Vulnerabilities (CVE)

Total 240544 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2003-1469 2 Macromedia, Microsoft 5 Coldfusion, Coldfusion Professional, Windows 2000 and 2 more 2024-02-28 5.0 MEDIUM N/A
The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message.
CVE-2003-1084 1 Tildeslash 1 Monit 2024-02-28 5.0 MEDIUM N/A
Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request with a negative Content-Length field.
CVE-2000-0653 1 Microsoft 1 Outlook Express 2024-02-28 5.0 MEDIUM N/A
Microsoft Outlook Express allows remote attackers to monitor a user's email by creating a persistent browser link to the Outlook Express windows, aka the "Persistent Mail-Browser Link" vulnerability.
CVE-2002-0984 1 Light 1 Light 2024-02-28 7.5 HIGH N/A
The IRC script included in Light 2.7.x before 2.7.30p5, and 2.8.x before 2.8pre10, running EPIC allows remote attackers to execute arbitrary code if the user joins a channel whose topic includes EPIC4 code.
CVE-2000-0478 1 Symantec 1 Norton Antivirus 2024-02-28 5.0 MEDIUM N/A
In some cases, Norton Antivirus for Exchange (NavExchange) enters a "fail-open" state which allows viruses to pass through the server.
CVE-2000-0340 1 Suse 1 Suse Linux 2024-02-28 7.2 HIGH N/A
Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to execute arbitrary commands via the DISPLAY environmental variable.
CVE-2002-2010 1 Htdig 1 Htdig 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in htsearch.cgi in htdig (ht://Dig) 3.1.5, 3.1.6, and 3.2 allows remote attackers to inject arbitrary web script or HTML via the words parameter.
CVE-2004-1700 1 Pinnacle Systems 1 Showcenter 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in SettingsBase.php in Pinnacle ShowCenter 1.51 build 121 allows remote attackers to inject arbitrary HTML or web script via the Skin parameter, which is echoed in an error message.
CVE-1999-1419 1 Sun 2 Solaris, Sunos 2024-02-28 7.2 HIGH N/A
Buffer overflow in nss_nisplus.so.1 library in NIS+ in Solaris 2.3 and 2.4 allows local users to gain root privileges.
CVE-1999-1213 1 Hp 1 Hp-ux 2024-02-28 5.0 MEDIUM N/A
Vulnerability in telnet service in HP-UX 10.30 allows attackers to cause a denial of service.
CVE-2004-1770 1 Cpanel 1 Cpanel 2024-02-28 10.0 HIGH N/A
The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter.
CVE-2002-0904 1 Kismet 1 Kismet 2024-02-28 7.5 HIGH N/A
SayText function in Kismet 2.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters (backtick or pipe) in the essid argument.
CVE-1999-0289 2 Apache, Microsoft 2 Http Server, Windows 2024-02-28 5.0 MEDIUM N/A
The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
CVE-2001-1334 1 Phpslash 1 Phpslash 2024-02-28 5.0 MEDIUM N/A
Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with PHPSlash administrator privileges to read arbitrary files by creating a block and specifying the target file as the source URL.
CVE-2001-0553 1 Ssh 1 Secure Shell 2024-02-28 7.2 HIGH N/A
SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use "NP" in the password field.
CVE-2003-1461 1 Hp 1 Hp-ux 2024-02-28 7.2 HIGH N/A
Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor was unable to reproduce the problem on a system that had been patched for an lp vulnerability (CVE-2002-1473).
CVE-2002-0021 1 Microsoft 1 Office 2024-02-28 5.0 MEDIUM N/A
Network Product Identification (PID) Checker in Microsoft Office v. X for Mac allows remote attackers to cause a denial of service (crash) via a malformed product announcement.
CVE-2002-0824 1 Freebsd 1 Point-to-point Protocol Daemon 2024-02-28 6.9 MEDIUM N/A
BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device.
CVE-2000-0603 1 Microsoft 1 Sql Server 2024-02-28 4.6 MEDIUM N/A
Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability.
CVE-2001-0905 1 Procmail 1 Procmail 2024-02-28 6.2 MEDIUM N/A
Race condition in signal handling of procmail 3.20 and earlier, when running setuid, allows local users to cause a denial of service or gain root privileges by sending a signal while a signal handling routine is already running.