Total
254576 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-1294 | 1 Avtronics | 1 Inetserv | 2024-02-04 | 5.0 MEDIUM | N/A |
Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows remote attackers to cause a denial of service (crash) in the Webmail interface via a long username and password. | |||||
CVE-2002-1556 | 1 Cisco | 1 Optical Networking Systems Software | 2024-02-04 | 5.0 MEDIUM | N/A |
Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset) via an HTTP request to the TCC, TCC+ or XTC, in which the request contains an invalid CORBA Interoperable Object Reference (IOR). | |||||
CVE-2003-1541 | 1 Planetmoon | 1 Guestbook | 2024-02-04 | 5.0 MEDIUM | N/A |
PlanetMoon Guestbook tr3.a stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin script password, and other passwords, via a direct request to files/passwd.txt. | |||||
CVE-2000-0867 | 5 Debian, Mandrakesoft, Redhat and 2 more | 5 Debian Linux, Mandrake Linux, Linux and 2 more | 2024-02-04 | 7.2 HIGH | N/A |
Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages. | |||||
CVE-2002-1544 | 1 Cooolsoft | 1 Personal Ftp Server | 2024-02-04 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in CooolSoft Personal FTP Server 2.24 allows remote attackers to read or modify arbitrary files via .. (dot dot) sequences in the commands (1) LIST (ls), (2) mkdir, (3) put, or (4) get. | |||||
CVE-1999-0825 | 1 Sco | 1 Unixware | 2024-02-04 | 3.6 LOW | N/A |
The default permissions for UnixWare /var/mail allow local users to read and modify other users' mail. | |||||
CVE-2000-0442 | 2 Qualcomm, Sun | 3 Qpopper, Cobalt Raq 2, Cobalt Raq 3i | 2024-02-04 | 7.5 HIGH | N/A |
Qpopper 2.53 and earlier allows local users to gain privileges via a formatting string in the From: header, which is processed by the euidl command. | |||||
CVE-2002-1749 | 1 Microsoft | 1 Windows 2000 | 2024-02-04 | 7.2 HIGH | N/A |
Windows 2000 Terminal Services, when using the disconnect feature of the client, does not properly lock itself if it is left idle until the screen saver activates and the user disconnects, which could allow attackers to gain administrator privileges. | |||||
CVE-2002-0291 | 1 Funsoft | 1 Dinos Webserver | 2024-02-04 | 5.0 MEDIUM | N/A |
Dino's Webserver 1.2 allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via several large HTTP requests within a short time. | |||||
CVE-2001-0744 | 1 Horde | 1 Imp | 2024-02-04 | 2.1 LOW | N/A |
Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file. | |||||
CVE-2002-0604 | 1 Snapgear | 1 Snapgear Lite\+ Firewall | 2024-02-04 | 5.0 MEDIUM | N/A |
Snapgear Lite+ firewall 1.5.3 and 1.5.4 allows remote attackers to cause a denial of service (crash) via a large number of packets with malformed IP options. | |||||
CVE-2003-0903 | 1 Microsoft | 1 Data Access Components | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request. | |||||
CVE-2002-2213 | 2 Infoblox, Isc | 2 Dns One, Bind | 2024-02-04 | 5.0 MEDIUM | N/A |
The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods. | |||||
CVE-2000-0856 | 1 Xs4all Data | 1 Xs4all Data Sunftp | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in SunFTP build 9(1) allows remote attackers to cause a denial of service or possibly execute arbitrary commands via a long GET request. | |||||
CVE-2003-0616 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-02-04 | 7.5 HIGH | N/A |
Format string vulnerability in ePO service for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request with format strings in the computerlist parameter, which are used when logging a failed name resolution. | |||||
CVE-1999-0822 | 1 Qualcomm | 1 Qpopper | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in Qpopper (qpop) 3.0 allows remote root access via AUTH command. | |||||
CVE-2004-1449 | 2 Firebirdsql, Mozilla | 3 Firebird, Mozilla, Thunderbird | 2024-02-04 | 2.6 LOW | N/A |
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control. | |||||
CVE-2004-0425 | 1 Netegrity | 1 Sideminder Affiliate Agent | 2024-02-04 | 10.0 HIGH | N/A |
Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows remote attackers to execute arbitrary code via a large SMPROFILE cookie. | |||||
CVE-2000-0844 | 13 Caldera, Conectiva, Debian and 10 more | 16 Openlinux, Openlinux Ebuilder, Openlinux Eserver and 13 more | 2024-02-04 | 10.0 HIGH | N/A |
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen. | |||||
CVE-2004-1730 | 1 Mantis | 1 Mantis | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php. |