Total
266249 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-0907 | 1 Mozilla | 2 Mozilla, Thunderbird | 2024-02-28 | 4.6 MEDIUM | N/A |
The Linux install .tar.gz archives for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8, create certain files with insecure permissions, which could allow local users to overwrite those files and execute arbitrary code. | |||||
CVE-2001-1023 | 1 Xcache Technologies | 1 Xcache | 2024-02-28 | 5.0 MEDIUM | N/A |
Xcache 2.1 allows remote attackers to determine the absolute path of web server documents by requesting a URL that is not cached by Xcache, which returns the full pathname in the Content-PageName header. | |||||
CVE-2004-0416 | 5 Cvs, Gentoo, Openbsd and 2 more | 5 Cvs, Linux, Openbsd and 2 more | 2024-02-28 | 10.0 HIGH | N/A |
Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code. | |||||
CVE-2001-0555 | 1 Screaming Media | 1 Siteware | 2024-02-28 | 10.0 HIGH | N/A |
ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet. | |||||
CVE-2001-0283 | 1 Sun | 1 Sun Ftp | 2024-02-28 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in SunFTP build 9 allows remote attackers to read arbitrary files via .. (dot dot) characters in various commands, including (1) GET, (2) MKDIR, (3) RMDIR, (4) RENAME, or (5) PUT. | |||||
CVE-2001-0723 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 6.4 MEDIUM | N/A |
Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript, aka the "Second Cookie Handling Vulnerability." | |||||
CVE-2002-0638 | 3 Hp, Mandrakesoft, Redhat | 5 Secure Os, Mandrake Linux, Mandrake Linux Corporate Server and 2 more | 2024-02-28 | 6.2 MEDIUM | N/A |
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh. | |||||
CVE-1999-0109 | 1 Sun | 2 Solaris, Sunos | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in ffbconfig in Solaris 2.5.1. | |||||
CVE-2001-0274 | 1 Kicq | 1 Kicq | 2024-02-28 | 7.5 HIGH | N/A |
kicq IRC client 1.0.0, and possibly later versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. | |||||
CVE-2001-0616 | 1 Faust Informatics | 1 Freestyle Chat | 2024-02-28 | 5.0 MEDIUM | N/A |
Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (e.g., GET /aux HTTP/1.0). | |||||
CVE-2002-0409 | 1 Microsoft | 1 .net Framework | 2024-02-28 | 5.0 MEDIUM | N/A |
orderdetails.aspx, as made available to Microsoft .NET developers as example code and demonstrated on www.ibuyspystore.com, allows remote attackers to view the orders of other users by modifying the OrderID parameter. | |||||
CVE-2003-0094 | 1 Andries Brouwer | 1 Util-linux | 2024-02-28 | 5.0 MEDIUM | N/A |
A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed. | |||||
CVE-2000-1234 | 1 Phorum | 1 Phorum | 2024-02-28 | 5.0 MEDIUM | N/A |
violation.php3 in Phorum 3.0.7 allows remote attackers to send e-mails to arbitrary addresses and possibly use Phorum as a "spam proxy" by setting the Mod and ForumName parameters. | |||||
CVE-2004-1819 | 1 Warpspeed | 1 4nalbum Module | 2024-02-28 | 5.0 MEDIUM | N/A |
4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to obtain sensitive information via a direct request to displaycategory.php, which reveals the path in an error message. | |||||
CVE-2001-0765 | 1 Bisonware | 1 Bison Ftp Server | 2024-02-28 | 4.6 MEDIUM | N/A |
BisonFTP V4R1 allows local users to access directories outside of their home directory by uploading .bdl files, which can then be linked to other directories. | |||||
CVE-2003-1519 | 1 Vivisimo | 1 Clustering Engine | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Vivisimo clustering engine allows remote attackers to inject arbitrary web script or HTML via the query parameter to the search program. | |||||
CVE-1999-0774 | 1 Martin Stover | 1 Mars Nwe | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflows in Mars NetWare Emulation (NWE, mars_nwe) package via long directory names. | |||||
CVE-2004-2224 | 1 Appfoundry | 1 Message Foundry | 2024-02-28 | 5.0 MEDIUM | N/A |
Appfoundry Message Foundry 2.75 .0003 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that contains MS-DOS device names such as com1. | |||||
CVE-2002-0518 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 5.0 MEDIUM | N/A |
The SYN cache (syncache) and SYN cookie (syncookie) mechanism in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (crash) (1) via a SYN packet that is accepted using syncookies that causes a null pointer to be referenced for the socket's TCP options, or (2) by killing and restarting a process that listens on the same socket, which does not properly clear the old inpcb pointer on restart. | |||||
CVE-2000-0587 | 1 Glftpd | 1 Glftpd | 2024-02-28 | 10.0 HIGH | N/A |
The privpath directive in glftpd 1.18 allows remote attackers to bypass access restrictions for directories by using the file name completion capability. |