Total
265912 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-1491 | 1 Kerio | 1 Personal Firewall | 2024-02-28 | 7.5 HIGH | N/A |
Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incoming packets from DNS (UDP port 53), which allows remote attackers to bypass the firewall filters via packets with a source port of 53. | |||||
CVE-2002-0710 | 1 Rod Clark | 1 Sendform.cgi | 2024-02-28 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in sendform.cgi 1.44 and earlier allows remote attackers to read arbitrary files by specifying the desired files in the BlurbFilePath parameter. | |||||
CVE-2002-2299 | 1 Atthat.com | 1 Thatware | 2024-02-28 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in thatfile.php in Thatware 0.3 through 0.5.2 allows remote attackers to execute arbitrary PHP code via the root_path parameter. | |||||
CVE-2000-0947 | 1 Gnu | 1 Cfengine | 2024-02-28 | 10.0 HIGH | N/A |
Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command. | |||||
CVE-2003-0560 | 1 Virtual Programming | 1 Vp-asp | 2024-02-28 | 10.0 HIGH | N/A |
SQL injection vulnerability in shopexd.asp for VP-ASP allows remote attackers to gain administrator privileges via the id parameter. | |||||
CVE-2001-1356 | 1 Netwin | 1 Surgeftp | 2024-02-28 | 10.0 HIGH | N/A |
NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021. | |||||
CVE-2004-2115 | 1 Oracle | 1 Http Server | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request. | |||||
CVE-2002-0558 | 1 Typsoft | 1 Typsoft Ftp Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and earlier allows a remote authenticated user (possibly anonymous) to list arbitrary directories via a .. in a LIST (ls) command ending in wildcard *.* characters. | |||||
CVE-1999-1341 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.6 MEDIUM | N/A |
Linux kernel before 2.3.18 or 2.2.13pre15, with SLIP and PPP options, allows local unprivileged users to forge IP packets via the TIOCSETD option on tty devices. | |||||
CVE-2003-0376 | 1 Qualcomm | 1 Eudora | 2024-02-28 | 5.0 MEDIUM | N/A |
Buffer overflow in Eudora 5.2.1 allows remote attackers to cause a denial of service (crash and failed restart) and possibly execute arbitrary code via an Attachment Converted argument with a large number of . (dot) characters. | |||||
CVE-2002-0057 | 1 Microsoft | 4 Internet Explorer, Sql Server, Windows Xp and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source. | |||||
CVE-2002-0258 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2024-02-28 | 7.5 HIGH | N/A |
Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote attackers with access to the ID to gain privileges as that user, e.g. by extracting the ID from the user's answer or forward URLs. | |||||
CVE-2002-1760 | 1 Phprojekt | 1 Phprojekt | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 allow remote attackers to execute arbitrary SQL commands via the unknown attack vectors. | |||||
CVE-2004-2049 | 1 Esesix | 7 Thintune Extreme, Thintune L, Thintune M and 4 more | 2024-02-28 | 4.6 MEDIUM | N/A |
eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store sensitive usernames and passwords in cleartext in configuration files for the keeper library, which allows attackers to gain access. | |||||
CVE-2004-1884 | 2 Ipswitch, Progress | 3 Ws Ftp Pro, Ws Ftp Server, Ws Ftp Server | 2024-02-28 | 7.5 HIGH | N/A |
Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access. | |||||
CVE-2004-0033 | 1 Phpgedview | 1 Phpgedview | 2024-02-28 | 5.0 MEDIUM | N/A |
admin.php in PHPGEDVIEW 2.61 allows remote attackers to obtain sensitive information via an action parameter with a phpinfo command. | |||||
CVE-2000-0187 | 1 Alex Heiphetz Group | 1 Ezshopper | 2024-02-28 | 7.5 HIGH | N/A |
EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack or execute commands via shell metacharacters. | |||||
CVE-2001-0156 | 1 Van Dyke Technologies | 1 Vshell | 2024-02-28 | 2.1 LOW | N/A |
VShell SSH gateway 1.0.1 and earlier has a default port forwarding rule of 0.0.0.0/0.0.0.0, which could allow local users to conduct arbitrary port forwarding to other systems. | |||||
CVE-2004-1978 | 1 Moodle | 1 Moodle | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in help.php in Moodle before 1.3 allows remote attackers to inject arbitrary HTML and web script via the text parameter. | |||||
CVE-2001-0753 | 1 Cisco | 1 Cbos | 2024-02-28 | 7.5 HIGH | N/A |
Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) enable in cleartext in the NVRAM and a configuration file, which could allow unauthorized users to obtain the passwords and gain privileges. |