Total
266903 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-2211 | 1 Isc | 1 Bind | 2024-02-28 | 5.0 MEDIUM | N/A |
BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods. | |||||
CVE-1999-0011 | 8 Data General, Ibm, Isc and 5 more | 11 Dg Ux, Aix, Bind and 8 more | 2024-02-28 | 10.0 HIGH | N/A |
Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer. | |||||
CVE-2004-1729 | 1 Nihuo Software | 1 Web Log Analyzer | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Nihuo Web Log Analyzer 1.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. | |||||
CVE-2001-0098 | 1 Bea | 1 Weblogic Server | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a ".." string. | |||||
CVE-1999-0164 | 1 Sun | 1 Sunos | 2024-02-28 | 6.2 MEDIUM | N/A |
A race condition in the Solaris ps command allows an attacker to overwrite critical files. | |||||
CVE-2002-1953 | 1 Aol | 1 Instant Messenger | 2024-02-28 | 5.0 MEDIUM | N/A |
Heap-based buffer overflow in the goim handler of AOL Instant Messenger (AIM) 4.4 through 4.8.2616 allows remote attackers to cause a denial of service (crash) via escaping of the screen name parameter, which triggers the overflow when the user selects "Get Info" on the buddy. | |||||
CVE-2002-0299 | 1 Cnet | 1 Catchup | 2024-02-28 | 7.6 HIGH | N/A |
CNet CatchUp before 1.3.1 allows attackers to execute arbitrary code via a .RVP file that creates a file with an arbitrary extension (such as .BAT), which is executed during a scan. | |||||
CVE-1999-1312 | 1 Dec | 2 Dec Openvms Axp, Dec Openvms Vax | 2024-02-28 | 7.2 HIGH | N/A |
Vulnerability in DEC OpenVMS VAX 5.5-2 through 5.0, and OpenVMS AXP 1.0, allows local users to gain system privileges. | |||||
CVE-2004-0241 | 1 Qualiteam | 1 X-cart | 2024-02-28 | 10.0 HIGH | N/A |
X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via the perl_binary argument in (1) upgrade.php or (2) general.php. | |||||
CVE-2004-1799 | 1 Openbsd | 1 Openbsd | 2024-02-28 | 7.5 HIGH | N/A |
PF in certain OpenBSD versions, when stateful filtering is enabled, does not limit packets for a session to the original interface, which allows remote attackers to bypass intended packet filters via spoofed packets to other interfaces. | |||||
CVE-2003-1454 | 4 Invision Power Services, Linux, Microsoft and 1 more | 4 Invision Board, Linux Kernel, All Windows and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access. | |||||
CVE-2002-0138 | 1 Andreas Mueller | 1 Cdrdao | 2024-02-28 | 2.1 LOW | N/A |
CDRDAO 1.1.4 and 1.1.5 allows local users to read arbitrary files via the show-data command. | |||||
CVE-2002-0022 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated. | |||||
CVE-2000-0661 | 1 Wircsrv | 1 Irc Server | 2024-02-28 | 5.0 MEDIUM | N/A |
WircSrv IRC Server 5.07s allows remote attackers to cause a denial of service via a long string to the server port. | |||||
CVE-2002-1459 | 1 Leszek Krupinski | 1 L-forum | 2024-02-28 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is off, allows remote attackers to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail, and (3) Subject. | |||||
CVE-2004-0351 | 1 Spidersales | 1 Spidersales | 2024-02-28 | 2.1 LOW | N/A |
Spider Sales shopping cart stores the private key in the same database and table as the public key, which allows local users with access to the database to decrypt data. | |||||
CVE-1999-0739 | 1 Microsoft | 1 Internet Information Server | 2024-02-28 | 5.0 MEDIUM | N/A |
The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. | |||||
CVE-2002-0551 | 1 Gcf | 1 Dynamic Guestbook | 2024-02-28 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows remote attackers to execute code in clients who access guestbook pages via the parameters (1) name, (2) mail, or (3) kommentar. | |||||
CVE-2002-1385 | 1 Open Webmail | 1 Open Webmail | 2024-02-28 | 7.2 HIGH | N/A |
openwebmail_init in Open WebMail 1.81 and earlier allows local users to execute arbitrary code via .. (dot dot) sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be executed. | |||||
CVE-2001-0918 | 1 Suse | 1 Suse Linux | 2024-02-28 | 5.1 MEDIUM | N/A |
Vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 allow remote attackers to execute arbitrary commands by not opening files securely. |