Total
266352 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2000-0526 | 1 3r Soft | 1 Mailstudio 2000 | 2024-02-28 | 5.0 MEDIUM | N/A |
mailview.cgi CGI program in MailStudio 2000 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
CVE-1999-1587 | 1 Sun | 2 Solaris, Sunos | 2024-02-28 | 2.1 LOW | N/A |
/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option. | |||||
CVE-2004-1881 | 1 Cactusoft | 1 Cactushop | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp in CactuShop 5.x allows remote attackers to execute arbitrary SQL commands via the strItems parameter. | |||||
CVE-2000-1128 | 1 Mcafee | 1 Virusscan | 2024-02-28 | 4.6 MEDIUM | N/A |
The default configuration of McAfee VirusScan 4.5 does not quote the ImagePath variable, which improperly sets the search path and allows local users to place a Trojan horse "common.exe" program in the C:\Program Files directory. | |||||
CVE-2004-2087 | 1 Sandsurfer | 1 Sandsurfer | 2024-02-28 | 7.5 HIGH | N/A |
Unknown vulnerability in SandSurfer before 1.7.0 allows remote attackers to gain access as a logged-in user. | |||||
CVE-1999-1319 | 1 Sgi | 1 Irix | 2024-02-28 | 10.0 HIGH | N/A |
Vulnerability in object server program in SGI IRIX 5.2 through 6.1 allows remote attackers to gain root privileges in certain configurations. | |||||
CVE-2002-1765 | 1 Ximian | 1 Evolution | 2024-02-28 | 5.0 MEDIUM | N/A |
Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a denial of service (memory consumption and crash) via an email with a malformed MIME header. | |||||
CVE-2003-0535 | 1 Xblockout | 1 Xbl | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in xbl 1.0k and earlier allows local users to gain privileges via a long -display command line option. | |||||
CVE-1999-1073 | 1 Excite | 1 Ews | 2024-02-28 | 7.2 HIGH | N/A |
Excite for Web Servers (EWS) 1.1 records the first two characters of a plaintext password in the beginning of the encrypted password, which makes it easier for an attacker to guess passwords via a brute force or dictionary attack. | |||||
CVE-2004-0300 | 1 Ecommerce Corporation Online | 1 Store Kit | 2024-02-28 | 10.0 HIGH | N/A |
SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.php, or (4) the id parameter in listing.php. | |||||
CVE-2003-0161 | 4 Compaq, Hp, Sendmail and 1 more | 9 Tru64, Hp-ux, Hp-ux Series 700 and 6 more | 2024-02-28 | 10.0 HIGH | N/A |
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337. | |||||
CVE-2002-2293 | 1 Twofold Photos | 1 Webshots Desktop | 2024-02-28 | 4.6 MEDIUM | N/A |
Webshots Desktop screensaver allows local users to bypass the password on the screensaver by pressing CTRL-ALT-DELETE and (1) hitting the cancel button or (2) killing the screensaver from the task manager. | |||||
CVE-2002-0214 | 1 Intel | 1 Intel Pro Wireless 2011b Lan Usb Device Driver | 2024-02-28 | 2.1 LOW | N/A |
Compaq Intel PRO/Wireless 2011B LAN USB Device Driver 1.5.16.0 through 1.5.18.0 stores the 128-bit WEP (Wired Equivalent Privacy) key in plaintext in a registry key with weak permissions, which allows local users to decrypt network traffic by reading the WEP key from the registry key. | |||||
CVE-2003-0763 | 1 Squished Mosquito | 1 Escapade | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine (ESP) allows remote attackers to inject arbitrary script via the method parameter, as demonstrated using the PAGE parameter. | |||||
CVE-2004-0447 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.2 HIGH | N/A |
Unknown vulnerability in Linux before 2.4.26 for IA64 allows local users to cause a denial of service, with unknown impact. NOTE: due to a typo, this issue was accidentally assigned CVE-2004-0477. This is the proper candidate to use for the Linux local DoS. | |||||
CVE-2003-0683 | 1 Sgi | 1 Irix | 2024-02-28 | 7.5 HIGH | N/A |
NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in certain configurations when an /etc/exports entry uses wildcards without any hostnames or groups, which could allow attackers to bypass intended restrictions. | |||||
CVE-2000-0927 | 1 Wquinn | 1 Quotaadvisor | 2024-02-28 | 4.6 MEDIUM | N/A |
WQuinn QuotaAdvisor 4.1 does not properly record file sizes if they are stored in alternative data streams, which allows users to bypass quota restrictions. | |||||
CVE-2004-0807 | 5 Conectiva, Mandrakesoft, Samba and 2 more | 5 Linux, Mandrake Linux, Samba and 2 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop. | |||||
CVE-1999-1463 | 1 Microsoft | 1 Windows Nt | 2024-02-28 | 5.0 MEDIUM | N/A |
Windows NT 4.0 before SP3 allows remote attackers to bypass firewall restrictions or cause a denial of service (crash) by sending improperly fragmented IP packets without the first fragment, which the TCP/IP stack incorrectly reassembles into a valid session. | |||||
CVE-2002-1311 | 1 Double Precision Incorporated | 1 Courier Mta | 2024-02-28 | 4.6 MEDIUM | N/A |
Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files. |