Total
266688 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2000-0969 | 1 Valve Software | 1 Half-life Dedicated Server | 2024-02-28 | 10.0 HIGH | N/A |
Format string vulnerability in Half Life dedicated server build 3104 and earlier allows remote attackers to execute arbitrary commands by injecting format strings into the changelevel command, via the system console or rcon. | |||||
CVE-2002-0737 | 1 Sambar | 1 Sambar Server | 2024-02-28 | 6.4 MEDIUM | N/A |
Sambar web server before 5.2 beta 1 allows remote attackers to obtain source code of server-side scripts, or cause a denial of service (resource exhaustion) via DOS devices, using a URL that ends with a space and a null character. | |||||
CVE-2003-1185 | 1 Thwboard | 1 Thwboard | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 allow remote attackers to inject arbitrary SQL commands via various vectors including (1) Admin-Center, (2) Announcements, (3) admin/calendar.php, and (4) showevent.php. | |||||
CVE-2002-0703 | 1 Gisle Aas | 1 Digest-md5 | 2024-02-28 | 7.5 HIGH | N/A |
An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl could produce incorrect MD5 checksums for UTF-8 data, which could prevent a system from properly verifying the integrity of the data. | |||||
CVE-2003-1324 | 1 Elmme-mailer | 1 Elm Me\+ | 2024-02-28 | 4.6 MEDIUM | N/A |
Race condition in the can_open function in Elm ME+ 2.4, when installed setgid mail and the operating system lacks POSIX saved ID support, allows local users to read and modify certain files with the privileges of the mail group. | |||||
CVE-2001-1061 | 1 Ibm | 1 Aix | 2024-02-28 | 10.0 HIGH | N/A |
Vulnerability in lsmcode in unknown versions of AIX, possibly related to a usage error. | |||||
CVE-2001-0980 | 1 Caldera | 2 Openlinux Server, Openlinux Workstation | 2024-02-28 | 7.5 HIGH | N/A |
docview before 1.0-15 allows remote attackers to execute arbitrary commands via shell metacharacters that are processed when converting a man page to a web page. | |||||
CVE-2003-0398 | 1 Vignette | 3 Content Suite, Storyserver, Vignette | 2024-02-28 | 7.5 HIGH | N/A |
Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI EXEC feature enabled, allows remote attackers to execute arbitrary code via a text variable to a Vignette Application that is later displayed. | |||||
CVE-2000-0910 | 1 Horde | 1 Horde | 2024-02-28 | 4.6 MEDIUM | N/A |
Horde library 1.02 allows attackers to execute arbitrary commands via shell metacharacters in the "from" address. | |||||
CVE-2000-0726 | 1 Stalkerlab | 1 Mailers | 2024-02-28 | 2.6 LOW | N/A |
CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote attackers to read arbitrary files by specifying the file in the $Attach$ hidden form variable. | |||||
CVE-2000-0728 | 1 Xpdf | 1 Xpdf | 2024-02-28 | 7.2 HIGH | N/A |
xpdf PDF viewer client earlier than 0.91 allows local users to overwrite arbitrary files via a symlink attack. | |||||
CVE-2003-0299 | 2 Mutt, Stuart Parmenter | 2 Mutt, Balsa | 2024-02-28 | 7.5 HIGH | N/A |
The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large mailbox size values that cause either integer signedness errors or integer overflow errors. | |||||
CVE-2004-0837 | 3 Debian, Mysql, Oracle | 3 Debian Linux, Mysql, Mysql | 2024-02-28 | 2.6 LOW | N/A |
MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs. | |||||
CVE-2001-1318 | 1 Qualcomm | 1 Eudora Worldmail Server | 2024-02-28 | 7.5 HIGH | N/A |
Vulnerabilities in Qualcomm Eudora WorldMail Server may allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. | |||||
CVE-2002-1360 | 7 Cisco, Fissh, Intersoft and 4 more | 7 Ios, Ssh Client, Securenetterm and 4 more | 2024-02-28 | 10.0 HIGH | N/A |
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite. | |||||
CVE-2002-1803 | 1 Francisco Burzi | 1 Php-nuke | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag. | |||||
CVE-2002-2305 | 1 Phpsecure.org | 1 Immobilier | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in agentadmin.php in Immobilier allows remote attackers to execute arbitrary SQL commands via the (1) agentname or (2) agentpassword parameter. | |||||
CVE-2001-0214 | 1 Way | 1 Way-board | 2024-02-28 | 5.0 MEDIUM | N/A |
Way-board CGI program allows remote attackers to read arbitrary files by specifying the filename in the db parameter and terminating the filename with a null byte. | |||||
CVE-2002-0917 | 1 Cgiscript.net | 1 Cspassword | 2024-02-28 | 7.5 HIGH | N/A |
CGIScript.net csPassword.cgi stores .htpasswd files under the web document root, which could allow remote authenticated users to download the file and crack the passwords of other users. | |||||
CVE-2004-0103 | 1 Linley Henzell | 1 Crawl | 2024-02-28 | 4.6 MEDIUM | N/A |
crawl before 4.0.0 beta23 does not properly "apply a size check" when copying a certain environment variable, which may allow local users to gain privileges, possibly as a result of a buffer overflow. |