Total
268497 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-0604 | 1 Microsoft | 1 Windows Media Player | 2024-02-28 | 7.5 HIGH | N/A |
Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL. | |||||
CVE-2001-1022 | 2 Gnu, Jgroff | 2 Groff, Jgroff | 2024-02-28 | 7.5 HIGH | N/A |
Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command. | |||||
CVE-2004-1605 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2024-02-28 | 7.5 HIGH | N/A |
SalesLogix 6.1 allows remote attackers to bypass authentication by modifying the slxweb cookie to set user=Admin, teams=ADMIN!, and usertype=Administrator. | |||||
CVE-2003-1275 | 1 Microsoft | 1 Pocket Ie | 2024-02-28 | 5.0 MEDIUM | N/A |
Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function. | |||||
CVE-2004-0316 | 1 Avirt | 1 Avirt Soho | 2024-02-28 | 5.0 MEDIUM | N/A |
Buffer overflow in Avirt Soho 4.3 allows remote attackers to cause a denial of service (crash) via (1) a large GET request to port 1080 or (2) a large GET request of % characters to port 8080. | |||||
CVE-2001-0147 | 1 Microsoft | 1 Windows 2000 | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is improperly handled during the detailed view of event records. | |||||
CVE-2004-2022 | 1 Activestate | 1 Activeperl | 2024-02-28 | 2.1 LOW | N/A |
ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow. NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl. | |||||
CVE-2001-1562 | 1 Bsd | 1 Nvi | 2024-02-28 | 7.2 HIGH | N/A |
Format string vulnerability in nvi before 1.79 allows local users to gain privileges via format string specifiers in a filename. | |||||
CVE-2002-1864 | 1 Sws | 1 Sws Simple Web Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Simple Web Server (SWS) 0.0.4 through 0.1.0 allows remote attackers to read arbitrary files via a ".." (dot dot) in an HTTP request. | |||||
CVE-2002-1466 | 1 Cafelog | 1 B2 | 2024-02-28 | 10.0 HIGH | N/A |
CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable. | |||||
CVE-2002-1384 | 2 Easy Software Products, Xpdf | 2 Cups, Xpdf | 2024-02-28 | 7.2 HIGH | N/A |
Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf. | |||||
CVE-1999-1183 | 1 Sgi | 1 Irix | 2024-02-28 | 7.6 HIGH | N/A |
System Manager sysmgr GUI in SGI IRIX 6.4 and 6.3 allows remote attackers to execute commands by providing a trojan horse (1) runtask or (2) runexec descriptor file, which is used to execute a System Manager Task when the user's Mailcap entry supports the x-sgi-task or x-sgi-exec type. | |||||
CVE-2003-0067 | 1 Aterm | 1 Aterm | 2024-02-28 | 7.5 HIGH | N/A |
The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. | |||||
CVE-2000-0076 | 2 Berkeley, Debian | 2 Nvi, Debian Linux | 2024-02-28 | 2.1 LOW | N/A |
nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover. | |||||
CVE-2003-1435 | 1 Francisco Burzi | 1 Php-nuke | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module. | |||||
CVE-2004-0156 | 1 Ssmtp | 1 Ssmtp | 2024-02-28 | 5.0 MEDIUM | N/A |
Format string vulnerabilities in the (1) die or (2) log_event functions for ssmtp before 2.50.6 allow remote mail relays to cause a denial of service and possibly execute arbitrary code. | |||||
CVE-2002-2228 | 1 Mailscanner | 1 Mailscanner | 2024-02-28 | 6.4 MEDIUM | N/A |
MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers to bypass protection via attachments with a filename with (1) extra leading spaces, (2) extra trailing spaces, or (3) alternate character encodings that cannot be processed by MailScanner. | |||||
CVE-2001-0361 | 2 Openbsd, Ssh | 2 Openssh, Ssh | 2024-02-28 | 4.0 MEDIUM | N/A |
Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5. | |||||
CVE-2002-0583 | 1 Workforceroi | 1 Xpede | 2024-02-28 | 5.0 MEDIUM | N/A |
WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric characters) for temporary expense claim reports in the /reports/temp directory, which allows remote attackers to read the reports via a brute force attack. | |||||
CVE-2004-0402 | 2 Mandrakesoft, Xpcd | 2 Mandrake Linux, Xpcd | 2024-02-28 | 4.6 MEDIUM | N/A |
Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other versions, may allow local users to execute arbitrary code. |