Total
266685 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-1257 | 1 Horde | 1 Imp | 2024-02-28 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email. | |||||
CVE-2004-1864 | 1 Xmb Forum | 1 Xmb | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta allows remote attackers to execute arbitrary SQL commands via the restrict parameter to (1) member.php, (2) misc.php, or (3) today.php. | |||||
CVE-1999-0793 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 2.6 LOW | N/A |
Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet. | |||||
CVE-2004-2124 | 1 Gallery Project | 1 Gallery | 2024-02-28 | 5.0 MEDIUM | N/A |
The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. | |||||
CVE-2003-1541 | 1 Planetmoon | 1 Guestbook | 2024-02-28 | 5.0 MEDIUM | N/A |
PlanetMoon Guestbook tr3.a stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin script password, and other passwords, via a direct request to files/passwd.txt. | |||||
CVE-2004-2229 | 1 Oracle | 1 Database Server Lite | 2024-02-28 | 4.6 MEDIUM | N/A |
Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server 5.0.0.0.0 through 5.0.2.9.0 allow remote authenticated users to gain privileges. | |||||
CVE-2001-0087 | 1 Michael Glickman | 1 Itetris | 2024-02-28 | 7.2 HIGH | N/A |
itetris/xitetris 1.6.2 and earlier trusts the PATH environmental variable to find and execute the gunzip program, which allows local users to gain root privileges by changing their PATH so that it points to a malicious gunzip program. | |||||
CVE-2002-1515 | 1 Coolforum | 1 Coolforum | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in avatar.php in CoolForum 0.5 beta allows remote attackers to read arbitrary files via .. (dot dot) sequences in the img parameter. | |||||
CVE-2004-0354 | 1 Gnu | 1 Anubis | 2024-02-28 | 10.0 HIGH | N/A |
Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the info function in log.c, (2) the anubis_error function in errs.c, or (3) the ssl_error function in ssl.c. | |||||
CVE-2004-0352 | 1 Cisco | 4 Content Services Switch 11000, Content Services Switch 11050, Content Services Switch 11150 and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow remote attackers to cause a denial of service (device reset) via a malformed packet to UDP port 5002. | |||||
CVE-2001-1005 | 1 Starfish | 1 Truesync Desktop | 2024-02-28 | 7.5 HIGH | N/A |
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak encryption to store the user password in a registry key, which allows attackers who have access to the registry key to decrypt the password and gain privileges. | |||||
CVE-2001-0519 | 1 Aladdin Knowledge Systems | 1 Esafe Gateway | 2024-02-28 | 7.5 HIGH | N/A |
Aladdin eSafe Gateway versions 2.x allows a remote attacker to circumvent HTML SCRIPT filtering via a special arrangement of HTML tags which includes SCRIPT tags embedded within other SCRIPT tags. | |||||
CVE-2004-2105 | 1 Novell | 1 Netware | 2024-02-28 | 5.0 MEDIUM | N/A |
The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to read arbitrary .htt files via a full pathname in the error parameter. | |||||
CVE-1999-0180 | 2024-02-28 | 7.5 HIGH | N/A | ||
in.rshd allows users to login with a NULL username and execute commands. | |||||
CVE-2001-1270 | 1 Pkware | 1 Pkzip | 2024-02-28 | 2.1 LOW | N/A |
Directory traversal vulnerability in the console version of PKZip (pkzipc) 4.00 and earlier allows attackers to overwrite arbitrary files during archive extraction with the -rec (recursive) option via a .. (dot dot) attack on the archived files. | |||||
CVE-2003-1428 | 2 Bharat Mediratta, Linux | 2 Gallery, Linux Kernel | 2024-02-28 | 4.8 MEDIUM | N/A |
Gallery 1.3.3 creates directories with insecure permissions, which allows local users to read, modify, or delete photos. | |||||
CVE-2003-1272 | 1 Nullsoft | 1 Winamp | 2024-02-28 | 9.3 HIGH | N/A |
Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .b4s file containing (1) a long playlist name or (2) a long path in a file: argument to the Playstring parameter. | |||||
CVE-2004-1817 | 1 Francisco Burzi | 1 Php-nuke | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field. | |||||
CVE-2003-1342 | 2 Microsoft, Trend Micro | 2 Internet Information Server, Virus Control System | 2024-02-28 | 5.0 MEDIUM | N/A |
Trend Micro Virus Control System (TVCS) 1.8 running with IIS allows remote attackers to cause a denial of service (memory consumption) in IIS via multiple URL requests for ActiveSupport.exe. | |||||
CVE-2004-0802 | 9 Conectiva, Enlightenment, Imagemagick and 6 more | 16 Linux, Imlib, Imlib2 and 13 more | 2024-02-28 | 5.1 MEDIUM | N/A |
Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817. |