Total
266897 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-0502 | 1 Microsoft | 1 Outlook | 2024-02-28 | 5.0 MEDIUM | N/A |
Outlook 2003, when replying to an e-mail message, stores certain files in a predictable location for the "src" of an img tag of the original message, which allows remote attackers to bypass zone restrictions and exploit other issues that rely on predictable locations, as demonstrated using a shell: URI. | |||||
CVE-1999-1255 | 1 Ccs Network | 1 Hyperseek Search Engine | 2024-02-28 | 5.0 MEDIUM | N/A |
Hyperseek allows remote attackers to modify the hyperseek configuration by directly calling the admin.cgi program with an edit_file action parameter. | |||||
CVE-2001-0131 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2024-02-28 | 3.3 LOW | N/A |
htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack. | |||||
CVE-1999-1036 | 1 Cops | 1 Cops | 2024-02-28 | 7.2 HIGH | N/A |
COPS 1.04 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files in (1) res_diff, (2) ca.src, and (3) mail.chk. | |||||
CVE-2003-0503 | 1 Microsoft | 1 Windows 2000 | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in the ShellExecute API function of SHELL32.DLL in Windows 2000 before SP4 may allow attackers to cause a denial of service or execute arbitrary code via a long third argument. | |||||
CVE-2004-2173 | 1 Early Impact | 1 Productcart | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in advSearch_h.asp in EarlyImpact ProductCart allows remote attackers to execute arbitrary SQL commands via the priceUntil parameter. | |||||
CVE-1999-0298 | 2 Slackware, Sun | 2 Slackware Linux, Sunos | 2024-02-28 | 7.5 HIGH | N/A |
ypbind with -ypset and -ypsetme options activated in Linux Slackware and SunOS allows local and remote attackers to overwrite files via a .. (dot dot) attack. | |||||
CVE-2002-0441 | 1 Jerrett Taylor | 1 Php Imglist | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in imlist.php for Php Imglist allows remote attackers to read arbitrary code via a .. (dot dot) in the cwd parameter. | |||||
CVE-2004-0696 | 1 4d | 1 Webstar | 2024-02-28 | 5.0 MEDIUM | N/A |
The ShellExample.cgi script in 4D WebSTAR 5.3.2 and earlier allows remote attackers to list arbitrary directories via a URL with the desired path and a "*" (asterisk) character. | |||||
CVE-1999-1540 | 1 Cactus Software | 1 Shell-lock | 2024-02-28 | 2.1 LOW | N/A |
shell-lock in Cactus Software Shell Lock uses weak encryption (trivial encoding) which allows attackers to easily decrypt and obtain the source code. | |||||
CVE-2001-0081 | 1 Ncipher | 1 Ncipher | 2024-02-28 | 5.0 MEDIUM | N/A |
swinit in nCipher does not properly disable the Operator Card Set recovery feature even when explicitly disabled by the user, which could allow attackers to gain access to application keys. | |||||
CVE-2000-0175 | 1 Sun | 1 Staroffice | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in StarOffice StarScheduler web server allows remote attackers to gain root access via a long GET command. | |||||
CVE-2004-2188 | 1 Dmxready | 1 Dmxready Site Chassis Manager | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis Manager allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
CVE-1999-1491 | 1 Redhat | 1 Linux | 2024-02-28 | 7.2 HIGH | N/A |
abuse.console in Red Hat 2.1 uses relative pathnames to find and execute the undrv program, which allows local users to execute arbitrary commands via a path that points to a Trojan horse program. | |||||
CVE-2001-1168 | 1 Phpmyexplorer | 2 Phpmyexplorer Classic, Phpmyexplorer Multiuser | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in index.php in PhpMyExplorer before 1.2.1 allows remote attackers to read arbitrary files via a ..%2F (modified dot dot) in the chemin parameter. | |||||
CVE-2003-1265 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2024-02-28 | 2.1 LOW | N/A |
Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages. | |||||
CVE-2002-0475 | 1 Phpbb Group | 1 Phpbb | 2024-02-28 | 5.1 MEDIUM | N/A |
Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message. | |||||
CVE-2002-0802 | 1 Postgresql | 1 Postgresql | 2024-02-28 | 7.5 HIGH | N/A |
The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks. | |||||
CVE-2002-0532 | 1 Emumail | 3 Emumail, Emumail Red Hat Linux, Emumail Unix | 2024-02-28 | 7.2 HIGH | N/A |
EMU Webmail allows local users to execute arbitrary programs via a .. (dot dot) in the HTTP Host header that points to a Trojan horse configuration file that contains a pageroot specifier that contains shell metacharacters. | |||||
CVE-2001-0184 | 1 Eeye Digital Security | 1 Iris | 2024-02-28 | 2.6 LOW | N/A |
eEye Iris 1.01 beta allows remote attackers to cause a denial of service via a malformed packet, which causes Iris to crash when a user views the packet. |