Vulnerabilities (CVE)

Total 268541 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2003-1541 1 Planetmoon 1 Guestbook 2024-02-28 5.0 MEDIUM N/A
PlanetMoon Guestbook tr3.a stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin script password, and other passwords, via a direct request to files/passwd.txt.
CVE-2004-2229 1 Oracle 1 Database Server Lite 2024-02-28 4.6 MEDIUM N/A
Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server 5.0.0.0.0 through 5.0.2.9.0 allow remote authenticated users to gain privileges.
CVE-2001-0087 1 Michael Glickman 1 Itetris 2024-02-28 7.2 HIGH N/A
itetris/xitetris 1.6.2 and earlier trusts the PATH environmental variable to find and execute the gunzip program, which allows local users to gain root privileges by changing their PATH so that it points to a malicious gunzip program.
CVE-2002-1515 1 Coolforum 1 Coolforum 2024-02-28 5.0 MEDIUM N/A
Directory traversal vulnerability in avatar.php in CoolForum 0.5 beta allows remote attackers to read arbitrary files via .. (dot dot) sequences in the img parameter.
CVE-2004-0354 1 Gnu 1 Anubis 2024-02-28 10.0 HIGH N/A
Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the info function in log.c, (2) the anubis_error function in errs.c, or (3) the ssl_error function in ssl.c.
CVE-2004-0352 1 Cisco 4 Content Services Switch 11000, Content Services Switch 11050, Content Services Switch 11150 and 1 more 2024-02-28 5.0 MEDIUM N/A
Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow remote attackers to cause a denial of service (device reset) via a malformed packet to UDP port 5002.
CVE-2001-1005 1 Starfish 1 Truesync Desktop 2024-02-28 7.5 HIGH N/A
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak encryption to store the user password in a registry key, which allows attackers who have access to the registry key to decrypt the password and gain privileges.
CVE-2001-0519 1 Aladdin Knowledge Systems 1 Esafe Gateway 2024-02-28 7.5 HIGH N/A
Aladdin eSafe Gateway versions 2.x allows a remote attacker to circumvent HTML SCRIPT filtering via a special arrangement of HTML tags which includes SCRIPT tags embedded within other SCRIPT tags.
CVE-2004-2105 1 Novell 1 Netware 2024-02-28 5.0 MEDIUM N/A
The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to read arbitrary .htt files via a full pathname in the error parameter.
CVE-1999-0180 2024-02-28 7.5 HIGH N/A
in.rshd allows users to login with a NULL username and execute commands.
CVE-2001-1270 1 Pkware 1 Pkzip 2024-02-28 2.1 LOW N/A
Directory traversal vulnerability in the console version of PKZip (pkzipc) 4.00 and earlier allows attackers to overwrite arbitrary files during archive extraction with the -rec (recursive) option via a .. (dot dot) attack on the archived files.
CVE-2003-1428 2 Bharat Mediratta, Linux 2 Gallery, Linux Kernel 2024-02-28 4.8 MEDIUM N/A
Gallery 1.3.3 creates directories with insecure permissions, which allows local users to read, modify, or delete photos.
CVE-2003-1272 1 Nullsoft 1 Winamp 2024-02-28 9.3 HIGH N/A
Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .b4s file containing (1) a long playlist name or (2) a long path in a file: argument to the Playstring parameter.
CVE-2004-1817 1 Francisco Burzi 1 Php-nuke 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field.
CVE-2003-1342 2 Microsoft, Trend Micro 2 Internet Information Server, Virus Control System 2024-02-28 5.0 MEDIUM N/A
Trend Micro Virus Control System (TVCS) 1.8 running with IIS allows remote attackers to cause a denial of service (memory consumption) in IIS via multiple URL requests for ActiveSupport.exe.
CVE-2004-0802 9 Conectiva, Enlightenment, Imagemagick and 6 more 16 Linux, Imlib, Imlib2 and 13 more 2024-02-28 5.1 MEDIUM N/A
Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.
CVE-2002-2282 1 Mcafee 1 Virusscan 2024-02-28 6.9 MEDIUM N/A
McAfee VirusScan 4.5.1, when the WebScanX.exe module is enabled, searches for particular DLLs from the user's home directory, even when browsing the local hard drive, which allows local users to run arbitrary code via malicious versions of those DLLs.
CVE-2000-1023 1 Alabanza 1 Control Panel 2024-02-28 7.5 HIGH N/A
The Alabanza Control Panel does not require passwords to access administrative commands, which allows remote attackers to modify domain name information via the nsManager.cgi CGI program.
CVE-1999-1526 1 Macromedia 1 Shockwave Flash Plugin 2024-02-28 5.0 MEDIUM N/A
Auto-update feature of Macromedia Shockwave 7 transmits a user's password and hard disk information back to Macromedia.
CVE-2001-0575 1 Sco 1 Openserver 2024-02-28 4.6 MEDIUM N/A
Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a long first argument to lpshut.