Total
254558 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2000-0384 | 1 Intel | 2 Netstructure 7110, Netstructure 7180 | 2024-02-04 | 10.0 HIGH | N/A |
NetStructure 7110 and 7180 have undocumented accounts (servnow, root, and wizard) whose passwords are easily guessable from the NetStructure's MAC address, which could allow remote attackers to gain root access. | |||||
CVE-2004-1443 | 1 Horde | 1 Imp | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message. | |||||
CVE-2004-0280 | 1 Caucho Technology | 1 Resin | 2024-02-04 | 5.0 MEDIUM | N/A |
Caucho Technology Resin 2.1.12 allows remote attackers to view JSP source via an HTTP request to a .jsp file that ends in a "%20" (encoded space character), e.g. index.jsp%20. | |||||
CVE-2000-0572 | 1 Visible Systems | 1 Razor | 2024-02-04 | 4.6 MEDIUM | N/A |
The Razor configuration management tool uses weak encryption for its password file, which allows local users to gain privileges. | |||||
CVE-2004-2231 | 1 Zero G | 1 Installanywhere | 2024-02-04 | 1.2 LOW | N/A |
Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) persistent_state or (2) env.properties.X temporary files. | |||||
CVE-2000-0691 | 1 Gert Doering | 1 Mgetty | 2024-02-04 | 2.1 LOW | N/A |
The faxrunq and faxrunqd in the mgetty package allows local users to create or modify arbitrary files via a symlink attack which creates a symlink in from /var/spool/fax/outgoing/.last_run to the target file. | |||||
CVE-2001-0205 | 1 Aol | 1 Aol Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in AOLserver 3.2 and earlier allows remote attackers to read arbitrary files by inserting "..." into the requested pathname, a modified .. (dot dot) attack. | |||||
CVE-2004-0851 | 1 Ulrich Callmeier | 1 Net-acct | 2024-02-04 | 2.1 LOW | N/A |
The (1) write_list and (2) dump_curr_list functions in Net-Acct before 0.71 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
CVE-1999-1308 | 1 Hp | 1 Hp-ux | 2024-02-04 | 4.6 MEDIUM | N/A |
Certain programs in HP-UX 10.20 do not properly handle large user IDs (UID) or group IDs (GID) over 60000, which could allow local users to gain privileges. | |||||
CVE-1999-0729 | 1 Ibm | 1 Lotus Domino Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to conduct a denial of service through the ldap_search request. | |||||
CVE-2004-2146 | 1 Pd9 Software | 1 Megabbs | 2024-02-04 | 5.0 MEDIUM | N/A |
CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows attackers to conduct HTTP response splitting attacks via the fid parameter in a writenew action to thread-post.asp. | |||||
CVE-2004-1558 | 1 Ypops | 1 Ypops | 2024-02-04 | 7.5 HIGH | N/A |
Multiple stack-based buffer overflows in YPOPs! (aka YahooPOPS) 0.4 through 0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) POP3 USER command or (2) SMTP request. | |||||
CVE-2003-0972 | 1 Gnu | 1 Screen | 2024-02-04 | 10.0 HIGH | N/A |
Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow. | |||||
CVE-2002-2106 | 1 Wikkitikkitavi | 1 Wikkitikkitavi | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in WikkiTikkiTavi before 0.21 allows remote attackers to execute arbitrary PHP code via the TemplateDir variable, as demonstrated using conflict.php. | |||||
CVE-2004-0843 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 5.0 MEDIUM | N/A |
Internet Explorer 5.5 and 6 does not properly handle plug-in navigation, which allows remote attackers to alter displayed address bars and thereby spoof web pages, facilitating phishing attacks, aka the "Plug-in Navigation Address Bar Spoofing Vulnerability." | |||||
CVE-2001-1529 | 1 Ibm | 1 Aix | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows attackers to gain unauthorized access via a long string. NOTE: due to lack of details in the vendor advisory, it is not clear if this is the same issue as CVE-2001-0779. | |||||
CVE-2001-1131 | 1 Whitsoft Development | 1 Slimftpd | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in WhitSoft Development SlimFTPd 2.2 allows an attacker to read arbitrary files and directories via a ... (modified dot dot) in the CD command. | |||||
CVE-2001-0083 | 1 Microsoft | 1 Windows Media Services | 2024-02-04 | 5.0 MEDIUM | N/A |
Windows Media Unicast Service in Windows Media Services 4.0 and 4.1 does not properly shut down some types of connections, producing a memory leak that allows remote attackers to cause a denial of service via a series of severed connections, aka the "Severed Windows Media Server Connection" vulnerability. | |||||
CVE-2001-1074 | 1 Webmin | 1 Webmin | 2024-02-04 | 7.2 HIGH | N/A |
Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges. | |||||
CVE-2001-0998 | 1 Ibm | 2 Aix, Hacmp | 2024-02-04 | 5.0 MEDIUM | N/A |
IBM HACMP 4.4 allows remote attackers to cause a denial of service via a completed TCP connection to HACMP ports (e.g., using a port scan) that does not send additional data, which causes a failure in snmpd. |