Total
238872 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-0495 | 1 Ledscripts.com | 1 Lednews | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote attackers to insert arbitrary web script via a news item. | |||||
CVE-2001-0332 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 5.0 MEDIUM | N/A |
Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain using MSScriptControl.ScriptControl and GetObject, aka a variant of the "Frame Domain Verification" vulnerability. | |||||
CVE-2002-1350 | 1 Lbl | 1 Tcpdump | 2024-02-04 | 7.5 HIGH | N/A |
The BGP decoding routines in tcpdump 3.6.x before 3.7 do not properly copy data, which allows remote attackers to cause a denial of service (application crash). | |||||
CVE-2004-1971 | 1 Oscar Fafian | 1 Video Gallery | 2024-02-04 | 5.0 MEDIUM | N/A |
modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to gain sensitive information via an HTTP request with an invalid (1) catid or (2) clipid parameter, which reveals the full path in an error message. | |||||
CVE-2001-0129 | 1 Tinyproxy | 1 Tinyproxy | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in Tinyproxy HTTP proxy 1.3.3 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long connect request. | |||||
CVE-2001-0961 | 1 John E. Davis | 1 Most | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in tab expansion capability of the most program allows local or remote attackers to execute arbitrary code via a malformed file that is viewed with most. | |||||
CVE-2004-1296 | 1 Gnu | 1 Groff | 2024-02-04 | 2.1 LOW | N/A |
The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
CVE-1999-0988 | 1 Sco | 1 Unixware | 2024-02-04 | 7.2 HIGH | N/A |
UnixWare pkgtrans allows local users to read arbitrary files via a symlink attack. | |||||
CVE-2004-1121 | 1 Apple | 1 Safari | 2024-02-04 | 5.0 MEDIUM | N/A |
Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags. | |||||
CVE-2004-0332 | 1 Extremail | 1 Extremail | 2024-02-04 | 10.0 HIGH | N/A |
Extremail 1.5.9 does not check passwords correctly when they are all digits or begin with a digit, which allows remote attackers to gain privileges. | |||||
CVE-2004-0706 | 1 Mozilla | 1 Bugzilla | 2024-02-04 | 2.1 LOW | N/A |
Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, which could allow local users to view the password in the web server log files. | |||||
CVE-2004-1667 | 1 Gearbox Software | 1 Halo Combat Evolved | 2024-02-04 | 5.0 MEDIUM | N/A |
Off-by-one error in Halo Combat Evolved 1.04 and earlier allows remote attackers to cause a denial of service (server crash) via a long client response. | |||||
CVE-2001-1473 | 1 Ssh | 1 Ssh | 2024-02-04 | 7.5 HIGH | N/A |
The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target. | |||||
CVE-2001-0941 | 1 Oracle | 1 Database Server | 2024-02-04 | 4.6 MEDIUM | N/A |
Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable. | |||||
CVE-2001-0215 | 1 Martin Hamilton | 1 Roads | 2024-02-04 | 5.0 MEDIUM | N/A |
ROADS search.pl program allows remote attackers to read arbitrary files by specifying the file name in the form parameter and terminating the filename with a null byte. | |||||
CVE-2002-0785 | 1 Aol | 1 Instant Messenger | 2024-02-04 | 5.0 MEDIUM | N/A |
AOL Instant Messenger (AIM) allows remote attackers to cause a denial of service (crash) via an "AddBuddy" link with the ScreenName parameter set to a large number of comma-separated values, possibly triggering a buffer overflow. | |||||
CVE-2000-1100 | 1 Trlinux | 1 Postaci Webmail | 2024-02-04 | 7.5 HIGH | N/A |
The default configuration for PostACI webmail system installs the /includes/global.inc configuration file within the web root, which allows remote attackers to read sensitive information such as database usernames and passwords via a direct HTTP GET request. | |||||
CVE-2004-1661 | 1 Sitecubed | 1 Mailworks Professional | 2024-02-04 | 7.5 HIGH | N/A |
MailWorks Professional allows remote attackers to bypass authentication and gain privileges via a cookie that contains "auth=1" and "uId=1." | |||||
CVE-2000-0769 | 1 Oreilly | 1 Website Pro | 2024-02-04 | 7.5 HIGH | N/A |
O'Reilly WebSite Pro 2.3.7 installs the uploader.exe program with execute permissions for all users, which allows remote attackers to create and execute arbitrary files by directly calling uploader.exe. | |||||
CVE-2004-0500 | 3 Gentoo, Mandrakesoft, Rob Flynn | 3 Linux, Mandrake Linux, Gaim | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via MSNSLP protocol messages that are not properly handled in a strncpy call. |