Total
268496 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-1999-0309 | 1 Hp | 1 Hp-ux | 2024-02-28 | 7.2 HIGH | N/A |
HP-UX vgdisplay program gives root access to local users. | |||||
CVE-2001-0400 | 1 Matt Tourtillott | 1 Nph-maillist | 2024-02-28 | 7.5 HIGH | N/A |
nph-maillist.pl allows remote attackers to execute arbitrary commands via shell metacharacters ("`") in the email address. | |||||
CVE-2002-0215 | 1 Steve Kneizys | 1 Agora.cgi | 2024-02-28 | 5.0 MEDIUM | N/A |
Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname in an error message. | |||||
CVE-2000-1135 | 1 Debian | 1 Debian Linux | 2024-02-28 | 4.6 MEDIUM | N/A |
fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite files of other users via a symlink attack. | |||||
CVE-2002-0353 | 1 Ethereal Group | 1 Ethereal | 2024-02-28 | 5.0 MEDIUM | N/A |
The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a certain malformed packet, which causes Ethereal to allocate memory incorrectly, possibly due to zero-length fields. | |||||
CVE-1999-1440 | 1 Mirabilis | 1 Icq 98a | 2024-02-28 | 5.1 MEDIUM | N/A |
Win32 ICQ 98a 1.30, and possibly other versions, does not display the entire portion of long filenames, which could allow attackers to send an executable file with a long name that contains so many spaces that the .exe extension is not displayed, which could make the user believe that the file is safe to open from the client. | |||||
CVE-1999-1574 | 1 Ibm | 1 Aix | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in the lex routines of nslookup for AIX 4.3 may allow attackers to cause a core dump and possibly execute arbitrary code via "long input strings." | |||||
CVE-1999-1014 | 1 Sun | 2 Solaris, Sunos | 2024-02-28 | 4.6 MEDIUM | N/A |
Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local users to gain privileges via a long -m argument. | |||||
CVE-2003-0304 | 1 Oneorzero | 1 Oneorzero Helpdesk | 2024-02-28 | 10.0 HIGH | N/A |
one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers to create administrator accounts by directly calling the install.php Helpdesk Installation script. | |||||
CVE-1999-0195 | 2 Linux, Sgi | 2 Linux Kernel, Irix | 2024-02-28 | 5.0 MEDIUM | N/A |
Denial of service in RPC portmapper allows attackers to register or unregister RPC services or spoof RPC services using a spoofed source IP address such as 127.0.0.1. | |||||
CVE-2004-0190 | 1 Symantec | 3 Firewall Vpn Appliance 100, Firewall Vpn Appliance 200, Firewall Vpn Appliance 200r | 2024-02-28 | 7.5 HIGH | N/A |
Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges. | |||||
CVE-2004-2180 | 1 Wowbb | 1 Wowbb Web Forum | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum 1.61 allow remote attackers to inject arbitrary web script or HTML via the (1) country parameter to view_user.php, (2) show parameter to view_forum.php, (3) letter parameter to view_user.php, (4) highlight parameter to view_topic.php, (5) show parameter to index.php, (6) q parameter to search.php, (7) Referer header to admin.php, or the (8) user_email parameter to login.php. | |||||
CVE-2000-1163 | 1 Aladdin Enterprises | 1 Ghostscript | 2024-02-28 | 4.6 MEDIUM | N/A |
ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript. | |||||
CVE-2002-2185 | 6 Debian, Mandrakesoft, Microsoft and 3 more | 11 Debian Linux, Mandrake Linux, Windows 98 and 8 more | 2024-02-28 | 4.9 MEDIUM | N/A |
The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network. | |||||
CVE-2002-1782 | 1 University Of Washington | 1 Uw-imap | 2024-02-28 | 2.1 LOW | N/A |
The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user. | |||||
CVE-1999-0212 | 1 Sun | 1 Sunos | 2024-02-28 | 7.8 HIGH | N/A |
Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server. | |||||
CVE-1999-1058 | 1 Arcane Software | 1 Vermillion Ftp Daemon | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in Vermillion FTP Daemon VFTPD 1.23 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via several long CWD commands. | |||||
CVE-1999-1389 | 1 3com | 1 Total Control Netserver Card | 2024-02-28 | 7.5 HIGH | N/A |
US Robotics/3Com Total Control Chassis with Frame Relay between 3.6.22 and 3.7.24 does not properly enforce access filters when the "set host prompt" setting is made for a port, which allows attackers to bypass restrictions by providing the hostname twice at the "host: " prompt. | |||||
CVE-2004-1966 | 1 Openbb | 1 Openbb | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter in board.php, (2) sortorder, perpage, or id parameters in member.php, (3) forums parameter in search.php, or (4) PID or FID parameters in post.php. | |||||
CVE-1999-0961 | 1 Hp | 1 Hp-ux | 2024-02-28 | 6.2 MEDIUM | N/A |
HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation. |