Total
268541 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-1541 | 1 Planetmoon | 1 Guestbook | 2024-02-28 | 5.0 MEDIUM | N/A |
PlanetMoon Guestbook tr3.a stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin script password, and other passwords, via a direct request to files/passwd.txt. | |||||
CVE-2004-2229 | 1 Oracle | 1 Database Server Lite | 2024-02-28 | 4.6 MEDIUM | N/A |
Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server 5.0.0.0.0 through 5.0.2.9.0 allow remote authenticated users to gain privileges. | |||||
CVE-2001-0087 | 1 Michael Glickman | 1 Itetris | 2024-02-28 | 7.2 HIGH | N/A |
itetris/xitetris 1.6.2 and earlier trusts the PATH environmental variable to find and execute the gunzip program, which allows local users to gain root privileges by changing their PATH so that it points to a malicious gunzip program. | |||||
CVE-2002-1515 | 1 Coolforum | 1 Coolforum | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in avatar.php in CoolForum 0.5 beta allows remote attackers to read arbitrary files via .. (dot dot) sequences in the img parameter. | |||||
CVE-2004-0354 | 1 Gnu | 1 Anubis | 2024-02-28 | 10.0 HIGH | N/A |
Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the info function in log.c, (2) the anubis_error function in errs.c, or (3) the ssl_error function in ssl.c. | |||||
CVE-2004-0352 | 1 Cisco | 4 Content Services Switch 11000, Content Services Switch 11050, Content Services Switch 11150 and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow remote attackers to cause a denial of service (device reset) via a malformed packet to UDP port 5002. | |||||
CVE-2001-1005 | 1 Starfish | 1 Truesync Desktop | 2024-02-28 | 7.5 HIGH | N/A |
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak encryption to store the user password in a registry key, which allows attackers who have access to the registry key to decrypt the password and gain privileges. | |||||
CVE-2001-0519 | 1 Aladdin Knowledge Systems | 1 Esafe Gateway | 2024-02-28 | 7.5 HIGH | N/A |
Aladdin eSafe Gateway versions 2.x allows a remote attacker to circumvent HTML SCRIPT filtering via a special arrangement of HTML tags which includes SCRIPT tags embedded within other SCRIPT tags. | |||||
CVE-2004-2105 | 1 Novell | 1 Netware | 2024-02-28 | 5.0 MEDIUM | N/A |
The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to read arbitrary .htt files via a full pathname in the error parameter. | |||||
CVE-1999-0180 | 2024-02-28 | 7.5 HIGH | N/A | ||
in.rshd allows users to login with a NULL username and execute commands. | |||||
CVE-2001-1270 | 1 Pkware | 1 Pkzip | 2024-02-28 | 2.1 LOW | N/A |
Directory traversal vulnerability in the console version of PKZip (pkzipc) 4.00 and earlier allows attackers to overwrite arbitrary files during archive extraction with the -rec (recursive) option via a .. (dot dot) attack on the archived files. | |||||
CVE-2003-1428 | 2 Bharat Mediratta, Linux | 2 Gallery, Linux Kernel | 2024-02-28 | 4.8 MEDIUM | N/A |
Gallery 1.3.3 creates directories with insecure permissions, which allows local users to read, modify, or delete photos. | |||||
CVE-2003-1272 | 1 Nullsoft | 1 Winamp | 2024-02-28 | 9.3 HIGH | N/A |
Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .b4s file containing (1) a long playlist name or (2) a long path in a file: argument to the Playstring parameter. | |||||
CVE-2004-1817 | 1 Francisco Burzi | 1 Php-nuke | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field. | |||||
CVE-2003-1342 | 2 Microsoft, Trend Micro | 2 Internet Information Server, Virus Control System | 2024-02-28 | 5.0 MEDIUM | N/A |
Trend Micro Virus Control System (TVCS) 1.8 running with IIS allows remote attackers to cause a denial of service (memory consumption) in IIS via multiple URL requests for ActiveSupport.exe. | |||||
CVE-2004-0802 | 9 Conectiva, Enlightenment, Imagemagick and 6 more | 16 Linux, Imlib, Imlib2 and 13 more | 2024-02-28 | 5.1 MEDIUM | N/A |
Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817. | |||||
CVE-2002-2282 | 1 Mcafee | 1 Virusscan | 2024-02-28 | 6.9 MEDIUM | N/A |
McAfee VirusScan 4.5.1, when the WebScanX.exe module is enabled, searches for particular DLLs from the user's home directory, even when browsing the local hard drive, which allows local users to run arbitrary code via malicious versions of those DLLs. | |||||
CVE-2000-1023 | 1 Alabanza | 1 Control Panel | 2024-02-28 | 7.5 HIGH | N/A |
The Alabanza Control Panel does not require passwords to access administrative commands, which allows remote attackers to modify domain name information via the nsManager.cgi CGI program. | |||||
CVE-1999-1526 | 1 Macromedia | 1 Shockwave Flash Plugin | 2024-02-28 | 5.0 MEDIUM | N/A |
Auto-update feature of Macromedia Shockwave 7 transmits a user's password and hard disk information back to Macromedia. | |||||
CVE-2001-0575 | 1 Sco | 1 Openserver | 2024-02-28 | 4.6 MEDIUM | N/A |
Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a long first argument to lpshut. |