Total
270770 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-1553 | 1 Sips | 1 Sips | 2024-02-28 | 4.3 MEDIUM | N/A |
Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password and other user information via a direct request to a user-specific configuration directory. | |||||
CVE-2002-0276 | 1 Ettercap | 1 Ettercap | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in various decoders in Ettercap 0.6.3.1 and earlier, when running on networks with an MTU greater than 2000, allows remote attackers to execute arbitrary code via large packets. | |||||
CVE-2002-0268 | 1 Identix | 1 Biologon | 2024-02-28 | 7.2 HIGH | N/A |
Identix BioLogon 3 allows users with physical access to the system to gain administrative privileges by using CTRL-ALT-DEL and running a "Browse" function, which runs Explorer with SYSTEM privileges. | |||||
CVE-1999-0353 | 1 Hp | 1 Hp-ux | 2024-02-28 | 9.3 HIGH | N/A |
rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory. | |||||
CVE-2001-1265 | 1 Ibm | 1 Alphaworks Tftp Server | 2024-02-28 | 7.5 HIGH | N/A |
Directory traversal vulnerability in IBM alphaWorks Java TFTP server 1.21 allows remote attackers to conduct unauthorized operations on arbitrary files via a .. (dot dot) attack. | |||||
CVE-2003-0614 | 1 Gallery Project | 1 Gallery | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter. | |||||
CVE-2002-1444 | 2 Google, Microsoft | 2 Toolbar, Internet Explorer | 2024-02-28 | 2.6 LOW | N/A |
The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6.0, allows remote attackers to cause a denial of service (crash with an exception in oleaut32.dll) via malicious HTML, possibly related to small width and height parameters or an incorrect call to the Google.Search() function. | |||||
CVE-2002-1742 | 1 Paul Kulchenko | 1 Soap Lite | 2024-02-28 | 5.0 MEDIUM | N/A |
SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary Perl functions by suppling a non-existent function in a script using a SOAP::Lite module, which causes the AUTOLOAD subroutine to trigger. | |||||
CVE-2001-0487 | 1 Ibm | 1 Aix Snmp | 2024-02-28 | 5.0 MEDIUM | N/A |
AIX SNMP server snmpd allows remote attackers to cause a denial of service via a RST during the TCP connection. | |||||
CVE-2023-6837 | 1 Wso2 | 3 Api Manager, Identity Server, Identity Server As Key Manager | 2024-01-05 | N/A | 8.2 HIGH |
Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: * An IDP configured for federated authentication and JIT provisioning enabled with the "Prompt for username, password and consent" option. * A service provider that uses the above IDP for federated authentication and has the "Assert identity using mapped local subject identifier" flag enabled. Attacker should have: * A fresh valid user account in the federated IDP that has not been used earlier. * Knowledge of the username of a valid user in the local IDP. When all preconditions are met, a malicious actor could use JIT provisioning flow to perform user impersonation. |