Total
266500 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-1150 | 1 Trend Micro | 2 Officescan, Virus Buster | 2024-02-28 | 5.0 MEDIUM | N/A |
Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files. | |||||
CVE-2004-1400 | 1 Active Server Corner | 1 Asp Calendar | 2024-02-28 | 7.5 HIGH | N/A |
The control panel in ASP Calendar does not require authentication to access, which allows remote attackers to gain unauthorized access via a direct request to main.asp. | |||||
CVE-2002-0764 | 1 Phorum | 1 Phorum | 2024-02-28 | 7.5 HIGH | N/A |
Phorum 3.3.2a allows remote attackers to execute arbitrary commands via an HTTP request to (1) plugin.php, (2) admin.php, or (3) del.php that modifies the PHORUM[settings_dir] variable to point to a directory that contains a PHP file with the commands. | |||||
CVE-2003-1151 | 1 Fastream | 1 Netfile Ftp Web Server | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Fastream NETFile Server 6.0.3.588 allows remote attackers to inject arbitrary web script or HTML via the URL, which is displayed on a "404 Not Found" error page. | |||||
CVE-2003-0213 | 1 Poptop | 1 Pptp Server | 2024-02-28 | 7.5 HIGH | N/A |
ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attackers to cause a denial of service via a length field of 0 or 1, which causes a negative value to be fed into a read operation, leading to a buffer overflow. | |||||
CVE-2002-0326 | 1 Working Resources Inc. | 1 Badblue | 2024-02-28 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows remote attackers to execute arbitrary script and possibly additional commands via a URL that contains Javascript. | |||||
CVE-2002-0248 | 1 Wliang | 1 Wmtv | 2024-02-28 | 7.2 HIGH | N/A |
wmtv 0.6.5 and earlier allows local users to modify arbitrary files via a symlink attack on a configuration file. | |||||
CVE-2001-1256 | 1 Hp | 1 Hp-ux | 2024-02-28 | 1.2 LOW | N/A |
kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files. | |||||
CVE-2004-1919 | 1 Crackalaka | 1 Crackalaka | 2024-02-28 | 5.0 MEDIUM | N/A |
The hash_strcmp function in hasch.c in Crackalaka 1.0.8 allows remote attackers to cause a denial of service (crash) via large malformed strings. | |||||
CVE-2004-1343 | 1 Cvs | 1 Cvs | 2024-02-28 | 5.0 MEDIUM | N/A |
CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash). | |||||
CVE-2002-1285 | 1 Suse | 1 Suse Linux | 2024-02-28 | 7.2 HIGH | N/A |
runlpr in the LPRng package allows the local lp user to gain root privileges via certain command line arguments. | |||||
CVE-2002-2346 | 1 Phpbb | 1 Phpbb | 2024-02-28 | 5.0 MEDIUM | N/A |
phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with the hex-encoded IP address of the client system, which allows remote attackers to obtain client IP addresses. | |||||
CVE-2002-1203 | 1 Ibm | 1 Secureway Firewall | 2024-02-28 | 5.0 MEDIUM | N/A |
IBM SecureWay Firewall before 4.2.2 performs extra processing before determining that a packet is invalid and dropping it, which allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed TCP packets without any flags set. | |||||
CVE-2003-1178 | 1 Advanced Poll | 1 Advanced Poll | 2024-02-28 | 7.5 HIGH | N/A |
Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 allows remote attackers to execute arbitrary PHP code via the (1) id, (2) template_set, or (3) action parameter. | |||||
CVE-2001-0488 | 1 Hp | 1 Hp-ux | 2024-02-28 | 2.1 LOW | N/A |
pcltotiff in HP-UX 10.x has unnecessary set group id permissions, which allows local users to cause a denial of service. | |||||
CVE-2001-0951 | 1 Microsoft | 1 Windows 2000 | 2024-02-28 | 5.0 MEDIUM | N/A |
Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters. | |||||
CVE-2001-0426 | 1 Sun | 2 Solaris, Sunos | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in dtsession on Solaris, and possibly other operating systems, allows local users to gain privileges via a long LANG environmental variable. | |||||
CVE-2001-0042 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences. | |||||
CVE-2004-0809 | 8 Apache, Debian, Gentoo and 5 more | 12 Http Server, Debian Linux, Linux and 9 more | 2024-02-28 | 5.0 MEDIUM | N/A |
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access. | |||||
CVE-2002-1420 | 1 Openbsd | 1 Openbsd | 2024-02-28 | 7.2 HIGH | N/A |
Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data copying operation. |