Total
254537 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-1406 | 1 Ikonboard.com | 1 Ikonboard | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in ikonboard.cgi in Ikonboard 3.1.0 through 3.1.3 allows remote attackers to inject arbitrary SQL commands via the (1) st or (2) keywords parameter. | |||||
CVE-2001-1102 | 1 Checkpoint | 1 Firewall-1 | 2024-02-04 | 6.2 MEDIUM | N/A |
Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users to overwrite arbitrary files via a symlink attack on temporary policy files that end in a .cpp extension, which are set world-writable. | |||||
CVE-1999-1548 | 1 Cabletron | 1 Smartswitch Router 8000 Firmware | 2024-02-04 | 5.0 MEDIUM | N/A |
Cabletron SmartSwitch Router (SSR) 8000 firmware 2.x can only handle 200 ARP requests per second allowing a denial of service attack to succeed with a flood of ARP requests exceeding that limit. | |||||
CVE-2002-1807 | 1 Phpwebsite | 1 Phpwebsite | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in phpWebSite 0.8.3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag. | |||||
CVE-2002-2064 | 1 Phpwebgallery | 1 Phpwebgallery | 2024-02-04 | 7.5 HIGH | N/A |
isadmin.php in PhpWebGallery 1.0 allows remote attackers to gain administrative access via by setting the photo_login cookie to pseudo. | |||||
CVE-2002-0463 | 1 Arsc Really Simple Chat | 1 Arsc Really Simple Chat | 2024-02-04 | 5.0 MEDIUM | N/A |
home.php in ARSC (Really Simple Chat) 1.0.1 and earlier allows remote attackers to determine the full pathname of the web server via an invalid language in the arsc_language parameter, which leaks the pathname in an error message. | |||||
CVE-2004-1986 | 2 Coppermine, Francisco Burzi | 2 Coppermine Photo Gallery, Php-nuke | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the startdir parameter. | |||||
CVE-2003-0861 | 1 Php | 1 Php | 2024-02-04 | 10.0 HIGH | N/A |
Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors. | |||||
CVE-2001-0771 | 1 Spytech-web | 1 Spyanywhere | 2024-02-04 | 7.5 HIGH | N/A |
Spytech SpyAnywhere 1.50 allows remote attackers to gain administrator access via a single character in the "loginpass" field. | |||||
CVE-2002-1307 | 1 Mhonarc | 1 Mhonarc | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name. | |||||
CVE-2000-0703 | 1 Larry Wall | 1 Perl | 2024-02-04 | 7.2 HIGH | N/A |
suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence. | |||||
CVE-2002-1089 | 1 Oracle | 2 Application Server, Reports | 2024-02-04 | 5.0 MEDIUM | N/A |
rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks. | |||||
CVE-2000-0011 | 1 Analogx | 1 Simpleserver Www | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in AnalogX SimpleServer:WWW HTTP server allows remote attackers to execute commands via a long GET request. | |||||
CVE-1999-1169 | 1 Flavio Veloso | 1 Nobo | 2024-02-04 | 5.0 MEDIUM | N/A |
nobo 1.2 allows remote attackers to cause a denial of service (crash) via a series of large UDP packets. | |||||
CVE-2004-0257 | 2 Netbsd, Openbsd | 2 Netbsd, Openbsd | 2024-02-04 | 5.0 MEDIUM | N/A |
OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a denial of service (crash) by sending an IPv6 packet with a small MTU to a listening port and then issuing a TCP connect to that port. | |||||
CVE-2004-2103 | 1 Novell | 1 Netware | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to process arbitrary script or HTML as other users via (1) a malformed request for a Perl program with script in the filename, (2) the User.id parameter to the webacc servlet, (3) the GWAP.version parameter to webacc, or (4) a URL request for a .bas file with script in the filename. | |||||
CVE-2004-0276 | 1 Monkey-project | 1 Monkey | 2024-02-04 | 5.0 MEDIUM | N/A |
The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request with a sequence of "%" characters and a missing Host field. | |||||
CVE-2001-0951 | 1 Microsoft | 1 Windows 2000 | 2024-02-04 | 5.0 MEDIUM | N/A |
Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters. | |||||
CVE-2001-0308 | 1 Bajie | 1 Java Http Server | 2024-02-04 | 7.5 HIGH | N/A |
UploadServlet in Bajie HTTP JServer 0.78, and possibly other versions before 0.80, allows remote attackers to execute arbitrary commands by calling the servlet to upload a program, then using a ... (modified ..) to access the file that was created for the program. | |||||
CVE-2000-0608 | 1 Netwin | 2 Cwmail, Dmailweb | 2024-02-04 | 5.0 MEDIUM | N/A |
NetWin dMailWeb and cwMail 2.6i and earlier allows remote attackers to cause a denial of service via a long POP parameter (pophost). |