Total
266684 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0411 | 1 Aeromail | 1 Aeromail | 2024-02-28 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in message.php for AeroMail before 1.45 allows remote attackers to execute Javascript as an AeroMail user via an email message with the script in the Subject line. | |||||
CVE-2000-0209 | 1 University Of Kansas | 1 Lynx | 2024-02-28 | 7.6 HIGH | N/A |
Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page. | |||||
CVE-2004-1936 | 1 Zonelabs | 1 Zonealarm | 2024-02-28 | 7.5 HIGH | N/A |
ZoneAlarm Pro 4.5.538.001 and possibly other versions allows remote attackers to bypass e-mail protection via attachments whose names contain certain non-English characters. | |||||
CVE-2001-0373 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-02-28 | 2.1 LOW | N/A |
The default configuration of the Dr. Watson program in Windows NT and Windows 2000 generates user.dmp crash dump files with world-readable permissions, which could allow a local user to gain access to sensitive information. | |||||
CVE-2002-1566 | 1 Netris | 1 Netris | 2024-02-28 | 5.0 MEDIUM | N/A |
netris 0.5, and possibly other versions before 0.52, when running with the -w (wait) option, allows remote attackers to cause a denial of service (crash) via a long string to port 9284. | |||||
CVE-2002-0088 | 1 Sun | 2 Solaris, Sunos | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long media installation path. | |||||
CVE-2000-1114 | 1 Unify | 1 Ewave Servletexec | 2024-02-28 | 5.0 MEDIUM | N/A |
Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as ".", or "+", or "%20". | |||||
CVE-2003-0526 | 1 Microsoft | 1 Isa Server | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found." | |||||
CVE-2002-0982 | 1 Microsoft | 1 Sql Server | 2024-02-28 | 7.5 HIGH | N/A |
Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure. | |||||
CVE-2002-0666 | 6 Apple, Freebsd, Frees Wan and 3 more | 12 Mac Os X, Mac Os X Server, Freebsd and 9 more | 2024-02-28 | 5.0 MEDIUM | N/A |
IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors. | |||||
CVE-2004-2038 | 1 Neocrome | 1 Land Down Under | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) before LDU 700 allows remote attackers to inject arbitrary web script or HTML via a BBcode img tag in (1) functions.php, (2) header.php or (3) auth.inc.php. | |||||
CVE-2001-0570 | 1 Minicom | 1 Minicom | 2024-02-28 | 7.2 HIGH | N/A |
minicom 1.83.1 and earlier allows a local attacker to gain additional privileges via numerous format string attacks. | |||||
CVE-2002-2350 | 1 Phpoutsourcing | 1 Zorum | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in z_user_show.php in dbtreelistproperty_method.php in Zorum 2.4 allows remote attackers to inject arbitrary web script or HTML via the class parameter. | |||||
CVE-2004-1987 | 2 Coppermine, Francisco Burzi | 2 Coppermine Photo Gallery, Php-nuke | 2024-02-28 | 7.5 HIGH | N/A |
picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to execute arbitrary commands via shell metacharacters in the (1) $CONFIG['impath'] or (2) $CONFIG['jpeg_qual'] parameters. | |||||
CVE-2002-0531 | 1 Emumail | 3 Emumail, Emumail Red Hat Linux, Emumail Unix | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x and 5.1.0 allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in the type parameter. | |||||
CVE-2002-0882 | 1 Cisco | 2 Skinny Client Control Protocol Software, Voip Phone Cp-7940 | 2024-02-28 | 6.4 MEDIUM | N/A |
The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allows remote attackers to cause a denial of service (reset) and possibly read sensitive memory via a large integer value in (1) the stream ID of the StreamingStatistics script, or (2) the port ID of the PortInformation script. | |||||
CVE-1999-0872 | 4 Caldera, Debian, Paul Vixie and 1 more | 4 Openlinux, Debian Linux, Vixie Cron and 1 more | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file. | |||||
CVE-1999-0447 | 1 Hp | 1 Mpe Ix | 2024-02-28 | 4.6 MEDIUM | N/A |
Local users can gain privileges using the debug utility in the MPE/iX operating system. | |||||
CVE-2000-0426 | 1 Ultrascripts | 1 Ultraboard | 2024-02-28 | 5.0 MEDIUM | N/A |
UltraBoard 1.6 and other versions allow remote attackers to cause a denial of service by referencing UltraBoard in the Session parameter, which causes UltraBoard to fork copies of itself. | |||||
CVE-2004-1491 | 4 Gentoo, Kde, Opera and 1 more | 4 Linux, Kde, Opera Browser and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry. |