Total
265868 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-1312 | 1 Netegrity | 1 Siteminder | 2024-02-28 | 4.3 MEDIUM | N/A |
siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing, reading Referer logs, or other methods. | |||||
CVE-2004-1388 | 1 Berlios | 1 Gps Daemon | 2024-02-28 | 7.5 HIGH | N/A |
Format string vulnerability in the gpsd_report function for BerliOS GPD daemon (gpsd, formerly pygps) 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests containing format string specifiers that are not properly handled in syslog calls. | |||||
CVE-2001-1246 | 1 Php | 1 Php | 2024-02-28 | 7.5 HIGH | N/A |
PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters. | |||||
CVE-2002-1115 | 1 Mantis | 1 Mantis | 2024-02-28 | 5.0 MEDIUM | N/A |
Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php. | |||||
CVE-2000-0730 | 1 Hp | 1 Hp-ux | 2024-02-28 | 4.6 MEDIUM | N/A |
Vulnerability in newgrp command in HP-UX 11.0 allows local users to gain privileges. | |||||
CVE-2002-1851 | 1 Ipswitch | 1 Ws Ftp Pro | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute code on a client system via unknown attack vectors. | |||||
CVE-1999-1309 | 1 Sendmail | 1 Sendmail | 2024-02-28 | 7.2 HIGH | N/A |
Sendmail before 8.6.7 allows local users to gain root access via a large value in the debug (-d) command line option. | |||||
CVE-2002-0891 | 1 Juniper | 1 Netscreen Screenos | 2024-02-28 | 5.0 MEDIUM | N/A |
The web interface (WebUI) of NetScreen ScreenOS before 2.6.1r8, and certain 2.8.x and 3.0.x versions before 3.0.3r1, allows remote attackers to cause a denial of service (crash) via a long user name. | |||||
CVE-2003-1540 | 1 Wfchat | 1 Wfchat | 2024-02-28 | 5.0 MEDIUM | N/A |
WF-Chat 1.0 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain authentication information via a direct request to (1) !pwds.txt and (2) !nicks.txt. | |||||
CVE-2003-1453 | 1 Xoops | 1 Xoops | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the MytextSanitizer function in XOOPS 1.3.5 through 1.3.9 and XOOPS 2.0 through 2.0.1 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in an IMG tag. | |||||
CVE-2005-0373 | 6 Apple, Conectiva, Cyrus and 3 more | 8 Mac Os X, Mac Os X Server, Linux and 5 more | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code. | |||||
CVE-2000-0978 | 1 Bb4 | 1 Big Brother Network Monitor | 2024-02-28 | 7.5 HIGH | N/A |
bbd server in Big Brother System and Network Monitor before 1.5c2 allows remote attackers to execute arbitrary commands via the "&" shell metacharacter. | |||||
CVE-2003-1071 | 1 Sun | 2 Solaris, Sunos | 2024-02-28 | 2.1 LOW | N/A |
rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then supplying a spoofed from header. | |||||
CVE-2001-1360 | 1 Mostang | 1 Sane | 2024-02-28 | 7.2 HIGH | N/A |
Vulnerability in Scanner Access Now Easy (SANE) before 1.0.5, related to pnm and saned. | |||||
CVE-2003-0113 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields. | |||||
CVE-2001-1007 | 1 Starfish | 1 Truesync Desktop | 2024-02-28 | 5.0 MEDIUM | N/A |
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses a small keyspace for device keys and does not impose a delay when an incorrect key is entered, which allows attackers to more quickly guess the key via a brute force attack. | |||||
CVE-1999-0876 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in Internet Explorer 4.0 via EMBED tag. | |||||
CVE-2000-0840 | 1 Davide Libenzi | 1 Xmail | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in XMail POP3 server before version 0.59 allows remote attackers to execute arbitrary commands via a long USER command. | |||||
CVE-2002-0115 | 1 Martin Roesch | 1 Snort | 2024-02-28 | 5.0 MEDIUM | N/A |
Snort 1.8.3 does not properly define the minimum ICMP header size, which allows remote attackers to cause a denial of service (crash and core dump) via a malformed ICMP packet. | |||||
CVE-2000-0953 | 1 Evolvable Corporation | 1 Shambala Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Shambala Server 4.5 allows remote attackers to cause a denial of service by opening then closing a connection. |