Total
266139 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-1954 | 1 Phprofession | 1 Phprofession | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in modules.php in phProfession 2.5 allows remote attackers to inject arbitrary web script or HTML via the jcode parameter. | |||||
CVE-2003-0003 | 1 Microsoft | 4 Windows 2000, Windows 2000 Terminal Services, Windows Nt and 1 more | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information. | |||||
CVE-2003-0083 | 1 Apache | 1 Http Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020. | |||||
CVE-2000-0900 | 1 Acme Labs | 1 Thttpd | 2024-02-28 | 7.5 HIGH | N/A |
Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack. | |||||
CVE-2003-1286 | 1 Sambar | 1 Sambar Server | 2024-02-28 | 7.5 HIGH | N/A |
HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks a 127.0.0.1 proxydeny entry, allows remote attackers to send proxy HTTP requests to the Sambar Server's administrative interface and external web servers, by making a "Connection: keep-alive" request before the proxy requests. | |||||
CVE-2000-0371 | 1 Kde | 1 Kde | 2024-02-28 | 1.2 LOW | N/A |
The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack. | |||||
CVE-2001-0714 | 1 Sendmail | 1 Sendmail | 2024-02-28 | 2.1 LOW | N/A |
Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to cause a denial of service (data loss) by (1) setting a high initial message hop count option (-h), which causes Sendmail to drop queue entries, (2) via the -qR option, or (3) via the -qS option. | |||||
CVE-2001-0562 | 1 Drummond Miles | 1 A1stats | 2024-02-28 | 7.5 HIGH | N/A |
a1disp.cgi program in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to execute commands via a specially crafted URL which includes shell metacharacters. | |||||
CVE-2002-0389 | 1 Gnu | 1 Mailman | 2024-02-28 | 2.1 LOW | N/A |
Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives. | |||||
CVE-2003-0519 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 5.0 MEDIUM | N/A |
Certain versions of Internet Explorer 5 and 6, in certain Windows environments, allow remote attackers to cause a denial of service (freeze) via a URL to C:\aux (MS-DOS device name) and possibly other devices. | |||||
CVE-1999-1580 | 2 Sendmail, Sun | 2 Sendmail, Sunos | 2024-02-28 | 7.2 HIGH | N/A |
SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option. | |||||
CVE-2002-1665 | 1 Yahoo | 1 Messenger | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in Yahoo! Messenger before February 2002 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long set_buddygrp field. | |||||
CVE-1999-0690 | 2 Cde, Hp | 2 Cde, Hp-ux | 2024-02-28 | 7.2 HIGH | N/A |
HP CDE program includes the current directory in root's PATH variable. | |||||
CVE-2002-1195 | 1 Gabriele Bartolini | 1 Ht Check | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting vulnerability (XSS) in the PHP interface for ht://Check 1.1 allows remote web servers to insert arbitrary HTML, including script, via a web page. | |||||
CVE-2003-0121 | 1 Clearswift | 1 Mailsweeper | 2024-02-28 | 7.5 HIGH | N/A |
Clearswift MAILsweeper 4.x allows remote attackers to bypass attachment detection via an attachment that does not specify a MIME-Version header field, which is processed by some mail clients. | |||||
CVE-2002-1699 | 1 Pascal Michaud | 1 Asp Client Check | 2024-02-28 | 10.0 HIGH | N/A |
SQL injection vulnerability in ASP Client Check (ASPCC) 1.3 and 1.5 allows remote attackers to bypass authentication and gain unauthorized access via the password field. | |||||
CVE-2000-0159 | 1 Hp | 1 Hp-ux | 2024-02-28 | 7.5 HIGH | N/A |
HP Ignite-UX does not save /etc/passwd when it creates an image of a trusted system, which can set the password field to a blank and allow an attacker to gain privileges. | |||||
CVE-2000-0595 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 4.6 MEDIUM | N/A |
libedit searches for the .editrc file in the current directory instead of the user's home directory, which may allow local users to execute arbitrary commands by installing a modified .editrc in another directory. | |||||
CVE-2001-1327 | 1 Berkeley Softworks | 1 Pmake | 2024-02-28 | 4.6 MEDIUM | N/A |
pmake before 2.1.35 in Turbolinux 6.05 and earlier is installed with setuid root privileges, which could allow local users to gain privileges by exploiting vulnerabilities in pmake or programs that are used by pmake. | |||||
CVE-2003-0615 | 3 Cgi.pm, Debian, Openpkg | 3 Cgi.pm, Debian Linux, Openpkg | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter. |