Total
266916 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-1846 | 1 Yabb | 1 Yabb | 2024-02-28 | 5.0 MEDIUM | N/A |
Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a user to submit the correct password before changing it to a new password, which allows remote attackers to modify passwords by stealing the cookie of another user, modifying the expiretime setting, and submitting the change in a profile2 action to index.php. | |||||
CVE-1999-1257 | 1 Xyplex | 1 Maxserver Xyplex Terminal Server | 2024-02-28 | 7.5 HIGH | N/A |
Xyplex terminal server 6.0.1S1, and possibly other versions, allows remote attackers to bypass the password prompt by entering (1) a CTRL-Z character, or (2) a ? (question mark). | |||||
CVE-2000-0210 | 1 Sun | 1 Workshop | 2024-02-28 | 1.2 LOW | N/A |
The lit program in Sun Flex License Manager (FlexLM) follows symlinks, which allows local users to modify arbitrary files. | |||||
CVE-2003-1408 | 1 Lotus | 1 Domino Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot. | |||||
CVE-2002-1035 | 1 Omnicron | 1 Omnihttpd | 2024-02-28 | 5.0 MEDIUM | N/A |
Omnicron OmniHTTPd 2.09 allows remote attackers to cause a denial of service (crash) via an HTTP request with a long, malformed HTTP 1version number. | |||||
CVE-2004-2171 | 1 Cherokee | 1 Cherokee Httpd | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting error page. | |||||
CVE-2003-0093 | 1 Lbl | 1 Tcpdump | 2024-02-28 | 5.0 MEDIUM | N/A |
The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service (crash) via an invalid RADIUS packet with a header length field of 0, which causes tcpdump to generate data within an infinite loop. | |||||
CVE-2002-2272 | 1 Apache | 2 Http Server, Tomcat | 2024-02-28 | 7.8 HIGH | N/A |
Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values. | |||||
CVE-2001-0821 | 1 Dcscripts | 1 Dcshop | 2024-02-28 | 5.0 MEDIUM | N/A |
The default configuration of DCShop 1.002 beta places sensitive files in the cgi-bin directory, which could allow remote attackers to read sensitive data via an HTTP GET request for (1) orders.txt or (2) auth_user_file.txt. | |||||
CVE-2003-0336 | 1 Qualcomm | 1 Eudora | 2024-02-28 | 5.0 MEDIUM | N/A |
Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files via an email message with a carriage return (CR) character in a spoofed "Attachment Converted:" string, which is not properly handled by Eudora. | |||||
CVE-2004-1787 | 1 Postnuke Software Foundation | 1 Postcalendar | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in PostCalendar 4.0.0 allows remote attackers to execute arbitrary SQL commands via search queries. | |||||
CVE-2004-2168 | 1 Baardsen Software | 1 Basomail Server | 2024-02-28 | 5.0 MEDIUM | N/A |
BaSoMail 1.24 allows remote attackers to cause a denial of service (CPU consumption) via multiple connections to TCP port (1) 25 (SMTP) or (2) 110 (POP3). | |||||
CVE-2001-1103 | 1 Rhinosoft | 1 Ftp Voyager | 2024-02-28 | 7.5 HIGH | N/A |
FTP Voyager ActiveX control before 8.0, when it is marked as safe for scripting (the default) or if allowed by the IObjectSafety interface, allows remote attackers to execute arbitrary commands. | |||||
CVE-2000-0995 | 1 Openbsd | 1 Openbsd | 2024-02-28 | 7.2 HIGH | N/A |
Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name. | |||||
CVE-2002-1258 | 1 Microsoft | 8 Windows 2000, Windows 2000 Terminal Services, Windows 95 and 5 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due to a parsing error. | |||||
CVE-2001-0313 | 1 Borderware | 1 Firewall Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Borderware Firewall Server 6.1.2 allows remote attackers to cause a denial of service via a ping to the broadcast address of the public network on which the server is placed, which causes the server to continuously send pings (echo requests) to the network. | |||||
CVE-2003-1255 | 1 Active Php Bookmarks | 1 Active Php Bookmarks | 2024-02-28 | 6.4 MEDIUM | N/A |
add_bookmark.php in Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to add arbitrary bookmarks as other users using a modified auth_user_id parameter. | |||||
CVE-2002-0487 | 1 Workforceroi | 1 Xpede | 2024-02-28 | 4.6 MEDIUM | N/A |
Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache. | |||||
CVE-2000-0141 | 1 Infopop | 1 Ultimate Bulletin Board | 2024-02-28 | 10.0 HIGH | N/A |
Infopop Ultimate Bulletin Board (UBB) allows remote attackers to execute commands via shell metacharacters in the topic hidden field. | |||||
CVE-2000-1175 | 1 Jan Hubicka | 1 Koules | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in Koules 1.4 allows local users to execute arbitrary commands via a long command line argument. |