Total
254240 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0536 | 1 Phpgroupware | 1 Phpgroupware | 2024-02-04 | 7.5 HIGH | N/A |
PHPGroupware 0.9.12 and earlier, when running with the magic_quotes_gpc feature disabled, allows remote attackers to compromise the database via a SQL injection attack. | |||||
CVE-1999-0015 | 4 Hp, Microsoft, Netbsd and 1 more | 5 Hp-ux, Windows 95, Windows Nt and 2 more | 2024-02-04 | 5.0 MEDIUM | N/A |
Teardrop IP denial of service. | |||||
CVE-2002-1672 | 1 Webmin | 1 Webmin | 2024-02-04 | 2.1 LOW | N/A |
Webmin 0.92, when installed from an RPM, creates /var/webmin with insecure permissions (world readable), which could allow local users to read the root user's cookie-based authentication credentials and possibly hijack the root user's session using the credentials. | |||||
CVE-1999-0535 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-02-04 | 10.0 HIGH | N/A |
A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness. | |||||
CVE-1999-1145 | 1 Hp | 1 Hp-ux | 2024-02-04 | 7.2 HIGH | N/A |
Vulnerability in Glance programs in GlancePlus for HP-UX 10.20 and earlier allows local users to access arbitrary files and gain privileges. | |||||
CVE-2001-1581 | 1 Clearswift Limited | 1 Mailsweeper | 2024-02-04 | 7.5 HIGH | N/A |
The File Blocker feature in Clearswift MAILsweeper for SMTP 4.2 allows remote attackers to bypass e-mail attachment filtering policies via a modified name in a Content-Type header. | |||||
CVE-1999-0597 | 2024-02-04 | 10.0 HIGH | N/A | ||
A Windows NT account policy does not forcibly disconnect remote users from the server when their logon hours expire. | |||||
CVE-2003-1235 | 1 Brs | 1 Webweaver | 2024-02-04 | 5.0 MEDIUM | N/A |
BRW WebWeaver 1.03 allows remote attackers to obtain sensitive server environment information via a URL request for testcgi.exe, which lists the values of environment variables and the current working directory. | |||||
CVE-2002-0396 | 1 Red-m | 1 1050ap Lan Acess Point | 2024-02-04 | 7.5 HIGH | N/A |
The web management server for Red-M 1050 (Bluetooth Access Point) does not use session-based credentials to authenticate users, which allows attackers to connect to the server from the same IP address as a user who has already established a session. | |||||
CVE-2001-1046 | 1 Qualcomm | 1 Qpopper | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in qpopper (aka qpop or popper) 4.0 through 4.0.2 allows remote attackers to gain privileges via a long username. | |||||
CVE-2003-1380 | 1 Bisonftp | 1 Bisonftp Server 4 | 2024-02-04 | 7.5 HIGH | N/A |
Directory traversal vulnerability in BisonFTP Server 4 release 2 allows remote attackers to (1) list directories above the root via an 'ls @../' command, or (2) list files above the root via a "mget @../FILE" command. | |||||
CVE-2004-2121 | 1 Borland Software | 1 Web Server For Corel Paradox | 2024-02-04 | 5.0 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in Borland Web Server (BWS) 1.0b3 and earlier allow remote attackers to read and download arbitrary files via (1) multi-dot "......" sequences, or (2) "%5c%2e%2e" (encoded "\..") sequences, in the URL. | |||||
CVE-1999-0547 | 2024-02-04 | 10.0 HIGH | N/A | ||
An SSH server allows authentication through the .rhosts file. | |||||
CVE-2001-1268 | 1 Info-zip | 1 Unzip | 2024-02-04 | 2.1 LOW | N/A |
Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename. | |||||
CVE-2002-1154 | 1 Stephen Turner | 1 Analog | 2024-02-04 | 5.0 MEDIUM | N/A |
anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log. | |||||
CVE-2003-1188 | 1 Unichat | 1 Unichat | 2024-02-04 | 5.0 MEDIUM | N/A |
Unichat allows remote attackers to cause a denial of service (crash) by adding extra chat characters (avatars) and logging in to a chat room, as demonstrated using duplicate ACTOR entries in u2res000.rit. | |||||
CVE-1999-0123 | 1 Slackware | 1 Slackware Linux | 2024-02-04 | 3.7 LOW | N/A |
Race condition in Linux mailx command allows local users to read user files. | |||||
CVE-2004-1525 | 1 New Media Generation | 1 Hired Team Trial | 2024-02-04 | 5.0 MEDIUM | N/A |
Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause a denial of service (application crash) via the status command. | |||||
CVE-2003-0513 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 7.5 HIGH | N/A |
Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. | |||||
CVE-2004-0113 | 1 Apache | 1 Http Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server. |