Total
266239 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-0300 | 1 Oracle | 1 Internet Directory | 2024-02-28 | 2.1 LOW | N/A |
oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack. | |||||
CVE-2002-1736 | 1 Markus Triska | 1 Cginews | 2024-02-28 | 5.0 MEDIUM | N/A |
Unknown vulnerability in CGINews before 1.06 allow remote attackers to read arbitrary files via "unfiltered user input." | |||||
CVE-2004-2195 | 1 Zanfi Solutions | 1 Zanfi Cms Lite | 2024-02-28 | 5.0 MEDIUM | N/A |
PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite 1.1 allows remote attackers to execute arbitrary PHP code via the inc parameter. | |||||
CVE-2004-0364 | 1 Symantec | 1 Norton Internet Security | 2024-02-28 | 7.5 HIGH | N/A |
The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Security 2004 is marked safe for scripting, which allows remote attackers to execute arbitrary programs via the LaunchURL method. | |||||
CVE-2000-0208 | 1 Htdig | 1 Htdig | 2024-02-28 | 5.0 MEDIUM | N/A |
The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch. | |||||
CVE-1999-0453 | 1 Cisco | 1 Router | 2024-02-28 | 5.0 MEDIUM | N/A |
An attacker can identify a CISCO device by sending a SYN packet to port 1999, which is for the Cisco Discovery Protocol (CDP). | |||||
CVE-2004-2181 | 1 Wowbb | 1 Wowbb Web Forum | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remote attackers to execute arbitrary SQL commands via the (1) sort_by or (2) page parameters to view_user.php, or the (3) forum_id parameter to view_topic.php. NOTE: the sort_by vector was later reported to be present in WowBB 1.65. | |||||
CVE-2002-1044 | 1 Ultrafunk | 1 Popcorn | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Subject field. | |||||
CVE-2004-0871 | 1 Mozilla | 1 Mozilla | 2024-02-28 | 5.0 MEDIUM | N/A |
Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection." | |||||
CVE-2001-1285 | 1 Ipswitch | 1 Imail | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. (dot dot) in the mbx parameter. | |||||
CVE-2001-0164 | 1 Netscape | 1 Directory Server | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in Netscape Directory Server 4.12 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed recipient field. | |||||
CVE-1999-0559 | 2024-02-28 | 10.0 HIGH | N/A | ||
A system-critical Unix file or directory has inappropriate permissions. | |||||
CVE-2002-1657 | 1 Postgresql | 1 Postgresql | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack. | |||||
CVE-2000-0925 | 1 Smartwin Technology | 1 Cyberoffice Shopping Cart | 2024-02-28 | 5.0 MEDIUM | N/A |
The default installation of SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) installs the _private directory with world readable permissions, which allows remote attackers to obtain sensitive information. | |||||
CVE-2003-0262 | 1 Leksbot | 1 Leksbot | 2024-02-28 | 7.2 HIGH | N/A |
leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, which allows local users to gain root privileges by exploiting unknown vulnerabilities related to the escalated privileges, which KATAXWR is not designed to have. | |||||
CVE-1999-0603 | 2024-02-28 | 10.0 HIGH | N/A | ||
In Windows NT, an inappropriate user is a member of a group, e.g. Administrator, Backup Operators, Domain Admins, Domain Guests, Power Users, Print Operators, Replicators, System Operators, etc. | |||||
CVE-2002-0773 | 1 Hosting Controller | 1 Hosting Controller | 2024-02-28 | 10.0 HIGH | N/A |
imp_rootdir.asp for Hosting Controller allows remote attackers to copy or delete arbitrary files and directories via a direct request to imp_rootdir.asp and modifying parameters such as (1) ftp, (2) owwwPath, and (3) oftpPath. | |||||
CVE-2001-0407 | 1 Oracle | 1 Mysql | 2024-02-28 | 4.6 MEDIUM | N/A |
Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot). | |||||
CVE-2000-0094 | 1 Netbsd | 1 Netbsd | 2024-02-28 | 7.2 HIGH | N/A |
procfs in BSD systems allows local users to gain root privileges by modifying the /proc/pid/mem interface via a modified file descriptor for stderr. | |||||
CVE-2002-0071 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names. |