Vulnerabilities (CVE)

Total 268541 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2001-1447 1 Apple 1 Mac Os X 2024-02-28 7.2 HIGH N/A
NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to gain root privileges by opening applications using the (1) "recent items" and (2) "services" menus, which causes the applications to run with root privileges.
CVE-2000-0460 1 Kde 1 Kde 2024-02-28 7.2 HIGH N/A
Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable.
CVE-1999-1224 1 University Of Washington 1 Imapd 2024-02-28 3.6 LOW N/A
IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information.
CVE-2004-0598 1 Greg Roelofs 1 Libpng 2024-02-28 5.0 MEDIUM N/A
The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference.
CVE-1999-0732 1 Debian 1 Debian Linux 2024-02-28 2.1 LOW N/A
The logging facility of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links.
CVE-2002-2226 1 Tftpd32 1 Tftpd32 2024-02-28 7.5 HIGH N/A
Buffer overflow in tftpd of TFTP32 2.21 and earlier allows remote attackers to execute arbitrary code via a long filename argument.
CVE-2002-1882 1 Oracle 1 E-business Suite 2024-02-28 7.5 HIGH N/A
Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business Suite 11i 11.1 through 11.6 allows remote attackers to bypass user authentication checks via unknown attack vectors.
CVE-1999-1520 1 Microsoft 1 Site Server 2024-02-28 5.0 MEDIUM N/A
A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information.
CVE-2001-0996 1 Pop3lite 1 Pop3lite 2024-02-28 6.4 MEDIUM N/A
POP3Lite before 0.2.4 does not properly quote a . (dot) in an email message, which could allow a remote attacker to append arbitrary text to the end of an email message, which could then be interpreted by various mail clients as valid POP server responses or other input that could cause clients to crash or otherwise behave unexpectedly.
CVE-2002-1705 1 Microsoft 1 Internet Explorer 2024-02-28 5.0 MEDIUM N/A
Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to cause a denial of service (crash) via a Cascading Style Sheet (CSS) with the p{cssText} element declared and a bold font weight.
CVE-2004-1827 2 Simple Machines, Yabb 2 Simple Machines Smf, Yabb 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags.
CVE-2000-0298 1 Microsoft 1 Windows 2000 2024-02-28 7.2 HIGH N/A
The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories.
CVE-2003-1554 1 Scoznet 1 Scozbook 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in scozbook/add.php in ScozNet ScozBook 1.1 BETA allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) useremail, (3) aim, (4) msn, (5) sitename and (6) siteaddy variables.
CVE-2004-0755 1 Yukihiro Matsumoto 1 Ruby 2024-02-28 2.1 LOW N/A
The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.
CVE-2002-0287 1 Powie 1 Pforum 2024-02-28 10.0 HIGH N/A
pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default.
CVE-2004-2158 1 S9y 1 Serendipity 2024-02-28 7.5 HIGH N/A
SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php.
CVE-2000-0008 1 1st Choice Software 1 Ftppro 2024-02-28 2.1 LOW N/A
FTPPro allows local users to read sensitive information, which is stored in plain text.
CVE-2001-0037 1 Keware Technologies 1 Homeseer 2024-02-28 5.0 MEDIUM N/A
Directory traversal vulnerability in HomeSeer before 1.4.29 allows remote attackers to read arbitrary files via a URL containing .. (dot dot) specifiers.
CVE-2002-2015 1 Postnuke Software Foundation 1 Postnuke 2024-02-28 7.5 HIGH N/A
PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows remote attackers to include arbitrary files and possibly execute code via the caselist parameter.
CVE-1999-0046 10 Bsdi, Debian, Digital and 7 more 10 Bsd Os, Debian Linux, Ultrix and 7 more 2024-02-28 10.0 HIGH N/A
Buffer overflow of rlogin program using TERM environmental variable.