Total
266770 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-1762 | 1 Microsoft | 1 Baseline Security Analyzer | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans in a known location C:\Documents and Settings\username\SecurityScans in plaintext, which could allow remote attackers to obtain sensitive information about the system via malicious active content such as ActiveX controls or Java. | |||||
CVE-2001-0179 | 1 Macromedia | 1 Jrun | 2024-02-28 | 5.0 MEDIUM | N/A |
Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory, via a malformed URL that contains a "." | |||||
CVE-2002-1461 | 1 Webscriptworld | 1 Web Shop Manager | 2024-02-28 | 7.5 HIGH | N/A |
Web Shop Manager 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search box. | |||||
CVE-2000-0108 | 1 Intelligent Vending Systems | 1 Intellivend | 2024-02-28 | 7.5 HIGH | N/A |
The Intellivend shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. | |||||
CVE-2002-0125 | 1 Clanlib | 1 Clanlib | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in ClanLib library 0.5 may allow local users to execute arbitrary code in games that use the library, such as (1) Super Methane Brothers, (2) Star War, (3) Kwirk, (4) Clankanoid, and others, via a long HOME environment variable. | |||||
CVE-1999-1579 | 1 Microsoft | 1 Windows Nt | 2024-02-28 | 5.0 MEDIUM | N/A |
The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions of Windows NT 4.0 and Windows NT Server 4.0 before SP6 allows remote attackers to cause a denial of service (resource consumption) by creating a large number of arbitrary files on the target machine. | |||||
CVE-1999-1111 | 1 Immunix | 1 Stackguard | 2024-02-28 | 7.5 HIGH | N/A |
Vulnerability in StackGuard before 1.21 allows remote attackers to bypass the Random and Terminator Canary security mechanisms by using a non-linear attack which directly modifies a pointer to a return address instead of using a buffer overflow to reach the return address entry itself. | |||||
CVE-2004-1956 | 1 Postnuke Software Foundation | 1 Postnuke | 2024-02-28 | 5.0 MEDIUM | N/A |
PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the (1) includes/blocks directory, (2) pnadodb directory, (3) NS-NewUser module, (4) NS-Your_Account, (5) NS-LostPassword module, or (6) NS-User module which reveals the path to the web server in a PHP error message. | |||||
CVE-2002-0995 | 1 Gianluca Baldo | 1 Phpauction | 2024-02-28 | 7.5 HIGH | N/A |
login.php for PHPAuction allows remote attackers to gain privileges via a direct call to login.php with the action parameter set to "insert," which adds the provided username to the adminUsers table. | |||||
CVE-1999-1554 | 1 Sgi | 1 Irix | 2024-02-28 | 2.1 LOW | N/A |
/usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the group ID to the group ID of the user who started Mail, which allows local users to read the mail of other users. | |||||
CVE-2002-1079 | 1 Aprelium Technologies | 1 Abyss Web Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Abyss Web Server 1.0.3 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in an HTTP GET request. | |||||
CVE-2000-0106 | 1 Easycart | 1 Easycart | 2024-02-28 | 7.5 HIGH | N/A |
The EasyCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. | |||||
CVE-1999-0020 | 2024-02-28 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-0032. Reason: This candidate is a duplicate of CVE-1999-0032. Notes: All CVE users should reference CVE-1999-0032 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
CVE-2002-1781 | 1 Delegate | 1 Delegate | 2024-02-28 | 7.5 HIGH | N/A |
Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote attackers to execute arbitrary code, as demonstrated using a long USER command to the POP proxy. | |||||
CVE-2002-1135 | 1 Phpwebsite | 1 Phpwebsite | 2024-02-28 | 7.5 HIGH | N/A |
modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, allows remote attackers to execute arbitrary PHP source code via an inc_prefix parameter that points to the malicious code. | |||||
CVE-2004-0123 | 1 Microsoft | 7 Windows 2000, Windows 2003 Server, Windows 98 and 4 more | 2024-02-28 | 7.5 HIGH | N/A |
Double free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code. | |||||
CVE-2000-0084 | 1 Globalscape | 1 Cuteftp | 2024-02-28 | 5.0 MEDIUM | N/A |
CuteFTP uses weak encryption to store password information in its tree.dat file. | |||||
CVE-2000-0890 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 1.2 LOW | N/A |
periodic in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows local users to overwrite arbitrary files via a symlink attack. | |||||
CVE-1999-1528 | 1 Prosoft Engineering | 1 Netware Client | 2024-02-28 | 4.6 MEDIUM | N/A |
ProSoft Netware Client 5.12 on Macintosh MacOS 9 does not automatically log a user out of the NDS tree when the user logs off the system, which allows other users of the same system access to the unprotected NDS session. | |||||
CVE-2003-1371 | 1 Nuked-klan | 1 Nuked-klan | 2024-02-28 | 4.3 MEDIUM | N/A |
Nuked-Klan 1.3b, and possibly earlier versions, allows remote attackers to obtain sensitive server information via an op parameter set to phpinfo for the (1) Team, (2) News, or (3) Liens modules. |