Total
265929 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0285 | 1 Microsoft | 1 Outlook Express | 2024-02-28 | 7.5 HIGH | N/A |
Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers. | |||||
CVE-2001-0101 | 1 Fetchmail | 1 Fetchmail | 2024-02-28 | 10.0 HIGH | N/A |
Vulnerability in fetchmail 5.5.0-2 and earlier in the AUTHENTICATE GSSAPI command. | |||||
CVE-2003-1109 | 1 Cisco | 4 Ios, Ip Phone 7940, Ip Phone 7960 and 1 more | 2024-02-28 | 7.5 HIGH | N/A |
The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. | |||||
CVE-2002-0842 | 1 Oracle | 1 Application Server | 2024-02-28 | 7.5 HIGH | N/A |
Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code via a destination URI that forces a "502 Bad Gateway" response, which causes the format string specifiers to be returned from dav_lookup_uri() in mod_dav.c, which is then used in a call to ap_log_rerror(). | |||||
CVE-2004-1845 | 1 Expinion.net | 1 News Manager Lite | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in News Manager Lite 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to comment_add.asp, (2) search parameter to search.asp, or (3) n parameter to category_news_headline.asp. | |||||
CVE-2000-0450 | 1 Sean Macguire | 1 Big Brother | 2024-02-28 | 7.5 HIGH | N/A |
Vulnerability in bbd server in Big Brother System and Network Monitor allows an attacker to execute arbitrary commands. | |||||
CVE-2002-1798 | 1 Midicart | 3 Midicart Php, Midicart Php Maxi, Midicart Php Plus | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to admin/credit_card_info.php. | |||||
CVE-1999-0530 | 2024-02-28 | 10.0 HIGH | N/A | ||
A system is operating in "promiscuous" mode which allows it to perform packet sniffing. | |||||
CVE-1999-0529 | 2024-02-28 | 7.5 HIGH | N/A | ||
A router or firewall forwards packets that claim to come from IANA reserved or private addresses, e.g. 10.x.x.x, 127.x.x.x, 217.x.x.x, etc. | |||||
CVE-2004-0189 | 1 Squid | 1 Squid | 2024-02-28 | 7.5 HIGH | N/A |
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists. | |||||
CVE-1999-0970 | 1 Omnicron | 1 Omnihttpd | 2024-02-28 | 5.0 MEDIUM | N/A |
The OmniHTTPD visadmin.exe program allows a remote attacker to conduct a denial of service via a malformed URL which causes a large number of temporary files to be created. | |||||
CVE-2004-0082 | 1 Samba | 1 Samba | 2024-02-28 | 7.5 HIGH | N/A |
The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password. | |||||
CVE-1999-0099 | 5 Bsdi, Convex, Cray and 2 more | 7 Bsd Os, Convexos, Spp-ux and 4 more | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in syslog utility allows local or remote attackers to gain root privileges. | |||||
CVE-2002-2371 | 1 Linksys | 1 Wet11 | 2024-02-28 | 7.8 HIGH | N/A |
Linksys WET11 firmware 1.31 and 1.32 allows remote attackers to cause a denial of service (crash) via a packet containing the device's hardware address as the source MAC address in the DLC header. | |||||
CVE-1999-0394 | 2024-02-28 | 10.0 HIGH | N/A | ||
DPEC Online Courseware allows an attacker to change another user's password without knowing the original password. | |||||
CVE-2003-0001 | 4 Freebsd, Linux, Microsoft and 1 more | 5 Freebsd, Linux Kernel, Windows 2000 and 2 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. | |||||
CVE-2000-0179 | 1 Hp | 1 Openview Omniback Ii | 2024-02-28 | 5.0 MEDIUM | N/A |
HP OpenView OmniBack 2.55 allows remote attackers to cause a denial of service via a large number of connections to port 5555. | |||||
CVE-2004-0450 | 1 Log2mail | 1 Log2mail | 2024-02-28 | 10.0 HIGH | N/A |
Format string vulnerability in the printlog function in log2mail before 0.2.5.2 allows local users or remote attackers to execute arbitrary code via format string specifiers in a logfile monitored by log2mail. | |||||
CVE-2004-2097 | 1 Suse | 1 Suse Linux | 2024-02-28 | 2.1 LOW | N/A |
Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on (1) /tmp/fvwm-bug created by fvwm-bug, (2) /tmp/wmmenu created by wm-oldmenu2new, (3) /tmp/rates created by x11perfcomp, (4) /tmp/xf86debug.1.log created by xf86debug, (5) /tmp/.winpopup-new created by winpopup-send.sh, or (6) /tmp/initrd created by lvmcreate_initrd. | |||||
CVE-2001-1088 | 1 Microsoft | 2 Outlook, Outlook Express | 2024-02-28 | 7.5 HIGH | N/A |
Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user. |