Total
254309 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-0350 | 1 Microsoft | 1 Windows 2000 | 2024-02-04 | 4.6 MEDIUM | N/A |
The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a "Shatter" style message to the Utility Manager that references a user-controlled callback function. | |||||
CVE-2002-1229 | 1 Avaya | 5 Cajun P550, Cajun P550r, Cajun P580 and 2 more | 2024-02-04 | 7.5 HIGH | N/A |
Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier contain undocumented accounts (1) manuf and (2) diag with default passwords, which allows remote attackers to gain privileges. | |||||
CVE-2003-1173 | 1 Centrinity | 1 Centrinity Firstclass | 2024-02-04 | 5.0 MEDIUM | N/A |
Centrinity FirstClass 7.1 allows remote attackers to access sensitive information by appending search to the end of the URL and checking all of the search option checkboxes and leaving the text field blank, which will return all files in the searched directory. | |||||
CVE-2001-1487 | 1 Qualcomm | 1 Qpopper | 2024-02-04 | 4.6 MEDIUM | N/A |
popauth utility in Qualcomm Qpopper 4.0 and earlier allows local users to overwrite arbitrary files and execute commands as the pop user via a symlink attack on the -trace file option. | |||||
CVE-2004-0576 | 1 Gnu | 1 Radius | 2024-02-04 | 5.0 MEDIUM | N/A |
The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the -enable-snmp option, allows remote attackers to cause a denial of service (server crash) via malformed SNMP messages containing an invalid OID. | |||||
CVE-2004-1634 | 1 Mozilla | 1 Bugzilla | 2024-02-04 | 5.0 MEDIUM | N/A |
show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, when using the insidergroup feature and exporting a bug to XML, shows comments and attachment summaries which are marked as private, which allows remote attackers to gain sensitive information. | |||||
CVE-2001-0279 | 2 Debian, Mandrakesoft | 3 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gain root privileges. | |||||
CVE-2004-0494 | 2 Avaya, Redhat | 4 Cvlan, Enterprise Linux, Enterprise Linux Desktop and 1 more | 2024-02-04 | 7.5 HIGH | N/A |
Multiple extfs backend scripts for GNOME virtual file system (VFS) before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI. | |||||
CVE-2000-0908 | 1 Netcplus | 1 Browsegate | 2024-02-04 | 5.0 MEDIUM | N/A |
BrowseGate 2.80 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via long Authorization or Referer MIME headers in the HTTP request. | |||||
CVE-2004-0835 | 3 Debian, Mysql, Oracle | 3 Debian Linux, Mysql, Mysql | 2024-02-04 | 7.5 HIGH | N/A |
MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities. | |||||
CVE-2001-0049 | 1 Watchguard | 1 Soho Firewall | 2024-02-04 | 5.0 MEDIUM | N/A |
WatchGuard SOHO FireWall 2.2.1 and earlier allows remote attackers to cause a denial of service via a large number of GET requests. | |||||
CVE-2000-0024 | 1 Microsoft | 3 Internet Information Server, Site Server, Site Server Commerce | 2024-02-04 | 6.4 MEDIUM | N/A |
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability. | |||||
CVE-2001-0353 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and earlier allows local and remote attackers to gain root privileges via a "transfer job" routine. | |||||
CVE-2004-1646 | 1 Jerod Moemeka | 1 Xedus | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Xedus 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | |||||
CVE-1999-0564 | 2024-02-04 | 10.0 HIGH | N/A | ||
An attacker can force a printer to print arbitrary documents (e.g. if the printer doesn't require a password) or to become disabled. | |||||
CVE-2001-0905 | 1 Procmail | 1 Procmail | 2024-02-04 | 6.2 MEDIUM | N/A |
Race condition in signal handling of procmail 3.20 and earlier, when running setuid, allows local users to cause a denial of service or gain root privileges by sending a signal while a signal handling routine is already running. | |||||
CVE-2002-1395 | 1 Debian | 1 Internet Message | 2024-02-04 | 2.1 LOW | N/A |
Internet Message (IM) 141-18 and earlier uses predictable file and directory names, which allows local users to (1) obtain unauthorized directory permissions via a temporary directory used by impwagent, and (2) overwrite and create arbitrary files via immknmz. | |||||
CVE-2002-2237 | 1 Tftp | 1 Tftp Server | 2024-02-04 | 5.0 MEDIUM | N/A |
tftp32 TFTP server 2.21 and earlier allows remote attackers to cause a denial of service via a GET request with a DOS device name such as com1 or aux. | |||||
CVE-2000-0498 | 1 Unify | 1 Ewave Servletexec | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. | |||||
CVE-2001-1534 | 1 Apache | 1 Http Server | 2024-02-04 | 2.1 LOW | N/A |
mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication. |