Total
28982 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-1999-1378 | 1 Dbmlparser.exe | 1 Dbmlparser.exe | 2024-02-28 | 5.0 MEDIUM | N/A |
dbmlparser.exe CGI guestbook program does not perform a chroot operation properly, which allows remote attackers to read arbitrary files. | |||||
CVE-2004-1483 | 1 Symantec | 1 Clientless Vpn Gateway 4400 | 2024-02-28 | 10.0 HIGH | N/A |
Multiple unknown vulnerabilities in the ActiveX and HTML file browsers in Symantec Clientless VPN Gateway 4400 Series 5.0 have unknown attack vectors and unknown impact. | |||||
CVE-2000-1026 | 1 Lbl | 1 Tcpdump | 2024-02-28 | 10.0 HIGH | N/A |
Multiple buffer overflows in LBNL tcpdump allow remote attackers to execute arbitrary commands. | |||||
CVE-2002-1440 | 1 Gateway | 1 Gs-400 | 2024-02-28 | 10.0 HIGH | N/A |
The Gateway GS-400 server has a default root password of "0001n" that can not be changed via the administrative interface, which can allow attackers to gain root privileges. | |||||
CVE-2003-1242 | 1 Sage | 1 Sage | 2024-02-28 | 5.0 MEDIUM | N/A |
Sage 1.0 b3 allows remote attackers to obtain the root web server path via a URL request for a non-existent module, which returns the path in an error message. | |||||
CVE-2002-0023 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 5.0 MEDIUM | N/A |
Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks. | |||||
CVE-2002-1362 | 1 Matthew Smith | 1 Micq | 2024-02-28 | 5.0 MEDIUM | N/A |
mICQ 0.4.9 and earlier allows remote attackers to cause a denial of service (crash) via malformed ICQ message types without a 0xFE separator character. | |||||
CVE-2003-0599 | 1 Phpgroupware | 1 Phpgroupware | 2024-02-28 | 10.0 HIGH | N/A |
Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root. | |||||
CVE-2004-1753 | 2 Mozilla, Netscape | 3 Firefox, Mozilla, Navigator | 2024-02-28 | 2.6 LOW | N/A |
The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs. | |||||
CVE-2004-2067 | 1 Jaws | 1 Jaws | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in controlpanel.php in Jaws Framework and Content Management System 0.4 allows remote attackers to execute arbitrary SQL and bypass authentication via the (1) user, (2) password, or (3) crypted_password parameters. | |||||
CVE-2002-1309 | 1 Macromedia | 1 Coldfusion | 2024-02-28 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm file name. | |||||
CVE-2004-0808 | 1 Samba | 1 Samba | 2024-02-28 | 5.0 MEDIUM | N/A |
The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided. | |||||
CVE-2002-1636 | 1 Oracle | 1 Application Server | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for Oracle 9i Application Server (9iAS) allows remote attackers to inject arbitrary web script or HTML via the cbuf parameter to htp.print. | |||||
CVE-2002-0239 | 1 Hanterm | 1 Hanterm | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in hanterm 3.3.1 and earlier allows local users to execute arbitrary code via a long string in the (1) -fn, (2) -hfb, or (3) -hfn argument. | |||||
CVE-1999-0903 | 1 Ibm | 1 Aix | 2024-02-28 | 7.5 HIGH | N/A |
genfilt in the AIX Packet Filtering Module does not properly filter traffic to destination ports greater than 32767. | |||||
CVE-1999-1498 | 1 Slackware | 1 Slackware Linux | 2024-02-28 | 3.6 LOW | N/A |
Slackware Linux 3.4 pkgtool allows local attacker to read and write to arbitrary files via a symlink attack on the reply file. | |||||
CVE-2004-0664 | 1 Powerportal | 1 Powerportal | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in modules.php in PowerPortal 1.x allows remote attackers to list arbitrary directories via a .. (dot dot) in the files parameter. | |||||
CVE-2000-1107 | 1 Suse | 1 Suse Linux | 2024-02-28 | 5.0 MEDIUM | N/A |
in.identd ident server in SuSE Linux 6.x and 7.0 allows remote attackers to cause a denial of service via a long request, which causes the server to access a NULL pointer and crash. | |||||
CVE-2002-2191 | 1 Lotus | 1 Domino | 2024-02-28 | 5.0 MEDIUM | N/A |
Lotus Domino 5.0.9a and earlier, even when configured with the 'DominoNoBanner=1' option, allows remote attackers to obtain potential sensitive information such as the version via a request for a non-existent .nsf database, which leaks the version in the HTTP banner. | |||||
CVE-2003-0702 | 1 Iss | 1 Realsecure Server Sensor | 2024-02-28 | 5.0 MEDIUM | N/A |
Unknown vulnerability in an ISAPI plugin for ISS Server Sensor 7.0 XPU 20.16, 20.18, and possibly other versions before 20.19, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code in Internet Information Server (IIS) via a certain URL through SSL. |