Total
236852 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-1242 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2004. Notes: none. | |||||
CVE-2004-0815 | 1 Samba | 1 Samba | 2024-02-04 | 7.5 HIGH | N/A |
The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style sequences in pathnames. | |||||
CVE-2001-1552 | 1 Microsoft | 1 Windows Me | 2024-02-04 | 5.0 MEDIUM | N/A |
ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of service by sending multiple newlines in a Simple Service Discovery Protocol (SSDP) message. NOTE: multiple replies to the original post state that the problem could not be reproduced. | |||||
CVE-2003-0106 | 1 Symantec | 1 Enterprise Firewall | 2024-02-04 | 7.5 HIGH | N/A |
The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy users to bypass pattern matching for blocked URLs via requests that are URL-encoded with escapes, Unicode, or UTF-8. | |||||
CVE-2004-0143 | 1 Nokia | 1 6310i | 2024-02-04 | 5.0 MEDIUM | N/A |
Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote attackers to cause a denial of service (reset) via malformed Bluetooth OBject EXchange (OBEX) messages, probably triggering buffer overflows. | |||||
CVE-2001-0960 | 2 Broadcom, Ca | 3 Arcserve Backup, Arcserve Backup 2000, Arcserve Backup 2000 | 2024-02-04 | 10.0 HIGH | N/A |
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 stores the backup agent user name and password in cleartext in the aremote.dmp file in the ARCSERVE$ hidden share, which allows local and remote attackers to gain privileges. | |||||
CVE-2000-0596 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 7.5 HIGH | N/A |
Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote attackers to execute arbitrary commands, aka the "IE Script" vulnerability. | |||||
CVE-2004-1797 | 1 Freznoshop | 1 Freznoshop | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in search.php for FreznoShop 1.3.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
CVE-2001-1489 | 1 Microsoft | 1 Ie | 2024-02-04 | 5.0 MEDIUM | N/A |
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images. | |||||
CVE-2004-1665 | 1 Psnews | 1 Psnews | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in PsNews 1.1 allows remote attackers to inject arbitrary web script or HTML via the no parameter. | |||||
CVE-2000-0759 | 1 Apache | 1 Tomcat | 2024-02-04 | 6.4 MEDIUM | N/A |
Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path. | |||||
CVE-2003-0275 | 1 Yabb | 1 Yabb | 2024-02-04 | 5.1 MEDIUM | N/A |
SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary PHP code by modifying the sourcedir parameter to reference a URL on a remote web server that contains the code. | |||||
CVE-2001-1231 | 1 Novell | 1 Groupwise | 2024-02-04 | 5.0 MEDIUM | N/A |
GroupWise 5.5 and 6 running in live remote or smart caching mode allows remote attackers to read arbitrary users' mailboxes by extracting usernames and passwords from sniffed network traffic, as addressed by the "Padlock" fix. | |||||
CVE-1999-0549 | 1 Microsoft | 1 Windows Nt | 2024-02-04 | 7.2 HIGH | N/A |
Windows NT automatically logs in an administrator upon rebooting. | |||||
CVE-2002-0167 | 1 Enlightenment | 1 Imlib | 2024-02-04 | 7.5 HIGH | N/A |
Imlib before 1.9.13 sometimes uses the NetPBM package to load trusted images, which could allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain weaknesses of NetPBM. | |||||
CVE-1999-0891 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 5.0 MEDIUM | N/A |
The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect. | |||||
CVE-2002-1466 | 1 Cafelog | 1 B2 | 2024-02-04 | 10.0 HIGH | N/A |
CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable. | |||||
CVE-2002-1962 | 1 Finjan Software | 1 Surfingate | 2024-02-04 | 7.5 HIGH | N/A |
Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to bypass URL access restrictions via a URL with an IP address instead of a hostname. | |||||
CVE-2004-0125 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 7.2 HIGH | N/A |
The jail system call in FreeBSD 4.x before 4.10-RELEASE does not verify that an attempt to manipulate routing tables originated from a non-jailed process, which could allow local users to modify the routing table. | |||||
CVE-2001-0861 | 1 Cisco | 1 12000 Router | 2024-02-04 | 5.0 MEDIUM | N/A |
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier allows remote attackers to cause a denial of service (CPU consumption) by flooding the router with traffic that generates a large number of ICMP Unreachable replies. |