Total
266242 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-1630 | 1 Openwfe | 1 Work Flow Engine | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the login form in Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to execute arbitrary web script or HTML via the url parameter. | |||||
CVE-2003-0926 | 1 Ethereal Group | 1 Ethereal | 2024-02-28 | 5.0 MEDIUM | N/A |
Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to cause a denial of service (crash) via certain malformed (1) ISAKMP or (2) MEGACO packets. | |||||
CVE-2004-0686 | 2 Samba, Trustix | 2 Samba, Secure Linux | 2024-02-28 | 5.0 MEDIUM | N/A |
Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors. | |||||
CVE-2004-1676 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2024-02-28 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the image sending feature in Gadu-Gadu 6.0 build 149 allows remote attackers to execute arbitrary code via a crafted GG_MSG_IMAGE_REPLY message. | |||||
CVE-2004-1496 | 1 Minihttpserver.net | 1 Web Forums Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 Power Pack allows remote attackers to read arbitrary files via a URL containing (1) "..\" (dot dot backslash), (2) "../" (dot dot slash), (3) "/%2E%2E%5C" (encoded dot dot backslash), or (4) "%2E%2E%2F" (encoded dot dot slash). | |||||
CVE-2003-1249 | 1 Businessobjects | 1 Webintelligence | 2024-02-28 | 7.5 HIGH | N/A |
WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions. | |||||
CVE-2004-1635 | 1 Mozilla | 1 Bugzilla | 2024-02-28 | 5.0 MEDIUM | N/A |
Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the insidergroup feature, does not sufficiently protect private attachments when there are changes to the metadata, such as filename, description, MIME type, or review flags, which allows remote authenticated users to obtain sensitive information when (1) viewing the bug activity log or (2) receiving bug change notification mails. | |||||
CVE-2002-1928 | 1 Software602 | 1 602pro Lan Suite | 2024-02-28 | 5.0 MEDIUM | N/A |
602Pro LAN SUITE 2002 allows remote attackers to view the directory tree via an HTTP GET request with a trailing "~" (tilde) or ".bak" extension. | |||||
CVE-2002-1888 | 1 Commonname | 1 Commonname Toolbar | 2024-02-28 | 2.1 LOW | N/A |
CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to the CommonName organization and possibly other web servers for name resolution, which allows those organizations to obtain internal server names. | |||||
CVE-2004-0670 | 1 Zyxel | 1 Prestige | 2024-02-28 | 5.0 MEDIUM | N/A |
Prestige 650HW-31 running Rompager 4.7 software allows remote attackers to cause a denial of service (device reboot) via a long password. | |||||
CVE-2004-0540 | 1 Microsoft | 1 Windows 2000 | 2024-02-28 | 10.0 HIGH | N/A |
Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain. | |||||
CVE-2001-0938 | 1 Persits | 1 Aspupload | 2024-02-28 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in AspUpload 2.1, in certain configurations, allows remote attackers to upload and read arbitrary files, and list arbitrary directories, via a .. (dot dot) in the Filename parameter in (1) UploadScript11.asp or (2) DirectoryListing.asp. | |||||
CVE-2002-0413 | 1 Rebb | 1 Rebb | 2024-02-28 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in ReBB allows remote attackers to execute arbitrary Javascript and steal cookies via an IMG tag whose URL includes the malicious script. | |||||
CVE-2001-1536 | 1 Audiogalaxy | 1 Audiogalaxy | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-site scripting attack. | |||||
CVE-2000-0167 | 1 Microsoft | 1 Internet Information Server | 2024-02-28 | 2.1 LOW | N/A |
IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory. | |||||
CVE-2000-0928 | 1 Wquinn | 1 Diskadvisor | 2024-02-28 | 2.1 LOW | N/A |
WQuinn QuotaAdvisor 4.1 allows users to list directories and files by running a report on the targeted shares. | |||||
CVE-2003-0994 | 1 Symantec | 4 Norton Antivirus, Norton Internet Security, Norton System Works and 1 more | 2024-02-28 | 7.2 HIGH | N/A |
The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges. | |||||
CVE-2000-0471 | 1 Sun | 2 Solaris, Sunos | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname. | |||||
CVE-2002-0095 | 1 Fraunhofer Fit | 1 Bscw | 2024-02-28 | 7.5 HIGH | N/A |
The default configuration of BSCW (Basic Support for Cooperative Work) 3.x and possibly version 4 enables user self registration, which could allow remote attackers to upload files and possibly join a user community that was intended to be closed. | |||||
CVE-1999-1572 | 5 Debian, Freebsd, Mandrakesoft and 2 more | 6 Debian Linux, Freebsd, Mandrake Linux and 3 more | 2024-02-28 | 2.1 LOW | N/A |
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files. |