Total
262164 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1078 | 1 Extremail | 1 Extremail | 2024-02-28 | 10.0 HIGH | N/A |
| Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or (4) RCPT TO, and the POP3 commands (5) USER and (6) other commands that can be executed after POP3 authentication. | |||||
| CVE-2001-0334 | 1 Microsoft | 1 Internet Information Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded. | |||||
| CVE-2003-0544 | 1 Openssl | 1 Openssl | 2024-02-28 | 5.0 MEDIUM | N/A |
| OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. | |||||
| CVE-2003-1462 | 1 Mod Survey | 1 Mod Survey | 2024-02-28 | 5.0 MEDIUM | N/A |
| mod_survey 3.0.0 through 3.0.15-pre6 does not check whether a survey exists before creating a subdirectory for it, which allows remote attackers to cause a denial of service (disk consumption and possible crash). | |||||
| CVE-2004-1811 | 1 Hp | 1 Ssl Http Server | 2024-02-28 | 7.5 HIGH | N/A |
| The SSL HTTP Server in HP Web-enabled Management Software 5.0 through 5.92, with anonymous access enabled, allows remote attackers to compromise the trusted certificates by uploading their own certificates. | |||||
| CVE-2001-0143 | 2 Immunix, Redhat | 2 Immunix, Linux | 2024-02-28 | 1.2 LOW | N/A |
| vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2002-0641 | 1 Microsoft | 2 Msde, Sql Server | 2024-02-28 | 7.5 HIGH | N/A |
| Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query. | |||||
| CVE-2001-0076 | 1 Ikonboard.com | 1 Ikonboard | 2024-02-28 | 10.0 HIGH | N/A |
| register.cgi in Ikonboard 2.1.7b and earlier allows remote attackers to execute arbitrary commands via the SEND_MAIL parameter, which overwrites an internal program variable that references a program to be executed. | |||||
| CVE-2001-1521 | 1 Postnuke Software Foundation | 1 Postnuke | 2024-02-28 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter. | |||||
| CVE-2002-0938 | 1 Cisco | 1 Secure Access Control Server | 2024-02-28 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe. | |||||
| CVE-2003-0046 | 1 Celestial Software | 1 Absolutetelnet | 2024-02-28 | 4.6 MEDIUM | N/A |
| AbsoluteTelnet SSH2 client does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials. | |||||
| CVE-2003-1317 | 1 Endonesia | 1 Endonesia | 2024-02-28 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mod.php in eNdonesia 8.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2004-0472 | 2024-02-28 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is a reservation duplicate of CVE-2004-0434. Notes: All CVE users should reference CVE-2004-0434 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
| CVE-2000-0572 | 1 Visible Systems | 1 Razor | 2024-02-28 | 4.6 MEDIUM | N/A |
| The Razor configuration management tool uses weak encryption for its password file, which allows local users to gain privileges. | |||||
| CVE-2003-1533 | 1 Phppass | 1 Phppass | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters. | |||||
| CVE-2004-1577 | 1 Greg Donald | 1 Phplinks | 2024-02-28 | 5.0 MEDIUM | N/A |
| index.php in PHP Links allows remote attackers to gain sensitive information via an invalid show parameter, which reveals the full path in an error message. | |||||
| CVE-1999-0646 | 2024-02-28 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The LDAP service is running. | |||||
| CVE-2002-0284 | 1 Nullsoft | 1 Winamp | 2024-02-28 | 2.6 LOW | N/A |
| Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing the license, which could allow malicious web servers to obtain the pathname. | |||||
| CVE-2002-1786 | 1 Sgi | 1 Irix | 2024-02-28 | 2.1 LOW | N/A |
| SGI IRIX 6.5 through 6.5.14 applies a umask of 022 to root core dumps, which allows local users to read the core dumps and possibly obtain sensitive information. | |||||
| CVE-2002-1313 | 1 Nullmailer | 1 Nullmailer | 2024-02-28 | 2.1 LOW | N/A |
| nullmailer 1.00RC5 and earlier allows local users to cause a denial of service via an email to a local user that does not exist, which generates an error that causes nullmailer to stop sending mail to all users. | |||||