Total
28982 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0753 | 1 Cisco | 1 Cbos | 2024-02-28 | 7.5 HIGH | N/A |
| Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) enable in cleartext in the NVRAM and a configuration file, which could allow unauthorized users to obtain the passwords and gain privileges. | |||||
| CVE-2002-0814 | 1 Vmware | 1 Gsx Server | 2024-02-28 | 7.5 HIGH | N/A |
| Buffer overflow in VMware Authorization Service for VMware GSX Server 2.0.0 build-2050 allows remote authenticated users to execute arbitrary code via a long GLOBAL argument. | |||||
| CVE-2004-0490 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 7.2 HIGH | N/A |
| cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529. | |||||
| CVE-2004-1857 | 1 Hp | 1 Web Jetadmin | 2024-02-28 | 2.1 LOW | N/A |
| Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter. | |||||
| CVE-2003-0348 | 1 Microsoft | 1 Windows Media Player | 2024-02-28 | 6.4 MEDIUM | N/A |
| A certain Microsoft Windows Media Player 9 Series ActiveX control allows remote attackers to view and manipulate the Media Library on the local system via HTML script. | |||||
| CVE-2001-1419 | 2 Aol, Cerulean Studios | 2 Instant Messenger, Trillian | 2024-02-28 | 5.0 MEDIUM | N/A |
| AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of "<!--" HTML comments. | |||||
| CVE-2000-0071 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-28 | 5.0 MEDIUM | N/A |
| IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions. | |||||
| CVE-2001-0731 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
| Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string. | |||||
| CVE-1999-0972 | 1 Wolfpack Development | 1 Xshipwars | 2024-02-28 | 7.5 HIGH | N/A |
| Buffer overflow in Xshipwars xsw program. | |||||
| CVE-2001-1178 | 1 Xfree86 Project | 1 X11r6 | 2024-02-28 | 7.2 HIGH | N/A |
| Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable. | |||||
| CVE-2002-0520 | 1 Asp-nuke | 1 Asp-nuke | 2024-02-28 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke RC1 allows remote attackers to execute script as other ASP-Nuke users by embedding it within an IMG tag. | |||||
| CVE-2000-0941 | 1 Kootenay Web Inc | 1 Kootenay Web Inc Whois | 2024-02-28 | 10.0 HIGH | N/A |
| Kootenay Web KW Whois 1.0 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "whois" parameter. | |||||
| CVE-2001-0392 | 1 Navision | 1 Financials Server | 2024-02-28 | 5.0 MEDIUM | N/A |
| Navision Financials Server 2.60 and earlier allows remote attackers to cause a denial of service by sending a null character and a long string to the server port (2407), which causes the server to crash. | |||||
| CVE-2004-1427 | 1 Korweblog | 1 Korweblog | 2024-02-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in main.inc in KorWeblog 1.6.2-cvs and earlier allows remote attackers to execute arbitrary PHP code by modifying the G_PATH parameter to reference a URL on a remote web server that contains the code, as demonstrated in index.php when using .. (dot dot) sequences in the lng parameter to cause main.inc to be loaded. | |||||
| CVE-2001-0073 | 1 Nsa | 1 Security-enhanced Linux | 2024-02-28 | 2.1 LOW | N/A |
| Buffer overflow in the find_default_type function in libsecure in NSA Security-enhanced Linux, which may allow attackers to modify critical data in memory. | |||||
| CVE-2003-0026 | 1 Isc | 1 Dhcpd | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute arbitrary code via a DHCP message containing a long hostname. | |||||
| CVE-1999-0346 | 1 Php | 1 Php Fi | 2024-02-28 | 5.0 MEDIUM | N/A |
| CGI PHP mlog script allows an attacker to read any file on the target server. | |||||
| CVE-2002-0102 | 1 Oracle | 1 Application Server Web Cache | 2024-02-28 | 5.0 MEDIUM | N/A |
| Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial of service via (1) a request to TCP ports 1100, 4000, 4001, and 4002 with a large number of null characters, and (2) a request to TCP port 4000 with a large number of "." characters. | |||||
| CVE-1999-0787 | 1 Ssh | 1 Ssh | 2024-02-28 | 2.1 LOW | N/A |
| The SSH authentication agent follows symlinks via a UNIX domain socket. | |||||
| CVE-2001-0773 | 1 Cayman | 1 3220-h Dsl Router | 2024-02-28 | 5.0 MEDIUM | N/A |
| Cayman 3220-H DSL Router 1.0 allows remote attacker to cause a denial of service (crash) via a series of SYN or TCP connect requests. | |||||