Vulnerabilities (CVE)

Total 268541 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2000-1169 1 Openbsd 1 Openssh 2024-02-28 7.5 HIGH N/A
OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent.
CVE-2001-1037 1 Cisco 1 Sn 5420 Storage Router Firmware 2024-02-28 4.6 MEDIUM N/A
Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to access a developer's shell without a password and execute certain restricted commands without being logged.
CVE-2004-0374 1 Interchange Development Group 1 Interchange 2024-02-28 6.4 MEDIUM N/A
Interchange before 5.0.1 allows remote attackers to "expose the content of arbitrary variables" and read or modify sensitive SQL information via an HTTP request ending with the "__SQLUSER__" string.
CVE-2002-1507 1 Epic Games 1 Unreal Tournament Server 2024-02-28 5.0 MEDIUM N/A
Unreal Tournament 2003 (ut2003) clients and servers allow remote attackers to cause a denial of service via malformed messages containing a small number of characters to UDP ports 7778 or 10777.
CVE-2001-0118 3 Immunix, Mandrakesoft, Redhat 3 Immunix, Mandrake Linux, Linux 2024-02-28 1.2 LOW N/A
rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack.
CVE-2003-0943 1 Sap 1 Sap Db 2024-02-28 7.5 HIGH N/A
web-tools in SAP DB before 7.4.03.30 installs several services that are enabled by default, which could allow remote attackers to obtain potentially sensitive information or redirect attacks against internal databases via (1) waecho, (2) Web SQL Interface (websql), or (3) Web Database Manager (webdbm).
CVE-2002-1930 1 An 1 An-httpd 2024-02-28 7.5 HIGH N/A
Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote attackers to execute arbitrary code via a SOCKS4 request with a long username.
CVE-2002-1060 1 Bluecoat 1 Cacheos 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Blue Coat Systems (formerly CacheFlow) CacheOS on Client Accelerator 4.1.06, Security Gateway 2.1.02, and Server Accelerator 4.1.06 allows remote attackers to inject arbitrary web script or HTML via a URL to a nonexistent hostname that includes the HTML, which is inserted into the resulting error page.
CVE-2001-0053 3 David Madore, Netbsd, Openbsd 3 Ftpd-bsd, Netbsd, Openbsd 2024-02-28 10.0 HIGH N/A
One-byte buffer overflow in replydirname function in BSD-based ftpd allows remote attackers to gain root privileges.
CVE-2004-1358 1 Sun 1 Solaris 2024-02-28 5.0 MEDIUM N/A
The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module (BSM), which allows attackers to avoid having their activity logged.
CVE-2000-0304 1 Microsoft 2 Internet Information Server, Internet Information Services 2024-02-28 5.0 MEDIUM N/A
Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability.
CVE-1999-0899 1 Microsoft 1 Windows Nt 2024-02-28 7.2 HIGH N/A
The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider.
CVE-2001-0987 1 Nathan Neulinger 1 Cgiwrap 2024-02-28 7.5 HIGH N/A
Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote attackers to execute arbitrary Javascript on other web clients by causing the Javascript to be inserted into error messages that are generated by CGIWrap.
CVE-2000-0972 1 Hp 1 Hp-ux 2024-02-28 2.1 LOW 5.5 MEDIUM
HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates.
CVE-2004-2250 1 Goosequill 1 Audienceconnect Remoteeditor 2024-02-28 7.5 HIGH N/A
Unknown vulnerability in the "access code" in RemoteEditor before 0.1.6 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions.
CVE-2003-0641 1 Watchguard 1 Serverlock 2024-02-28 4.6 MEDIUM N/A
WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local users to load arbitrary modules via the OpenProcess() function, as demonstrated using (1) a DLL injection attack, (2) ZwSetSystemInformation, and (3) API hooking in OpenProcess.
CVE-2001-1257 1 Horde 1 Imp 2024-02-28 7.5 HIGH N/A
Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email.
CVE-2004-1864 1 Xmb Forum 1 Xmb 2024-02-28 7.5 HIGH N/A
SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta allows remote attackers to execute arbitrary SQL commands via the restrict parameter to (1) member.php, (2) misc.php, or (3) today.php.
CVE-1999-0793 1 Microsoft 1 Internet Explorer 2024-02-28 2.6 LOW N/A
Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet.
CVE-2004-2124 1 Gallery Project 1 Gallery 2024-02-28 5.0 MEDIUM N/A
The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412.