Total
266768 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-1999-0845 | 1 Sco | 1 Unixware | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in SCO su program allows local users to gain root access via a long username. | |||||
CVE-2003-1130 | 2024-02-28 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-1071. Reason: This candidate is a duplicate of CVE-2003-1071. Notes: All CVE users should reference CVE-2003-1071 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
CVE-2004-1813 | 1 Vocaltec | 1 Vgw4 8 Telephony Gateway | 2024-02-28 | 7.5 HIGH | N/A |
VocalTec VGW4/8 Gateway 8.0 allows remote attackers to bypass authentication via an HTTP request to home.asp with a trailing slash (/). | |||||
CVE-1999-1038 | 1 Tamu | 1 Tiger | 2024-02-28 | 7.2 HIGH | N/A |
Tiger 2.2.3 allows local users to overwrite arbitrary files via a symlink attack on various temporary files in Tiger's default working directory, as defined by the WORKDIR variable. | |||||
CVE-2002-0859 | 1 Microsoft | 2 Jet, Sql Server | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code. | |||||
CVE-2002-2000 | 1 Compaq | 1 Acms | 2024-02-28 | 2.1 LOW | N/A |
ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use process privileges, which allows attackers to access data. | |||||
CVE-2000-1100 | 1 Trlinux | 1 Postaci Webmail | 2024-02-28 | 7.5 HIGH | N/A |
The default configuration for PostACI webmail system installs the /includes/global.inc configuration file within the web root, which allows remote attackers to read sensitive information such as database usernames and passwords via a direct HTTP GET request. | |||||
CVE-1999-0387 | 1 Microsoft | 2 Windows 95, Windows 98 | 2024-02-28 | 7.8 HIGH | N/A |
A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords. | |||||
CVE-2002-0853 | 1 Cisco | 1 Vpn Client | 2024-02-28 | 5.0 MEDIUM | N/A |
Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload. | |||||
CVE-2004-1471 | 6 Cvs, Freebsd, Gentoo and 3 more | 6 Cvs, Freebsd, Linux and 3 more | 2024-02-28 | 7.1 HIGH | N/A |
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line. | |||||
CVE-2003-0504 | 1 Phpgroupware | 1 Phpgroupware | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware 0.9.14.003 (aka webdistro) allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to index.php in the addressbook module. | |||||
CVE-2001-0215 | 1 Martin Hamilton | 1 Roads | 2024-02-28 | 5.0 MEDIUM | N/A |
ROADS search.pl program allows remote attackers to read arbitrary files by specifying the file name in the form parameter and terminating the filename with a null byte. | |||||
CVE-2004-0281 | 1 Caucho | 1 Resin | 2024-02-28 | 5.0 MEDIUM | N/A |
Caucho Technology Resin 2.1.12 allows remote attackers to gain sensitive information and view the contents of the /WEB-INF/ directory via an HTTP request for "WEB-INF..", which is equivalent to "WEB-INF" in Windows. | |||||
CVE-2001-1245 | 1 Opera Software | 1 Opera Web Browser | 2024-02-28 | 5.0 MEDIUM | N/A |
Opera 5.0 for Linux does not properly handle malformed HTTP headers, which allows remote attackers to cause a denial of service, possibly with a header whose value is the same as a MIME header name. | |||||
CVE-2001-0724 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 7.5 HIGH | N/A |
Internet Explorer 5.5 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing Vulnerability variant" of CVE-2001-0664. | |||||
CVE-2002-0513 | 1 Symatec | 1 Popper Mod | 2024-02-28 | 10.0 HIGH | N/A |
The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator. | |||||
CVE-2002-0588 | 1 Steve Korbett | 1 Pvote | 2024-02-28 | 5.0 MEDIUM | N/A |
PVote before 1.9 does not authenticate users for restricted operations, which allows remote attackers to add or delete polls by modifying parameters to (1) add.php or (2) del.php. | |||||
CVE-2001-0067 | 1 Judd Montgomery | 1 Jpilot | 2024-02-28 | 2.1 LOW | N/A |
The installation of J-Pilot creates the .jpilot directory with the user's umask, which could allow local attackers to read other users' PalmOS backup information if their umasks are not securely set. | |||||
CVE-2001-0462 | 1 Spencer Christensen | 1 Perl Web Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Perl web server 0.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | |||||
CVE-1999-1090 | 1 Ncsa | 1 Telnet | 2024-02-28 | 7.5 HIGH | N/A |
The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an "ftp=yes" line, which allows remote attackers to read and modify arbitrary files. |