Total
266684 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-0219 | 1 Hp | 1 Hp-ux | 2024-02-28 | 2.1 LOW | N/A |
Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11 and earlier allows local users to cause a denial of service. | |||||
CVE-2000-0685 | 1 Bea | 1 Weblogic Server | 2024-02-28 | 10.0 HIGH | N/A |
BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file. | |||||
CVE-2003-1496 | 1 Hp | 1 Tru64 | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in CDE dtmailpr of HP Tru64 4.0F through 5.1B allows local users to gain privileges via unknown attack vectors. NOTE: due to lack of details in the vendor advisory, it is not clear whether this is the same issue as CVE-1999-0840. | |||||
CVE-2000-0521 | 1 Michael Lamont | 1 Savant Webserver | 2024-02-28 | 5.0 MEDIUM | N/A |
Savant web server allows remote attackers to read source code of CGI scripts via a GET request that does not include the HTTP version number. | |||||
CVE-1999-1340 | 1 Hylafax | 1 Hylafax | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in faxalter in hylafax 4.0.2 allows local users to gain privileges via a long -m command line argument. | |||||
CVE-1999-1399 | 1 Sgi | 1 Irix | 2024-02-28 | 7.2 HIGH | N/A |
spaceball program in SpaceWare 7.3 v1.0 in IRIX 6.2 allows local users to gain root privileges by setting the HOSTNAME environmental variable to contain the commands to be executed. | |||||
CVE-1999-0176 | 1 Webgais Development Team | 1 Webgais | 2024-02-28 | 7.5 HIGH | N/A |
The Webgais program allows a remote user to execute arbitrary commands. | |||||
CVE-2000-0886 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-28 | 7.5 HIGH | N/A |
IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability. | |||||
CVE-1999-1095 | 2 Redhat, Slackware | 2 Linux, Slackware Linux | 2024-02-28 | 7.2 HIGH | N/A |
sort creates temporary files and follows symbolic links, which allows local users to modify arbitrary files that are writable by the user running sort, as observed in updatedb and other programs that use sort. | |||||
CVE-2001-0586 | 1 Trend Micro | 1 Scanmail Exchange | 2024-02-28 | 4.6 MEDIUM | N/A |
TrendMicro ScanMail for Exchange 3.5 Evaluation allows a local attacker to recover the administrative credentials for ScanMail via a combination of unprotected registry keys and weakly encrypted passwords. | |||||
CVE-2003-0636 | 1 Novell | 1 Ichain | 2024-02-28 | 7.5 HIGH | N/A |
Novell iChain 2.2 before Support Pack 1 does not properly verify that URL redirects match the DNS name of an accelerator, which allows attackers to redirect URLs to malicious web sites. | |||||
CVE-2004-0676 | 1 Fastream | 1 Netfile Ftp Web Server | 2024-02-28 | 10.0 HIGH | N/A |
Directory traversal vulnerability in Fastream NETFile FTP/Web Server 6.7.2.1085 and earlier allows remote attackers to create or delete arbitrary files via .. (dot dot) and // (double slash) sequences in the filename parameter. | |||||
CVE-2003-0462 | 2 Linux, Mandrakesoft | 4 Linux Kernel, Mandrake Linux, Mandrake Linux Corporate Server and 1 more | 2024-02-28 | 1.2 LOW | N/A |
A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash). | |||||
CVE-2003-0402 | 1 Vignette | 3 Content Suite, Storyserver, Vignette | 2024-02-28 | 5.0 MEDIUM | N/A |
The default login template (/vgn/login) in Vignette StoryServer 5 and Vignette V/5 generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks. | |||||
CVE-2004-1446 | 1 Juniper | 1 Netscreen Screenos | 2024-02-28 | 5.0 MEDIUM | N/A |
Unknown vulnerability in ScreenOS in Juniper Networks NetScreen firewall 3.x through 5.x allows remote attackers to cause a denial of service (device reboot or hang) via a crafted SSH v1 packet. | |||||
CVE-2002-0292 | 1 Open Source Development Network | 1 Slashcode | 2024-02-28 | 2.6 LOW | N/A |
Cross-site scripting vulnerability in Slash before 2.2.5, as used in Slashcode and elsewhere, allows remote attackers to steal cookies and authentication information from other users via Javascript in a URL, possibly in the formkey field. | |||||
CVE-2004-1593 | 1 Sct Corporation | 1 Campus Pipeline | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in render.UserLayoutRootNode.uP in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via the utf parameter. | |||||
CVE-2004-2060 | 1 Xlinesoft | 1 Asprunner | 2024-02-28 | 5.0 MEDIUM | N/A |
ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable based on table and field names. | |||||
CVE-2002-0770 | 1 Id Software | 1 Quake 2i Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand "$" macros, which causes the server to expand the macros and leak the information, as demonstrated using "say $rcon_password." | |||||
CVE-1999-1160 | 1 Hp | 1 Hp-ux | 2024-02-28 | 10.0 HIGH | N/A |
Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and possibly remote users to gain root privileges. |