Total
268497 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2000-0886 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-28 | 7.5 HIGH | N/A |
IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability. | |||||
CVE-1999-1095 | 2 Redhat, Slackware | 2 Linux, Slackware Linux | 2024-02-28 | 7.2 HIGH | N/A |
sort creates temporary files and follows symbolic links, which allows local users to modify arbitrary files that are writable by the user running sort, as observed in updatedb and other programs that use sort. | |||||
CVE-2001-0586 | 1 Trend Micro | 1 Scanmail Exchange | 2024-02-28 | 4.6 MEDIUM | N/A |
TrendMicro ScanMail for Exchange 3.5 Evaluation allows a local attacker to recover the administrative credentials for ScanMail via a combination of unprotected registry keys and weakly encrypted passwords. | |||||
CVE-2003-0636 | 1 Novell | 1 Ichain | 2024-02-28 | 7.5 HIGH | N/A |
Novell iChain 2.2 before Support Pack 1 does not properly verify that URL redirects match the DNS name of an accelerator, which allows attackers to redirect URLs to malicious web sites. | |||||
CVE-2004-0676 | 1 Fastream | 1 Netfile Ftp Web Server | 2024-02-28 | 10.0 HIGH | N/A |
Directory traversal vulnerability in Fastream NETFile FTP/Web Server 6.7.2.1085 and earlier allows remote attackers to create or delete arbitrary files via .. (dot dot) and // (double slash) sequences in the filename parameter. | |||||
CVE-2003-0462 | 2 Linux, Mandrakesoft | 4 Linux Kernel, Mandrake Linux, Mandrake Linux Corporate Server and 1 more | 2024-02-28 | 1.2 LOW | N/A |
A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash). | |||||
CVE-2003-0402 | 1 Vignette | 3 Content Suite, Storyserver, Vignette | 2024-02-28 | 5.0 MEDIUM | N/A |
The default login template (/vgn/login) in Vignette StoryServer 5 and Vignette V/5 generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks. | |||||
CVE-2004-1446 | 1 Juniper | 1 Netscreen Screenos | 2024-02-28 | 5.0 MEDIUM | N/A |
Unknown vulnerability in ScreenOS in Juniper Networks NetScreen firewall 3.x through 5.x allows remote attackers to cause a denial of service (device reboot or hang) via a crafted SSH v1 packet. | |||||
CVE-2002-0292 | 1 Open Source Development Network | 1 Slashcode | 2024-02-28 | 2.6 LOW | N/A |
Cross-site scripting vulnerability in Slash before 2.2.5, as used in Slashcode and elsewhere, allows remote attackers to steal cookies and authentication information from other users via Javascript in a URL, possibly in the formkey field. | |||||
CVE-2004-1593 | 1 Sct Corporation | 1 Campus Pipeline | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in render.UserLayoutRootNode.uP in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via the utf parameter. | |||||
CVE-2004-2060 | 1 Xlinesoft | 1 Asprunner | 2024-02-28 | 5.0 MEDIUM | N/A |
ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable based on table and field names. | |||||
CVE-2002-0770 | 1 Id Software | 1 Quake 2i Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand "$" macros, which causes the server to expand the macros and leak the information, as demonstrated using "say $rcon_password." | |||||
CVE-1999-1160 | 1 Hp | 1 Hp-ux | 2024-02-28 | 10.0 HIGH | N/A |
Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and possibly remote users to gain root privileges. | |||||
CVE-2002-0627 | 1 Polycom | 8 Viewstation 128, Viewstation 512, Viewstation Dcp and 5 more | 2024-02-28 | 7.5 HIGH | N/A |
The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests. | |||||
CVE-2002-2143 | 1 Mysimplenews | 1 Mysimplenews | 2024-02-28 | 7.5 HIGH | N/A |
The admin.html file in MySimple News 1.0 stores its administrative password in plaintext, which allows remote attackers to gain unauthorized access to the web server by viewing the source of admin.html. | |||||
CVE-1999-0269 | 1 Netscape | 1 Enterprise Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Netscape Enterprise servers may list files through the PageServices query. | |||||
CVE-2004-2217 | 1 Ychat | 1 Ychat | 2024-02-28 | 5.0 MEDIUM | N/A |
Multiple unknown vulnerabilities in yhttpd in yChat before 0.7 allow remote attackers to cause a denial of service (segmentation fault) via unknown vectors. | |||||
CVE-2002-0185 | 1 Apache | 1 Mod Python | 2024-02-28 | 7.5 HIGH | N/A |
mod_python version 2.7.6 and earlier allows a module indirectly imported by a published module to then be accessed via the publisher, which allows remote attackers to call possibly dangerous functions from the imported module. | |||||
CVE-2002-1638 | 2024-02-28 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-2153. Reason: This candidate is a duplicate of CVE-2002-2153. Notes: All CVE users should reference CVE-2002-2153 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
CVE-2001-0471 | 1 Ssh | 1 Ssh | 2024-02-28 | 7.5 HIGH | N/A |
SSH daemon version 1 (aka SSHD-1 or SSH-1) 1.2.30 and earlier does not log repeated login attempts, which could allow remote attackers to compromise accounts without detection via a brute force attack. |