Total
266153 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0805 | 1 Checkpoint | 1 Firewall-1 | 2024-02-28 | 7.5 HIGH | N/A |
| Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits encapsulated FWS packets, even if they do not come from a valid FWZ client, aka "Retransmission of Encapsulated Packets." | |||||
| CVE-2003-0140 | 1 Mutt | 1 Mutt | 2024-02-28 | 7.5 HIGH | N/A |
| Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder. | |||||
| CVE-2004-2256 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-02-28 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang (language) variable. | |||||
| CVE-2001-0229 | 1 Sun | 1 Chilisoft | 2024-02-28 | 7.2 HIGH | N/A |
| Chili!Soft ASP for Linux before 3.6 does not properly set group privileges when running in inherited mode, which could allow attackers to gain privileges via malicious scripts. | |||||
| CVE-2001-1189 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 4.6 MEDIUM | N/A |
| IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script. | |||||
| CVE-2000-0112 | 1 Debian | 1 Debian Linux | 2024-02-28 | 7.2 HIGH | N/A |
| The default installation of Debian GNU/Linux uses an insecure Master Boot Record (MBR) which allows a local user to boot from a floppy disk during the installation. | |||||
| CVE-2004-2122 | 1 Intra Forum | 1 Intra Forum | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra Forum allows remote attackers to inject arbitrary web script or HTML via the (1) use_last_read or (2) forum parameters. | |||||
| CVE-2003-0366 | 1 Lysator | 1 Lyskom-server | 2024-02-28 | 5.0 MEDIUM | N/A |
| lyskom-server 2.0.7 and earlier allows unauthenticated users to cause a denial of service (CPU consumption) via a large query. | |||||
| CVE-2002-0526 | 1 Inn | 1 Inn | 2024-02-28 | 7.2 HIGH | N/A |
| Vulnerability in (1) inews or (2) rnews for INN 2.2.3 and earlier, related to insecure open() calls. | |||||
| CVE-2003-1235 | 1 Brs | 1 Webweaver | 2024-02-28 | 5.0 MEDIUM | N/A |
| BRW WebWeaver 1.03 allows remote attackers to obtain sensitive server environment information via a URL request for testcgi.exe, which lists the values of environment variables and the current working directory. | |||||
| CVE-2000-0830 | 1 Microsoft | 1 Webtv | 2024-02-28 | 5.0 MEDIUM | N/A |
| annclist.exe in webTV for Windows allows remote attackers to cause a denial of service by via a large, malformed UDP packet to ports 22701 through 22705. | |||||
| CVE-2003-0789 | 1 Apache | 1 Http Server | 2024-02-28 | 10.0 HIGH | N/A |
| mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client. | |||||
| CVE-2002-1946 | 1 Tata | 1 Integrated Dialer | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software 1.2.000, when the "Save Password" option is used, stores the password with a weak encryption scheme (one-to-one mapping) in a registry key, which allows local users to obtain and decrypt the password. | |||||
| CVE-2003-1490 | 1 Sonicwall | 3 Pro100, Pro200, Pro300 | 2024-02-28 | 7.8 HIGH | N/A |
| SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow. | |||||
| CVE-1999-1428 | 1 Sun | 1 Solstice Adminsuite | 2024-02-28 | 6.2 MEDIUM | N/A |
| Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local users to gain privileges via the save option in the Database Manager, which is running with setgid bin privileges. | |||||
| CVE-2004-1419 | 1 Zeroboard | 1 Zeroboard | 2024-02-28 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) _zb_path parameter to outlogin.php or (2) dir parameter to write.php to reference a URL on a remote web server that contains the code. | |||||
| CVE-2000-0413 | 1 Microsoft | 3 Frontpage, Internet Information Server, Internet Information Services | 2024-02-28 | 5.0 MEDIUM | N/A |
| The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path. | |||||
| CVE-2004-1797 | 1 Freznoshop | 1 Freznoshop | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php for FreznoShop 1.3.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
| CVE-2004-1873 | 1 Alan Ward | 1 A-cart | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category.asp in A-CART Pro and A-CART 2.0 allows remote attackers to gain privileges via the catcode parameter. | |||||
| CVE-2002-2331 | 1 Cascadesoft | 1 W3mail | 2024-02-28 | 5.8 MEDIUM | N/A |
| W3Mail 1.0.2 through 1.0.5 with server side scripting (SSI) enabled in the attachments directory does not properly restrict the types of files that can be uploaded as attachments, which allows remote attackers to execute arbitrary code by sending code in MIME attachments, then requesting the attachments. | |||||