Vulnerabilities (CVE)

Total 267711 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-1827 2 Simple Machines, Yabb 2 Simple Machines Smf, Yabb 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags.
CVE-2000-0298 1 Microsoft 1 Windows 2000 2024-02-28 7.2 HIGH N/A
The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories.
CVE-2003-1554 1 Scoznet 1 Scozbook 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in scozbook/add.php in ScozNet ScozBook 1.1 BETA allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) useremail, (3) aim, (4) msn, (5) sitename and (6) siteaddy variables.
CVE-2004-0755 1 Yukihiro Matsumoto 1 Ruby 2024-02-28 2.1 LOW N/A
The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.
CVE-2002-0287 1 Powie 1 Pforum 2024-02-28 10.0 HIGH N/A
pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default.
CVE-2004-2158 1 S9y 1 Serendipity 2024-02-28 7.5 HIGH N/A
SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php.
CVE-2000-0008 1 1st Choice Software 1 Ftppro 2024-02-28 2.1 LOW N/A
FTPPro allows local users to read sensitive information, which is stored in plain text.
CVE-2001-0037 1 Keware Technologies 1 Homeseer 2024-02-28 5.0 MEDIUM N/A
Directory traversal vulnerability in HomeSeer before 1.4.29 allows remote attackers to read arbitrary files via a URL containing .. (dot dot) specifiers.
CVE-2002-2015 1 Postnuke Software Foundation 1 Postnuke 2024-02-28 7.5 HIGH N/A
PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows remote attackers to include arbitrary files and possibly execute code via the caselist parameter.
CVE-1999-0046 10 Bsdi, Debian, Digital and 7 more 10 Bsd Os, Debian Linux, Ultrix and 7 more 2024-02-28 10.0 HIGH N/A
Buffer overflow of rlogin program using TERM environmental variable.
CVE-2004-2202 1 Duware 1 Duclassified 2024-02-28 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 through 4.2 allows remote attackers to bypass authentication and execute other commands on the server's underlying database via the (1) cat_id or (2) sub_id parameters in adDetail.asp, or (2) the password parameter in the login form.
CVE-1999-1367 1 Microsoft 1 Internet Explorer 2024-02-28 4.6 MEDIUM N/A
Internet Explorer 5.0 does not properly reset the username/password cache for Web sites that do not use standard cache controls, which could allow users on the same system to access restricted web sites that were visited by other users.
CVE-2002-1026 1 Macromedia 1 Sitespring 2024-02-28 5.0 MEDIUM N/A
Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine 7.0.2.1480 allows remote attackers to cause a denial of service (crash) via a long malformed request to TCP port 2500, possibly triggering a buffer overflow.
CVE-2001-1292 1 Sambar 1 Sambar Server 2024-02-28 7.5 HIGH N/A
Sambar Telnet Proxy/Server allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long password.
CVE-2001-1121 2024-02-28 N/A N/A
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2001-1084. Reason: This candidate is a duplicate of CVE-2001-1084. Notes: All CVE users should reference CVE-2001-1084 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2003-0451 1 Xblockout 1 Xbl 2024-02-28 4.6 MEDIUM N/A
Multiple buffer overflows in xbl before 1.0k allow local users to gain privileges via certain long command line arguments.
CVE-1999-0040 7 Bsdi, Freebsd, Hp and 4 more 10 Bsd Os, Freebsd, Hp-ux and 7 more 2024-02-28 7.2 HIGH N/A
Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.
CVE-2004-1586 1 Jera Technology 1 Flash Messaging Server 2024-02-28 2.1 LOW N/A
Flash Messaging clients can ignore disconnecting commands such as "shutdown" from the Flash Messaging Server 5.2.0g (rev 1.1.2), which could allow remote attackers to stay connected.
CVE-2002-0993 1 Hp 1 Instant Support 2024-02-28 4.6 MEDIUM N/A
Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) product U2512A for HP-UX 11.00 and 11.11 may allow authenticated users to access restricted files.
CVE-1999-1573 1 Hp 1 Hp-ux 2024-02-28 10.0 HIGH N/A
Multiple unknown vulnerabilities in the "r-cmnds" (1) remshd, (2) rexecd, (3) rlogind, (4) rlogin, (5) remsh, (6) rcp, (7) rexec, and (8) rdist for HP-UX 10.00 through 11.00 allow attackers to gain privileges or access files.