Total
238872 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2000-0216 | 1 Microsoft | 3 Exchange Server, Outlook, Windows Messaging | 2024-02-04 | 5.0 MEDIUM | N/A |
Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list. | |||||
CVE-2002-0722 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 7.5 HIGH | N/A |
Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to misrepresent the source of a file in the File Download dialogue box to trick users into thinking that the file type is safe to download, aka "File Origin Spoofing." | |||||
CVE-2000-0603 | 1 Microsoft | 1 Sql Server | 2024-02-04 | 4.6 MEDIUM | N/A |
Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability. | |||||
CVE-2001-1147 | 1 Andries Brouwer | 1 Util-linux | 2024-02-04 | 7.2 HIGH | N/A |
The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits. | |||||
CVE-2002-1125 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 2.1 LOW | N/A |
FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including (1) asmon, (2) ascpu, (3) bubblemon, (4) wmmon, and (5) wmnet2, leave open file descriptors for /dev/mem and /dev/kmem, which allows local users to read kernel memory. | |||||
CVE-2004-2241 | 1 Phorum | 1 Phorum | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier allows remote attackers to inject arbitrary HTML or web script via search.php. NOTE: some sources have reported that the affected file is read.php, but this is inconsistent with the vendor's patch. | |||||
CVE-2001-0583 | 1 Alt-n | 1 Mdaemon | 2024-02-04 | 5.0 MEDIUM | N/A |
Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a denial of service via the URL request of a MS-DOS device (such as GET /aux) to (1) the Worldclient service at port 3000, or (2) the Webconfig service at port 3001. | |||||
CVE-2002-1421 | 1 Ilia Alshanetsky | 1 Fudforum | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via (1) report.php, (2) selmsg.php, and (3) showposts.php. | |||||
CVE-1999-1006 | 1 Novell | 1 Groupwise | 2024-02-04 | 5.0 MEDIUM | N/A |
Groupwise web server GWWEB.EXE allows remote attackers to determine the real path of the web server via the HELP parameter. | |||||
CVE-2001-0700 | 1 W3m | 1 W3m | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in w3m 0.2.1 and earlier allows a remote attacker to execute arbitrary code via a long base64 encoded MIME header. | |||||
CVE-1999-1097 | 1 Microsoft | 1 Netmeeting | 2024-02-04 | 6.4 MEDIUM | N/A |
Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty. | |||||
CVE-2003-0167 | 1 Mutt | 1 Mutt | 2024-02-04 | 7.5 HIGH | N/A |
Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140. | |||||
CVE-2004-2217 | 1 Ychat | 1 Ychat | 2024-02-04 | 5.0 MEDIUM | N/A |
Multiple unknown vulnerabilities in yhttpd in yChat before 0.7 allow remote attackers to cause a denial of service (segmentation fault) via unknown vectors. | |||||
CVE-2003-0222 | 1 Oracle | 3 Database Server, Oracle8i, Oracle9i | 2024-02-04 | 9.0 HIGH | N/A |
Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter. | |||||
CVE-2003-0845 | 1 Jboss | 1 Jboss | 2024-02-04 | 7.5 HIGH | N/A |
Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8. | |||||
CVE-2002-1092 | 1 Cisco | 1 Vpn 3000 Concentrator Series Software | 2024-02-04 | 7.5 HIGH | N/A |
Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when configured to use internal authentication with group accounts and without any user accounts, allows remote VPN clients to log in using PPTP or IPSEC user authentication. | |||||
CVE-2002-0285 | 1 Microsoft | 1 Outlook Express | 2024-02-04 | 7.5 HIGH | N/A |
Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers. | |||||
CVE-2001-0477 | 1 Webcalendar | 1 Webcalendar | 2024-02-04 | 7.5 HIGH | N/A |
Vulnerability in WebCalendar 0.9.26 allows remote command execution. | |||||
CVE-1999-0718 | 1 Ibm | 1 Gina | 2024-02-04 | 6.2 MEDIUM | N/A |
IBM GINA, when used for OS/2 domain authentication of Windows NT users, allows local users to gain administrator privileges by changing the GroupMapping registry key. | |||||
CVE-2004-0670 | 1 Zyxel | 1 Prestige | 2024-02-04 | 5.0 MEDIUM | N/A |
Prestige 650HW-31 running Rompager 4.7 software allows remote attackers to cause a denial of service (device reboot) via a long password. |