Total
266166 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-1060 | 2 Icmp, Tcp | 2 Icmp, Tcp | 2024-02-28 | 5.0 MEDIUM | N/A |
Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities. | |||||
CVE-2002-1982 | 1 Icecast | 1 Icecast | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the list_directory function in Icecast 1.3.12 allows remote attackers to determine if a directory exists via a .. (dot dot) in the GET request, which returns different error messages depending on whether the directory exists or not. | |||||
CVE-2002-1518 | 1 Sgi | 1 Irix | 2024-02-28 | 3.6 LOW | N/A |
mv in IRIX 6.5 creates a directory with world-writable permissions while moving a directory, which could allow local users to modify files and directories. | |||||
CVE-1999-0349 | 1 Microsoft | 1 Internet Information Server | 2024-02-28 | 7.5 HIGH | N/A |
A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands. | |||||
CVE-1999-1311 | 1 Hp | 1 Hp-ux | 2024-02-28 | 4.6 MEDIUM | N/A |
Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows local users to bypass authentication and gain privileges. | |||||
CVE-2004-1953 | 1 Phprofession | 1 Phprofession | 2024-02-28 | 5.0 MEDIUM | N/A |
phProfession 2.5 allows remote attackers to gain sensitive information via a direct HTTP request to upload.php, which reveals the path in a PHP error message. | |||||
CVE-1999-0508 | 2024-02-28 | 4.6 MEDIUM | N/A | ||
An account on a router, firewall, or other network device has a default, null, blank, or missing password. | |||||
CVE-2002-2313 | 1 Qualcomm | 1 Eudora | 2024-02-28 | 8.8 HIGH | N/A |
Eudora email client 5.1.1, with "use Microsoft viewer" enabled, allows remote attackers to execute arbitrary programs via an HTML email message containing a META refresh tag that references an embedded .mhtml file with ActiveX controls that execute a second embedded program, which is processed by Internet Explorer. | |||||
CVE-1999-0104 | 4 Caldera, Hp, Microsoft and 1 more | 5 Openlinux, Hp-ux, Windows 95 and 2 more | 2024-02-28 | 5.0 MEDIUM | N/A |
A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2. | |||||
CVE-1999-1176 | 2 Aaron Ledbetter, Jidentd | 2 Cidentd, Jidentd | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in cidentd ident daemon allows local users to gain root privileges via a long line in the .authlie script. | |||||
CVE-2004-0295 | 1 Transsoft | 1 Broker Ftp Server | 2024-02-28 | 5.0 MEDIUM | N/A |
TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a denial of service (CPU consumption) via an open idle connection. | |||||
CVE-2000-0573 | 1 Hp | 1 Hp-ux | 2024-02-28 | 10.0 HIGH | N/A |
The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command. | |||||
CVE-2004-1643 | 1 Progress | 1 Ws Ftp Server | 2024-02-28 | 5.0 MEDIUM | N/A |
WS_FTP 5.0.2 allows remote authenticated users to cause a denial of service (CPU consumption) via a CD command that contains an invalid path with a "../" sequence. | |||||
CVE-2002-0108 | 1 Allaire | 1 Forums | 2024-02-28 | 7.5 HIGH | N/A |
Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote authenticated users to spoof messages as other users by modifying the hidden form fields for the name and e-mail address. | |||||
CVE-2000-0313 | 1 Openbsd | 1 Openbsd | 2024-02-28 | 4.6 MEDIUM | N/A |
Vulnerability in OpenBSD 2.6 allows a local user to change interface media configurations. | |||||
CVE-2002-1377 | 1 Vim Development Group | 1 Vim | 2024-02-28 | 4.6 MEDIUM | N/A |
vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt. | |||||
CVE-2004-0349 | 1 Gweb | 1 Gweb Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in GWeb HTTP Server 0.6 allows remote attackers to view arbitrary files via a .. (dot dot) in the URL. | |||||
CVE-2004-1466 | 1 Gallery Project | 1 Gallery | 2024-02-28 | 7.5 HIGH | N/A |
The set_time_limit function in Gallery before 1.4.4_p2 deletes non-image files in a temporary directory every 30 seconds after they have been uploaded using save_photos.php, which allows remote attackers to upload and execute execute arbitrary scripts before they are deleted, if the temporary directory is under the web root. | |||||
CVE-1999-1115 | 1 Hp | 1 Apollo Domain Os | 2024-02-28 | 7.2 HIGH | N/A |
Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS sr10.2 and sr10.3 beta, related to the Korn Shell (ksh). | |||||
CVE-2004-1960 | 1 Protector System | 1 Protector System | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in blocker_query.php in Protector System 1.15b1 allows remote attackers to inject arbitrary web script or HTML via the (1) target or (2) portNum parameters. |