Total
28982 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-1304 | 1 Early Impact | 1 Productcart | 2024-02-28 | 5.0 MEDIUM | N/A |
EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information via a direct request. | |||||
CVE-2002-0363 | 1 Aladdin Enterprises | 1 Ghostscript | 2024-02-28 | 7.5 HIGH | N/A |
ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice. | |||||
CVE-2000-0826 | 1 Mobius | 1 Documentdirect For The Internet | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in ddicgi.exe program in Mobius DocumentDirect for the Internet 1.2 allows remote attackers to execute arbitrary commands via a long GET request. | |||||
CVE-2003-1024 | 1 Sun | 1 Sunos | 2024-02-28 | 7.2 HIGH | N/A |
Unknown vulnerability in the ls-F builtin function in tcsh on Solaris 8 allows local users to create or delete files as other users, and gain privileges. | |||||
CVE-2000-1083 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-02-28 | 2.1 LOW | N/A |
The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | |||||
CVE-2001-0055 | 1 Cisco | 2 Broadband Operating System, Cisco 6xx Routers | 2024-02-28 | 5.0 MEDIUM | N/A |
CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to cause a denial of service via a slow stream of TCP SYN packets. | |||||
CVE-2003-0165 | 1 Gnome | 1 Eog | 2024-02-28 | 4.6 MEDIUM | N/A |
Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display. | |||||
CVE-2002-0031 | 1 Yahoo | 1 Messenger | 2024-02-28 | 4.6 MEDIUM | N/A |
Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary code via a ymsgr URI with long arguments to (1) call, (2) sendim, (3) getimv, (4) chat, (5) addview, or (6) addfriend. | |||||
CVE-2003-0778 | 1 Sane | 2 Sane, Sane-backend | 2024-02-28 | 5.0 MEDIUM | N/A |
saned in sane-backends 1.0.7 and earlier, and possibly later versions, does not properly allocate memory in certain cases, which could allow attackers to cause a denial of service (memory consumption). | |||||
CVE-2002-2398 | 1 App | 1 Apboard | 2024-02-28 | 5.0 MEDIUM | N/A |
The new thread posting page in APBoard 2.02 and 2.03 allows remote attackers to post messages to protected forums by modifying the insertinto parameter. | |||||
CVE-2001-0912 | 1 Mandrakesoft | 1 Mandrake Linux | 2024-02-28 | 7.2 HIGH | N/A |
Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect to search for its libraries in the /home/snailtalk directory before other directories, which could allow a local user to gain root privileges. | |||||
CVE-2002-0029 | 2 Astaro, Isc | 2 Security Linux, Bind | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684. | |||||
CVE-2000-0945 | 1 Cisco | 1 Catalyst 3500 Xl | 2024-02-28 | 10.0 HIGH | N/A |
The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory. | |||||
CVE-2001-1229 | 2 Icecast, Libshout | 2 Icecast, Libshout | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before 1.0.4 allow remote attackers to cause a denial of service (crash) and execute arbitrary code. | |||||
CVE-1999-1103 | 1 Digital | 1 Osf 1 | 2024-02-28 | 4.6 MEDIUM | N/A |
dxconsole in DEC OSF/1 3.2C and earlier allows local users to read arbitrary files by specifying the file with the -file parameter. | |||||
CVE-2002-1097 | 1 Cisco | 2 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client | 2024-02-28 | 7.5 HIGH | N/A |
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows restricted administrators to obtain certificate passwords that are stored in plaintext in the HTML source code for Certificate Management pages. | |||||
CVE-1999-0445 | 1 Cisco | 1 Ios | 2024-02-28 | 5.0 MEDIUM | N/A |
In Cisco routers under some versions of IOS 12.0 running NAT, some packets may not be filtered by input access list filters. | |||||
CVE-2003-0287 | 1 Six Apart | 1 Movable Type | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, and possibly other versions including 2.63, allows remote attackers to insert arbitrary web script or HTML via the Name textbox, possibly when the "Allow HTML in comments?" option is enabled. | |||||
CVE-2002-0377 | 1 Rob Flynn | 1 Gaim | 2024-02-28 | 2.1 LOW | N/A |
Gaim 0.57 stores sensitive information in world-readable and group-writable files in the /tmp directory, which allows local users to access MSN web email accounts of other users who run Gaim by reading authentication information from the files. | |||||
CVE-2004-0612 | 1 Zonelabs | 1 Zonealarm | 2024-02-28 | 5.1 MEDIUM | N/A |
The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter mobile code within an SSL encrypted session, which could allow remote attackers to bypass the mobile code filtering. NOTE: it has been disputed by the vendor that this behavior is required by the SSL specification. |