Total
254331 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1515 | 1 Jelsoft | 1 Vbulletin | 2024-02-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php. | |||||
| CVE-2004-2191 | 1 Turbotraffictrader | 1 Turbotraffictrader Php | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ttt-webmaster.php in Turbo Traffic Trader PHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) msg[0] or (2) siteurl parameters. | |||||
| CVE-2002-1137 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644. | |||||
| CVE-1999-1075 | 1 Ibm | 1 Aix | 2024-02-04 | 5.0 MEDIUM | N/A |
| inetd in AIX 4.1.5 dynamically assigns a port N when starting ttdbserver (ToolTalk server), but also inadvertently listens on port N-1 without passing control to ttdbserver, which allows remote attackers to cause a denial of service via a large number of connections to port N-1, which are not properly closed by inetd. | |||||
| CVE-2003-0414 | 1 Sun | 1 One Application Server | 2024-02-04 | 7.2 HIGH | N/A |
| The installation of Sun ONE Application Server 7.0 for Windows 2000/XP creates a statefile with world-readable permissions, which allows local users to gain privileges by reading a plaintext password in the statefile. | |||||
| CVE-2002-1888 | 1 Commonname | 1 Commonname Toolbar | 2024-02-04 | 2.1 LOW | N/A |
| CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to the CommonName organization and possibly other web servers for name resolution, which allows those organizations to obtain internal server names. | |||||
| CVE-2000-0749 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 7.2 HIGH | N/A |
| Buffer overflow in the Linux binary compatibility module in FreeBSD 3.x through 5.x allows local users to gain root privileges via long filenames in the linux shadow file system. | |||||
| CVE-2004-2174 | 1 Early Impact | 1 Productcart | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Custva.asp in EarlyImpact ProductCart allows remote attackers to inject arbitrary Javascript via the redirectUrl parameter. | |||||
| CVE-2002-0095 | 1 Fraunhofer Fit | 1 Bscw | 2024-02-04 | 7.5 HIGH | N/A |
| The default configuration of BSCW (Basic Support for Cooperative Work) 3.x and possibly version 4 enables user self registration, which could allow remote attackers to upload files and possibly join a user community that was intended to be closed. | |||||
| CVE-1999-0300 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 7.5 HIGH | N/A |
| nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ servers. | |||||
| CVE-2002-2296 | 1 Yabb | 1 Yabb | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in YaBB.pl in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 allows remote attackers to inject arbitrary web script or HTML via the num parameter. | |||||
| CVE-2002-0523 | 1 Asp-nuke | 1 Asp-nuke | 2024-02-04 | 5.0 MEDIUM | N/A |
| ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in users by submitting an invalid "pseudo" cookie. | |||||
| CVE-2002-1546 | 1 Brs | 1 Webweaver | 2024-02-04 | 7.5 HIGH | N/A |
| BRS WebWeaver Web Server 1.01 allows remote attackers to bypass password protections for files and directories via an HTTP request containing a "/./" sequence. | |||||
| CVE-2001-1484 | 1 Alcatel | 2 Adsl Modem 1000, Speed Touch Adsl Modem | 2024-02-04 | 7.5 HIGH | N/A |
| Alcatel ADSL modems allow remote attackers to access the Trivial File Transfer Protocol (TFTP) to modify firmware and configuration via a bounce attack from a system on the local area network (LAN) side, which is allowed to access TFTP without authentication. | |||||
| CVE-2004-0746 | 4 Gentoo, Kde, Mandrakesoft and 1 more | 5 Linux, Kde, Konqueror and 2 more | 2024-02-04 | 7.5 HIGH | N/A |
| Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. | |||||
| CVE-2003-0590 | 1 Splatt | 1 Splatt Forum | 2024-02-04 | 7.1 HIGH | N/A |
| Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote attackers to insert arbitrary HTML and web script via the post icon (image_subject) field. | |||||
| CVE-2004-0691 | 1 Trolltech | 1 Qt | 2024-02-04 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code. | |||||
| CVE-2002-0444 | 1 Microsoft | 1 Windows 2000 Terminal Services | 2024-02-04 | 7.5 HIGH | N/A |
| Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies. | |||||
| CVE-2003-1231 | 1 Ecw-shop | 1 Ecw-shop | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | |||||
| CVE-2002-0123 | 1 Mdg Computer Services | 1 Web Server 4d Ecommerce | 2024-02-04 | 7.5 HIGH | N/A |
| MDG Computer Services Web Server 4D WS4D/eCommerce 3.0 and earlier, and possibly 3.5.3, allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request. | |||||