Total
238576 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1088 | 1 Phpoutsourcing | 1 Zorum | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 and 3.5 allows remote attackers to inject arbitrary web script or HTML via the method parameter. | |||||
| CVE-1999-1176 | 2 Aaron Ledbetter, Jidentd | 2 Cidentd, Jidentd | 2024-02-04 | 7.2 HIGH | N/A |
| Buffer overflow in cidentd ident daemon allows local users to gain root privileges via a long line in the .authlie script. | |||||
| CVE-2003-0632 | 1 Oracle | 2 Applications, E-business Suite | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL. | |||||
| CVE-2001-1520 | 1 Intel | 1 Xircom Rex 6000 | 2024-02-04 | 2.1 LOW | N/A |
| Xircom REX 6000 allows local users to obtain the 10 digit PIN by starting a serial monitor, connecting to the personal digital assistant (PDA) via Rextools, and capturing the cleartext PIN. | |||||
| CVE-2002-0669 | 1 Pingtel | 1 Xpressa | 2024-02-04 | 5.0 MEDIUM | N/A |
| The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows administrators to cause a denial of service by modifying the SIP_AUTHENTICATE_SCHEME value to force authentication of incoming calls, which does not notify the user when an authentication failure occurs. | |||||
| CVE-2003-0067 | 1 Aterm | 1 Aterm | 2024-02-04 | 7.5 HIGH | N/A |
| The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. | |||||
| CVE-2003-1204 | 1 Mambo | 1 Mambo Site Server | 2024-02-04 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via (1) the link parameter in sectionswindow.php, the directory parameter in (2) gallery.php, (3) navigation.php, or (4) uploadimage.php, the path parameter in (5) view.php, (6) the choice parameter in upload.php, (7) the sitename parameter in mambosimple.php, (8) the type parameter in upload.php, or the id parameter in (9) emailarticle.php, (10) emailfaq.php, or (11) emailnews.php. | |||||
| CVE-2002-0478 | 1 Foundrynet | 1 Edgeiron | 2024-02-04 | 5.0 MEDIUM | N/A |
| The default configuration of Foundry Networks EdgeIron 4802F allows remote attackers to modify sensitive information via arbitrary SNMP community strings. | |||||
| CVE-2000-0938 | 1 Samba | 1 Samba | 2024-02-04 | 5.0 MEDIUM | N/A |
| Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server. | |||||
| CVE-2004-0418 | 5 Cvs, Gentoo, Openbsd and 2 more | 5 Cvs, Linux, Openbsd and 2 more | 2024-02-04 | 10.0 HIGH | N/A |
| serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data. | |||||
| CVE-2002-0423 | 1 Efingerd | 1 Efingerd | 2024-02-04 | 10.0 HIGH | N/A |
| Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a finger request from an IP address with a long hostname that is obtained via a reverse DNS lookup. | |||||
| CVE-1999-1051 | 1 Matt Wright | 1 Formhandler.cgi | 2024-02-04 | 5.0 MEDIUM | N/A |
| Default configuration in Matt Wright FormHandler.cgi script allows arbitrary directories to be used for attachments, and only restricts access to the /etc/ directory, which allows remote attackers to read arbitrary files via the reply_message_attach attachment parameter. | |||||
| CVE-2003-1293 | 1 Nukedweb | 1 Guestbookhost | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in NukedWeb GuestBookHost allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Email and (3) Message fields when signing the guestbook. | |||||
| CVE-2003-0670 | 1 Sustainable Softworks | 2 Ipnetmonitorx, Ipnetsentryx | 2024-02-04 | 2.1 LOW | N/A |
| Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff network packets via the setuid helper applications (1) RunTCPDump, which calls tcpdump, and (2) RunTCPFlow, which calls tcpflow. | |||||
| CVE-1999-0012 | 2 Microsoft, Netscape | 5 Frontpage, Internet Information Server, Personal Web Server and 2 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. | |||||
| CVE-2000-0140 | 1 True North | 1 Internet Anywhere Mail Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| Internet Anywhere POP3 Mail Server allows remote attackers to cause a denial of service via a large number of connections. | |||||
| CVE-1999-0716 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-02-04 | 4.6 MEDIUM | N/A |
| Buffer overflow in Windows NT 4.0 help file utility via a malformed help file. | |||||
| CVE-2001-0769 | 1 Steve Poulsen | 1 Guildftpd | 2024-02-04 | 5.0 MEDIUM | N/A |
| Memory leak in GuildFTPd Server 0.97 allows remote attackers to cause a denial of service via a request containing a null character. | |||||
| CVE-2002-0362 | 1 Aol | 1 Instant Messenger | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows remote attackers to execute arbitrary code via a long AddExternalApp request and a TLV type greater than 0x2711. | |||||
| CVE-2001-1359 | 1 Caldera | 1 Volution | 2024-02-04 | 10.0 HIGH | N/A |
| Volution clients 1.0.7 and earlier attempt to contact the computer creation daemon (CCD) when an LDAP authentication failure occurs, which allows remote attackers to fully control clients via a Trojan horse Volution server. | |||||