Total
254124 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-1225 | 1 Kth | 1 Heimdal | 2024-02-04 | 10.0 HIGH | N/A |
Multiple buffer overflows in Heimdal before 0.5, possibly in both the (1) kadmind and (2) kdc servers, may allow remote attackers to gain root access. | |||||
CVE-1999-1022 | 1 Sgi | 1 Irix | 2024-02-04 | 6.2 MEDIUM | N/A |
serial_ports administrative program in IRIX 4.x and 5.x trusts the user's PATH environmental variable to find and execute the ls program, which allows local users to gain root privileges via a Trojan horse ls program. | |||||
CVE-2004-0497 | 7 Conectiva, Gentoo, Linux and 4 more | 9 Linux, Linux, Linux Kernel and 6 more | 2024-02-04 | 2.1 LOW | N/A |
Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4. | |||||
CVE-1999-1187 | 3 Freebsd, Slackware, University Of Washington | 3 Freebsd, Slackware Linux, Pine | 2024-02-04 | 4.6 MEDIUM | N/A |
Pine before version 3.94 allows local users to gain privileges via a symlink attack on a lockfile that is created when a user receives new mail. | |||||
CVE-2004-1560 | 1 Microsoft | 1 Sql Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Microsoft SQL Server 7.0 allows remote attackers to cause a denial of service (mssqlserver service halt) via a long request to TCP port 1433, possibly triggering a buffer overflow. | |||||
CVE-1999-0696 | 2 Hp, Sun | 3 Hp-ux, Solaris, Sunos | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd). | |||||
CVE-2002-1426 | 1 Hp | 1 Procurve Switch 4000m | 2024-02-04 | 7.8 HIGH | N/A |
HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a denial of service (crash) via an SNMP write request containing 85 characters, possibly triggering a buffer overflow. | |||||
CVE-2000-1227 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-02-04 | 5.0 MEDIUM | N/A |
Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause a denial of service (unavailable connections) by sending multiple SMB SMBnegprots requests but not reading the response that is sent back. | |||||
CVE-1999-0817 | 1 University Of Kansas | 1 Lynx | 2024-02-04 | 10.0 HIGH | N/A |
Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet. | |||||
CVE-2002-2386 | 1 Xoops | 1 Xoops | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS 1.0, when allowing on-line question development, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the SRC attribute of an IMG tag. | |||||
CVE-2004-1077 | 1 Citrix | 2 Metaframe Client, Program Neighborhood Agent | 2024-02-04 | 5.0 MEDIUM | N/A |
Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and MetaFrame Presentation Server client for WinCE before 8.33 allows remote servers to create arbitrary shortcuts on the client via a full UNC path in the AppInStartmenu directive. | |||||
CVE-2001-1362 | 1 Horsburgh | 1 Npulse | 2024-02-04 | 7.5 HIGH | N/A |
Vulnerability in the server for nPULSE before 0.53p4. | |||||
CVE-2004-0586 | 1 Ibm | 1 Acprunner | 2024-02-04 | 10.0 HIGH | N/A |
acpRunner ActiveX 1.2.5.0 allows remote attackers to execute arbitrary code via the (1) DownLoadURL, (2) SaveFilePath, and (3) Download ActiveX methods. | |||||
CVE-2001-0436 | 1 Dcscripts | 2 Dcforum, Dcforum 2000 | 2024-02-04 | 7.5 HIGH | N/A |
dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute arbitrary commands by uploading a Perl program to the server and using a .. (dot dot) in the AZ parameter to reference the program. | |||||
CVE-2001-0520 | 1 Aladdin Knowledge Systems | 1 Esafe Gateway | 2024-02-04 | 7.5 HIGH | N/A |
Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent filtering of SCRIPT tags by embedding the scripts within certain HTML tags including (1) onload in the BODY tag, (2) href in the A tag, (3) the BUTTON tag, (4) the INPUT tag, or (5) any other tag in which scripts can be defined. | |||||
CVE-2004-2022 | 1 Activestate | 1 Activeperl | 2024-02-04 | 2.1 LOW | N/A |
ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow. NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl. | |||||
CVE-2000-0110 | 1 Baron Consulting Group | 1 Websitetool | 2024-02-04 | 7.5 HIGH | N/A |
The WebSiteTool shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. | |||||
CVE-2002-1107 | 1 Cisco | 1 Vpn Client | 2024-02-04 | 7.5 HIGH | N/A |
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.2B, does not generate sufficiently random numbers, which may make it vulnerable to certain attacks such as spoofing. | |||||
CVE-2002-0215 | 1 Steve Kneizys | 1 Agora.cgi | 2024-02-04 | 5.0 MEDIUM | N/A |
Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname in an error message. | |||||
CVE-2002-1382 | 1 Macromedia | 1 Flash Player | 2024-02-04 | 7.5 HIGH | N/A |
Macromedia Flash Player before 6.0.65.0 allows remote attackers to execute arbitrary code via certain malformed data headers in Shockwave Flash file format (SWF) files, a different issue than CAN-2002-0846. |