Total
266249 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0561 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2024-02-28 | 7.5 HIGH | N/A |
The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings. | |||||
CVE-2000-0168 | 1 Microsoft | 3 Windows 95, Windows 98, Windows 98se | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the "DOS Device in Path Name" vulnerability. | |||||
CVE-2003-0069 | 1 Putty | 1 Putty | 2024-02-28 | 7.5 HIGH | N/A |
The PuTTY terminal emulator 0.53 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. | |||||
CVE-2002-0517 | 1 Caldera | 2 Openunix, Unixware | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in X11 library (libX11) on Caldera Open UNIX 8.0.0, UnixWare 7.1.1, and possibly other operating systems, allows local users to gain root privileges via a long -xrm argument to programs such as (1) dtterm or (2) xterm. | |||||
CVE-2000-0295 | 1 Lcdproc | 1 Lcdproc | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in LCDproc allows remote attackers to gain root privileges via the screen_add command. | |||||
CVE-2003-0157 | 2024-02-28 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0138. Reason: This candidate is a reservation duplicate of CVE-2003-0138 due to incomplete coordination. Notes: All CVE users should reference CVE-2003-0138 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
CVE-2000-0567 | 1 Microsoft | 2 Outlook, Outlook Express | 2024-02-28 | 5.0 MEDIUM | N/A |
Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date field in an email header, aka the "Malformed E-mail Header" vulnerability. | |||||
CVE-2001-1340 | 1 Beck Ipc Gmbh | 1 Ipc At Chip Telnetd Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Beck GmbH IPC@Chip TelnetD service supports only one connection and does not disconnect a user who does not complete the login process, which allows remote attackers to lock out the administrator account by connecting to the service. | |||||
CVE-2000-0938 | 1 Samba | 1 Samba | 2024-02-28 | 5.0 MEDIUM | N/A |
Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server. | |||||
CVE-2001-0982 | 1 Ibm | 1 Tivoli Secureway Policy Director | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in IBM Tivoli WebSEAL Policy Director 3.01 through 3.7.1 allows remote attackers to read arbitrary files or directories via encoded .. (dot dot) sequences containing "%2e" strings. | |||||
CVE-2001-0456 | 1 Debian | 1 Debian Linux | 2024-02-28 | 7.5 HIGH | N/A |
postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended. | |||||
CVE-2003-1256 | 1 E-theni | 1 E-theni | 2024-02-28 | 6.8 MEDIUM | N/A |
aff_liste_langue.php in E-theni allows remote attackers to execute arbitrary PHP code by modifying the rep_include parameter to reference a URL on a remote web server that contains para_langue.php. | |||||
CVE-2002-0932 | 1 Luis Bernardo | 1 Myhelpdesk | 2024-02-28 | 6.4 MEDIUM | N/A |
SQL injection vulnerability in index.php for MyHelpDesk 20020509, and possibly other versions, allows remote attackers to conduct unauthorized activities via SQL code in the "id" parameter for the operations (1) detailticket, (2) editticket, or (3) updateticketlog. | |||||
CVE-2001-1140 | 1 Working Resources Inc. | 1 Badblue | 2024-02-28 | 5.0 MEDIUM | N/A |
BadBlue Personal Edition v1.02 beta allows remote attackers to read source code for executable programs by appending a %00 (null byte) to the request. | |||||
CVE-2002-2115 | 1 Hns | 2 Hns, Hns-lite | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Hyper NIKKI System (HNS) Lite before 0.9 and HNS before 2.10-pl2 allows remote attackers to inject arbitrary web script or HTML. | |||||
CVE-2003-1485 | 1 Clearswift | 1 Mailsweeper | 2024-02-28 | 5.0 MEDIUM | N/A |
Clearswift MAILsweeper 4.0 through 4.3.7 allows remote attackers to bypass filtering via a file attachment that contains "multiple extensions combined with large blocks of white space." | |||||
CVE-2001-1460 | 1 Postnuke Software Foundation | 1 Postnuke | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user parameter. | |||||
CVE-2003-0223 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message. | |||||
CVE-2004-0549 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 10.0 HIGH | N/A |
The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object. | |||||
CVE-1999-0993 | 1 Microsoft | 1 Exchange Server | 2024-02-28 | 7.5 HIGH | N/A |
Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed. |