Total
28982 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0240 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
| PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message. | |||||
| CVE-2000-0786 | 1 Gnu | 1 Userv | 2024-02-28 | 4.6 MEDIUM | N/A |
| GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions. | |||||
| CVE-2004-0675 | 1 Mcmurtrey Whitaker And Associates | 1 Cart32 | 2024-02-28 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) c32web.exe in Cart32 shopping cart allows remote attackers to execute arbitrary web script via the cart32 parameter to a GetLatestBuilds command. | |||||
| CVE-2000-0827 | 1 Mobius | 1 Documentdirect For The Internet | 2024-02-28 | 10.0 HIGH | N/A |
| Buffer overflow in the web authorization form of Mobius DocumentDirect for the Internet 1.2 allows remote attackers to cause a denial of service or execute arbitrary commands via a long username. | |||||
| CVE-2003-1053 | 1 Xshisen | 1 Xshisen | 2024-02-28 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in XShisen allow attackers to execute arbitrary code via a long (1) -KCONV command line option or (2) XSHISENLIB environment variable. | |||||
| CVE-2000-0701 | 3 Conectiva, Gnu, Redhat | 3 Linux, Mailman, Linux | 2024-02-28 | 4.6 MEDIUM | N/A |
| The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges. | |||||
| CVE-1999-1456 | 1 Thttpd | 1 Thttpd Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
| thttpd HTTP server 2.03 and earlier allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename. | |||||
| CVE-2002-0227 | 2 Kde, Kicq | 2 Kde, Kicq | 2024-02-28 | 5.0 MEDIUM | N/A |
| KICQ 2.0.0b1 allows remote attackers to cause a denial of service (crash) via a malformed message. | |||||
| CVE-2001-0001 | 1 Francisco Burzi | 1 Php-nuke | 2024-02-28 | 7.5 HIGH | N/A |
| cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentication and gain access to other user accounts by extracting the authentication information from a cookie. | |||||
| CVE-2003-1274 | 1 Nullsoft | 1 Winamp | 2024-02-28 | 5.0 MEDIUM | N/A |
| Winamp 3.0 allows remote attackers to cause a denial of service (crash) via .b4s file with a file: argument to the Playstring parameter that contains MS-DOS device names such as aux. | |||||
| CVE-1999-0865 | 1 Stalker | 1 Communigate Pro | 2024-02-28 | 5.0 MEDIUM | N/A |
| Buffer overflow in CommuniGatePro via a long string to the HTTP configuration port. | |||||
| CVE-2002-0433 | 1 Pi3 | 1 Pi3web | 2024-02-28 | 5.0 MEDIUM | N/A |
| Pi3Web 2.0.0 allows remote attackers to view restricted files via an HTTP request containing a "*" (wildcard or asterisk) character. | |||||
| CVE-2002-1421 | 1 Ilia Alshanetsky | 1 Fudforum | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via (1) report.php, (2) selmsg.php, and (3) showposts.php. | |||||
| CVE-2001-0768 | 1 Steve Poulsen | 1 Guildftpd | 2024-02-28 | 4.6 MEDIUM | N/A |
| GuildFTPd 0.9.7 stores user names and passwords in plaintext in the default.usr file, which allows local users to gain privileges as other FTP users by reading the file. | |||||
| CVE-2003-0959 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 10.0 HIGH | N/A |
| Multiple integer overflows in the 32bit emulation for AMD64 architectures in Linux 2.4 kernel before 2.4.21 allows attackers to cause a denial of service or gain root privileges via unspecified vectors that trigger copy_from_user function calls with improper length arguments. | |||||
| CVE-2004-0388 | 1 Oracle | 1 Mysql | 2024-02-28 | 2.1 LOW | N/A |
| The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2001-1568 | 1 Cmg | 1 Wap Gateway | 2024-02-28 | 6.4 MEDIUM | N/A |
| CMG WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack. | |||||
| CVE-2000-0970 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-28 | 7.5 HIGH | N/A |
| IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability. | |||||
| CVE-1999-1131 | 1 Sgi | 1 Irix | 2024-02-28 | 5.0 MEDIUM | N/A |
| Buffer overflow in OSF Distributed Computing Environment (DCE) security demon (secd) in IRIX 6.4 and earlier allows attackers to cause a denial of service via a long principal, group, or organization. | |||||
| CVE-2001-1219 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location. | |||||