Total
266019 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2000-0853 | 1 Yabb | 1 Yabb | 2024-02-28 | 5.0 MEDIUM | N/A |
YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
CVE-1999-1135 | 1 Hp | 1 Hp-ux | 2024-02-28 | 7.2 HIGH | N/A |
Vulnerability in VUE 3.0 in HP 9.x allows local users to gain root privileges, as fixed by PHSS_4994 and PHSS_5438. | |||||
CVE-2003-1261 | 1 Globalscape | 1 Cuteftp | 2024-02-28 | 2.1 LOW | N/A |
Buffer overflow in CuteFTP 5.0 and 5.0.1 allows local users to cause a denial of service (crash) by copying a long URL into a clipboard. | |||||
CVE-2002-0723 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 7.5 HIGH | N/A |
Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the domain of a frame within a browser window, which allows remote attackers to read client files or invoke executable objects via the Object tag, aka "Cross Domain Verification in Object Tag." | |||||
CVE-2004-2090 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist. | |||||
CVE-2004-1809 | 1 Phpbb Group | 1 Phpbb | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) postdays parameter to viewtopic.php or (2) topicdays parameter to viewforum.php. | |||||
CVE-2003-0871 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 7.5 HIGH | N/A |
Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X Server 10.3 allows attackers to gain "unauthorized access to a system." | |||||
CVE-2001-1134 | 1 Xerox | 1 Docuprint N40 | 2024-02-28 | 5.0 MEDIUM | N/A |
Xerox DocuPrint N40 Printers allow remote attackers to cause a denial of service via malformed data, such as that produced by the Code Red worm. | |||||
CVE-2002-0878 | 1 Logisense | 2 Dns Manager System, Hawk-i | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the login form for LogiSense software including (1) Hawk-i Billing, (2) Hawk-i ASP and (3) DNS Manager allows remote attackers to bypass authentication via SQL code in the password field. | |||||
CVE-2003-0416 | 1 Bandmin | 1 Bandmin | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.cgi for Bandmin 1.4 allows remote attackers to insert arbitrary HTML or script via (1) the year parameter in a showmonth action, (2) the month parameter in a showmonth action, or (3) the host parameter in a showhost action. | |||||
CVE-2002-1922 | 1 Jelsoft | 1 Vbulletin | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in global.php in Jelsoft vBulletin 2.0.0 through 2.2.8 allows remote attackers to inject arbitrary web script or HTML via the (1) $scriptpath or (2) $url variables. | |||||
CVE-2003-1495 | 1 Hp | 3 Insight Management Suite, Insight Manager, Remote Diagnostics Enabling Agent | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in the non-SSL web agent in various HP Management Agent products allows local users or remote attackers to gain privileges or cause a denial of service via unknown attack vectors. | |||||
CVE-2004-0010 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.2 HIGH | N/A |
Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges. | |||||
CVE-2004-0583 | 3 Debian, Usermin, Webmin | 3 Debian Linux, Usermin, Webmin | 2024-02-28 | 5.0 MEDIUM | N/A |
The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords. | |||||
CVE-2002-0437 | 1 Stefan Frings | 1 Sms Server Tools | 2024-02-28 | 10.0 HIGH | N/A |
Smsd in SMS Server Tools (SMStools) before 1.4.8 allows remote attackers to execute arbitrary commands via shell metacharacters (backquotes) in message text, as described with the term "string format vulnerability" by some sources. | |||||
CVE-2002-0626 | 1 Polycom | 8 Viewstation 128, Viewstation 512, Viewstation Dcp and 5 more | 2024-02-28 | 10.0 HIGH | N/A |
Polycom ViewStation before 7.2.4 has a default null password for the administrator account, which allows arbitrary users to conduct unauthorized activities. | |||||
CVE-2000-0118 | 2 Redhat, Sun | 3 Linux, Solaris, Sunos | 2024-02-28 | 7.2 HIGH | N/A |
The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing. | |||||
CVE-2001-1296 | 1 Marc Logemann | 1 More.groupware | 2024-02-28 | 5.0 MEDIUM | N/A |
More.groupware PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | |||||
CVE-2004-0765 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2024-02-28 | 7.5 HIGH | N/A |
The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates. | |||||
CVE-2004-0231 | 4 Gentoo, Midnight Commander, Sgi and 1 more | 4 Linux, Midnight Commander, Propack and 1 more | 2024-02-28 | 2.1 LOW | N/A |
Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory creations." |