Total
28397 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-1391 | 1 Linux | 1 Linux Kernel | 2024-02-02 | 2.1 LOW | 5.5 MEDIUM |
Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory. | |||||
CVE-2002-0653 | 1 Mod Ssl | 1 Mod Ssl | 2024-02-02 | 4.6 MEDIUM | 7.8 HIGH |
Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries. | |||||
CVE-2002-0844 | 1 Derek Price | 1 Cvsd | 2024-02-02 | 4.6 MEDIUM | 7.8 HIGH |
Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code. | |||||
CVE-1999-1568 | 1 Ncftpd | 1 Ncftpd Ftp Server | 2024-02-02 | 5.0 MEDIUM | 7.5 HIGH |
Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote attacker to cause a denial of service (crash) via a long PORT command. | |||||
CVE-2004-0346 | 1 Proftpd Project | 1 Proftpd | 2024-02-02 | 7.2 HIGH | 7.8 HIGH |
Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command. | |||||
CVE-2003-0411 | 1 Sun | 1 One Application Server | 2024-02-02 | 5.0 MEDIUM | 7.5 HIGH |
Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase ".JSP" extension instead of the lowercase .jsp extension. | |||||
CVE-2002-0485 | 1 Symantec | 1 Norton Antivirus | 2024-02-02 | 5.0 MEDIUM | 7.5 HIGH |
Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some mail clients. | |||||
CVE-1999-0239 | 1 Netscape | 1 Fasttrack Server | 2024-02-02 | 5.0 MEDIUM | 7.5 HIGH |
Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET. | |||||
CVE-2005-0269 | 1 Sir | 1 Gnuboard | 2024-02-02 | 7.5 HIGH | 9.8 CRITICAL |
The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters. | |||||
CVE-2001-0766 | 1 Apache | 1 Http Server | 2024-02-02 | 7.5 HIGH | 9.8 CRITICAL |
Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters. | |||||
CVE-2001-0795 | 1 Perception | 1 Liteserve | 2024-02-02 | 5.0 MEDIUM | 7.5 HIGH |
Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs that contain MS-DOS conventions such as (1) upper case letters or (2) 8.3 file names. | |||||
CVE-2001-1238 | 1 Microsoft | 2 Windows 2000, Windows 2000 Terminal Services | 2024-02-02 | 4.6 MEDIUM | 7.8 HIGH |
Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager. | |||||
CVE-2000-0342 | 1 Qualcomm | 1 Eudora | 2024-02-02 | 5.0 MEDIUM | 7.5 HIGH |
Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment." | |||||
CVE-2001-1042 | 1 Transsoft | 1 Broker Ftp Server | 2024-02-02 | 5.0 MEDIUM | 7.5 HIGH |
Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file. | |||||
CVE-2001-1043 | 1 Argosoft | 1 Ftp Server | 2024-02-02 | 5.0 MEDIUM | 7.5 HIGH |
ArGoSoft FTP Server 1.2.2.2 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file. | |||||
CVE-2005-0587 | 1 Mozilla | 2 Firefox, Mozilla | 2024-02-02 | 2.6 LOW | 6.5 MEDIUM |
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file. | |||||
CVE-2001-1386 | 1 Texas Imperial Software | 1 Wftpd | 2024-02-02 | 5.0 MEDIUM | 7.5 HIGH |
WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension. |