Total
254309 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-0534 | 2 Lucent, Merit | 2 Radius, Radius | 2024-02-04 | 10.0 HIGH | N/A |
Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b and (2) Lucent 2.1-2 RADIUS allow remote attackers to cause a denial of service or execute arbitrary commands. | |||||
CVE-2002-1618 | 1 Hp | 2 Hp-ux, Jfs | 2024-02-04 | 7.2 HIGH | N/A |
JFS (JFS3.1 and OnlineJFS) in HP-UX 10.20, 11.00, and 11.04 does not properly implement the sticky bit functionality, which could allow attackers to bypass intended restrictions on filesystems. | |||||
CVE-2002-0034 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2024-02-04 | 4.6 MEDIUM | N/A |
The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected. | |||||
CVE-2002-0984 | 1 Light | 1 Light | 2024-02-04 | 7.5 HIGH | N/A |
The IRC script included in Light 2.7.x before 2.7.30p5, and 2.8.x before 2.8pre10, running EPIC allows remote attackers to execute arbitrary code if the user joins a channel whose topic includes EPIC4 code. | |||||
CVE-2003-1135 | 1 Yahoo | 1 Messenger | 2024-02-04 | 2.6 LOW | N/A |
Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to cause a denial of service (crash) via a file send request (sendfile) with a large number of "%" (percent) characters after the Yahoo ID. | |||||
CVE-2002-1412 | 1 Gallery Project | 1 Gallery | 2024-02-04 | 7.5 HIGH | N/A |
Gallery photo album package before 1.3.1 allows local and possibly remote attackers to execute arbitrary code via a modified GALLERY_BASEDIR variable that points to a directory or URL that contains a Trojan horse init.php script. | |||||
CVE-2004-1875 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 9.3 HIGH | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) account parameter to ignorelist.html, (5) account parameter to showlog.html, (6) db parameter to repairdb.html, (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm, or (9) ip parameter to del.html. NOTE: the dnslook.html vector was later reported to exist in cPanel 10. | |||||
CVE-2002-0712 | 1 Entrust | 1 Entrust Authority Security Manager | 2024-02-04 | 2.1 LOW | N/A |
Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations. | |||||
CVE-1999-0171 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.1 LOW | N/A |
Denial of service in syslog by sending it a large number of superfluous messages. | |||||
CVE-1999-1080 | 1 Sun | 1 Sunos | 2024-02-04 | 7.2 HIGH | N/A |
rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to gain root privileges by mounting a floppy or CD-ROM that contains a setuid program and running volcheck, when the file systems do not have the nosuid option specified in rmmount.conf. | |||||
CVE-2001-1006 | 1 Starfish | 1 Truesync Desktop | 2024-02-04 | 5.0 MEDIUM | N/A |
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA does not encrypt sensitive files and relies solely on its password feature to restrict access, which allows an attacker to read the files using a different application. | |||||
CVE-1999-1124 | 1 Allaire | 1 Coldfusion | 2024-02-04 | 7.5 HIGH | N/A |
HTTP Client application in ColdFusion allows remote attackers to bypass access restrictions for web pages on other ports by providing the target page to the mainframeset.cfm application, which requests the page from the server, making it look like the request is coming from the local host. | |||||
CVE-2001-0323 | 2024-02-04 | 6.4 MEDIUM | N/A | ||
The ICMP path MTU (PMTU) discovery feature in various UNIX systems allows remote attackers to cause a denial of service by spoofing "ICMP Fragmentation needed but Don't Fragment (DF) set" packets between two target hosts, which could cause one host to lower its MTU when transmitting to the other host. | |||||
CVE-2001-0172 | 2 Hans Reiser, Suse | 2 Reiserfs, Suse Linux | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in ReiserFS 3.5.28 in SuSE Linux allows local users to cause a denial of service and possibly execute arbitrary commands by via a long directory name. | |||||
CVE-2002-0199 | 1 Nullsoft | 1 Shoutcast Server | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an argument with a large number of backslashes. | |||||
CVE-1999-0486 | 1 Aol | 1 Instant Messenger | 2024-02-04 | 5.0 MEDIUM | N/A |
Denial of service in AOL Instant Messenger when a remote attacker sends a malicious hyperlink to the receiving client, potentially causing a system crash. | |||||
CVE-2002-0043 | 1 Todd Miller | 1 Sudo | 2024-02-04 | 7.2 HIGH | N/A |
sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked. | |||||
CVE-2003-0762 | 1 Foxweb | 1 Foxweb | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 allows remote attackers to execute arbitrary code via a long URL (PATH_INFO value). | |||||
CVE-2000-1036 | 1 Extent Technologies | 1 Rbs Isp | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Extent RBS ISP web server allows remote attackers to read sensitive information via a .. (dot dot) attack on the Image parameter. | |||||
CVE-2002-1582 | 1 Mailreader.com | 1 Mailreader.com | 2024-02-04 | 10.0 HIGH | N/A |
compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail as the Mail Transfer Agent, allows remote attackers to execute arbitrary commands via shell metacharacters in the RealEmail configuration variable, which is used to call Sendmail in network.cgi. |