Total
267718 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-1966 | 1 Openbb | 1 Openbb | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter in board.php, (2) sortorder, perpage, or id parameters in member.php, (3) forums parameter in search.php, or (4) PID or FID parameters in post.php. | |||||
CVE-1999-0961 | 1 Hp | 1 Hp-ux | 2024-02-28 | 6.2 MEDIUM | N/A |
HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation. | |||||
CVE-2003-0258 | 1 Cisco | 7 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client, Vpn 3005 Concentrator Software and 4 more | 2024-02-28 | 7.5 HIGH | N/A |
Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication. | |||||
CVE-2004-1059 | 1 Mnogosearch | 1 Mnogosearch | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in mnoGoSearch 3.2.26 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) next and (2) prev result search pages, and the (3) extended and (4) simple search forms. | |||||
CVE-2001-1248 | 1 Vwebserver | 1 Vwebserver | 2024-02-28 | 5.0 MEDIUM | N/A |
vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts via a request for an ASP script that ends with a URL-encoded space character (%20). | |||||
CVE-2001-0110 | 1 Iomega | 1 Jazip | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in jaZip Zip/Jaz drive manager allows local users to gain root privileges via a long DISPLAY environmental variable. | |||||
CVE-2003-0332 | 1 Working Resources Inc. | 1 Badblue | 2024-02-28 | 7.6 HIGH | N/A |
The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension. | |||||
CVE-2004-1506 | 1 Webcalendar | 1 Webcalendar | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar allow remote attackers to inject arbitrary web script via (1) view_entry.php, (2) view_d.php, (3) usersel.php, (4) datesel.php, (5) trailer.php, or (6) styles.php, as demonstrated using img srg tags. | |||||
CVE-2003-0963 | 1 Alexander V. Lukyanov | 1 Lftp | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for lftp 2.6.9 and earlier allow remote HTTP servers to execute arbitrary code via long directory names that are processed by the ls or rels commands. | |||||
CVE-2001-1472 | 1 Phpbb Group | 1 Phpbb | 2024-02-28 | 4.6 MEDIUM | N/A |
SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter. | |||||
CVE-2002-1176 | 1 Nullsoft | 1 Winamp | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in Winamp 2.81 allows remote attackers to execute arbitrary code via a long Artist ID3v2 tag in an MP3 file. | |||||
CVE-2003-1504 | 1 Goldscripts | 1 Goldlink | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in variables.php in Goldlink 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) vadmin_login or (2) vadmin_pass cookie in a request to goldlink.php. | |||||
CVE-2000-1233 | 1 Phorum | 1 Phorum | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in read.php3 and other scripts in Phorum 3.0.7 allows remote attackers to execute arbitrary SQL queries via the sSQL parameter. | |||||
CVE-2002-2363 | 1 Hp | 1 Hp-ux | 2024-02-28 | 7.2 HIGH | N/A |
VJE.VJE-RUN in HP-UX 11.00 adds bin to /etc/PATH, which could allow local users to gain privileges. | |||||
CVE-2004-0312 | 1 Linksys | 1 Wap55ag | 2024-02-28 | 6.4 MEDIUM | N/A |
Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP read only community string to gain access to read/write communtiy strings via a query for OID 1.3.6.1.4.1.3955.2.1.13.1.2. | |||||
CVE-2002-1557 | 1 Cisco | 1 Optical Networking Systems Software | 2024-02-28 | 5.0 MEDIUM | N/A |
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset to TCC, TCC+, TCCi or XTC) via a malformed HTTP request that does not contain a leading / (slash) character. | |||||
CVE-2001-0385 | 1 Goahead Software | 1 Goahead Webserver | 2024-02-28 | 5.0 MEDIUM | N/A |
GoAhead webserver 2.1 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory. | |||||
CVE-2004-0397 | 1 Subversion | 1 Subversion | 2024-02-28 | 7.5 HIGH | N/A |
Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command. | |||||
CVE-1999-1338 | 1 Delegate | 1 Delegate | 2024-02-28 | 5.0 MEDIUM | N/A |
Delegate proxy 5.9.3 and earlier creates files and directories in the DGROOT with world-writable permissions. | |||||
CVE-2001-1289 | 1 Id Software | 1 Quake 3 Arena | 2024-02-28 | 5.0 MEDIUM | N/A |
Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a denial of service (crash) via a malformed connection packet that begins with several char-255 characters. |