Total
266887 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-1999-0583 | 2024-02-28 | 10.0 HIGH | N/A | ||
There is a one-way or two-way trust relationship between Windows NT domains. | |||||
CVE-2001-0608 | 1 Hp | 1 Mpe | 2024-02-28 | 7.5 HIGH | N/A |
HP architected interface facility (AIF) as includes with MPE/iX 5.5 through 6.5 running on a HP3000 allows an attacker to gain additional privileges and gain access to databases via the AIF - AIFCHANGELOGON program. | |||||
CVE-2003-1516 | 1 Sun | 1 Java Plug-in | 2024-02-28 | 6.8 MEDIUM | N/A |
The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet. | |||||
CVE-1999-1016 | 2 Microsoft, Qualcomm | 4 Frontpage, Internet Explorer, Outlook Express and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell. | |||||
CVE-1999-1522 | 1 Roxen | 1 Roxen Web Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Vulnerability in htmlparse.pike in Roxen Web Server 1.3.11 and earlier, possibly related to recursive parsing and referer tags in RXML. | |||||
CVE-2000-0061 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 10.0 HIGH | N/A |
Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript in a different security context while the document is loading. | |||||
CVE-2000-0379 | 1 Netopia | 1 R-series Routers | 2024-02-28 | 3.6 LOW | N/A |
The Netopia R9100 router does not prevent authenticated users from modifying SNMP tables, even if the administrator has configured it to do so. | |||||
CVE-2002-1648 | 1 Squirrelmail | 1 Squirrelmail | 2024-02-28 | 7.5 HIGH | N/A |
Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters. | |||||
CVE-1999-0547 | 2024-02-28 | 10.0 HIGH | N/A | ||
An SSH server allows authentication through the .rhosts file. | |||||
CVE-1999-0184 | 1 Isc | 1 Bind | 2024-02-28 | 6.4 MEDIUM | N/A |
When compiled with the -DALLOW_UPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records. | |||||
CVE-1999-0155 | 1 Aladdin Enterprises | 1 Ghostscript | 2024-02-28 | 7.5 HIGH | N/A |
The ghostscript command with the -dSAFER option allows remote attackers to execute commands. | |||||
CVE-2002-2218 | 1 Sips | 1 Sips | 2024-02-28 | 10.0 HIGH | N/A |
CRLF injection vulnerability in the setUserValue function in sipssys/code/site.inc.php in Haakon Nilsen simple, integrated publishing system (SIPS) before 20020209 has unknown impact, possibly gaining privileges or modifying critical configuration, via a CRLF sequence in a key value. | |||||
CVE-2003-0821 | 1 Microsoft | 2 Word, Works | 2024-02-28 | 7.5 HIGH | N/A |
Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model. | |||||
CVE-1999-0116 | 1 Ibm | 2 Aix, Sng | 2024-02-28 | 5.0 MEDIUM | N/A |
Denial of service when an attacker sends many SYN packets to create multiple connections without ever sending an ACK to complete the connection, aka SYN flood. | |||||
CVE-2004-0835 | 3 Debian, Mysql, Oracle | 3 Debian Linux, Mysql, Mysql | 2024-02-28 | 7.5 HIGH | N/A |
MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities. | |||||
CVE-2002-1637 | 1 Oracle | 1 Application Server | 2024-02-28 | 4.6 MEDIUM | N/A |
Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS, (2) SYSTEM, (3) AQJAVA, (4) OWA, (5) IMAGEUSER, (6) USER1, (7) USER2, (8) PLSQL, (9) DEMO, (10) FINANCE, and many others, which allows attackers to gain privileges. | |||||
CVE-2004-0465 | 1 Openconnect | 1 Webconnect | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in jretest.html in WebConnect 6.5 and 6.4.4, and possibly earlier versions, allows remote attackers to read keys within arbitrary INI formatted files via "..//" sequences in the WCP_USER parameter. | |||||
CVE-2002-0523 | 1 Asp-nuke | 1 Asp-nuke | 2024-02-28 | 5.0 MEDIUM | N/A |
ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in users by submitting an invalid "pseudo" cookie. | |||||
CVE-2002-0052 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 5.0 MEDIUM | N/A |
Internet Explorer 6.0 and earlier does not properly handle VBScript in certain domain security checks, which allows remote attackers to read arbitrary files. | |||||
CVE-2000-0903 | 1 Qnx | 1 Voyager | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Voyager web server 2.01B in the demo disks for QNX 405 allows remote attackers to read arbitrary files via a .. (dot dot) attack. |