Total
266127 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2000-0492 | 1 Passwd | 1 Passwd | 2024-02-28 | 5.0 MEDIUM | N/A |
PassWD 1.2 uses weak encryption (trivial encoding) to store passwords, which allows an attacker who can read the password file to easliy decrypt the passwords. | |||||
CVE-1999-1492 | 1 Sgi | 1 Irix | 2024-02-28 | 7.2 HIGH | N/A |
Vulnerability in (1) diskperf and (2) diskalign in IRIX 6.4 allows local attacker to create arbitrary root owned files, leading to root privileges. | |||||
CVE-2003-0971 | 1 Gnu | 1 Privacy Guard | 2024-02-28 | 5.0 MEDIUM | N/A |
GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature. | |||||
CVE-2003-1231 | 1 Ecw-shop | 1 Ecw-shop | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | |||||
CVE-2002-2131 | 1 Perl-httpd | 1 Perl-httpd | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Perl-HTTPd before 1.0.2 allows remote attackers to view arbitrary files via a .. (dot dot) in an unknown argument. | |||||
CVE-2000-0434 | 1 Matthew Redman | 1 Allmanage | 2024-02-28 | 7.5 HIGH | N/A |
The administrative password for the Allmanage web site administration software is stored in plaintext in a file which could be accessed by remote attackers. | |||||
CVE-2003-0206 | 1 Gkrellm Newsticker | 1 Gkrellm Newsticker | 2024-02-28 | 5.0 MEDIUM | N/A |
gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attackers to cause a denial of service (crash) via (1) link or (2) title elements that contain multiple lines. | |||||
CVE-2002-1413 | 1 Novell | 1 Netware | 2024-02-28 | 7.5 HIGH | N/A |
RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, allows remote attackers to bypass authentication using the RconJ "Secure IP" (SSL) option during a connection. | |||||
CVE-2000-0498 | 1 Unify | 1 Ewave Servletexec | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. | |||||
CVE-2000-1207 | 1 Redhat | 1 Linux | 2024-02-28 | 7.2 HIGH | N/A |
userhelper in the usermode package on Red Hat Linux executes non-setuid programs as root, which does not activate the security measures in glibc and allows the programs to be exploited via format string vulnerabilities in glibc via the LANG or LC_ALL environment variables (CVE-2000-0844). | |||||
CVE-1999-0622 | 2024-02-28 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A component service related to DNS service is running. | |||||
CVE-2002-2031 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 5.0 MEDIUM | N/A |
Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag with a src parameter that references a non-JavaScript file, then using the onError event handler to monitor the results. | |||||
CVE-2001-1522 | 1 Francisco Burzi | 1 Php-nuke | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message. | |||||
CVE-1999-0592 | 2024-02-28 | 10.0 HIGH | N/A | ||
The Logon box of a Windows NT system displays the name of the last user who logged in. | |||||
CVE-2001-0800 | 1 Sgi | 1 Irix | 2024-02-28 | 10.0 HIGH | N/A |
lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute arbitrary commands via shell metacharacters. | |||||
CVE-2002-0875 | 2 Debian, Sgi | 3 Debian Linux, Fam, Irix | 2024-02-28 | 2.1 LOW | N/A |
Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group. | |||||
CVE-2002-2153 | 1 Oracle | 1 Application Server | 2024-02-28 | 7.5 HIGH | N/A |
Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 4.0.8 and 4.0.8 2 allows remote attackers to execute arbitrary code. | |||||
CVE-2001-0591 | 1 Oracle | 2 Application Server, Jsp | 2024-02-28 | 7.5 HIGH | N/A |
Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read or execute arbitrary .jsp files via a '..' (dot dot) attack. | |||||
CVE-1999-0128 | 5 Digital, Ibm, Linux and 2 more | 9 Osf 1, Aix, Sng and 6 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death. | |||||
CVE-2003-1162 | 1 Tritanium Scripts | 1 Tritanium Bulletin Board | 2024-02-28 | 5.0 MEDIUM | N/A |
index.php in Tritanium Bulletin Board 1.2.3 allows remote attackers to read and reply to arbitrary messages by modifying the thread_id, forum_id, and sid parameters. |