Total
265912 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-1674 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 1.2 LOW | N/A |
procfs on FreeBSD before 4.5 allows local users to cause a denial of service (kernel panic) by removing a file that the fstatfs function refers to. | |||||
CVE-2001-0086 | 1 Cgi Script Center | 1 Subscribe Me Lite | 2024-02-28 | 5.0 MEDIUM | N/A |
CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote attackers to delete arbitrary mailing list users without authentication by directly calling subscribe.pl with the target address as a parameter. | |||||
CVE-2003-1503 | 1 Aol | 1 Instant Messenger | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in AOL Instant Messenger (AIM) 5.2.3292 allows remote attackers to execute arbitrary code via an aim:getfile URL with a long screen name. | |||||
CVE-2004-0717 | 3 Linux, Microsoft, Opera | 3 Linux Kernel, Windows, Opera Browser | 2024-02-28 | 7.5 HIGH | N/A |
Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | |||||
CVE-2002-1233 | 1 Apache | 1 Http Server | 2024-02-28 | 2.6 LOW | N/A |
A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131. | |||||
CVE-1999-0533 | 2024-02-28 | 7.5 HIGH | N/A | ||
A DNS server allows inverse queries. | |||||
CVE-2000-0563 | 1 Apple | 1 Mac Os Runtime For Java | 2024-02-28 | 10.0 HIGH | N/A |
The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model. | |||||
CVE-2001-0304 | 1 Caucho Technology | 1 Resin | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Caucho Resin 1.2.2 allows remote attackers to read arbitrary files via a "\.." (dot dot) in a URL request. | |||||
CVE-2004-1604 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 5.0 MEDIUM | N/A |
cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbitrary files via a symlink attack on the _private directory, which is created when Front Page extensions are enabled. | |||||
CVE-2000-0332 | 1 Ultrascripts | 1 Ultraboard | 2024-02-28 | 5.0 MEDIUM | N/A |
UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows remote attackers to read arbitrary files via a pathname string that includes a dot dot (..) and ends with a null byte. | |||||
CVE-2001-1355 | 1 Netwin | 2 Dmail, Surgeftp | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command. | |||||
CVE-2002-0446 | 1 Black Tie Project | 1 Black Tie Project | 2024-02-28 | 5.0 MEDIUM | N/A |
categorie.php3 in Black Tie Project (BTP) 0.4b through 0.5b allows remote attackers to determine the absolute path of the web server via an invalid category ID (cid) parameter, which leaks the pathname in an error message. | |||||
CVE-2002-0622 | 1 Microsoft | 1 Commerce Server | 2024-02-28 | 7.5 HIGH | N/A |
The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution". | |||||
CVE-2004-1296 | 1 Gnu | 1 Groff | 2024-02-28 | 2.1 LOW | N/A |
The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
CVE-2000-1209 | 2 Compaq, Microsoft | 4 Insight Manager, Insight Manager Xe, Data Engine and 1 more | 2024-02-28 | 10.0 HIGH | N/A |
The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida. | |||||
CVE-2002-1907 | 1 Telcondex | 1 Simplewebserver | 2024-02-28 | 5.0 MEDIUM | N/A |
TelCondex SimpleWebServer 2.06.20817 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request. | |||||
CVE-2000-0164 | 1 Sun | 1 Solaris Isp Server | 2024-02-28 | 7.2 HIGH | N/A |
The installation of Sun Internet Mail Server (SIMS) creates a world-readable file that allows local users to obtain passwords. | |||||
CVE-2004-0452 | 1 Larry Wall | 1 Perl | 2024-02-28 | 2.6 LOW | N/A |
Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack. | |||||
CVE-2001-1059 | 1 Vmware | 1 Workstation | 2024-02-28 | 3.6 LOW | N/A |
VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information. | |||||
CVE-1999-0089 | 1 Ibm | 1 Aix | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in AIX libDtSvc library can allow local users to gain root access. |