Total
266037 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-0828 | 1 Ibm | 1 Aix | 2024-02-28 | 2.1 LOW | N/A |
The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and 5.3 does not properly drop privileges before executing the -f option, which allows local users to modify or create arbitrary files. | |||||
CVE-2001-0453 | 1 Brs | 1 Webweaver | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in BRS WebWeaver HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack in the (1) syshelp, (2) sysimages, or (3) scripts directories. | |||||
CVE-2000-0660 | 1 Alt-n | 1 Worldclient | 2024-02-28 | 5.0 MEDIUM | N/A |
The WDaemon web server for WorldClient 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
CVE-2002-2206 | 1 Symantec | 1 Norton Antivirus | 2024-02-28 | 7.8 HIGH | N/A |
The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001 allows local users to cause a denial of service (CPU consumption and crash) via a long username with multiple /localhost entries. | |||||
CVE-2000-0283 | 1 Sgi | 1 Irix | 2024-02-28 | 6.4 MEDIUM | N/A |
The default installation of IRIX Performance Copilot allows remote attackers to access sensitive system information via the pmcd daemon. | |||||
CVE-2001-0703 | 1 Arcadia | 1 Arcadia Internet Store | 2024-02-28 | 5.0 MEDIUM | N/A |
tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to cause a denial of service via a URL request with an MS-DOS device name in the template parameter. | |||||
CVE-2003-1290 | 1 Bea | 1 Weblogic Server | 2024-02-28 | 5.0 MEDIUM | N/A |
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI). | |||||
CVE-2004-0792 | 1 Andrew Tridgell | 1 Rsync | 2024-02-28 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files. | |||||
CVE-1999-1080 | 1 Sun | 1 Sunos | 2024-02-28 | 7.2 HIGH | N/A |
rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to gain root privileges by mounting a floppy or CD-ROM that contains a setuid program and running volcheck, when the file systems do not have the nosuid option specified in rmmount.conf. | |||||
CVE-2002-1740 | 1 Alt-n | 2 Mdaemon, Worldclient | 2024-02-28 | 2.1 LOW | N/A |
Buffer overflow in WorldClient.cgi in WorldClient in Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to execute arbitrary code via a long folder name (NewFolder parameter). | |||||
CVE-2002-1717 | 1 Microsoft | 1 Internet Information Services | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft Internet Information Server (IIS) 5.1 allows remote attackers to view path information via a GET request to (1) /_vti_pvt/access.cnf, (2) /_vti_pvt/botinfs.cnf, (3) /_vti_pvt/bots.cnf, or (4) /_vti_pvt/linkinfo.cnf. | |||||
CVE-2004-0109 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.6 MEDIUM | N/A |
Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry. | |||||
CVE-1999-0756 | 1 Allaire | 1 Coldfusion Server | 2024-02-28 | 5.0 MEDIUM | N/A |
ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility. | |||||
CVE-2004-1189 | 1 Mit | 1 Kerberos 5 | 2024-02-28 | 7.2 HIGH | N/A |
The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow authenticated users to execute arbitrary code via a heap-based buffer overflow. | |||||
CVE-2004-1862 | 1 Xmb Forum | 1 Xmb | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Extreme Messageboard (XMB) 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) xmbuser parameter to xmb.php, (2) folder parameter to u2u.php, (3) viewmost, replymost, or latest parameter to stats.php, (4) message or icons parameter to post.php, (5) threadlist, pagelinks, forumlist, navigation, or (6) forumdisplay parameter to forumdisplay.php. | |||||
CVE-2003-0976 | 1 Novell | 1 Netware | 2024-02-28 | 7.5 HIGH | N/A |
NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce sys:\etc\exports when hostname aliases from sys:etc\hosts file are used, which could allow users to mount file systems when XNFS should deny the host. | |||||
CVE-1999-0511 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-02-28 | 7.5 HIGH | N/A |
IP forwarding is enabled on a machine which is not a router or firewall. | |||||
CVE-2001-1430 | 1 Cayman | 1 3220-h Dsl Router | 2024-02-28 | 7.5 HIGH | N/A |
Cayman 3220-H DSL Router 1.0 ship without a password set, which allows remote attackers to gain unauthorized access. | |||||
CVE-2001-0107 | 1 Symantec Veritas | 1 Backup | 2024-02-28 | 5.0 MEDIUM | N/A |
Veritas Backup agent on Linux allows remote attackers to cause a denial of service by establishing a connection without sending any data, which causes the process to hang. | |||||
CVE-2000-0092 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2024-02-28 | 6.2 MEDIUM | N/A |
The BSD make program allows local users to modify files via a symlink attack when the -j option is being used. |