Total
254281 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-0765 | 1 Nullsoft | 1 Winamp | 2024-02-04 | 7.5 HIGH | N/A |
The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value. | |||||
CVE-2001-0476 | 1 Swsoft | 1 Aspseek | 2024-02-04 | 7.5 HIGH | N/A |
Multiple buffer overflows in s.cgi program in Aspseek search engine 1.03 and earlier allow remote attackers to execute arbitrary commands via (1) a long HTTP query string, or (2) a long tmpl parameter. | |||||
CVE-1999-1514 | 1 Celtech Software | 1 Expressfs | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in Celtech ExpressFS FTP server 2.x allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long USER command. | |||||
CVE-2004-2112 | 1 Herberlin | 1 Bremsserver | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in BremsServer 1.2.4 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in the URL. | |||||
CVE-2002-0747 | 1 Ibm | 1 Aix | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in lsmcode in AIX 4.3.3. | |||||
CVE-2003-0585 | 1 Brooky | 1 Estore | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to bypass authentication and execute arbitrary SQL code via the (1) user or (2) pass parameters. | |||||
CVE-2002-0048 | 1 Andrew Tridgell | 1 Rsync | 2024-02-04 | 10.0 HIGH | N/A |
Multiple signedness errors (mixed signed and unsigned numbers) in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server. | |||||
CVE-2004-1603 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 5.0 MEDIUM | 5.5 MEDIUM |
cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled. | |||||
CVE-2002-1080 | 1 Aprelium Technologies | 1 Abyss Web Server | 2024-02-04 | 7.5 HIGH | N/A |
The Administration console for Abyss Web Server 1.0.3 before Patch 2 allows remote attackers to gain privileges and modify server configuration via direct requests to CHL files such as (1) srvstatus.chl, (2) consport.chl, (3) general.chl, (4) srvparam.chl, and (5) advanced.chl. | |||||
CVE-2004-0462 | 2024-02-04 | 2.1 LOW | N/A | ||
The built-in web servers for multiple networking devices do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session with the same server. | |||||
CVE-2003-0504 | 1 Phpgroupware | 1 Phpgroupware | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware 0.9.14.003 (aka webdistro) allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to index.php in the addressbook module. | |||||
CVE-2003-0793 | 1 Gnome | 1 Gdm | 2024-02-04 | 2.1 LOW | N/A |
GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption). | |||||
CVE-2002-1174 | 1 Fetchmail | 1 Fetchmail | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (2) via long Received: headers, which are not properly parsed by the parse_received function. | |||||
CVE-2003-1150 | 1 Novell | 2 Netware, Zenworks Desktops | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare 6 SP3 and ZenWorks for Desktops 3.2 SP2 through 4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors. | |||||
CVE-2003-0392 | 1 St | 1 Ftp Service | 2024-02-04 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in ST FTP Service 3.0 allows remote attackers to list arbitrary directories via a CD command with a DoS drive letter argument (e.g. E:). | |||||
CVE-2004-2246 | 1 Goollery | 1 Goollery | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Goollery before 0.04b allows remote attackers to inject arbitrary HTML or web script via the conversation_id parameter to viewpic.php. | |||||
CVE-2002-1740 | 1 Alt-n | 2 Mdaemon, Worldclient | 2024-02-04 | 2.1 LOW | N/A |
Buffer overflow in WorldClient.cgi in WorldClient in Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to execute arbitrary code via a long folder name (NewFolder parameter). | |||||
CVE-2002-1662 | 1 Mambo | 1 Mambo Site Server | 2024-02-04 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the "Your name" field during account registration. | |||||
CVE-1999-0593 | 1 Microsoft | 1 Windows Nt | 2024-02-04 | 4.9 MEDIUM | N/A |
The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in. | |||||
CVE-2004-1982 | 1 Yabb | 1 Yabb | 2024-02-04 | 5.0 MEDIUM | N/A |
Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify records in the board's .txt file via carriage return characters in the subject field. |