Total
266166 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2000-0570 | 1 Centrinity | 1 Firstclass Intranet Server | 2024-02-28 | 5.0 MEDIUM | N/A |
FirstClass Internet Services server 5.770, and other versions before 6.1, allows remote attackers to cause a denial of service by sending an email with a long To: mail header. | |||||
CVE-2002-2325 | 1 University Of Washington | 1 Pine | 2024-02-28 | 7.8 HIGH | N/A |
The c-client library in Internet Message Access Protocol (IMAP) dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service (client crash) via a MIME-encoded email with Content-Type header containing an empty boundary field. | |||||
CVE-1999-1153 | 1 Hamcards Postcard Cgi | 1 Hamcards Postcard Cgi | 2024-02-28 | 7.5 HIGH | N/A |
HAMcards Postcard CGI script 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address. | |||||
CVE-2004-0250 | 1 Photopost | 1 Photopost Php Pro | 2024-02-28 | 10.0 HIGH | N/A |
SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain privileges via (1) the product parameter in showproduct.php or (2) the cat parameter in showcat.php. | |||||
CVE-2002-0251 | 1 Licq | 1 Licq | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in licq 1.0.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string of format string characters such as "%d". | |||||
CVE-2004-2244 | 1 Oracle | 2 Application Server, Oracle9i | 2024-02-28 | 5.0 MEDIUM | N/A |
The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service (CPU and memory consumption) via a SOAP message containing a crafted DTD. | |||||
CVE-2001-0763 | 2 Debian, Suse | 2 Debian Linux, Suse Linux | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response, which is not properly handled by the svc_logprint function. | |||||
CVE-2001-0308 | 1 Bajie | 1 Java Http Server | 2024-02-28 | 7.5 HIGH | N/A |
UploadServlet in Bajie HTTP JServer 0.78, and possibly other versions before 0.80, allows remote attackers to execute arbitrary commands by calling the servlet to upload a program, then using a ... (modified ..) to access the file that was created for the program. | |||||
CVE-2002-0175 | 1 Avaya | 1 Libsafe | 2024-02-28 | 4.6 MEDIUM | N/A |
libsafe 2.0-11 and earlier allows attackers to bypass protection against format string vulnerabilities via format strings that use the "'" and "I" characters, which are implemented in libc but not libsafe. | |||||
CVE-2004-2178 | 1 Devoybb | 1 Devoybb Web Forum | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
CVE-1999-1331 | 1 Redhat | 1 Linux | 2024-02-28 | 2.1 LOW | N/A |
netcfg 2.16-1 in Red Hat Linux 4.2 allows the Ethernet interface to be controlled by users on reboot when an option is set, which allows local users to cause a denial of service by shutting down the interface. | |||||
CVE-2001-0100 | 1 Brian Stanback | 1 Bslist.cgi | 2024-02-28 | 10.0 HIGH | N/A |
bslist.cgi mailing list script allows remote attackers to execute arbitrary commands via shell metacharacters in the email address. | |||||
CVE-2004-1872 | 1 Webct | 1 Webct | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in WebCT Campus Edition 4.1.1.5 allows remote attackers to inject arbitrary web script or HTML via the @import URL function in a CSS style tag. | |||||
CVE-2002-0740 | 1 Slrn Development Team | 1 Slrn | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in slrnpull for the SLRN package, when installed setuid or setgid, allows local users to gain privileges via a long -d (SPOOLDIR) argument. | |||||
CVE-2001-0774 | 1 Tripwire | 1 Tripwire | 2024-02-28 | 4.6 MEDIUM | N/A |
Tripwire 1.3.1, 2.2.1 and 2.3.0 allows local users to overwrite arbitrary files and possible gain privileges via a symbolic link attack on temporary files. | |||||
CVE-2002-0734 | 1 Michel Valdrighi | 1 B2 | 2024-02-28 | 7.5 HIGH | N/A |
b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets the $b2inc variable to point to a malicious program stored on a remote server. | |||||
CVE-2004-0304 | 1 Webcortex | 1 Webstores 2000 | 2024-02-28 | 10.0 HIGH | N/A |
SQL injection vulnerability in browse_items.asp in WebCortex WebStores 2000 6.0 allows remote attackers to gain unauthorized access and execute arbitrary commands via the Search_Text parameter. | |||||
CVE-2001-0148 | 1 Microsoft | 1 Windows Media Player | 2024-02-28 | 7.5 HIGH | N/A |
The WMP ActiveX Control in Windows Media Player 7 allows remote attackers to execute commands in Internet Explorer via javascript URLs, a variant of the "Frame Domain Verification" vulnerability. | |||||
CVE-1999-1024 | 1 Lbl | 1 Tcpdump | 2024-02-28 | 7.5 HIGH | N/A |
ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a denial of service via a packet with a zero length header, which causes an infinite loop and core dump when tcpdump prints the packet. | |||||
CVE-2002-0013 | 1 Snmp | 1 Snmp | 2024-02-28 | 10.0 HIGH | N/A |
Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. |