Total
238872 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-1873 | 1 Microsoft | 1 Exchange Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls. | |||||
CVE-2003-0093 | 1 Lbl | 1 Tcpdump | 2024-02-04 | 5.0 MEDIUM | N/A |
The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service (crash) via an invalid RADIUS packet with a header length field of 0, which causes tcpdump to generate data within an infinite loop. | |||||
CVE-2004-1345 | 1 Sun | 3 Enterprise Storage Manager, Storedge 3310 Scsi Array, Storedge 3510 Fc Array | 2024-02-04 | 7.2 HIGH | N/A |
Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) 2.1 for Solaris 8 and Solaris 9 allows local users with the "ESMUser" role to gain root access. | |||||
CVE-2000-0049 | 1 Nullsoft | 1 Winamp | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in Winamp client allows remote attackers to execute commands via a long entry in a .pls file. | |||||
CVE-2001-0107 | 1 Symantec Veritas | 1 Backup | 2024-02-04 | 5.0 MEDIUM | N/A |
Veritas Backup agent on Linux allows remote attackers to cause a denial of service by establishing a connection without sending any data, which causes the process to hang. | |||||
CVE-2002-2362 | 1 Sourceforge | 1 Mymarket | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in form_header.php in MyMarket 1.71 allows remote attackers to inject arbitrary web script or HTML via the noticemsg parameter. | |||||
CVE-2001-1032 | 1 Francisco Burzi | 1 Php-nuke | 2024-02-04 | 7.5 HIGH | N/A |
admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to copy. | |||||
CVE-2001-0717 | 1 Tooltalk | 1 Tooltalk Database Server | 2024-02-04 | 10.0 HIGH | N/A |
Format string vulnerability in ToolTalk database server rpc.ttdbserverd allows remote attackers to execute arbitrary commands via format string specifiers that are passed to the syslog function. | |||||
CVE-2003-0812 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2024-02-04 | 7.5 HIGH | N/A |
Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API. | |||||
CVE-2002-0546 | 1 Nullsoft | 1 Winamp | 2024-02-04 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file. | |||||
CVE-1999-0740 | 1 Redhat | 1 Linux | 2024-02-04 | 6.4 MEDIUM | N/A |
Remote attackers can cause a denial of service on Linux in.telnetd telnet daemon through a malformed TERM environmental variable. | |||||
CVE-2004-1877 | 1 Oracle | 2 Application Server, Http Server | 2024-02-04 | 2.6 LOW | N/A |
The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password. | |||||
CVE-2003-1439 | 1 Silc | 1 Secure Internet Live Conferencing | 2024-02-04 | 4.3 MEDIUM | N/A |
Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores passwords and sessions in plaintext in memory, which could allow local users to obtain sensitive information. | |||||
CVE-2003-0722 | 1 Sun | 1 Solaris | 2024-02-04 | 10.0 HIGH | N/A |
The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets. | |||||
CVE-2004-1726 | 1 John Bradley | 1 Xv | 2024-02-04 | 7.5 HIGH | N/A |
Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3) xvpm.c in XV allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. | |||||
CVE-2003-0375 | 1 Xmb Forum | 1 Xmb | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB 1.8.x (aka Partagium) allows remote attackers to insert arbitrary HTML and web script via the "member" parameter. | |||||
CVE-2004-1552 | 1 Full Revolution | 1 Aspwebcalendar | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in aspWebCalendar allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the eventid parameter to calendar.asp. | |||||
CVE-2003-0404 | 1 Vignette | 3 Content Suite, Storyserver, Vignette | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, allow remote attackers to insert arbitrary HTML and script via text variables, as demonstrated using the errInfo parameter of the default login template. | |||||
CVE-2003-0264 | 1 Seattle Lab Software | 1 Slmail | 2024-02-04 | 7.5 HIGH | N/A |
Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers to execute arbitrary code via (1) a long EHLO argument to slmail.exe, (2) a long XTRN argument to slmail.exe, (3) a long string to POPPASSWD, or (4) a long password to the POP3 server. | |||||
CVE-2004-2239 | 1 Inter7 | 1 Vpopmail \(vchkpw\) | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow attackers to cause a denial of service or execute arbitrary code. |