Total
265830 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-1999-0899 | 1 Microsoft | 1 Windows Nt | 2024-02-28 | 7.2 HIGH | N/A |
The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider. | |||||
CVE-2001-0987 | 1 Nathan Neulinger | 1 Cgiwrap | 2024-02-28 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote attackers to execute arbitrary Javascript on other web clients by causing the Javascript to be inserted into error messages that are generated by CGIWrap. | |||||
CVE-2000-0972 | 1 Hp | 1 Hp-ux | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates. | |||||
CVE-2004-2250 | 1 Goosequill | 1 Audienceconnect Remoteeditor | 2024-02-28 | 7.5 HIGH | N/A |
Unknown vulnerability in the "access code" in RemoteEditor before 0.1.6 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions. | |||||
CVE-2003-0641 | 1 Watchguard | 1 Serverlock | 2024-02-28 | 4.6 MEDIUM | N/A |
WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local users to load arbitrary modules via the OpenProcess() function, as demonstrated using (1) a DLL injection attack, (2) ZwSetSystemInformation, and (3) API hooking in OpenProcess. | |||||
CVE-2001-1257 | 1 Horde | 1 Imp | 2024-02-28 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email. | |||||
CVE-2004-1864 | 1 Xmb Forum | 1 Xmb | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta allows remote attackers to execute arbitrary SQL commands via the restrict parameter to (1) member.php, (2) misc.php, or (3) today.php. | |||||
CVE-1999-0793 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 2.6 LOW | N/A |
Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet. | |||||
CVE-2004-2124 | 1 Gallery Project | 1 Gallery | 2024-02-28 | 5.0 MEDIUM | N/A |
The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. | |||||
CVE-2003-1541 | 1 Planetmoon | 1 Guestbook | 2024-02-28 | 5.0 MEDIUM | N/A |
PlanetMoon Guestbook tr3.a stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin script password, and other passwords, via a direct request to files/passwd.txt. | |||||
CVE-2004-2229 | 1 Oracle | 1 Database Server Lite | 2024-02-28 | 4.6 MEDIUM | N/A |
Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server 5.0.0.0.0 through 5.0.2.9.0 allow remote authenticated users to gain privileges. | |||||
CVE-2001-0087 | 1 Michael Glickman | 1 Itetris | 2024-02-28 | 7.2 HIGH | N/A |
itetris/xitetris 1.6.2 and earlier trusts the PATH environmental variable to find and execute the gunzip program, which allows local users to gain root privileges by changing their PATH so that it points to a malicious gunzip program. | |||||
CVE-2002-1515 | 1 Coolforum | 1 Coolforum | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in avatar.php in CoolForum 0.5 beta allows remote attackers to read arbitrary files via .. (dot dot) sequences in the img parameter. | |||||
CVE-2004-0354 | 1 Gnu | 1 Anubis | 2024-02-28 | 10.0 HIGH | N/A |
Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the info function in log.c, (2) the anubis_error function in errs.c, or (3) the ssl_error function in ssl.c. | |||||
CVE-2004-0352 | 1 Cisco | 4 Content Services Switch 11000, Content Services Switch 11050, Content Services Switch 11150 and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow remote attackers to cause a denial of service (device reset) via a malformed packet to UDP port 5002. | |||||
CVE-2001-1005 | 1 Starfish | 1 Truesync Desktop | 2024-02-28 | 7.5 HIGH | N/A |
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak encryption to store the user password in a registry key, which allows attackers who have access to the registry key to decrypt the password and gain privileges. | |||||
CVE-2001-0519 | 1 Aladdin Knowledge Systems | 1 Esafe Gateway | 2024-02-28 | 7.5 HIGH | N/A |
Aladdin eSafe Gateway versions 2.x allows a remote attacker to circumvent HTML SCRIPT filtering via a special arrangement of HTML tags which includes SCRIPT tags embedded within other SCRIPT tags. | |||||
CVE-2004-2105 | 1 Novell | 1 Netware | 2024-02-28 | 5.0 MEDIUM | N/A |
The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to read arbitrary .htt files via a full pathname in the error parameter. | |||||
CVE-1999-0180 | 2024-02-28 | 7.5 HIGH | N/A | ||
in.rshd allows users to login with a NULL username and execute commands. | |||||
CVE-2001-1270 | 1 Pkware | 1 Pkzip | 2024-02-28 | 2.1 LOW | N/A |
Directory traversal vulnerability in the console version of PKZip (pkzipc) 4.00 and earlier allows attackers to overwrite arbitrary files during archive extraction with the -rec (recursive) option via a .. (dot dot) attack on the archived files. |