Vulnerabilities (CVE)

Total 267717 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2001-0500 1 Microsoft 3 Index Server, Indexing Service, Internet Information Server 2024-02-28 10.0 HIGH N/A
Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.
CVE-1999-1075 1 Ibm 1 Aix 2024-02-28 5.0 MEDIUM N/A
inetd in AIX 4.1.5 dynamically assigns a port N when starting ttdbserver (ToolTalk server), but also inadvertently listens on port N-1 without passing control to ttdbserver, which allows remote attackers to cause a denial of service via a large number of connections to port N-1, which are not properly closed by inetd.
CVE-2002-0566 1 Oracle 4 Application Server, Application Server Web Cache, Oracle8i and 1 more 2024-02-28 5.0 MEDIUM N/A
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type.
CVE-2001-0310 1 Freebsd 1 Freebsd 2024-02-28 2.1 LOW N/A
sort in FreeBSD 4.1.1 and earlier, and possibly other operating systems, uses predictable temporary file names and does not properly handle when the temporary file already exists, which causes sort to crash and possibly impacts security-sensitive scripts.
CVE-1999-0893 1 Sco 1 Openserver 2024-02-28 2.1 LOW N/A
userOsa in SCO OpenServer allows local users to corrupt files via a symlink attack.
CVE-1999-0131 8 Bsdi, Digital, Eric Allman and 5 more 9 Bsd Os, Osf 1, Sendmail and 6 more 2024-02-28 7.2 HIGH N/A
Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.
CVE-2003-0404 1 Vignette 3 Content Suite, Storyserver, Vignette 2024-02-28 4.3 MEDIUM N/A
Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, allow remote attackers to insert arbitrary HTML and script via text variables, as demonstrated using the errInfo parameter of the default login template.
CVE-2004-1384 1 Phpgroupware 1 Phpgroupware 2024-02-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) kp3, (2) type, (3) msg, (4) forum_id, (5) pos, (6) cats_app, (7) cat_id, (8) msgball[msgnum], (9) fldball[acctnum] parameters to index.php or (10) ticket_id to viewticket_details.php.
CVE-2002-0881 1 Cisco 2 Skinny Client Control Protocol Software, Voip Phone Cp-7940 2024-02-28 2.1 LOW N/A
Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default administrative password, which allows attackers with physical access to the phone to modify the configuration settings.
CVE-2000-0740 1 Network Associates 1 Net Tools Pki Server 2024-02-28 5.0 MEDIUM N/A
Buffer overflow in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary commands via a long URL in the HTTPS port.
CVE-2004-2029 1 Trevor Hogan 1 Bnbt 2024-02-28 5.0 MEDIUM N/A
The Util_DecodeHTTPAuth function in BNBT BitTorrent Tracker Beta 7.5 Release 2 and earlier allows remote attackers to cause a denial of service (crash) via a Basic Authorization HTTP request with a "A==" value.
CVE-2003-0722 1 Sun 1 Solaris 2024-02-28 10.0 HIGH N/A
The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.
CVE-2001-0088 1 Jason Hines 1 Phpweblog 2024-02-28 7.5 HIGH N/A
common.inc.php in phpWebLog 0.4.2 does not properly initialize the $CONF array, which inadvertently sets the password to a single character, allowing remote attackers to easily guess the SiteKey and gain administrative privileges to phpWebLog.
CVE-1999-0776 1 Computer Software Manufaktur 1 Alibaba 2024-02-28 5.0 MEDIUM N/A
Alibaba HTTP server allows remote attackers to read files via a .. (dot dot) attack.
CVE-2002-1933 1 Microsoft 1 Windows 2000 Terminal Services 2024-02-28 7.2 HIGH N/A
The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window.
CVE-2002-1691 1 Alcatel-lucent 1 Omnipcx 2024-02-28 10.0 HIGH N/A
Alcatel OmniPCX 4400 installs known user accounts and passwords in the /etc/password file by default, which allows remote attackers to gain unauthorized access.
CVE-2001-1584 1 Michael Barretto 1 Cardboard 2024-02-28 7.5 HIGH N/A
CardBoard 2.4 greeting card CGI by Michael Barretto allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient field.
CVE-2002-0080 2 Redhat, Samba 2 Linux, Rsync 2024-02-28 2.1 LOW N/A
rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.
CVE-1999-0524 11 Apple, Cisco, Hp and 8 more 14 Mac Os X, Macos, Ios and 11 more 2024-02-28 2.1 LOW N/A
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
CVE-2002-2038 1 Bill Abt 1 Next Generation Posix Threading 2024-02-28 3.6 LOW N/A
Next Generation POSIX Threading (NGPT) 1.9.0 uses a filesystem-based shared memory entry, which allows local users to cause a denial of service or in threaded processes or spoof files via unknown methods.