fudforum | 2024-02-28 | 5.0 MEDIUM | N/A |
tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter. | |||||
CVE-2001-0004 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-28 | 5.0 MEDIUM | N/A |
IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability. | |||||
CVE-2002-1644 | 1 Ssh | 1 Ssh2 | 2024-02-28 | 7.2 HIGH | N/A |
SSH Secure Shell for Servers and SSH Secure Shell for Workstations 2.0.13 through 3.2.1, when running without a PTY, does not call setsid to remove the child process from the process group of the parent process, which allows attackers to gain certain privileges. | |||||
CVE-1999-1175 | 1 Cisco | 1 Ios | 2024-02-28 | 7.5 HIGH | N/A |
Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS 11.2 and earlier does not use authentication, which allows remote attackers to redirect HTTP traffic to arbitrary hosts via WCCP packets to UDP port 2048. | |||||
CVE-2004-0814 | 2 Linux, Ubuntu | 2 Linux Kernel, Ubuntu Linux | 2024-02-28 | 1.2 LOW | N/A |
Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch. | |||||
CVE-2001-0391 | 1 Imatix | 1 Xitami | 2024-02-28 | 5.0 MEDIUM | N/A |
Xitami 2.5d4 and earlier allows remote attackers to crash the server via an HTTP request to the /aux directory. | |||||
CVE-2002-1407 | 1 Adam Megacz | 1 Tinyssl | 2024-02-28 | 7.5 HIGH | N/A |
TinySSL 1.02 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack. | |||||
CVE-2004-1851 | 1 Dameware Development | 1 Mini Remote Control Server | 2024-02-28 | 7.5 HIGH | N/A |
Dameware Mini Remote Control 4.1.0.0 uses insufficiently random data to create the encryption key, which makes it easier for remote attackers to obtain sensitive information via brute force guessing. | |||||
CVE-1999-0848 | 2 Isc, Sun | 3 Bind, Solaris, Sunos | 2024-02-28 | 5.0 MEDIUM | N/A |
Denial of service in BIND named via consuming more than "fdmax" file descriptors. | |||||
CVE-2003-0300 | 8 Microsoft, Mozilla, Mutt and 5 more | 8 Outlook Express, Mozilla, Mutt and 5 more | 2024-02-28 | 5.0 MEDIUM | N/A |
The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors. |