Total
266684 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2000-1023 | 1 Alabanza | 1 Control Panel | 2024-02-28 | 7.5 HIGH | N/A |
The Alabanza Control Panel does not require passwords to access administrative commands, which allows remote attackers to modify domain name information via the nsManager.cgi CGI program. | |||||
CVE-1999-1526 | 1 Macromedia | 1 Shockwave Flash Plugin | 2024-02-28 | 5.0 MEDIUM | N/A |
Auto-update feature of Macromedia Shockwave 7 transmits a user's password and hard disk information back to Macromedia. | |||||
CVE-2001-0575 | 1 Sco | 1 Openserver | 2024-02-28 | 4.6 MEDIUM | N/A |
Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a long first argument to lpshut. | |||||
CVE-2004-0870 | 1 Kde | 1 Konqueror | 2024-02-28 | 5.0 MEDIUM | N/A |
KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection." | |||||
CVE-2004-2096 | 1 Mephistoles Internet Suite | 1 Mephistoles Httpd | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 final allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the URL. | |||||
CVE-2002-0949 | 1 Telindus | 1 Adsl Router | 2024-02-28 | 7.5 HIGH | N/A |
Telindus 1100 series ADSL router allows remote attackers to gain privileges to the device via a certain packet to UDP port 9833, which generates a reply that includes the router's password and other sensitive information in cleartext. | |||||
CVE-2003-0848 | 1 Slocate | 1 Slocate | 2024-02-28 | 4.6 MEDIUM | N/A |
Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used. | |||||
CVE-2001-1254 | 1 Com2001 | 1 Alexis Server | 2024-02-28 | 7.5 HIGH | N/A |
Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX sends username and voice mail passwords in the clear via a Java applet that sends the information to port 8888 of the server, which could allow remote attackers to steal the passwords via sniffing. | |||||
CVE-1999-0436 | 1 Hp | 2 Desms, Hp-ux | 2024-02-28 | 4.6 MEDIUM | N/A |
Domain Enterprise Server Management System (DESMS) in HP-UX allows local users to gain privileges. | |||||
CVE-2002-0744 | 1 Ibm | 1 Aix | 2024-02-28 | 10.0 HIGH | N/A |
namerslv in AIX 4.3.3 core dumps when called with a very long argument, possibly as a result of a buffer overflow. | |||||
CVE-2003-0195 | 1 Slackware | 1 Slackware Linux | 2024-02-28 | 5.0 MEDIUM | N/A |
CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out. | |||||
CVE-2003-1304 | 1 Early Impact | 1 Productcart | 2024-02-28 | 5.0 MEDIUM | N/A |
EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information via a direct request. | |||||
CVE-2002-0363 | 1 Aladdin Enterprises | 1 Ghostscript | 2024-02-28 | 7.5 HIGH | N/A |
ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice. | |||||
CVE-2000-0826 | 1 Mobius | 1 Documentdirect For The Internet | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in ddicgi.exe program in Mobius DocumentDirect for the Internet 1.2 allows remote attackers to execute arbitrary commands via a long GET request. | |||||
CVE-2003-1024 | 1 Sun | 1 Sunos | 2024-02-28 | 7.2 HIGH | N/A |
Unknown vulnerability in the ls-F builtin function in tcsh on Solaris 8 allows local users to create or delete files as other users, and gain privileges. | |||||
CVE-2000-1083 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-02-28 | 2.1 LOW | N/A |
The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | |||||
CVE-2002-0059 | 1 Zlib | 1 Zlib | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data. | |||||
CVE-2002-1716 | 1 Microsoft | 1 Office | 2024-02-28 | 5.0 MEDIUM | N/A |
The Host() function in the Microsoft spreadsheet component on Microsoft Office XP allows remote attackers to create arbitrary files using the SaveAs capability. | |||||
CVE-2001-0055 | 1 Cisco | 2 Broadband Operating System, Cisco 6xx Routers | 2024-02-28 | 5.0 MEDIUM | N/A |
CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to cause a denial of service via a slow stream of TCP SYN packets. | |||||
CVE-2003-0165 | 1 Gnome | 1 Eog | 2024-02-28 | 4.6 MEDIUM | N/A |
Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display. |