Total
266170 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-0268 | 2 Netbsd, Openbsd | 2 Netbsd, Openbsd | 2024-02-28 | 7.2 HIGH | N/A |
The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table (LDT) with a target that specifies an arbitrary kernel address. | |||||
CVE-2001-0474 | 2 Brian Paul, Mandrakesoft | 2 Mesa, Mandrake Linux | 2024-02-28 | 2.1 LOW | N/A |
Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/glxmemory file. | |||||
CVE-2004-0303 | 1 Fools Workshop | 1 Owls Workshop | 2024-02-28 | 5.0 MEDIUM | N/A |
OWLS 1.0 allows remote attackers to retrieve arbitrary files via absolute pathnames in (1) the file parameter in /glossaries/index.php, (2) the filename parameter in /readings/index.php, or (3) the filename parameter in /multiplechoice/resultsignore.php, as demonstrated using /etc/passwd. | |||||
CVE-2004-2186 | 1 Mediawiki | 1 Mediawiki | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance. | |||||
CVE-2003-0047 | 1 Van Dyke Technologies | 3 Entunnel, Securecrt, Securefx | 2024-02-28 | 4.6 MEDIUM | N/A |
SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials. | |||||
CVE-2001-1372 | 1 Oracle | 1 Application Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message. | |||||
CVE-1999-0703 | 3 Bsdi, Freebsd, Openbsd | 3 Bsd Os, Freebsd, Openbsd | 2024-02-28 | 3.6 LOW | N/A |
OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices. | |||||
CVE-2003-1060 | 1 Sun | 2 Solaris, Sunos | 2024-02-28 | 5.0 MEDIUM | N/A |
The NFS Server for Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (UFS panic) via certain invalid UFS requests, which triggers a null dereference. | |||||
CVE-2004-1841 | 1 Ms Analysis | 1 Website Traffic Analyzer | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL via the referer field in an HTTP request. | |||||
CVE-2004-0444 | 1 Symantec | 5 Client Firewall, Client Security, Norton Antispam and 2 more | 2024-02-28 | 10.0 HIGH | N/A |
Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall 2002 through 2004, Norton AntiSpam 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 through 2.0 allow remote attackers to cause a denial of service or execute arbitrary code via (1) a manipulated length byte in the first-level decoding routine for NetBIOS Name Service (NBNS) that modifies an index variable and leads to a stack-based buffer overflow, (2) a heap-based corruption problem in an NBNS response that is missing certain RR fields, and (3) a stack-based buffer overflow in the DNS component via a Resource Record (RR) with a long canonical name (CNAME) field composed of many smaller components. | |||||
CVE-2004-1608 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in SalesLogix 6.1 allows remote attackers to execute arbitrary SQL statements via the id parameter in a view operation. | |||||
CVE-1999-0591 | 2024-02-28 | 10.0 HIGH | N/A | ||
An event log in Windows NT has inappropriate access permissions. | |||||
CVE-2000-0398 | 1 Rockliffe | 1 Mailsite | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in wconsole.dll in Rockliffe MailSite Management Agent allows remote attackers to execute arbitrary commands via a long query_string parameter in the HTTP GET request. | |||||
CVE-2000-1220 | 2 Redhat, Sgi | 2 Linux, Irix | 2024-02-28 | 10.0 HIGH | N/A |
The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file. | |||||
CVE-1999-0497 | 2024-02-28 | N/A | N/A | ||
Anonymous FTP is enabled. | |||||
CVE-2001-1495 | 1 Freshmeat | 2 Network Query Tool, Network Query Tool Phpnuke | 2024-02-28 | 7.5 HIGH | N/A |
network_query.php in Network Query Tool 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the target parameter. | |||||
CVE-2002-2203 | 1 Sun | 2 Solaris, Sunos | 2024-02-28 | 4.9 MEDIUM | N/A |
Unknown vulnerability in the System Serial Console terminal in Solaris 2.5.1, 2.6, and 7 allows local users to monitor keystrokes and possibly steal sensitive information. | |||||
CVE-2002-0137 | 1 Andreas Mueller | 1 Cdrdao | 2024-02-28 | 7.2 HIGH | N/A |
CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files via a symlink attack on the $HOME/.cdrdao configuration file. | |||||
CVE-2002-0310 | 1 Netwin | 1 Webnews | 2024-02-28 | 7.5 HIGH | N/A |
Netwin WebNews 1.1k CGI program includes several default usernames and cleartext passwords that cannot be deleted by the administrator, which allows remote attackers to gain privileges via the username/password combinations (1) testweb/newstest, (2) alwn3845/imaptest, (3) alwi3845/wtest3452, or (4) testweb2/wtest4879. | |||||
CVE-2004-0050 | 1 Verity | 1 Ultraseek | 2024-02-28 | 5.0 MEDIUM | N/A |
Verity Ultraseek before 5.2.2 allows remote attackers to obtain the full pathname of the document root via an MS-DOS device name in the web search option, such as (1) NUL, (2) CON, (3) AUX, (4) COM1, (5) COM2, and others. |