Total
29055 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-1447 | 1 Apple | 1 Mac Os X | 2024-02-28 | 7.2 HIGH | N/A |
NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to gain root privileges by opening applications using the (1) "recent items" and (2) "services" menus, which causes the applications to run with root privileges. | |||||
CVE-2000-0460 | 1 Kde | 1 Kde | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable. | |||||
CVE-1999-1224 | 1 University Of Washington | 1 Imapd | 2024-02-28 | 3.6 LOW | N/A |
IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information. | |||||
CVE-2004-0598 | 1 Greg Roelofs | 1 Libpng | 2024-02-28 | 5.0 MEDIUM | N/A |
The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference. | |||||
CVE-1999-0732 | 1 Debian | 1 Debian Linux | 2024-02-28 | 2.1 LOW | N/A |
The logging facility of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links. | |||||
CVE-2002-1882 | 1 Oracle | 1 E-business Suite | 2024-02-28 | 7.5 HIGH | N/A |
Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business Suite 11i 11.1 through 11.6 allows remote attackers to bypass user authentication checks via unknown attack vectors. | |||||
CVE-1999-1520 | 1 Microsoft | 1 Site Server | 2024-02-28 | 5.0 MEDIUM | N/A |
A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information. | |||||
CVE-2001-0996 | 1 Pop3lite | 1 Pop3lite | 2024-02-28 | 6.4 MEDIUM | N/A |
POP3Lite before 0.2.4 does not properly quote a . (dot) in an email message, which could allow a remote attacker to append arbitrary text to the end of an email message, which could then be interpreted by various mail clients as valid POP server responses or other input that could cause clients to crash or otherwise behave unexpectedly. | |||||
CVE-2002-1705 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to cause a denial of service (crash) via a Cascading Style Sheet (CSS) with the p{cssText} element declared and a bold font weight. | |||||
CVE-2004-1827 | 2 Simple Machines, Yabb | 2 Simple Machines Smf, Yabb | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags. | |||||
CVE-2000-0298 | 1 Microsoft | 1 Windows 2000 | 2024-02-28 | 7.2 HIGH | N/A |
The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories. | |||||
CVE-2004-0755 | 1 Yukihiro Matsumoto | 1 Ruby | 2024-02-28 | 2.1 LOW | N/A |
The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions. | |||||
CVE-2002-0287 | 1 Powie | 1 Pforum | 2024-02-28 | 10.0 HIGH | N/A |
pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default. | |||||
CVE-2004-2158 | 1 S9y | 1 Serendipity | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php. | |||||
CVE-2000-0008 | 1 1st Choice Software | 1 Ftppro | 2024-02-28 | 2.1 LOW | N/A |
FTPPro allows local users to read sensitive information, which is stored in plain text. | |||||
CVE-2001-0037 | 1 Keware Technologies | 1 Homeseer | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in HomeSeer before 1.4.29 allows remote attackers to read arbitrary files via a URL containing .. (dot dot) specifiers. | |||||
CVE-2002-2015 | 1 Postnuke Software Foundation | 1 Postnuke | 2024-02-28 | 7.5 HIGH | N/A |
PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows remote attackers to include arbitrary files and possibly execute code via the caselist parameter. | |||||
CVE-2004-2202 | 1 Duware | 1 Duclassified | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 through 4.2 allows remote attackers to bypass authentication and execute other commands on the server's underlying database via the (1) cat_id or (2) sub_id parameters in adDetail.asp, or (2) the password parameter in the login form. | |||||
CVE-1999-1367 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 4.6 MEDIUM | N/A |
Internet Explorer 5.0 does not properly reset the username/password cache for Web sites that do not use standard cache controls, which could allow users on the same system to access restricted web sites that were visited by other users. | |||||
CVE-2002-1026 | 1 Macromedia | 1 Sitespring | 2024-02-28 | 5.0 MEDIUM | N/A |
Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine 7.0.2.1480 allows remote attackers to cause a denial of service (crash) via a long malformed request to TCP port 2500, possibly triggering a buffer overflow. |