Total
266165 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2000-1158 | 1 Network Associates | 1 Sniffer Agent | 2024-02-28 | 7.5 HIGH | N/A |
NAI Sniffer Agent uses base64 encoding for authentication, which allows attackers to sniff the network and easily decrypt usernames and passwords. | |||||
CVE-2000-0695 | 1 Tech-source | 1 Raptor Gfx Pgx32 | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflows in pgxconfig in the Raptor GFX configuration tool allow local users to gain privileges via command line options. | |||||
CVE-2001-0034 | 1 Kth | 1 Kth Kerberos | 2024-02-28 | 7.2 HIGH | N/A |
KTH Kerberos IV allows local users to specify an alternate proxy using the krb4_proxy variable, which allows the user to generate false proxy responses and possibly gain privileges. | |||||
CVE-2001-0350 | 1 Microsoft | 1 Windows 2000 | 2024-02-28 | 4.6 MEDIUM | N/A |
Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability. | |||||
CVE-2002-1586 | 1 Sun | 2 Solaris, Sunos | 2024-02-28 | 2.1 LOW | N/A |
Solaris 2.5.1 through 9 allows local users to cause a denial of service (kernel panic) by setting the sd_struiowrq variable in the struioget function to null, which triggers a null dereference. | |||||
CVE-2001-1570 | 1 Microsoft | 1 Windows Xp | 2024-02-28 | 2.1 LOW | N/A |
Windows XP with fast user switching and account lockout enabled allows local users to deny user account access by setting the fast user switch to the same user (self) multiple times, which causes other accounts to be locked out. | |||||
CVE-2002-2289 | 1 Working Resources Inc. | 1 Badblue | 2024-02-28 | 5.0 MEDIUM | N/A |
soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows remote attackers to gain sensitive information including ODBC passwords. | |||||
CVE-2003-1395 | 1 Kazaa | 1 Kazaa Media Desktop | 2024-02-28 | 9.0 HIGH | N/A |
Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a response to the ad server. | |||||
CVE-1999-1072 | 1 Excite | 1 Ews | 2024-02-28 | 7.2 HIGH | N/A |
Excite for Web Servers (EWS) 1.1 allows local users to gain privileges by obtaining the encrypted password from the world-readable Architext.conf authentication file and replaying the encrypted password in an HTTP request to AT-generated.cgi or AT-admin.cgi. | |||||
CVE-2002-0887 | 1 Caldera | 1 Openserver | 2024-02-28 | 2.1 LOW | N/A |
scoadmin for Caldera/SCO OpenServer 5.0.5 and 5.0.6 allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using log files. | |||||
CVE-2000-0035 | 1 Great Circle Associates | 1 Majordomo | 2024-02-28 | 4.6 MEDIUM | N/A |
resend command in Majordomo allows local users to gain privileges via shell metacharacters. | |||||
CVE-2003-0448 | 1 Aboleo.net | 1 Portmon | 2024-02-28 | 3.6 LOW | N/A |
Portmon 1.7 and possibly earlier versions allows local users to read and write arbitrary files via the (1) -c (host file) or (2) -l (log file) command line options. | |||||
CVE-2004-1353 | 1 Sun | 2 Solaris, Sunos | 2024-02-28 | 7.2 HIGH | N/A |
Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role Based Access Control (RBAC), allows local users to execute certain commands with additional privileges. | |||||
CVE-2004-0069 | 1 Hd Soft | 1 Windows Ftp Server | 2024-02-28 | 7.5 HIGH | N/A |
Format string vulnerability in HD Soft Windows FTP Server 1.6 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username, which is processed by the wscanf function. | |||||
CVE-2003-1195 | 1 Vienuke | 1 Vieboard | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in getmember.asp in VieBoard 2.6 Beta 1 allows remote attackers to execute arbitrary SQL commands via the msn variable. | |||||
CVE-2003-1161 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.2 HIGH | N/A |
exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, was modified to contain a backdoor, which could allow local users to elevate their privileges by passing __WCLONE|__WALL to the sys_wait4 function. | |||||
CVE-2004-0324 | 1 Confirm | 1 Confirm | 2024-02-28 | 7.5 HIGH | N/A |
Confirm 0.62 and earlier could allow remote attackers to execute arbitrary code via an e-mail header that contains shell metacharacters such as ", `, |, ;, or $. | |||||
CVE-2003-0790 | 2024-02-28 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: the reported issue is not a vulnerability or exposure. Notes: This candidate was assigned to a "head-reading" bug in a component of fetchmail 6.2.4 and earlier, which was claimed to allow a denial of service. However, the bug is in a broken component of fetchmail that is not "reachable" by any execution path, so it cannot be triggered by any sort of attack and is not exploitable | |||||
CVE-2001-0960 | 2 Broadcom, Ca | 3 Arcserve Backup, Arcserve Backup 2000, Arcserve Backup 2000 | 2024-02-28 | 10.0 HIGH | N/A |
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 stores the backup agent user name and password in cleartext in the aremote.dmp file in the ARCSERVE$ hidden share, which allows local and remote attackers to gain privileges. | |||||
CVE-2004-1060 | 2 Icmp, Tcp | 2 Icmp, Tcp | 2024-02-28 | 5.0 MEDIUM | N/A |
Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities. |