Total
93123 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-2374 | 1 Sun | 1 Patchpro | 2024-02-04 | 10.0 HIGH | N/A |
Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown impact and attack vectors related to "unsafe use of temporary files." | |||||
CVE-2003-0281 | 1 Firebirdsql | 1 Firebird | 2024-02-04 | 4.6 MEDIUM | N/A |
Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_inet_server, (2) gds_lock_mgr, or (3) gds_drop. | |||||
CVE-2004-2184 | 1 Digicraft Software | 1 Yak | 2024-02-04 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in Digicraft Yak! server 2.0 through 2.1.2 allows remote attackers to read or write arbitrary files via "../" or "..\" sequences in commands such as (1) dir or (2) put. | |||||
CVE-1999-0093 | 1 Ibm | 1 Aix | 2024-02-04 | 7.2 HIGH | N/A |
AIX nslookup command allows local users to obtain root access by not dropping privileges correctly. | |||||
CVE-2000-0954 | 1 Evolvable Corporation | 1 Shambala Server | 2024-02-04 | 10.0 HIGH | N/A |
Shambala Server 4.5 stores passwords in plaintext, which could allow local users to obtain the passwords and compromise the server. | |||||
CVE-1999-0310 | 1 Ssh | 1 Ssh | 2024-02-04 | 7.5 HIGH | N/A |
SSH 1.2.25 on HP-UX allows access to new user accounts. | |||||
CVE-2003-1294 | 1 Xscreensaver | 1 Xscreensaver | 2024-02-04 | 2.1 LOW | N/A |
Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwrite arbitrary files via a symlink attack. | |||||
CVE-2002-1835 | 1 Xerox | 2 Docutech 6110, Docutech 6115 | 2024-02-04 | 7.5 HIGH | N/A |
The default configuration of Xerox DocuTech 6110 and DocuTech 6115 running Solaris 8.0 has a large number of unnecessary services enabled such as RPC and sprayd, which could allow remote attackers to obtain access to the device. | |||||
CVE-2002-1879 | 1 Lokwa | 1 Lokwabb | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in LokwaBB 1.2.2 allows remote attackers to execute arbitrary SQL commands via the (1) member parameter to member.php or (2) loser parameter to misc.php. | |||||
CVE-2002-0129 | 1 Efax | 1 Efax | 2024-02-04 | 2.1 LOW | N/A |
efax 0.9 and earlier, when installed setuid root, allows local users to read arbitrary files via the -d option, which prints the contents of the file in a warning message. | |||||
CVE-1999-0132 | 2 Hp, Sun | 3 Hp-ux, Solaris, Sunos | 2024-02-04 | 2.1 LOW | N/A |
Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access. | |||||
CVE-2000-0868 | 2 Apache, Suse | 2 Http Server, Suse Linux | 2024-02-04 | 5.0 MEDIUM | N/A |
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/. | |||||
CVE-2004-1527 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 5.0 MEDIUM | N/A |
Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions. | |||||
CVE-2004-1718 | 1 Pedestal Software | 1 Integrity Protection Driver | 2024-02-04 | 2.1 LOW | N/A |
The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 and earlier allows local users to cause a denial of service (crash) via an invalid pointer in the "oa" argument. | |||||
CVE-2004-0632 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2024-02-04 | 7.5 HIGH | N/A |
Adobe Reader 6.0 does not properly handle null characters when splitting a filename path into components, which allows remote attackers to execute arbitrary code via a file with a long extension that is not normally handled by Reader, triggering a buffer overflow. | |||||
CVE-2003-1269 | 1 An | 1 An-http | 2024-02-04 | 5.0 MEDIUM | N/A |
AN HTTP 1.41e allows remote attackers to obtain the root web server path via an HTTP request with a long argument to a script, which leaks the path in an error message. | |||||
CVE-2001-0359 | 2 Sierra, Valve Software | 2 Half-life, Half-life Dedicated Server | 2024-02-04 | 7.5 HIGH | N/A |
Format string vulnerability in Sierra Half-Life build 1573 and earlier allows a remote attacker to execute arbitrary code via the map command. | |||||
CVE-1999-0065 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 7.5 HIGH | N/A |
Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands. | |||||
CVE-2002-2208 | 2 Cisco, Extended Interior Gateway Routing Protocol | 2 Ios, Extended Interior Gateway Routing Protocol | 2024-02-04 | 7.8 HIGH | N/A |
Extended Interior Gateway Routing Protocol (EIGRP), as implemented in Cisco IOS 11.3 through 12.2 and other products, allows remote attackers to cause a denial of service (flood) by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network. | |||||
CVE-1999-0910 | 1 Microsoft | 3 Commercial Internet System, Site Server, Site Server Commerce | 2024-02-04 | 5.0 MEDIUM | N/A |
Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user. |