Total
266682 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-1691 | 1 Alcatel-lucent | 1 Omnipcx | 2024-02-28 | 10.0 HIGH | N/A |
Alcatel OmniPCX 4400 installs known user accounts and passwords in the /etc/password file by default, which allows remote attackers to gain unauthorized access. | |||||
CVE-2001-1584 | 1 Michael Barretto | 1 Cardboard | 2024-02-28 | 7.5 HIGH | N/A |
CardBoard 2.4 greeting card CGI by Michael Barretto allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient field. | |||||
CVE-2002-0080 | 2 Redhat, Samba | 2 Linux, Rsync | 2024-02-28 | 2.1 LOW | N/A |
rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed. | |||||
CVE-1999-0524 | 11 Apple, Cisco, Hp and 8 more | 14 Mac Os X, Macos, Ios and 11 more | 2024-02-28 | 2.1 LOW | N/A |
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. | |||||
CVE-2002-2038 | 1 Bill Abt | 1 Next Generation Posix Threading | 2024-02-28 | 3.6 LOW | N/A |
Next Generation POSIX Threading (NGPT) 1.9.0 uses a filesystem-based shared memory entry, which allows local users to cause a denial of service or in threaded processes or spoof files via unknown methods. | |||||
CVE-2004-1173 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 7.5 HIGH | N/A |
Internet Explorer 6 allows remote attackers to bypass the popup blocker via the document object model (DOM) methods in the DHTML Dynamic HTML (DHTML) Editing Component (DEC) and Javascript that calls showModalDialog. | |||||
CVE-2003-0724 | 1 Compaq | 1 Tru64 | 2024-02-28 | 7.5 HIGH | N/A |
ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA signatures when digital certificates and RSA keys are used, which could allow local and remote attackers to gain privileges. | |||||
CVE-2004-1736 | 1 The Cacti Group | 1 Cacti | 2024-02-28 | 5.0 MEDIUM | N/A |
Cacti 0.8.5a allows remote attackers to gain sensitive information via an HTTP request to (1) auth.php, (2) auth_login.php, (3) auth_changepassword.php, and possibly other php files, which reveal the installation path in a PHP error message. | |||||
CVE-2003-1562 | 1 Openbsd | 1 Openssh | 2024-02-28 | 7.6 HIGH | N/A |
sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190. | |||||
CVE-1999-1093 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 5.1 MEDIUM | N/A |
Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page. | |||||
CVE-1999-0108 | 1 Sgi | 1 Irix | 2024-02-28 | 7.2 HIGH | N/A |
The printers program in IRIX has a buffer overflow that gives root access to local users. | |||||
CVE-2000-0325 | 1 Microsoft | 1 Jet | 2024-02-28 | 7.2 HIGH | N/A |
The Microsoft Jet database engine allows an attacker to execute commands via a database query, aka the "VBA Shell" vulnerability. | |||||
CVE-2000-0334 | 1 Allaire | 1 Spectra | 2024-02-28 | 2.1 LOW | N/A |
The Allaire Spectra container editor preview tool does not properly enforce object security, which allows an attacker to conduct unauthorized activities via an object-method that is added to the container object with a publishing rule. | |||||
CVE-2003-1444 | 1 Kaspersky Lab | 1 Kaspersky Anti-virus | 2024-02-28 | 4.4 MEDIUM | N/A |
Kaspersky Antivirus (KAV) 4.0.9.0 allows local users to cause a denial of service (CPU consumption or crash) and prevent malicious code from being detected via a file with a long pathname. | |||||
CVE-2002-1170 | 1 Net-snmp | 1 Net-snmp | 2024-02-28 | 5.0 MEDIUM | N/A |
The handle_var_requests function in snmp_agent.c for the SNMP daemon in the Net-SNMP (formerly ucd-snmp) package 5.0.1 through 5.0.5 allows remote attackers to cause a denial of service (crash) via a NULL dereference. | |||||
CVE-2002-2075 | 1 Mirabilis | 1 Icq | 2024-02-28 | 5.0 MEDIUM | N/A |
ICQ 2001a and 2002b allows remote attackers to cause a denial of service (memory consumption and hang) via a contact message with a large contacts number. | |||||
CVE-2001-1429 | 1 Midnight Commander | 1 Midnight Commander | 2024-02-28 | 4.6 MEDIUM | N/A |
Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted text file. | |||||
CVE-1999-1469 | 1 Hughes Technologies | 1 W3-auth | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in w3-auth CGI program in miniSQL package allows remote attackers to execute arbitrary commands via an HTTP request with (1) a long URL, or (2) a long User-Agent MIME header. | |||||
CVE-2000-0851 | 1 Microsoft | 1 Windows 2000 | 2024-02-28 | 4.6 MEDIUM | N/A |
Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the "Still Image Service Privilege Escalation" vulnerability. | |||||
CVE-2004-1760 | 2 Cisco, Ibm | 17 Call Manager, Conference Connection, Emergency Responder and 14 more | 2024-02-28 | 10.0 HIGH | N/A |
The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247. |