Total
28982 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-0118 | 3 Immunix, Mandrakesoft, Redhat | 3 Immunix, Mandrake Linux, Linux | 2024-02-28 | 1.2 LOW | N/A |
rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack. | |||||
CVE-2003-0943 | 1 Sap | 1 Sap Db | 2024-02-28 | 7.5 HIGH | N/A |
web-tools in SAP DB before 7.4.03.30 installs several services that are enabled by default, which could allow remote attackers to obtain potentially sensitive information or redirect attacks against internal databases via (1) waecho, (2) Web SQL Interface (websql), or (3) Web Database Manager (webdbm). | |||||
CVE-2002-1930 | 1 An | 1 An-httpd | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote attackers to execute arbitrary code via a SOCKS4 request with a long username. | |||||
CVE-2002-1060 | 1 Bluecoat | 1 Cacheos | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Blue Coat Systems (formerly CacheFlow) CacheOS on Client Accelerator 4.1.06, Security Gateway 2.1.02, and Server Accelerator 4.1.06 allows remote attackers to inject arbitrary web script or HTML via a URL to a nonexistent hostname that includes the HTML, which is inserted into the resulting error page. | |||||
CVE-2001-0053 | 3 David Madore, Netbsd, Openbsd | 3 Ftpd-bsd, Netbsd, Openbsd | 2024-02-28 | 10.0 HIGH | N/A |
One-byte buffer overflow in replydirname function in BSD-based ftpd allows remote attackers to gain root privileges. | |||||
CVE-2004-1358 | 1 Sun | 1 Solaris | 2024-02-28 | 5.0 MEDIUM | N/A |
The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module (BSM), which allows attackers to avoid having their activity logged. | |||||
CVE-2000-0304 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability. | |||||
CVE-2001-0987 | 1 Nathan Neulinger | 1 Cgiwrap | 2024-02-28 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote attackers to execute arbitrary Javascript on other web clients by causing the Javascript to be inserted into error messages that are generated by CGIWrap. | |||||
CVE-2004-2250 | 1 Goosequill | 1 Audienceconnect Remoteeditor | 2024-02-28 | 7.5 HIGH | N/A |
Unknown vulnerability in the "access code" in RemoteEditor before 0.1.6 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions. | |||||
CVE-2003-0641 | 1 Watchguard | 1 Serverlock | 2024-02-28 | 4.6 MEDIUM | N/A |
WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local users to load arbitrary modules via the OpenProcess() function, as demonstrated using (1) a DLL injection attack, (2) ZwSetSystemInformation, and (3) API hooking in OpenProcess. | |||||
CVE-2001-1257 | 1 Horde | 1 Imp | 2024-02-28 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email. | |||||
CVE-2004-1864 | 1 Xmb Forum | 1 Xmb | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta allows remote attackers to execute arbitrary SQL commands via the restrict parameter to (1) member.php, (2) misc.php, or (3) today.php. | |||||
CVE-1999-0793 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 2.6 LOW | N/A |
Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet. | |||||
CVE-2004-2124 | 1 Gallery Project | 1 Gallery | 2024-02-28 | 5.0 MEDIUM | N/A |
The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. | |||||
CVE-2004-2229 | 1 Oracle | 1 Database Server Lite | 2024-02-28 | 4.6 MEDIUM | N/A |
Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server 5.0.0.0.0 through 5.0.2.9.0 allow remote authenticated users to gain privileges. | |||||
CVE-2001-0087 | 1 Michael Glickman | 1 Itetris | 2024-02-28 | 7.2 HIGH | N/A |
itetris/xitetris 1.6.2 and earlier trusts the PATH environmental variable to find and execute the gunzip program, which allows local users to gain root privileges by changing their PATH so that it points to a malicious gunzip program. | |||||
CVE-2002-1515 | 1 Coolforum | 1 Coolforum | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in avatar.php in CoolForum 0.5 beta allows remote attackers to read arbitrary files via .. (dot dot) sequences in the img parameter. | |||||
CVE-2004-0354 | 1 Gnu | 1 Anubis | 2024-02-28 | 10.0 HIGH | N/A |
Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the info function in log.c, (2) the anubis_error function in errs.c, or (3) the ssl_error function in ssl.c. | |||||
CVE-2004-0352 | 1 Cisco | 4 Content Services Switch 11000, Content Services Switch 11050, Content Services Switch 11150 and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow remote attackers to cause a denial of service (device reset) via a malformed packet to UDP port 5002. | |||||
CVE-2001-1005 | 1 Starfish | 1 Truesync Desktop | 2024-02-28 | 7.5 HIGH | N/A |
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak encryption to store the user password in a registry key, which allows attackers who have access to the registry key to decrypt the password and gain privileges. |