Total
265818 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-0848 | 1 Slocate | 1 Slocate | 2024-02-28 | 4.6 MEDIUM | N/A |
Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used. | |||||
CVE-2001-1254 | 1 Com2001 | 1 Alexis Server | 2024-02-28 | 7.5 HIGH | N/A |
Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX sends username and voice mail passwords in the clear via a Java applet that sends the information to port 8888 of the server, which could allow remote attackers to steal the passwords via sniffing. | |||||
CVE-1999-0436 | 1 Hp | 2 Desms, Hp-ux | 2024-02-28 | 4.6 MEDIUM | N/A |
Domain Enterprise Server Management System (DESMS) in HP-UX allows local users to gain privileges. | |||||
CVE-2002-0744 | 1 Ibm | 1 Aix | 2024-02-28 | 10.0 HIGH | N/A |
namerslv in AIX 4.3.3 core dumps when called with a very long argument, possibly as a result of a buffer overflow. | |||||
CVE-2003-0195 | 1 Slackware | 1 Slackware Linux | 2024-02-28 | 5.0 MEDIUM | N/A |
CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out. | |||||
CVE-2003-1304 | 1 Early Impact | 1 Productcart | 2024-02-28 | 5.0 MEDIUM | N/A |
EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information via a direct request. | |||||
CVE-2002-0363 | 1 Aladdin Enterprises | 1 Ghostscript | 2024-02-28 | 7.5 HIGH | N/A |
ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice. | |||||
CVE-2000-0826 | 1 Mobius | 1 Documentdirect For The Internet | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in ddicgi.exe program in Mobius DocumentDirect for the Internet 1.2 allows remote attackers to execute arbitrary commands via a long GET request. | |||||
CVE-2003-1024 | 1 Sun | 1 Sunos | 2024-02-28 | 7.2 HIGH | N/A |
Unknown vulnerability in the ls-F builtin function in tcsh on Solaris 8 allows local users to create or delete files as other users, and gain privileges. | |||||
CVE-2000-1083 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-02-28 | 2.1 LOW | N/A |
The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | |||||
CVE-2002-0059 | 1 Zlib | 1 Zlib | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data. | |||||
CVE-2002-1716 | 1 Microsoft | 1 Office | 2024-02-28 | 5.0 MEDIUM | N/A |
The Host() function in the Microsoft spreadsheet component on Microsoft Office XP allows remote attackers to create arbitrary files using the SaveAs capability. | |||||
CVE-2001-0055 | 1 Cisco | 2 Broadband Operating System, Cisco 6xx Routers | 2024-02-28 | 5.0 MEDIUM | N/A |
CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to cause a denial of service via a slow stream of TCP SYN packets. | |||||
CVE-2003-0165 | 1 Gnome | 1 Eog | 2024-02-28 | 4.6 MEDIUM | N/A |
Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display. | |||||
CVE-2002-0031 | 1 Yahoo | 1 Messenger | 2024-02-28 | 4.6 MEDIUM | N/A |
Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary code via a ymsgr URI with long arguments to (1) call, (2) sendim, (3) getimv, (4) chat, (5) addview, or (6) addfriend. | |||||
CVE-2003-0778 | 1 Sane | 2 Sane, Sane-backend | 2024-02-28 | 5.0 MEDIUM | N/A |
saned in sane-backends 1.0.7 and earlier, and possibly later versions, does not properly allocate memory in certain cases, which could allow attackers to cause a denial of service (memory consumption). | |||||
CVE-2002-2398 | 1 App | 1 Apboard | 2024-02-28 | 5.0 MEDIUM | N/A |
The new thread posting page in APBoard 2.02 and 2.03 allows remote attackers to post messages to protected forums by modifying the insertinto parameter. | |||||
CVE-2001-0912 | 1 Mandrakesoft | 1 Mandrake Linux | 2024-02-28 | 7.2 HIGH | N/A |
Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect to search for its libraries in the /home/snailtalk directory before other directories, which could allow a local user to gain root privileges. | |||||
CVE-2002-0029 | 2 Astaro, Isc | 2 Security Linux, Bind | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684. | |||||
CVE-2000-0945 | 1 Cisco | 1 Catalyst 3500 Xl | 2024-02-28 | 10.0 HIGH | N/A |
The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory. |