Total
240426 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-0330 | 1 Ambrosia Software | 1 Maelstrom | 2024-02-04 | 4.6 MEDIUM | N/A |
| Buffer overflow in unknown versions of Maelstrom allows local users to execute arbitrary code via a long -player command line argument. | |||||
| CVE-2003-1419 | 1 Netscape | 1 Navigator | 2024-02-04 | 4.3 MEDIUM | N/A |
| Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function. | |||||
| CVE-2002-1528 | 1 Mondosoft | 1 Mondosearch | 2024-02-04 | 5.0 MEDIUM | N/A |
| MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain the source code of scripts via the mask parameter. | |||||
| CVE-2000-1207 | 1 Redhat | 1 Linux | 2024-02-04 | 7.2 HIGH | N/A |
| userhelper in the usermode package on Red Hat Linux executes non-setuid programs as root, which does not activate the security measures in glibc and allows the programs to be exploited via format string vulnerabilities in glibc via the LANG or LC_ALL environment variables (CVE-2000-0844). | |||||
| CVE-2002-1821 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2024-02-04 | 4.6 MEDIUM | N/A |
| Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated users to gain privileges and perform unauthorized actions via direct requests to (1) admin_members.php, (2) admin_config.php, (3) admin_cat.php, or (4) admin_forum.php. | |||||
| CVE-2000-1104 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-04 | 7.5 HIGH | N/A |
| Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site. | |||||
| CVE-1999-1166 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 7.2 HIGH | N/A |
| Linux 2.0.37 does not properly encode the Custom segment limit, which allows local users to gain root privileges by accessing and modifying kernel memory. | |||||
| CVE-2000-0414 | 1 Hp | 2 Hp-ux, Vvos | 2024-02-04 | 4.6 MEDIUM | N/A |
| Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows local users to gain privileges via malformed input variables. | |||||
| CVE-2004-1609 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2024-02-04 | 5.0 MEDIUM | N/A |
| SalesLogix 6.1 includes usernames, passwords, and other sensitive information in the headers of an HTTP response, which could allow remote attackers to gain access. | |||||
| CVE-2004-0664 | 1 Powerportal | 1 Powerportal | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in modules.php in PowerPortal 1.x allows remote attackers to list arbitrary directories via a .. (dot dot) in the files parameter. | |||||
| CVE-2002-0419 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-04 | 5.0 MEDIUM | N/A |
| Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request. NOTE: this entry originally contained a vector (1) in which the server reveals whether it supports Basic or NTLM authentication through 401 Access Denied error messages. CVE has REJECTED this vector; it is not a vulnerability because the information is already available through legitimate use, since authentication cannot proceed without specifying a scheme that is supported by both the client and the server. | |||||
| CVE-2001-1235 | 1 Derek Leung | 1 Pslash | 2024-02-04 | 7.5 HIGH | N/A |
| pSlash PHP script 0.7 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable. | |||||
| CVE-2003-1512 | 1 Khaled Mardam-bey | 1 Mirc | 2024-02-04 | 5.0 MEDIUM | N/A |
| Buffer overflow in mIRC 6.1 and 6.11 allows remote attackers to cause a denial of service (crash) via a long DCC SEND request. | |||||
| CVE-2003-0321 | 1 Colten Edwards | 1 Bitchx | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier allow remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via long hostnames, nicknames, or channel names, which are not properly handled by the functions (1) send_ctcp, (2) cannot_join_channel, (3) cluster, (4) BX_compress_modes, (5) handle_oper_vision, and (6) ban_it. | |||||
| CVE-1999-0697 | 1 Sco | 1 Openserver | 2024-02-04 | 7.2 HIGH | N/A |
| SCO Doctor allows local users to gain root privileges through a Tools option. | |||||
| CVE-1999-0376 | 1 Microsoft | 1 Windows Nt | 2024-02-04 | 4.6 MEDIUM | N/A |
| Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs. | |||||
| CVE-2002-1831 | 1 Microsoft | 1 Msn Messenger | 2024-02-04 | 5.0 MEDIUM | N/A |
| Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie field. | |||||
| CVE-2003-0805 | 1 University Of Minnesota | 1 Gopherd | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a result of a LIST command, and (2) the GSisText function, which calculates the view-type. | |||||
| CVE-1999-1428 | 1 Sun | 1 Solstice Adminsuite | 2024-02-04 | 6.2 MEDIUM | N/A |
| Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local users to gain privileges via the save option in the Database Manager, which is running with setgid bin privileges. | |||||
| CVE-2004-1565 | 1 W-agora | 1 W-agora | 2024-02-04 | 5.0 MEDIUM | N/A |
| list.php in w-Agora 4.1.6a allows remote attackers to reveal the full path via a crafted HTTP request, possibly involving a malformed id parameter. | |||||