Total
268541 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2000-1169 | 1 Openbsd | 1 Openssh | 2024-02-28 | 7.5 HIGH | N/A |
OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent. | |||||
CVE-2001-1037 | 1 Cisco | 1 Sn 5420 Storage Router Firmware | 2024-02-28 | 4.6 MEDIUM | N/A |
Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to access a developer's shell without a password and execute certain restricted commands without being logged. | |||||
CVE-2004-0374 | 1 Interchange Development Group | 1 Interchange | 2024-02-28 | 6.4 MEDIUM | N/A |
Interchange before 5.0.1 allows remote attackers to "expose the content of arbitrary variables" and read or modify sensitive SQL information via an HTTP request ending with the "__SQLUSER__" string. | |||||
CVE-2002-1507 | 1 Epic Games | 1 Unreal Tournament Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Unreal Tournament 2003 (ut2003) clients and servers allow remote attackers to cause a denial of service via malformed messages containing a small number of characters to UDP ports 7778 or 10777. | |||||
CVE-2001-0118 | 3 Immunix, Mandrakesoft, Redhat | 3 Immunix, Mandrake Linux, Linux | 2024-02-28 | 1.2 LOW | N/A |
rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack. | |||||
CVE-2003-0943 | 1 Sap | 1 Sap Db | 2024-02-28 | 7.5 HIGH | N/A |
web-tools in SAP DB before 7.4.03.30 installs several services that are enabled by default, which could allow remote attackers to obtain potentially sensitive information or redirect attacks against internal databases via (1) waecho, (2) Web SQL Interface (websql), or (3) Web Database Manager (webdbm). | |||||
CVE-2002-1930 | 1 An | 1 An-httpd | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote attackers to execute arbitrary code via a SOCKS4 request with a long username. | |||||
CVE-2002-1060 | 1 Bluecoat | 1 Cacheos | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Blue Coat Systems (formerly CacheFlow) CacheOS on Client Accelerator 4.1.06, Security Gateway 2.1.02, and Server Accelerator 4.1.06 allows remote attackers to inject arbitrary web script or HTML via a URL to a nonexistent hostname that includes the HTML, which is inserted into the resulting error page. | |||||
CVE-2001-0053 | 3 David Madore, Netbsd, Openbsd | 3 Ftpd-bsd, Netbsd, Openbsd | 2024-02-28 | 10.0 HIGH | N/A |
One-byte buffer overflow in replydirname function in BSD-based ftpd allows remote attackers to gain root privileges. | |||||
CVE-2004-1358 | 1 Sun | 1 Solaris | 2024-02-28 | 5.0 MEDIUM | N/A |
The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module (BSM), which allows attackers to avoid having their activity logged. | |||||
CVE-2000-0304 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability. | |||||
CVE-1999-0899 | 1 Microsoft | 1 Windows Nt | 2024-02-28 | 7.2 HIGH | N/A |
The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider. | |||||
CVE-2001-0987 | 1 Nathan Neulinger | 1 Cgiwrap | 2024-02-28 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote attackers to execute arbitrary Javascript on other web clients by causing the Javascript to be inserted into error messages that are generated by CGIWrap. | |||||
CVE-2000-0972 | 1 Hp | 1 Hp-ux | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates. | |||||
CVE-2004-2250 | 1 Goosequill | 1 Audienceconnect Remoteeditor | 2024-02-28 | 7.5 HIGH | N/A |
Unknown vulnerability in the "access code" in RemoteEditor before 0.1.6 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions. | |||||
CVE-2003-0641 | 1 Watchguard | 1 Serverlock | 2024-02-28 | 4.6 MEDIUM | N/A |
WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local users to load arbitrary modules via the OpenProcess() function, as demonstrated using (1) a DLL injection attack, (2) ZwSetSystemInformation, and (3) API hooking in OpenProcess. | |||||
CVE-2001-1257 | 1 Horde | 1 Imp | 2024-02-28 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email. | |||||
CVE-2004-1864 | 1 Xmb Forum | 1 Xmb | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta allows remote attackers to execute arbitrary SQL commands via the restrict parameter to (1) member.php, (2) misc.php, or (3) today.php. | |||||
CVE-1999-0793 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 2.6 LOW | N/A |
Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet. | |||||
CVE-2004-2124 | 1 Gallery Project | 1 Gallery | 2024-02-28 | 5.0 MEDIUM | N/A |
The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. |