Total
266158 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0303 | 1 Id Software | 1 Quake 3 Arena | 2024-02-28 | 6.4 MEDIUM | N/A |
| Quake3 Arena allows malicious server operators to read or modify files on a client via a dot dot (..) attack. | |||||
| CVE-2000-0733 | 1 Sgi | 1 Irix | 2024-02-28 | 10.0 HIGH | N/A |
| Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans user-injected format strings, which allows remote attackers to execute arbitrary commands via a long RLD variable in the IAC-SB-TELOPT_ENVIRON request. | |||||
| CVE-2001-0497 | 1 Isc | 1 Bind | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates. | |||||
| CVE-2001-0920 | 1 Patrick Schemitz | 1 Autonice Daemon | 2024-02-28 | 6.2 MEDIUM | N/A |
| Format string vulnerability in auto nice daemon (AND) 1.0.4 and earlier allows a local user to possibly execute arbitrary code via a process name containing a format string. | |||||
| CVE-1999-0236 | 2 Apache, Illinois | 2 Http Server, Ncsa Httpd | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. | |||||
| CVE-2004-1543 | 1 Korweblog | 1 Korweblog | 2024-02-28 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in viewimg.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the path parameter. | |||||
| CVE-2000-0064 | 1 Nortel | 1 Contivity | 2024-02-28 | 5.0 MEDIUM | N/A |
| cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to cause a denial of service via a malformed URL that includes shell metacharacters. | |||||
| CVE-2003-0589 | 1 Digi-fx | 1 Digi-news | 2024-02-28 | 10.0 HIGH | N/A |
| admin.php in Digi-ads 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password. | |||||
| CVE-2002-1250 | 1 Abuse | 1 Abuse | 2024-02-28 | 7.2 HIGH | N/A |
| Buffer overflow in Abuse 2.00 and earlier allows local users to gain root privileges via a long -net command line argument. | |||||
| CVE-2002-0379 | 1 University Of Washington | 1 Uw-imap | 2024-02-28 | 7.5 HIGH | N/A |
| Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request. | |||||
| CVE-2003-0078 | 3 Freebsd, Openbsd, Openssl | 3 Freebsd, Openbsd, Openssl | 2024-02-28 | 5.0 MEDIUM | N/A |
| ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack." | |||||
| CVE-2002-1570 | 1 Ucd-snmp | 1 Ucd-snmp | 2024-02-28 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and earlier, and net-snmp, allows remote attackers to execute arbitrary code via multiple getnextrequest PDU messages with conflicting ifindex variables, which cause snmpnetstat to write variable data past the end of an array. | |||||
| CVE-1999-1043 | 1 Microsoft | 1 Exchange Server | 2024-02-28 | 5.0 MEDIUM | N/A |
| Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) malformed NNTP data, or (2) malformed SMTP data, which allows remote attackers to cause a denial of service (application error). | |||||
| CVE-2000-0461 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2024-02-28 | 2.1 LOW | N/A |
| The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call. | |||||
| CVE-2004-2108 | 1 Quadcomm | 1 Q-shop | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote attackers to execute arbitrary SQL commands via certain parameters to (1) search.asp, (2) browse.asp, (3) details.asp, (4) showcat.asp, (5) users.asp, (6) addtomylist.asp, (7) modline.asp, (8) cart.asp, or (9) newuser.asp. | |||||
| CVE-1999-1140 | 1 Alec Muffet | 1 Cracklib | 2024-02-28 | 7.2 HIGH | N/A |
| Buffer overflow in CrackLib 2.5 may allow local users to gain root privileges via a long GECOS field. | |||||
| CVE-2001-0220 | 2 Ja-elvis, Ko-helvis | 2 Ja-elvis, Ko-helvis | 2024-02-28 | 7.2 HIGH | N/A |
| Buffer overflow in ja-elvis and ko-helvis ports of elvis allow local users to gain root privileges. | |||||
| CVE-2002-0037 | 1 Ibm | 1 Lotus Domino Server | 2024-02-28 | 7.5 HIGH | N/A |
| Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass the intended Reader and Author access list for a document's object via a Notes API call (NSFDbReadObject) that directly accesses the object. | |||||
| CVE-2003-0252 | 1 Linux-nfs | 1 Nfs-utils | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines. | |||||
| CVE-2002-1796 | 1 Hp | 5 Chaivm Ezloader, Laserjet 4100, Laserjet 4500 and 2 more | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services. | |||||