Total
238579 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0225 | 1 Cisco | 1 Tacacs\+ | 2024-02-04 | 4.6 MEDIUM | N/A |
| tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, creates files from the accounting directive with world-readable and writable permissions, which allows local users to access and modify sensitive files. | |||||
| CVE-1999-0071 | 1 Apache | 1 Http Server | 2024-02-04 | 7.5 HIGH | N/A |
| Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. | |||||
| CVE-1999-1461 | 1 Sgi | 1 Irix | 2024-02-04 | 7.2 HIGH | N/A |
| inpview in InPerson on IRIX 5.3 through IRIX 6.5.10 trusts the PATH environmental variable to find and execute the ttsession program, which allows local users to obtain root access by modifying the PATH to point to a Trojan horse ttsession program. | |||||
| CVE-2003-1337 | 1 Aprelium Technologies | 1 Abyss Web Server | 2024-02-04 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2004-0154 | 1 Nfs | 1 Nfs-utils | 2024-02-04 | 5.0 MEDIUM | N/A |
| rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers to cause a denial of service (crash) via an NFS mount of a directory from a client whose reverse DNS lookup name is different from the forward lookup name. | |||||
| CVE-2004-1497 | 1 Minihttpserver.net | 1 Web Forums Server | 2024-02-04 | 4.6 MEDIUM | N/A |
| Web Forums Server 1.6 and 2.0 Power Pack stores passwords in plaintext in the Username.ini file, which allows local users to gain privileges. | |||||
| CVE-2004-1872 | 1 Webct | 1 Webct | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebCT Campus Edition 4.1.1.5 allows remote attackers to inject arbitrary web script or HTML via the @import URL function in a CSS style tag. | |||||
| CVE-2004-0872 | 1 Opera | 1 Opera Browser | 2024-02-04 | 5.0 MEDIUM | N/A |
| Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection." | |||||
| CVE-2004-1649 | 1 Microsoft | 1 Windows 2000 | 2024-02-04 | 7.2 HIGH | N/A |
| Buffer overflow in Microsoft Msinfo32.exe might allow local users to execute arbitrary code via a long filename in the msinfo_file command line parameter. NOTE: this issue might not cross security boundaries, so it may be REJECTED in the future. | |||||
| CVE-2001-0726 | 1 Microsoft | 1 Exchange Server | 2024-02-04 | 7.5 HIGH | N/A |
| Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actions on a user's Exchange mailbox via an HTML e-mail message. | |||||
| CVE-2002-0593 | 2 Mozilla, Netscape | 3 Mozilla, Communicator, Navigator | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI. | |||||
| CVE-2002-1050 | 1 Hylafax | 1 Hylafax | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in HylaFAX faxgetty before 4.1.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long line of image data. | |||||
| CVE-2003-1100 | 1 Hummingbird | 1 Cyberdocs | 2024-02-04 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allow remote attackers to inject arbitrary web script or HTML via certain vectors. | |||||
| CVE-1999-0525 | 2024-02-04 | N/A | N/A | ||
| IP traceroute is allowed from arbitrary hosts. | |||||
| CVE-2001-0767 | 1 Steve Poulsen | 1 Guildftpd | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in GuildFTPd 0.9.7 allows attackers to list or read arbitrary files and directories via a .. in (1) LS or (2) GET. | |||||
| CVE-2004-1475 | 1 Xine | 2 Xine, Xine-lib | 2024-02-04 | 5.1 MEDIUM | N/A |
| Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines. | |||||
| CVE-1999-0353 | 1 Hp | 1 Hp-ux | 2024-02-04 | 9.3 HIGH | N/A |
| rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory. | |||||
| CVE-2004-0009 | 1 Apache-ssl | 1 Apache-ssl | 2024-02-04 | 7.5 HIGH | N/A |
| Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user. | |||||
| CVE-2000-0918 | 1 Kde | 1 Kvt | 2024-02-04 | 7.2 HIGH | N/A |
| Format string vulnerability in kvt in KDE 1.1.2 may allow local users to execute arbitrary commands via a DISPLAY environmental variable that contains formatting characters. | |||||
| CVE-2004-1362 | 1 Oracle | 9 Application Server, Collaboration Suite, E-business Suite and 6 more | 2024-02-04 | 7.5 HIGH | N/A |
| The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with "%FF" encoded sequences that are improperly converted to "Y" characters. | |||||