Total
254306 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2000-1054 | 1 Cisco | 1 Secure Access Control Server | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet. | |||||
CVE-2000-0942 | 1 Microsoft | 1 Indexing Service | 2024-02-04 | 5.1 MEDIUM | N/A |
The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability. | |||||
CVE-2002-1741 | 1 Alt-n | 1 Worldclient | 2024-02-04 | 7.2 HIGH | N/A |
Directory traversal vulnerability in WorldClient.cgi in WorldClient for Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to delete arbitrary files via a ".." (dot dot) in the Attachments parameter. | |||||
CVE-2003-0231 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe. | |||||
CVE-2002-1042 | 2 Netscape, Sun | 4 Enterprise Server, Iplanet Web Server, One Application Server and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter. | |||||
CVE-2001-1014 | 1 Michael Boehme | 1 Webdiscount E Shop Online Shop System | 2024-02-04 | 7.5 HIGH | N/A |
eshop.pl in WebDiscount(e)shop allows remote attackers to execute arbitrary commands via shell metacharacters in the seite parameter. | |||||
CVE-1999-0020 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-0032. Reason: This candidate is a duplicate of CVE-1999-0032. Notes: All CVE users should reference CVE-1999-0032 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2002-1906 | 1 Polycom | 1 Viavideo | 2024-02-04 | 5.0 MEDIUM | N/A |
The web server for Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (CPU consumption) by sending incomplete HTTP requests and leaving the connections open. | |||||
CVE-2003-0664 | 1 Microsoft | 2 Word, Works | 2024-02-04 | 7.5 HIGH | N/A |
Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document. | |||||
CVE-2002-2156 | 1 Cerulean Studios | 1 Trillian | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in Trillian 0.73 allows remote IRC servers to execute arbitrary code via a long PING response. | |||||
CVE-2004-1943 | 1 Phpbb Group | 1 Phpbb | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in album_portal.php in phpBB modified by Przemo 1.8 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. | |||||
CVE-2003-0114 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 5.0 MEDIUM | N/A |
The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files. | |||||
CVE-2004-0262 | 1 The Palace | 1 The Palace Client | 2024-02-04 | 10.0 HIGH | N/A |
Stack-based buffer overflow in The Palace 3.5 and earlier client allows remote attackers to execute arbitrary code via a link to a palace:// url followed by a long server address string. | |||||
CVE-2001-1553 | 1 University Of California | 1 Seti At Home | 2024-02-04 | 4.6 MEDIUM | N/A |
Buffer overflow in setiathome for SETI@home 3.03, if installed setuid, could allow local users to execute arbitrary code via long command line options (1) socks_server, (2) socks_user, and (3) socks_passwd. NOTE: since the default configuration of setiathome is not setuid, perhaps this issue should not be included in CVE. | |||||
CVE-2001-0294 | 1 Typsoft | 1 Typsoft Ftp Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in TYPSoft FTP Server 0.85 allows remote attackers to read arbitrary files via (1) a .. (dot dot) in a GET command, or (2) a ... in a CWD command. | |||||
CVE-2004-2052 | 1 Esesix | 1 Thintune | 2024-02-04 | 7.5 HIGH | N/A |
eSeSIX Thintune thin clients running firmware 2.4.38 and earlier accept any password that begins with the actual password, which makes it easier for users to conduct brute force password guessing. | |||||
CVE-2004-2164 | 1 Virtual Programming | 1 Vp-asp | 2024-02-04 | 5.0 MEDIUM | N/A |
shoprestoreorder.asp in VP-ASP 5.0 does not close the database connection when a user restores a previous order, which allows remote attackers to cause a denial of service (connection consumption). | |||||
CVE-2003-0607 | 1 Stanley T. Shebs | 1 Xconq | 2024-02-04 | 4.6 MEDIUM | N/A |
Buffer overflow in xconq 7.4.1 allows local users to become part of the "games" group via the (1) USER or (2) DISPLAY environment variables. | |||||
CVE-2002-1893 | 1 Argosoft | 1 Argosoft Mail Server | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in ArGoSoft Mail Server Pro 1.8.1.9 allows remote attackers to inject arbitrary web script or HTML via the e-mail message. | |||||
CVE-2004-0502 | 1 Microsoft | 1 Outlook | 2024-02-04 | 5.0 MEDIUM | N/A |
Outlook 2003, when replying to an e-mail message, stores certain files in a predictable location for the "src" of an img tag of the original message, which allows remote attackers to bypass zone restrictions and exploit other issues that rely on predictable locations, as demonstrated using a shell: URI. |