Total
266721 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1937 | 1 Nuked-klan | 1 Nuked-klan | 2024-02-28 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and 1.5b allow remote attackers to read or include arbitrary files via .. sequences in (1) the user_langue parameter to index.php or (2) the langue parameter to update.php, or modify arbitrary GLOBAL variables by causing globals.php to be loaded before conf.inc.php via (3) .. sequences in the file parameter with the page parameter set to globals, or (4) ../globals.php in the user_langue parameter, as demonstrated by modifying $nuked[prefix] in the Suggest module. | |||||
| CVE-2003-0733 | 1 Bea | 3 Liquid Data, Weblogic Integration, Weblogic Server | 2024-02-28 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application. | |||||
| CVE-2004-1804 | 1 Invicta | 1 Wmcam Server | 2024-02-28 | 5.0 MEDIUM | N/A |
| wMCam server 2.1.348 allows remote attackers to cause a denial of service (no new connections) via multiple malformed HTTP requests without the GET command. | |||||
| CVE-2002-0657 | 1 Openssl | 1 Openssl | 2024-02-28 | 7.5 HIGH | N/A |
| Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key. | |||||
| CVE-2004-0762 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2024-02-28 | 5.0 MEDIUM | N/A |
| Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box. | |||||
| CVE-2004-2247 | 1 Goosequill | 1 Audienceconnect | 2024-02-28 | 10.0 HIGH | N/A |
| Unknown vulnerability in the "admin of paypal email addresses" in AudienceConnect before 1.0.beta.21 has unknown impact and attack vectors. | |||||
| CVE-2002-1295 | 1 Microsoft | 1 Java Virtual Machine | 2024-02-28 | 7.5 HIGH | N/A |
| The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service (crash) and possibly conduct other unauthorized activities via applet tags in HTML that bypass Java class restrictions (such as private constructors) by providing the class name in the code parameter, aka "Incomplete Java Object Instantiation Vulnerability." | |||||
| CVE-2002-1797 | 1 Hp | 1 Chaivm | 2024-02-28 | 4.6 MEDIUM | N/A |
| ChaiVM for HP color LaserJet 4500 and 4550 or HP LaserJet 4100 and 8150 does not properly enforce access control restrictions, which could allow local users to add, delete, or modify any services hosted by the ChaiServer. | |||||
| CVE-2003-1538 | 1 Suse | 3 Office Server, Suse Linux, Suse Linux Openexchange Server | 2024-02-28 | 6.4 MEDIUM | N/A |
| susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and Openexchange Server 4 does not properly filter shell metacharacters, which allows remote attackers to execute arbitrary commands via CGI queries. | |||||
| CVE-2001-1326 | 1 Qualcomm | 1 Eudora | 2024-02-28 | 7.5 HIGH | N/A |
| Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a form that is activated from an image that the attacker spoofs as a link, which causes the user to execute the form and access embedded attachments. | |||||
| CVE-2001-0430 | 1 Debian | 1 Debian Linux | 2024-02-28 | 3.6 LOW | N/A |
| Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files. | |||||
| CVE-2000-0257 | 1 Novell | 1 Netware | 2024-02-28 | 7.5 HIGH | N/A |
| Buffer overflow in the NetWare remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL. | |||||
| CVE-1999-0667 | 1 Arp Protocol | 1 Arp Protocol | 2024-02-28 | 10.0 HIGH | N/A |
| The ARP protocol allows any host to spoof ARP replies and poison the ARP cache to conduct IP address spoofing or a denial of service. | |||||
| CVE-2004-1367 | 1 Oracle | 9 Application Server, Collaboration Suite, E-business Suite and 6 more | 2024-02-28 | 4.4 MEDIUM | N/A |
| Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password. | |||||
| CVE-1999-0008 | 2 Hp, Sun | 3 Hp-ux, Solaris, Sunos | 2024-02-28 | 10.0 HIGH | N/A |
| Buffer overflow in NIS+, in Sun's rpc.nisd program. | |||||
| CVE-2003-1054 | 1 Mod Access Referer | 1 Mod Access Referer | 2024-02-28 | 5.0 MEDIUM | N/A |
| mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference. | |||||
| CVE-2002-0460 | 1 Bitvise | 1 Winsshd | 2024-02-28 | 5.0 MEDIUM | N/A |
| Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of incomplete connections that are not properly terminated, which are not properly freed by SSHd. | |||||
| CVE-2002-1903 | 1 University Of Washington | 1 Pine | 2024-02-28 | 5.0 MEDIUM | N/A |
| Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information. | |||||
| CVE-2004-0493 | 5 Apache, Avaya, Gentoo and 2 more | 8 Http Server, Converged Communications Server, S8300 and 5 more | 2024-02-28 | 6.4 MEDIUM | N/A |
| The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters. | |||||
| CVE-1999-0994 | 1 Microsoft | 1 Windows Nt | 2024-02-28 | 5.0 MEDIUM | N/A |
| Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords. | |||||