Total
266790 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2000-1060 | 1 Xfree86 Project | 1 Xfce | 2024-02-28 | 4.6 MEDIUM | N/A |
The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges. | |||||
CVE-2001-0135 | 1 Ultrascripts | 1 Ultraboard | 2024-02-28 | 2.1 LOW | N/A |
The default installation of Ultraboard 2000 2.11 creates the Skins, Database, and Backups directories with world-writeable permissions, which could allow local users to modify sensitive information or possibly insert and execute CGI programs. | |||||
CVE-1999-1303 | 1 Sco | 5 Open Desktop, Open Desktop Lite, Openserver Enterprise System and 2 more | 2024-02-28 | 7.2 HIGH | N/A |
Vulnerability in prwarn in SCO UNIX 4.2 and earlier allows local users to gain root access. | |||||
CVE-2004-1842 | 1 Phpnuke | 1 Php-nuke | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php. | |||||
CVE-2003-0618 | 2 Debian, Perl | 2 Debian Linux, Suidperl | 2024-02-28 | 2.1 LOW | N/A |
Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local user to obtain sensitive information about files for which the user does not have appropriate permissions. | |||||
CVE-2001-0241 | 1 Microsoft | 1 Windows 2000 | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0. | |||||
CVE-2000-0090 | 1 Vmware | 1 Workstation | 2024-02-28 | 3.6 LOW | N/A |
VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack. | |||||
CVE-2000-0880 | 1 Plus Technologies | 1 Lpplus | 2024-02-28 | 3.6 LOW | N/A |
LPPlus creates the lpdprocess file with world-writeable permissions, which allows local users to kill arbitrary processes by specifying an alternate process ID and using the setuid dcclpdshut program to kill the process that was specified in the lpdprocess file. | |||||
CVE-2003-1001 | 1 Cisco | 9 Catalyst 6500, Catalyst 6500 Ws-svc-nam-1, Catalyst 6500 Ws-svc-nam-2 and 6 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via HTTP auth requests for (1) TACACS+ or (2) RADIUS authentication. | |||||
CVE-2002-1510 | 1 Xfree86 Project | 1 X11r6 | 2024-02-28 | 10.0 HIGH | N/A |
xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist. | |||||
CVE-2003-0629 | 1 Peoplesoft | 1 Peopletools | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in PeopleSoft IScript environment for PeopleTools 8.43 and earlier allows remote attackers to insert arbitrary web script via a certain HTTP request to IScript. | |||||
CVE-2004-0521 | 2 Sgi, Squirrelmail | 2 Propack, Squirrelmail | 2024-02-28 | 10.0 HIGH | N/A |
SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php. | |||||
CVE-2004-1959 | 1 Protector System | 1 Protector System | 2024-02-28 | 5.0 MEDIUM | N/A |
blocker_query.php in Protector System 1.15b1 for PHP-Nuke allows remote attackers to gain sensitive information via a string in the portNum parameter, which reveals the full path in an error message. | |||||
CVE-1999-0237 | 1 Webcom | 1 Cgi Guestbook | 2024-02-28 | 7.5 HIGH | N/A |
Remote execution of arbitrary commands through Guestbook CGI program. | |||||
CVE-2001-1402 | 1 Mozilla | 1 Bugzilla | 2024-02-28 | 7.5 HIGH | N/A |
Bugzilla before 2.14 does not properly escape untrusted parameters, which could allow remote attackers to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form variables for reports.cgi, (2) the voteon, bug_id, and user variables for showvotes.cgi, (3) an invalid email address in createaccount.cgi, (4) an invalid ID in showdependencytree.cgi, (5) invalid usernames and other fields in process_bug.cgi, and (6) error messages in buglist.cgi. | |||||
CVE-2002-0434 | 1 Marcus S. Xenakis | 1 Directory.php | 2024-02-28 | 10.0 HIGH | N/A |
Marcus S. Xenakis directory.php script allows remote attackers to execute arbitrary commands via shell metacharacters in the dir parameter. | |||||
CVE-2004-2237 | 1 Moodle | 1 Moodle | 2024-02-28 | 10.0 HIGH | N/A |
Unknown vulnerability in Moodle before 1.3.4 has unknown impact and attack vectors, related to "strings in Moodle texts." | |||||
CVE-2002-0581 | 1 Workforceroi | 1 Xpede | 2024-02-28 | 7.5 HIGH | N/A |
WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary SQL commands and read, modify, or steal credentials from the database via the Qry parameter in the sprc.asp script. | |||||
CVE-2001-0160 | 2 Lucent, Orinoco | 2 Wavelan, Orinoco Wavelan | 2024-02-28 | 5.0 MEDIUM | N/A |
Lucent/ORiNOCO WaveLAN cards generate predictable Initialization Vector (IV) values for the Wireless Encryption Protocol (WEP) which allows remote attackers to quickly compile information that will let them decrypt messages. | |||||
CVE-1999-1132 | 1 Microsoft | 1 Windows Nt | 2024-02-28 | 5.0 MEDIUM | N/A |
Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop count greater than 7, or (2) a list containing duplicate Token Ring IDs. |