Total
265902 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0941 | 1 Kootenay Web Inc | 1 Kootenay Web Inc Whois | 2024-02-28 | 10.0 HIGH | N/A |
| Kootenay Web KW Whois 1.0 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "whois" parameter. | |||||
| CVE-2002-1347 | 2 Apple, Cyrusimap | 3 Mac Os X, Mac Os X Server, Cyrus Sasl | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string. | |||||
| CVE-2001-0392 | 1 Navision | 1 Financials Server | 2024-02-28 | 5.0 MEDIUM | N/A |
| Navision Financials Server 2.60 and earlier allows remote attackers to cause a denial of service by sending a null character and a long string to the server port (2407), which causes the server to crash. | |||||
| CVE-2004-1427 | 1 Korweblog | 1 Korweblog | 2024-02-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in main.inc in KorWeblog 1.6.2-cvs and earlier allows remote attackers to execute arbitrary PHP code by modifying the G_PATH parameter to reference a URL on a remote web server that contains the code, as demonstrated in index.php when using .. (dot dot) sequences in the lng parameter to cause main.inc to be loaded. | |||||
| CVE-2001-0073 | 1 Nsa | 1 Security-enhanced Linux | 2024-02-28 | 2.1 LOW | N/A |
| Buffer overflow in the find_default_type function in libsecure in NSA Security-enhanced Linux, which may allow attackers to modify critical data in memory. | |||||
| CVE-2003-0026 | 1 Isc | 1 Dhcpd | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute arbitrary code via a DHCP message containing a long hostname. | |||||
| CVE-1999-0346 | 1 Php | 1 Php Fi | 2024-02-28 | 5.0 MEDIUM | N/A |
| CGI PHP mlog script allows an attacker to read any file on the target server. | |||||
| CVE-2002-0102 | 1 Oracle | 1 Application Server Web Cache | 2024-02-28 | 5.0 MEDIUM | N/A |
| Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial of service via (1) a request to TCP ports 1100, 4000, 4001, and 4002 with a large number of null characters, and (2) a request to TCP port 4000 with a large number of "." characters. | |||||
| CVE-1999-0787 | 1 Ssh | 1 Ssh | 2024-02-28 | 2.1 LOW | N/A |
| The SSH authentication agent follows symlinks via a UNIX domain socket. | |||||
| CVE-2001-0773 | 1 Cayman | 1 3220-h Dsl Router | 2024-02-28 | 5.0 MEDIUM | N/A |
| Cayman 3220-H DSL Router 1.0 allows remote attacker to cause a denial of service (crash) via a series of SYN or TCP connect requests. | |||||
| CVE-2000-1007 | 1 Symantec | 1 I-gear | 2024-02-28 | 5.0 MEDIUM | N/A |
| I-gear 3.5.7 and earlier does not properly process log entries in which a URL is longer than 255 characters, which allows an attacker to cause reporting errors. | |||||
| CVE-2002-2124 | 1 Nylon | 1 Nylon | 2024-02-28 | 5.0 MEDIUM | N/A |
| The recvn and sendn functions in nylon 0.2 do not check when the recv function call returns 0, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) by closing the connection while recv is executing. | |||||
| CVE-2001-0365 | 1 Qualcomm | 1 Eudora | 2024-02-28 | 7.5 HIGH | N/A |
| Eudora before 5.1 allows a remote attacker to execute arbitrary code, when the 'Use Microsoft Viewer' and 'allow executables in HTML content' options are enabled, via an HTML email message containing Javascript, with ActiveX controls and malicious code within IMG tags. | |||||
| CVE-2001-0269 | 1 Sun | 1 Sunos | 2024-02-28 | 10.0 HIGH | N/A |
| pam_ldap authentication module in Solaris 8 allows remote attackers to bypass authentication via a NULL password. | |||||
| CVE-2003-0154 | 1 Mozilla | 1 Bonsai | 2024-02-28 | 6.8 MEDIUM | N/A |
| Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244. | |||||
| CVE-2000-0723 | 1 Helix Code | 1 Gnome Installer | 2024-02-28 | 1.2 LOW | N/A |
| Helix GNOME Updater helix-update 0.5 and earlier does not properly create /tmp directories, which allows local users to create empty system configuration files such as /etc/config.d/bashrc, /etc/config.d/csh.cshrc, and /etc/rc.config. | |||||
| CVE-2001-0942 | 1 Oracle | 1 Database Server | 2024-02-28 | 4.6 MEDIUM | N/A |
| dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment variable to find and execute the dbsnmp program, which allows local users to execute arbitrary programs by pointing the ORACLE_HOME to an alternate directory that contains a malicious version of dbsnmp. | |||||
| CVE-2001-0552 | 2 Hp, Ibm | 2 Openview Network Node Manager, Tivoli Netview | 2024-02-28 | 10.0 HIGH | N/A |
| ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli Netview 5.x and 6.x allows remote attackers to execute arbitrary commands via shell metacharacters in a certain SNMP trap message. | |||||
| CVE-2002-0008 | 1 Mozilla | 1 Bugzilla | 2024-02-28 | 7.5 HIGH | N/A |
| Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user comment via an HTTP request to process_bug.cgi using the "who" parameter, instead of the Bugzilla_login cookie, or (2) post a bug as another user by modifying the reporter parameter to enter_bug.cgi, which is passed to post_bug.cgi. | |||||
| CVE-2002-2092 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2024-02-28 | 3.7 LOW | N/A |
| Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid. | |||||