Total
266161 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-1353 | 1 Aladdin Enterprises | 1 Ghostscript | 2024-02-28 | 2.6 LOW | N/A |
ghostscript before 6.51 allows local users to read and write arbitrary files as the 'lp' user via the file operator, even with -dSAFER enabled. | |||||
CVE-2001-0501 | 1 Microsoft | 1 Word | 2024-02-28 | 4.6 MEDIUM | N/A |
Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner. | |||||
CVE-1999-1158 | 1 Sun | 1 Sunos | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in (1) pluggable authentication module (PAM) on Solaris 2.5.1 and 2.5 and (2) unix_scheme in Solaris 2.4 and 2.3 allows local users to gain root privileges via programs that use these modules such as passwd, yppasswd, and nispasswd. | |||||
CVE-1999-0941 | 1 Mutt | 1 Mutt | 2024-02-28 | 7.5 HIGH | N/A |
Mutt mail client allows a remote attacker to execute commands via shell metacharacters. | |||||
CVE-2002-1630 | 1 Oracle | 1 Application Server | 2024-02-28 | 7.5 HIGH | N/A |
The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) allows remote attackers to send arbitrary emails. | |||||
CVE-1999-0479 | 2 Hp, Netscape | 2 Hp-ux, Enterprise Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Denial of service Netscape Enterprise Server with VirtualVault on HP-UX VVOS systems. | |||||
CVE-2004-2198 | 1 Duware | 1 Duclassmate | 2024-02-28 | 6.4 MEDIUM | N/A |
account.asp in DUware DUclassmate 1.0 through 1.1 allows remote attackers to change the passwords for arbitrary users by modifying the MM_recordId parameter on the "My Account" page. | |||||
CVE-2004-1399 | 1 Opentools | 1 Attachment Mod | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the Attachment module 2.3.10 and earlier for phpBB allows remote attackers to read arbitrary files via a .. (dot dot) in the filename. | |||||
CVE-2002-2269 | 1 Webster | 1 Webster Http Server | 2024-02-28 | 9.4 HIGH | N/A |
Directory traversal vulnerability in Webster HTTP Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | |||||
CVE-2002-0416 | 1 Sh39 | 1 Mailserver | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in SH39 MailServer 1.21 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long command to the SMTP port. | |||||
CVE-2000-0622 | 1 Oreilly | 1 Website Professional | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in Webfind CGI program in O'Reilly WebSite Professional web server 2.x allows remote attackers to execute arbitrary commands via a URL containing a long "keywords" parameter. | |||||
CVE-2002-1790 | 1 Microsoft | 3 Exchange Server, Internet Information Server, Internet Information Services | 2024-02-28 | 5.0 MEDIUM | N/A |
The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682. | |||||
CVE-2003-0133 | 1 Gnome | 1 Gtkhtml | 2024-02-28 | 5.0 MEDIUM | N/A |
GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages. | |||||
CVE-2003-1510 | 1 Rit Research Labs | 1 Tinyweb | 2024-02-28 | 7.8 HIGH | N/A |
TinyWeb 1.9 allows remote attackers to cause a denial of service (CPU consumption) via a ".%00." in an HTTP GET request to the cgi-bin directory. | |||||
CVE-2004-0551 | 1 Cisco | 24 Catalyst 2901, Catalyst 2902, Catalyst 2926 and 21 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and 8.3(2)GLX, as used in Catalyst switches, allows remote attackers to cause a denial of service (system crash and reload) by sending invalid packets instead of the final ACK portion of the three-way handshake to the (1) Telnet, (2) HTTP, or (3) SSH services, aka "TCP-ACK DoS attack." | |||||
CVE-2002-0077 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 7.5 HIGH | N/A |
Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the "Local Executable Invocation via Object tag" vulnerability. | |||||
CVE-2000-0520 | 1 Stelian | 1 Pop Dump | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in restore program 0.4b17 and earlier in dump package allows local users to execute arbitrary commands via a long tape name. | |||||
CVE-2003-0805 | 1 University Of Minnesota | 1 Gopherd | 2024-02-28 | 7.5 HIGH | N/A |
Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a result of a LIST command, and (2) the GSisText function, which calculates the view-type. | |||||
CVE-2002-0375 | 1 Ecometry | 1 Sgdynamo | 2024-02-28 | 5.0 MEDIUM | N/A |
Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows remote attackers to execute arbitrary Javascript via a URL with the script in the HTNAME parameter. | |||||
CVE-2004-0783 | 1 Gnome | 2 Gdkpixbuf, Gtk | 2024-02-28 | 7.5 HIGH | N/A |
Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688). |