Total
28982 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-1863 | 1 Iomega | 1 Network Attached Storage | 2024-02-28 | 4.6 MEDIUM | N/A |
Iomega Network Attached Storage (NAS) A300U, and possibly other models, does not allow the FTP service to be disabled, which allows local users to access home directories via FTP even when access to all shared directories have been disabled. | |||||
CVE-2002-2062 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in ftp.htt in Internet Explorer 5.5 and 6.0, when running on Windows 2000 with "Enable folder view for FTP sites" and "Enable Web content in folders" selected, allows remote attackers to inject arbitrary web script or HTML via the hostname portion of an FTP URL. | |||||
CVE-2000-0824 | 1 Gnu | 1 Glibc | 2024-02-28 | 7.2 HIGH | N/A |
The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH. | |||||
CVE-2002-1083 | 1 Visualshapers | 1 Ezcontents | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerabilities in ezContents 1.41 and earlier allow remote attackers to cause ezContents to (1) create directories using the Maintain Images:Add New:Create Subdirectory item, or (2) list directories using the Maintain Images file listing, via .. (dot dot) sequences. | |||||
CVE-2003-0103 | 1 Nokia | 1 6210 Handset | 2024-02-28 | 5.0 MEDIUM | N/A |
Format string vulnerability in Nokia 6210 handset allows remote attackers to cause a denial of service (crash, lockup, or restart) via a Multi-Part vCard with fields containing a large number of format string specifiers. | |||||
CVE-2001-0524 | 1 Eeye Digital Security | 1 Securells | 2024-02-28 | 7.5 HIGH | N/A |
eEye SecureIIS versions 1.0.3 and earlier does not perform length checking on individual HTTP headers, which allows a remote attacker to send arbitrary length strings to IIS, contrary to an advertised feature of SecureIIS versions 1.0.3 and earlier. | |||||
CVE-2004-0539 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 10.0 HIGH | N/A |
The "Show in Finder" button in the Safari web browser in Mac OS X 10.3.4 and 10.2.8 may execute downloaded applications, which could allow remote attackers to execute arbitrary code. | |||||
CVE-2001-1511 | 1 Macromedia | 1 Jrun | 2024-02-28 | 5.0 MEDIUM | N/A |
JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows remote attackers to read arbitrary JavaServer Pages (JSP) source code via a request URL containing the source filename ending in (1) "jsp%00" or (2) "js%2570". | |||||
CVE-2001-1264 | 1 Hp | 2 Hp-ux, Vvos | 2024-02-28 | 10.0 HIGH | N/A |
Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating System (VVOS) 4.0 and 4.5 allows attackers to elevate privileges. | |||||
CVE-2001-0176 | 1 Voyant Technologies | 1 Sonata | 2024-02-28 | 7.2 HIGH | N/A |
The setuid doroot program in Voyant Sonata 3.x executes arbitrary command line arguments, which allows local users to gain root privileges. | |||||
CVE-2001-0275 | 1 Moby | 1 Netsuite Web Server | 2024-02-28 | 2.1 LOW | N/A |
Moby Netsuite Web Server 1.02 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request. | |||||
CVE-2004-0326 | 1 Proxy-pro | 1 Professional Gatekeeper | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote attackers to execute arbitrary code via a long GET request. | |||||
CVE-1999-0636 | 2024-02-28 | 10.0 HIGH | N/A | ||
The discard service is running. | |||||
CVE-2000-0753 | 1 Microsoft | 1 Outlook | 2024-02-28 | 5.0 MEDIUM | N/A |
The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files. | |||||
CVE-2002-1479 | 1 The Cacti Group | 1 Cacti | 2024-02-28 | 4.6 MEDIUM | N/A |
Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges. | |||||
CVE-2004-0042 | 1 Beasts | 1 Vsftpd | 2024-02-28 | 5.0 MEDIUM | N/A |
vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames. | |||||
CVE-2004-0363 | 1 Symantec | 1 Norton Antispam | 2024-02-28 | 7.5 HIGH | N/A |
Stack-based buffer overflow in the SymSpamHelper ActiveX component (symspam.dll) in Norton AntiSpam 2004, as used in Norton Internet Security 2004, allows remote attackers to execute arbitrary code via a long parameter to the LaunchCustomRuleWizard method. | |||||
CVE-1999-0414 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 5.0 MEDIUM | N/A |
In Linux before version 2.0.36, remote attackers can spoof a TCP connection and pass data to the application layer before fully establishing the connection. | |||||
CVE-1999-0057 | 5 Eric Allman, Freebsd, Hp and 2 more | 7 Vacation, Freebsd, Hp-ux and 4 more | 2024-02-28 | 7.5 HIGH | N/A |
Vacation program allows command execution by remote users through a sendmail command. | |||||
CVE-2001-0678 | 1 Trend Micro | 2 Interscan Viruswall, Interscan Webmanager | 2024-02-28 | 4.6 MEDIUM | N/A |
A buffer overflow in reggo.dll file used by Trend Micro InterScan VirusWall prior to 3.51 build 1349 for Windows NT 3.5 and InterScan WebManager 1.2 allows a local attacker to execute arbitrary code. |