Total
237510 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0388 | 1 Datalynx | 1 Suguard | 2024-02-04 | 4.6 MEDIUM | N/A |
| DataLynx suGuard trusts the PATH environment variable to execute the ps command, allowing local users to execute commands as root. | |||||
| CVE-2001-0624 | 1 Qnx | 1 Qnx | 2024-02-04 | 2.1 LOW | N/A |
| QNX 2.4 allows a local user to read arbitrary files by directly accessing the mount point for the FAT disk partition, e.g. /fs-dos. | |||||
| CVE-2004-1445 | 1 Nessus | 1 Nessus | 2024-02-04 | 3.7 LOW | N/A |
| A race condition in nessus-adduser in Nessus 2.0.11 and possibly earlier versions, if the TMPDIR environment variable is not set, allows local users to gain privileges. | |||||
| CVE-2002-2065 | 1 Webcalendar | 1 Webcalendar | 2024-02-04 | 5.0 MEDIUM | N/A |
| WebCalendar 0.9.34 and earlier with 'browsing in includes directory' enabled allows remote attackers to read arbitrary include files with .inc extensions from the web root. | |||||
| CVE-1999-0748 | 1 Redhat | 1 Linux | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflows in Red Hat net-tools package. | |||||
| CVE-2004-1450 | 1 Mozilla | 1 Mozilla | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations. | |||||
| CVE-2002-0006 | 1 Xchat | 1 Xchat | 2024-02-04 | 7.5 HIGH | N/A |
| XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command that calls CTCP PING, which expands the characters in the client response when the percascii variable is set. | |||||
| CVE-1999-0170 | 1 Digital | 1 Ultrix | 2024-02-04 | 7.5 HIGH | N/A |
| Remote attackers can mount an NFS file system in Ultrix or OSF, even if it is denied on the access list. | |||||
| CVE-2002-1838 | 1 Steve Sachs | 1 Charities.cron | 2024-02-04 | 5.0 MEDIUM | N/A |
| Charities.cron 1.0.2 through 1.6.0 allows local users to write to arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2002-0417 | 1 Endymion | 1 Mailman Webmail | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Endymion MailMan before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the ALTERNATE_TEMPLATES parameter for various mmstdo*.cgi programs. | |||||
| CVE-2002-1064 | 1 T. Hauck | 1 Jana Web Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, generates different responses for valid and invalid usernames, which allows remote attackers to identify valid users on the server. | |||||
| CVE-2001-1475 | 1 Ssh | 1 Ssh | 2024-02-04 | 7.5 HIGH | N/A |
| SSH before 2.0, when using RC4 and password authentication, allows remote attackers to replay messages until a new server key (VK) is generated. | |||||
| CVE-2001-0943 | 1 Oracle | 1 Database Server | 2024-02-04 | 7.2 HIGH | N/A |
| dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the PATH environment variable to find and execute the (1) chown or (2) chgrp commands, which allows local users to execute arbitrary code by modifying the PATH to point to Trojan Horse programs. | |||||
| CVE-2002-0588 | 1 Steve Korbett | 1 Pvote | 2024-02-04 | 5.0 MEDIUM | N/A |
| PVote before 1.9 does not authenticate users for restricted operations, which allows remote attackers to add or delete polls by modifying parameters to (1) add.php or (2) del.php. | |||||
| CVE-2001-0441 | 3 Debian, Mandrakesoft, Redhat | 4 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server and 1 more | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header. | |||||
| CVE-2004-2152 | 1 Mediawiki | 1 Mediawiki | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in 'raw' page output mode for MediaWiki 1.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2001-1545 | 1 Macromedia | 1 Jrun | 2024-02-04 | 5.0 MEDIUM | N/A |
| Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing. | |||||
| CVE-2004-0485 | 1 Apple | 1 Mac Os X | 2024-02-04 | 5.0 MEDIUM | N/A |
| The default protocol helper for the disk: URI on Mac OS X 10.3.3 and 10.2.8 allows remote attackers to write arbitrary files by causing a disk image file (.dmg) to be mounted as a disk volume. | |||||
| CVE-2002-0580 | 1 Workforceroi | 1 Xpede | 2024-02-04 | 7.5 HIGH | N/A |
| WorkforceROI Xpede 4.1 allows remote attackers to obtain the database username via a request to datasource.asp, which leaks the username in a form and allows the attacker to more easily conduct brute force password guessing attacks. | |||||
| CVE-2001-0494 | 1 Ipswitch | 1 Imail | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior versions allows remote attackers to execute arbitrary code via a long From: header. | |||||