Total
254269 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-1329 | 1 Ibm | 1 Aix | 2024-02-04 | 7.2 HIGH | N/A |
Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program. | |||||
CVE-2004-1836 | 1 Invision Power Services | 1 Invision Power Top Site List | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in Invision Power Top Site List 1.1 RC 2 and earlier allows remote attackers to execute arbitrary SQL via the id parameter of the comments action. | |||||
CVE-2003-1131 | 1 Activecampaign | 1 Knowledgebuilder | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in index.php in KnowledgeBuilder, referred to as KnowledgeBase, allows remote attackers to execute arbitrary PHP code by modifying the page parameter to reference a URL on a remote web server that contains the code. | |||||
CVE-2001-1405 | 1 Mozilla | 1 Bugzilla | 2024-02-04 | 2.1 LOW | N/A |
Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, which allows local users to cause a denial of service (CPU consumption) via a flood of requests to sanitycheck.cgi. | |||||
CVE-2004-2023 | 1 Zen Cart | 1 Zen Cart | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 before patch 1, and possibly other versions allows remote attackers to execute arbitrary SQL via the (1) admin_name or (2) admin_pass parameters. | |||||
CVE-2003-1437 | 6 Bea, Hp, Ibm and 3 more | 8 Weblogic Server, Hp-ux, Aix and 5 more | 2024-02-04 | 2.1 LOW | N/A |
BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access. | |||||
CVE-2003-1540 | 1 Wfchat | 1 Wfchat | 2024-02-04 | 5.0 MEDIUM | N/A |
WF-Chat 1.0 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain authentication information via a direct request to (1) !pwds.txt and (2) !nicks.txt. | |||||
CVE-2004-1846 | 1 Expinion.net | 1 News Manager Lite | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the (1) ID parameter to more.asp, (2) ID parameter to category_news.asp, or (3) filter parameter to news_sort.asp. | |||||
CVE-2003-0426 | 1 Apple | 1 Darwin Streaming Server | 2024-02-04 | 10.0 HIGH | N/A |
The installation of Apple QuickTime / Darwin Streaming Server before 4.1.3f starts the administration server with a "Setup Assistant" page that allows remote attackers to set the administrator password and gain privileges before the real administrator. | |||||
CVE-2000-0428 | 1 Trend Micro | 1 Interscan Viruswall | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in the SMTP gateway for InterScan Virus Wall 3.32 and earlier allows a remote attacker to execute arbitrary commands via a long filename for a uuencoded attachment. | |||||
CVE-1999-1476 | 1 Intel | 2 Pentium, Pentuim | 2024-02-04 | 2.1 LOW | N/A |
A bug in Intel Pentium processor (MMX and Overdrive) allows local users to cause a denial of service (hang) in Intel-based operating systems such as Windows NT and Windows 95, via an invalid instruction, aka the "Invalid Operand with Locked CMPXCHG8B Instruction" problem. | |||||
CVE-2001-0447 | 1 Software602 | 1 602pro Lan Suite | 2024-02-04 | 7.5 HIGH | N/A |
Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request containing "%2e" (dot dot) characters. | |||||
CVE-1999-1392 | 1 Next | 2 Nex, Next | 2024-02-04 | 7.2 HIGH | N/A |
Vulnerability in restore0.9 installation script in NeXT 1.0a and 1.0 allows local users to gain root privileges. | |||||
CVE-1999-1321 | 1 Mit | 1 Kerberos | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote attackers to cause a denial of service or execute arbitrary commands via a long DNS hostname that is not properly handled during TGT ticket passing. | |||||
CVE-1999-1035 | 1 Microsoft | 1 Internet Information Server | 2024-02-04 | 5.0 MEDIUM | N/A |
IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a denial of service (hang) via a malformed GET request, aka the IIS "GET" vulnerability. | |||||
CVE-2001-0544 | 1 Microsoft | 1 Internet Information Services | 2024-02-04 | 2.1 LOW | N/A |
IIS 5.0 allows local users to cause a denial of service (hang) via by installing content that produces a certain invalid MIME Content-Type header, which corrupts the File Type table. | |||||
CVE-2004-0640 | 2 Netkit, Ssltelnetd | 2 Linux Netkit, Secure Telnet | 2024-02-04 | 10.0 HIGH | N/A |
Format string vulnerability in the SSL_set_verify function in telnetd.c for SSLtelnet daemon (SSLtelnetd) 0.13 allows remote attackers to execute arbitrary code. | |||||
CVE-2004-0426 | 1 Andrew Tridgell | 1 Rsync | 2024-02-04 | 5.0 MEDIUM | N/A |
rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path. | |||||
CVE-2000-0427 | 1 Aladdin Knowledge Systems | 1 Etoken | 2024-02-04 | 4.6 MEDIUM | N/A |
The Aladdin Knowledge Systems eToken device allows attackers with physical access to the device to obtain sensitive information without knowing the PIN of the owner by resetting the PIN in the EEPROM. | |||||
CVE-2004-0605 | 2 Ircd-hybrid, Ircd-ratbox | 2 Ircd-hybrid, Ircd-ratbox | 2024-02-04 | 5.0 MEDIUM | N/A |
Non-registered IRC users using (1) ircd-hybrid 7.0.1 and earlier, (2) ircd-ratbox 1.5.1 and earlier, or (3) ircd-ratbox 2.0rc6 and earlier do not have a rate-limit imposed, which could allow remote attackers to cause a denial of service by repeatedly making requests, which are slowly dequeued. |