Total
254124 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1298 | 1 Anyportal Php | 1 Anyportal Php | 2024-02-04 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in siteman.php3 in AnyPortal(php) 12 MAY 00 allow remote attackers to (1) create, (2) delete, (3) save, and (4) upload files by navigating to the root directory and entering a filename beginning with "./.." (dot slash dot dot). | |||||
| CVE-1999-1500 | 1 True North | 1 Internet Anywhere Mail Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| Internet Anywhere POP3 Mail Server 2.3.1 allows remote attackers to cause a denial of service (crash) via (1) LIST, (2) TOP, or (3) UIDL commands using letters as arguments. | |||||
| CVE-2002-0269 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 7.5 HIGH | N/A |
| Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks. | |||||
| CVE-1999-0546 | 1 Microsoft | 1 Windows Nt | 2024-02-04 | 4.6 MEDIUM | N/A |
| The Windows NT guest account is enabled. | |||||
| CVE-2001-1449 | 2 Apache, Mandrakesoft | 4 Http Server, Mandrake Linux, Mandrake Linux Corporate Server and 1 more | 2024-02-04 | 7.5 HIGH | N/A |
| The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories. | |||||
| CVE-2003-1469 | 2 Macromedia, Microsoft | 5 Coldfusion, Coldfusion Professional, Windows 2000 and 2 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message. | |||||
| CVE-2002-2276 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2024-02-04 | 5.0 MEDIUM | N/A |
| Ultimate PHP Board (UPB) 1.0 allows remote attackers to view the physical path of the message board via a direct request to add.php, which leaks the path in an error message. | |||||
| CVE-2004-0581 | 2 Gnu, Mandrakesoft | 3 Ksymoops, Mandrake Linux, Mandrake Linux Corporate Server | 2024-02-04 | 4.6 MEDIUM | N/A |
| ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate Server 2.1, allows local users to delete arbitrary files via a symlink attack on files in /tmp. | |||||
| CVE-2004-1409 | 1 Singapore | 1 Image Gallery Web Application | 2024-02-04 | 5.0 MEDIUM | N/A |
| Multiple cross-site scripting vulnerabilities in Image Gallery Web Application 0.9.10 allow remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-1999-0688 | 1 Hp | 1 Hp-ux | 2024-02-04 | 4.6 MEDIUM | N/A |
| Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x. | |||||
| CVE-2004-1577 | 1 Greg Donald | 1 Phplinks | 2024-02-04 | 5.0 MEDIUM | N/A |
| index.php in PHP Links allows remote attackers to gain sensitive information via an invalid show parameter, which reveals the full path in an error message. | |||||
| CVE-2002-1748 | 1 Open Source Development Network | 1 Slashcode | 2024-02-04 | 7.2 HIGH | N/A |
| Unknown vulnerability in Slash 2.1.x and 2.2 through 2.2.2, as used in Slashcode, allows remote authenticated users to gain access to arbitrary accounts. | |||||
| CVE-2002-1958 | 1 Kmmail | 1 Kmmail | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in kmMail 1.0, 1.0a, and 1.0b allows remote attackers to inject arbitrary web script or HTML via (1) javascript in onmouseover or other attributes in "safe" HTML tags such as the "b" tag, or (2) the Subject field. | |||||
| CVE-2002-0007 | 1 Mozilla | 1 Bugzilla | 2024-02-04 | 10.0 HIGH | N/A |
| CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server. | |||||
| CVE-2004-2131 | 1 Ibm | 2 Informix Dynamic Server, Informix Extended Parallel Server | 2024-02-04 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in ontape for IBM Informix Dynamic Server (IDS) 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable. | |||||
| CVE-2001-0289 | 1 Joseph Allen | 1 Joe | 2024-02-04 | 4.6 MEDIUM | N/A |
| Joe text editor 2.8 searches the current working directory (CWD) for the .joerc configuration file, which could allow local users to gain privileges of other users by placing a Trojan Horse .joerc file into a directory, then waiting for users to execute joe from that directory. | |||||
| CVE-2002-1446 | 1 Ncipher | 1 Pkcs 11 Library | 2024-02-04 | 5.0 MEDIUM | N/A |
| The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages. | |||||
| CVE-1999-0291 | 1 Qbik | 1 Wingate | 2024-02-04 | 7.5 HIGH | N/A |
| The WinGate proxy is installed without a password, which allows remote attackers to redirect connections without authentication. | |||||
| CVE-2004-1368 | 1 Oracle | 9 Application Server, Collaboration Suite, E-business Suite and 6 more | 2024-02-04 | 7.8 HIGH | N/A |
| ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script. | |||||
| CVE-2003-0638 | 1 Novell | 1 Ichain | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, and iChain 2.2 before Field Patch 1a, allow attackers to cause a denial of service (ABEND) and possibly execute arbitrary code via (1) a long user name or (2) an unknown attack related to a "special script against login." | |||||