Vulnerabilities (CVE)

Total 268497 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2003-0604 1 Microsoft 1 Windows Media Player 2024-02-28 7.5 HIGH N/A
Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL.
CVE-2001-1022 2 Gnu, Jgroff 2 Groff, Jgroff 2024-02-28 7.5 HIGH N/A
Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command.
CVE-2004-1605 2 Best Software, Saleslogix Corporation 2 Saleslogix, Saleslogix 2024-02-28 7.5 HIGH N/A
SalesLogix 6.1 allows remote attackers to bypass authentication by modifying the slxweb cookie to set user=Admin, teams=ADMIN!, and usertype=Administrator.
CVE-2003-1275 1 Microsoft 1 Pocket Ie 2024-02-28 5.0 MEDIUM N/A
Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function.
CVE-2004-0316 1 Avirt 1 Avirt Soho 2024-02-28 5.0 MEDIUM N/A
Buffer overflow in Avirt Soho 4.3 allows remote attackers to cause a denial of service (crash) via (1) a large GET request to port 1080 or (2) a large GET request of % characters to port 8080.
CVE-2001-0147 1 Microsoft 1 Windows 2000 2024-02-28 10.0 HIGH N/A
Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is improperly handled during the detailed view of event records.
CVE-2004-2022 1 Activestate 1 Activeperl 2024-02-28 2.1 LOW N/A
ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow. NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl.
CVE-2001-1562 1 Bsd 1 Nvi 2024-02-28 7.2 HIGH N/A
Format string vulnerability in nvi before 1.79 allows local users to gain privileges via format string specifiers in a filename.
CVE-2002-1864 1 Sws 1 Sws Simple Web Server 2024-02-28 5.0 MEDIUM N/A
Directory traversal vulnerability in Simple Web Server (SWS) 0.0.4 through 0.1.0 allows remote attackers to read arbitrary files via a ".." (dot dot) in an HTTP request.
CVE-2002-1466 1 Cafelog 1 B2 2024-02-28 10.0 HIGH N/A
CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable.
CVE-2002-1384 2 Easy Software Products, Xpdf 2 Cups, Xpdf 2024-02-28 7.2 HIGH N/A
Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf.
CVE-1999-1183 1 Sgi 1 Irix 2024-02-28 7.6 HIGH N/A
System Manager sysmgr GUI in SGI IRIX 6.4 and 6.3 allows remote attackers to execute commands by providing a trojan horse (1) runtask or (2) runexec descriptor file, which is used to execute a System Manager Task when the user's Mailcap entry supports the x-sgi-task or x-sgi-exec type.
CVE-2003-0067 1 Aterm 1 Aterm 2024-02-28 7.5 HIGH N/A
The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
CVE-2000-0076 2 Berkeley, Debian 2 Nvi, Debian Linux 2024-02-28 2.1 LOW N/A
nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover.
CVE-2003-1435 1 Francisco Burzi 1 Php-nuke 2024-02-28 7.5 HIGH N/A
SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module.
CVE-2004-0156 1 Ssmtp 1 Ssmtp 2024-02-28 5.0 MEDIUM N/A
Format string vulnerabilities in the (1) die or (2) log_event functions for ssmtp before 2.50.6 allow remote mail relays to cause a denial of service and possibly execute arbitrary code.
CVE-2002-2228 1 Mailscanner 1 Mailscanner 2024-02-28 6.4 MEDIUM N/A
MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers to bypass protection via attachments with a filename with (1) extra leading spaces, (2) extra trailing spaces, or (3) alternate character encodings that cannot be processed by MailScanner.
CVE-2001-0361 2 Openbsd, Ssh 2 Openssh, Ssh 2024-02-28 4.0 MEDIUM N/A
Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5.
CVE-2002-0583 1 Workforceroi 1 Xpede 2024-02-28 5.0 MEDIUM N/A
WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric characters) for temporary expense claim reports in the /reports/temp directory, which allows remote attackers to read the reports via a brute force attack.
CVE-2004-0402 2 Mandrakesoft, Xpcd 2 Mandrake Linux, Xpcd 2024-02-28 4.6 MEDIUM N/A
Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other versions, may allow local users to execute arbitrary code.