Total
268493 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-0996 | 1 Pop3lite | 1 Pop3lite | 2024-02-28 | 6.4 MEDIUM | N/A |
POP3Lite before 0.2.4 does not properly quote a . (dot) in an email message, which could allow a remote attacker to append arbitrary text to the end of an email message, which could then be interpreted by various mail clients as valid POP server responses or other input that could cause clients to crash or otherwise behave unexpectedly. | |||||
CVE-2002-1705 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to cause a denial of service (crash) via a Cascading Style Sheet (CSS) with the p{cssText} element declared and a bold font weight. | |||||
CVE-2004-1827 | 2 Simple Machines, Yabb | 2 Simple Machines Smf, Yabb | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags. | |||||
CVE-2000-0298 | 1 Microsoft | 1 Windows 2000 | 2024-02-28 | 7.2 HIGH | N/A |
The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories. | |||||
CVE-2003-1554 | 1 Scoznet | 1 Scozbook | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in scozbook/add.php in ScozNet ScozBook 1.1 BETA allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) useremail, (3) aim, (4) msn, (5) sitename and (6) siteaddy variables. | |||||
CVE-2004-0755 | 1 Yukihiro Matsumoto | 1 Ruby | 2024-02-28 | 2.1 LOW | N/A |
The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions. | |||||
CVE-2002-0287 | 1 Powie | 1 Pforum | 2024-02-28 | 10.0 HIGH | N/A |
pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default. | |||||
CVE-2004-2158 | 1 S9y | 1 Serendipity | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php. | |||||
CVE-2000-0008 | 1 1st Choice Software | 1 Ftppro | 2024-02-28 | 2.1 LOW | N/A |
FTPPro allows local users to read sensitive information, which is stored in plain text. | |||||
CVE-2001-0037 | 1 Keware Technologies | 1 Homeseer | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in HomeSeer before 1.4.29 allows remote attackers to read arbitrary files via a URL containing .. (dot dot) specifiers. | |||||
CVE-2002-2015 | 1 Postnuke Software Foundation | 1 Postnuke | 2024-02-28 | 7.5 HIGH | N/A |
PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows remote attackers to include arbitrary files and possibly execute code via the caselist parameter. | |||||
CVE-1999-0046 | 10 Bsdi, Debian, Digital and 7 more | 10 Bsd Os, Debian Linux, Ultrix and 7 more | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow of rlogin program using TERM environmental variable. | |||||
CVE-2004-2202 | 1 Duware | 1 Duclassified | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 through 4.2 allows remote attackers to bypass authentication and execute other commands on the server's underlying database via the (1) cat_id or (2) sub_id parameters in adDetail.asp, or (2) the password parameter in the login form. | |||||
CVE-1999-1367 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 4.6 MEDIUM | N/A |
Internet Explorer 5.0 does not properly reset the username/password cache for Web sites that do not use standard cache controls, which could allow users on the same system to access restricted web sites that were visited by other users. | |||||
CVE-2002-1026 | 1 Macromedia | 1 Sitespring | 2024-02-28 | 5.0 MEDIUM | N/A |
Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine 7.0.2.1480 allows remote attackers to cause a denial of service (crash) via a long malformed request to TCP port 2500, possibly triggering a buffer overflow. | |||||
CVE-2001-1292 | 1 Sambar | 1 Sambar Server | 2024-02-28 | 7.5 HIGH | N/A |
Sambar Telnet Proxy/Server allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long password. | |||||
CVE-2001-1121 | 2024-02-28 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2001-1084. Reason: This candidate is a duplicate of CVE-2001-1084. Notes: All CVE users should reference CVE-2001-1084 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
CVE-2003-0451 | 1 Xblockout | 1 Xbl | 2024-02-28 | 4.6 MEDIUM | N/A |
Multiple buffer overflows in xbl before 1.0k allow local users to gain privileges via certain long command line arguments. | |||||
CVE-1999-0040 | 7 Bsdi, Freebsd, Hp and 4 more | 10 Bsd Os, Freebsd, Hp-ux and 7 more | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges. | |||||
CVE-2004-1586 | 1 Jera Technology | 1 Flash Messaging Server | 2024-02-28 | 2.1 LOW | N/A |
Flash Messaging clients can ignore disconnecting commands such as "shutdown" from the Flash Messaging Server 5.2.0g (rev 1.1.2), which could allow remote attackers to stay connected. |