Total
237510 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0307 | 1 Poster | 1 Poster | 2024-02-04 | 7.5 HIGH | N/A |
| Poster version.two allows remote authenticated users to gain administrative privileges by appending the "|" field separator and an "admin" value into the email address field. | |||||
| CVE-2001-0591 | 1 Oracle | 2 Application Server, Jsp | 2024-02-04 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read or execute arbitrary .jsp files via a '..' (dot dot) attack. | |||||
| CVE-1999-1014 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 4.6 MEDIUM | N/A |
| Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local users to gain privileges via a long -m argument. | |||||
| CVE-2001-0127 | 1 Oliver Debon | 1 Flash | 2024-02-04 | 7.6 HIGH | N/A |
| Buffer overflow in Olivier Debon Flash plugin (not the Macromedia plugin) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long DefineSound tag. | |||||
| CVE-2001-1128 | 1 Progress | 1 Progress | 2024-02-04 | 7.2 HIGH | N/A |
| Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables. | |||||
| CVE-2000-0866 | 1 Borland Software | 1 Interbase Superserver | 2024-02-04 | 2.1 LOW | N/A |
| Interbase 6 SuperServer for Linux allows an attacker to cause a denial of service via a query containing 0 bytes. | |||||
| CVE-2002-0317 | 1 Gator | 1 Gator | 2024-02-04 | 7.5 HIGH | N/A |
| Gator ActiveX component (IEGator.dll) 3.0.6.1 allows remote web sites to install arbitrary software by specifying a Trojan Gator installation file (setup.ex_) in the src parameter. | |||||
| CVE-2001-1070 | 1 Sage Software | 1 Mas 200 | 2024-02-04 | 2.1 LOW | N/A |
| Sage Software MAS 200 allows remote attackers to cause a denial of service by connecting to port 10000 and entering a series of control characters. | |||||
| CVE-2005-0067 | 1 Tcp | 1 Tcp | 2024-02-04 | 5.0 MEDIUM | N/A |
| The original design of TCP does not require that port numbers be assigned randomly (aka "Port randomization"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged "Destination Unreachable" messages, (2) blind throughput-reduction attacks with forged "Source Quench" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities. | |||||
| CVE-2002-0251 | 1 Licq | 1 Licq | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in licq 1.0.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string of format string characters such as "%d". | |||||
| CVE-2001-0002 | 1 Microsoft | 2 Internet Explorer, Windows Script Host | 2024-02-04 | 7.5 HIGH | N/A |
| Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs. | |||||
| CVE-2001-1272 | 1 Wliang | 1 Wmtv | 2024-02-04 | 4.6 MEDIUM | N/A |
| wmtv 0.6.5 and earlier does not properly drop privileges, which allows local users to execute arbitrary commands via the -e (external command) option. | |||||
| CVE-2004-1916 | 1 Lcdproc | 1 Lcdproc | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x versions up to 0.4.4, allows remote attackers to execute arbitrary code via (1) a long invalid command to parse_all_client_messages function, or (2) long argv command to test_func_func function. | |||||
| CVE-2002-0302 | 1 Symantec | 1 Enterprise Firewall | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops large alerts when SNMP is used as the transport, which could prevent some alerts from being sent in the event of an attack. | |||||
| CVE-2004-0092 | 1 Apple | 1 Mac Os X | 2024-02-04 | 10.0 HIGH | N/A |
| Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact. | |||||
| CVE-2002-0469 | 2 Ecartis, Listar | 2 Ecartis, Listar | 2024-02-04 | 7.2 HIGH | N/A |
| Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does not properly drop privileges when Ecartis is installed setuid-root, "lock-to-user" is not set, and ecartis is called by certain MTA's, which could allow local users to gain privileges. | |||||
| CVE-2001-1260 | 1 Avaya | 1 Argent Office | 2024-02-04 | 10.0 HIGH | N/A |
| Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator privileges by sniffing and decrypting the sniffing the passwords during a system reboot. | |||||
| CVE-2002-0940 | 1 Ncipher | 1 Mscapi Csp | 2024-02-04 | 4.6 MEDIUM | N/A |
| domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module protection only). | |||||
| CVE-1999-1283 | 1 Opera Software | 1 Opera Web Browser | 2024-02-04 | 5.0 MEDIUM | N/A |
| Opera 3.2.1 allows remote attackers to cause a denial of service (application crash) via a URL that contains an extra / in the http:// tag. | |||||
| CVE-2000-0036 | 1 Microsoft | 2 Ie, Outlook Express | 2024-02-04 | 5.0 MEDIUM | N/A |
| Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability. | |||||