Total
265894 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-0768 | 1 Steve Poulsen | 1 Guildftpd | 2024-02-28 | 4.6 MEDIUM | N/A |
GuildFTPd 0.9.7 stores user names and passwords in plaintext in the default.usr file, which allows local users to gain privileges as other FTP users by reading the file. | |||||
CVE-2003-0959 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 10.0 HIGH | N/A |
Multiple integer overflows in the 32bit emulation for AMD64 architectures in Linux 2.4 kernel before 2.4.21 allows attackers to cause a denial of service or gain root privileges via unspecified vectors that trigger copy_from_user function calls with improper length arguments. | |||||
CVE-2004-0388 | 1 Oracle | 1 Mysql | 2024-02-28 | 2.1 LOW | N/A |
The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack. | |||||
CVE-2001-1568 | 1 Cmg | 1 Wap Gateway | 2024-02-28 | 6.4 MEDIUM | N/A |
CMG WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack. | |||||
CVE-2000-0970 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-28 | 7.5 HIGH | N/A |
IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability. | |||||
CVE-1999-1131 | 1 Sgi | 1 Irix | 2024-02-28 | 5.0 MEDIUM | N/A |
Buffer overflow in OSF Distributed Computing Environment (DCE) security demon (secd) in IRIX 6.4 and earlier allows attackers to cause a denial of service via a long principal, group, or organization. | |||||
CVE-2001-1219 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location. | |||||
CVE-2002-0793 | 1 Blackberry | 1 Qnx Neutrino Real-time Operating System | 2024-02-28 | 4.6 MEDIUM | 5.5 MEDIUM |
Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility. | |||||
CVE-2000-0365 | 1 Redhat | 1 Linux | 2024-02-28 | 4.6 MEDIUM | N/A |
Red Hat Linux 6.0 installs the /dev/pts file system with insecure modes, which allows local users to write to other tty devices. | |||||
CVE-2000-0483 | 2 Redhat, Zope | 2 Linux Powertools, Zope | 2024-02-28 | 7.5 HIGH | N/A |
The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization. | |||||
CVE-2002-1509 | 1 Redhat | 1 Linux | 2024-02-28 | 3.6 LOW | N/A |
A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group (mode 660), which allows other users in the same group to read or modify the new user's incoming email. | |||||
CVE-2002-0678 | 7 Caldera, Compaq, Hp and 4 more | 9 Openunix, Unixware, Tru64 and 6 more | 2024-02-28 | 7.2 HIGH | N/A |
CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure. | |||||
CVE-2001-0441 | 3 Debian, Mandrakesoft, Redhat | 4 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server and 1 more | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header. | |||||
CVE-2002-1540 | 1 Symantec | 1 Norton Antivirus | 2024-02-28 | 7.2 HIGH | N/A |
The client for Symantec Norton AntiVirus Corporate Edition 7.5.x before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32 with raised privileges, which allows local users to gain privileges by using certain features of winhlp32. | |||||
CVE-2004-0321 | 1 Singularity Software | 1 Team Factor | 2024-02-28 | 5.0 MEDIUM | N/A |
Team Factor 1.25 and earlier allows remote attackers to cause a denial of service (crash) via a packet that uses a negative number to specify the size of the data block that follows, which causes Team Factor to read unallocated memory. | |||||
CVE-2002-0236 | 1 Lucent | 5 Vitalanalysis, Vitalevent, Vitalhelp and 2 more | 2024-02-28 | 7.5 HIGH | N/A |
Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and VitalHelp/VitalAnalysis, allows remote attackers to bypass authentication via a direct HTTP request to the VsSetCookie.exe program, which returns a valid cookie for the desired user. | |||||
CVE-2002-0686 | 1 Iplanet | 1 Iplanet Web Server | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in the search component for iPlanet Web Server (iWS) 4.1 and Sun ONE Web Server 6.0 allows remote attackers to execute arbitrary code via a long argument to the NS-rel-doc-name parameter. | |||||
CVE-2003-0933 | 1 Conquest | 1 Conquest | 2024-02-28 | 4.6 MEDIUM | N/A |
Buffer overflow in conquest 7.2 and earlier may allow a local user to execute arbitrary code via a long environment variable. | |||||
CVE-1999-1217 | 1 Microsoft | 1 Windows Nt | 2024-02-28 | 4.6 MEDIUM | N/A |
The PATH in Windows NT includes the current working directory (.), which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories. | |||||
CVE-2000-0286 | 1 Redhat | 1 Linux | 2024-02-28 | 2.1 LOW | N/A |
X fontserver xfs allows local users to cause a denial of service via malformed input to the server. |