Total
254537 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0287 | 1 Powie | 1 Pforum | 2024-02-04 | 10.0 HIGH | N/A |
pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default. | |||||
CVE-2001-0753 | 1 Cisco | 1 Cbos | 2024-02-04 | 7.5 HIGH | N/A |
Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) enable in cleartext in the NVRAM and a configuration file, which could allow unauthorized users to obtain the passwords and gain privileges. | |||||
CVE-2004-1934 | 1 Isesam | 1 Gemitel | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in affich.php in Gemitel 3.50 allows remote attackers to execute arbitrary PHP code via the base parameter. | |||||
CVE-2001-0942 | 1 Oracle | 1 Database Server | 2024-02-04 | 4.6 MEDIUM | N/A |
dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment variable to find and execute the dbsnmp program, which allows local users to execute arbitrary programs by pointing the ORACLE_HOME to an alternate directory that contains a malicious version of dbsnmp. | |||||
CVE-1999-0289 | 2 Apache, Microsoft | 2 Http Server, Windows | 2024-02-04 | 5.0 MEDIUM | N/A |
The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. | |||||
CVE-2004-0254 | 1 Crosscom Olicom | 1 Discuz | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x allows remote attackers to execute arbitrary script as other users via an img tag. | |||||
CVE-2003-1011 | 1 Apple | 1 Mac Os X | 2024-02-04 | 7.2 HIGH | N/A |
Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB keyboard to gain unauthorized access by holding down the CTRL and C keys when the system is booting, which crashes the init process and leaves the user in a root shell. | |||||
CVE-2004-2060 | 1 Xlinesoft | 1 Asprunner | 2024-02-04 | 5.0 MEDIUM | N/A |
ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable based on table and field names. | |||||
CVE-1999-0048 | 3 Debian, Ibm, Nec | 5 Netkit, Aix, Asl Ux 4800 and 2 more | 2024-02-04 | 10.0 HIGH | N/A |
Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges. | |||||
CVE-2001-0032 | 1 Eric Rescorla | 1 Ssldump | 2024-02-04 | 10.0 HIGH | N/A |
Format string vulnerability in ssldump possibly allows remote attackers to cause a denial of service and possibly gain root privileges via malicious format string specifiers in a URL. | |||||
CVE-2002-1555 | 1 Cisco | 1 Optical Networking Systems Software | 2024-02-04 | 5.0 MEDIUM | N/A |
Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" SNMP community string that cannot be changed, which allows remote attackers to obtain sensitive information. | |||||
CVE-2004-2114 | 1 Internetnow | 1 Proxynow | 2024-02-04 | 10.0 HIGH | N/A |
Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and earlier allow remote attackers to execute arbitrary code via a GET request with a long ftp:// URL. | |||||
CVE-2000-0249 | 1 Ibm | 1 Aix | 2024-02-04 | 7.2 HIGH | N/A |
The AIX Fast Response Cache Accelerator (FRCA) allows local users to modify arbitrary files via the configuration capability in the frcactrl program. | |||||
CVE-2003-0577 | 1 Mpg123 | 1 Mpg123 | 2024-02-04 | 7.5 HIGH | N/A |
mpg123 0.59r allows remote attackers to cause a denial of service and possibly execute arbitrary code via an MP3 file with a zero bitrate, which creates a negative frame size. | |||||
CVE-1999-1470 | 1 Eastman Software | 1 Work Management | 2024-02-04 | 4.6 MEDIUM | N/A |
Eastman Work Management 3.21 stores passwords in cleartext in the COMMON and LOCATOR registry keys, which could allow local users to gain privileges. | |||||
CVE-2002-2093 | 1 Sgi | 1 Irix | 2024-02-04 | 2.1 LOW | N/A |
The Video Control Panel on SGI O2/IRIX 6.5, when the Default Input is set to "Output Video", allows attackers to access a console session by running videoout then videoin. | |||||
CVE-2001-1004 | 1 Gnutella | 1 Gnutella Client | 2024-02-04 | 5.0 MEDIUM | N/A |
Cross-site scripting (CSS) vulnerability in gnut Gnutella client before 0.4.27 allows remote attackers to execute arbitrary script on other clients by sharing a file whose name contains the script tags. | |||||
CVE-2004-0224 | 3 Double Precision Incorporated, Gentoo, Inter7 | 4 Courier Mta, Sqwebmail, Linux and 1 more | 2024-02-04 | 7.5 HIGH | N/A |
Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range." | |||||
CVE-1999-1448 | 1 Qualcomm | 2 Eudora, Eudora Light | 2024-02-04 | 5.0 MEDIUM | N/A |
Eudora and Eudora Light before 3.05 allows remote attackers to cause a crash and corrupt the user's mailbox via an e-mail message with certain dates, such as (1) dates before 1970, which cause a Divide By Zero error, or (2) dates that are 100 years after the current date, which causes a segmentation fault. | |||||
CVE-2001-1159 | 1 Squirrelmail | 1 Squirrelmail | 2024-02-04 | 7.5 HIGH | N/A |
load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP. |