Total
266775 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2000-0705 | 1 Luca Deri | 1 Ntop | 2024-02-28 | 5.0 MEDIUM | N/A |
ntop running in web mode allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
CVE-2001-0769 | 1 Steve Poulsen | 1 Guildftpd | 2024-02-28 | 5.0 MEDIUM | N/A |
Memory leak in GuildFTPd Server 0.97 allows remote attackers to cause a denial of service via a request containing a null character. | |||||
CVE-2003-0096 | 1 Oracle | 3 Database Server, Oracle8i, Oracle9i | 2024-02-28 | 9.0 HIGH | N/A |
Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function. | |||||
CVE-1999-1536 | 1 Acushop | 1 Salesbuilder | 2024-02-28 | 7.2 HIGH | N/A |
.sbstart startup script in AcuShop Salesbuilder is world writable, which allows local users to gain privileges by appending commands to the file. | |||||
CVE-2002-1043 | 1 Ultrafunk | 1 Popcorn | 2024-02-28 | 5.0 MEDIUM | N/A |
Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) via a malformed Subject ("\t\t"). | |||||
CVE-2001-1213 | 1 Datawizard | 1 Ftpxq | 2024-02-28 | 6.4 MEDIUM | N/A |
The default configuration of DataWizard FtpXQ 2.0 and 2.1 includes a default username and password, which allows remote attackers to read and write arbitrary files in the root folder. | |||||
CVE-2001-0348 | 1 Microsoft | 1 Windows 2000 | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace. | |||||
CVE-2000-0443 | 1 Hp | 1 Jetadmin | 2024-02-28 | 7.5 HIGH | N/A |
The web interface server in HP Web JetAdmin 5.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
CVE-2002-0762 | 1 Suse | 1 Suse Linux | 2024-02-28 | 7.2 HIGH | N/A |
shadow package in SuSE 8.0 allows local users to destroy the /etc/passwd and /etc/shadow files or assign extra group privileges to some users by changing filesize limits before calling programs that modify the files. | |||||
CVE-2001-1042 | 1 Transsoft | 1 Broker Ftp Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file. | |||||
CVE-2000-0757 | 1 Aptis Software | 1 Totalbill | 2024-02-28 | 10.0 HIGH | N/A |
The sysgen service in Aptis Totalbill does not perform authentication, which allows remote attackers to gain root privileges by connecting to the service and specifying the commands to be executed. | |||||
CVE-2004-1720 | 1 Merak | 1 Mail Server | 2024-02-28 | 5.0 MEDIUM | N/A |
The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote attackers to gain sensitive information via an invalid HTTP request, which reveals the installation path. NOTE: it is unclear whether the calendar.html is an exposure, since the path is leaked in web logs that may only be available to the administrators, who would have access to the path through legitimate means. | |||||
CVE-2004-2000 | 1 Francisco Burzi | 1 Php-nuke | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL via the (1) orderby or (2) sid parameters to modules.php. | |||||
CVE-2001-0969 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 10.0 HIGH | N/A |
ipfw in FreeBSD does not properly handle the use of "me" in its rules when point to point interfaces are used, which causes ipfw to allow connections from arbitrary remote hosts. | |||||
CVE-2004-1516 | 1 Phpwebsite | 1 Phpwebsite | 2024-02-28 | 5.0 MEDIUM | N/A |
CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the block_username parameter in the user module. | |||||
CVE-2002-0202 | 1 Paintbbs | 1 Paintbbs | 2024-02-28 | 3.6 LOW | N/A |
PaintBBS 1.2 installs certain files and directories with insecure permissions, which allows local users to (1) obtain the encrypted server password via the world-readable oekakibbs.conf file, or (2) modify the server configuration via the world-writeable /oekaki/ folder. | |||||
CVE-2004-0545 | 1 Ibm | 1 Aix | 2024-02-28 | 7.2 HIGH | N/A |
LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary files via a symlink attack. | |||||
CVE-2001-0250 | 1 Netscape | 1 Enterprise Server | 2024-02-28 | 5.0 MEDIUM | N/A |
The Web Publishing feature in Netscape Enterprise Server 4.x and earlier allows remote attackers to list arbitrary directories under the web server root via the INDEX command. | |||||
CVE-2004-0389 | 1 Realnetworks | 1 Helix Universal Server | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote attackers to cause a denial of service (crash) via malformed requests that trigger a null dereference, as demonstrated using (1) GET_PARAMETER or (2) DESCRIBE requests. | |||||
CVE-2001-1216 | 1 Oracle | 1 Application Server | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page. |