Total
254124 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-0120 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2024-02-04 | 5.0 MEDIUM | N/A |
The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages. | |||||
CVE-2001-1112 | 1 Khamil Landross And Zack Jones | 1 Eftp | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute arbitrary code by uploading a .lnk file containing a large number of characters. | |||||
CVE-2002-0957 | 1 Iss | 1 Blackice Agent | 2024-02-04 | 5.0 MEDIUM | N/A |
The default configuration of BlackICE Agent 3.1.eal and 3.1.ebh has a high tcp.maxconnections setting, which could allow remote attackers to cause a denial of service (memory consumption) via a large number of connections to the BlackICE system that consumes more resources than intended by the user. | |||||
CVE-2001-0036 | 1 Kth | 1 Kth Kerberos | 2024-02-04 | 1.2 LOW | N/A |
KTH Kerberos IV allows local users to overwrite arbitrary files via a symlink attack on a ticket file. | |||||
CVE-2002-1909 | 1 Click2learn | 1 Ingenium Learning Management System | 2024-02-04 | 5.0 MEDIUM | N/A |
Click2Learn Ingenium Learning Management System 5.1 and 6.1 stores the hashed administrative password in a config.txt file under the htdocs directory, which allows remote attackers to obtain the administrative password. | |||||
CVE-2001-1065 | 1 Cisco | 1 Cbos | 2024-02-04 | 5.0 MEDIUM | N/A |
Web-based configuration utility in Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap binds itself to port 80 even when web-based configuration services are disabled, which could leave the router open to attack. | |||||
CVE-2003-1066 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 5.0 MEDIUM | N/A |
Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (syslogd crash) and possibly execute arbitrary code via long syslog UDP packets. | |||||
CVE-1999-0829 | 1 Hp | 1 Secure Web Console | 2024-02-04 | 5.0 MEDIUM | N/A |
HP Secure Web Console uses weak encryption. | |||||
CVE-2002-2261 | 1 Sendmail | 1 Sendmail | 2024-02-04 | 7.5 HIGH | N/A |
Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relaying restrictions enforced by the 'check_relay' function by spoofing a blank DNS hostname. | |||||
CVE-2002-2231 | 1 Ikonboard | 1 Ikonboard | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) a javascript: URL in a photo URL or (2) an X-Forwarded-For: header. | |||||
CVE-2001-1503 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 2.1 LOW | N/A |
The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS 5.5 through 5.8 allows remote attackers to list all accounts on a host by typing finger 'a b c d e f g h'@host. | |||||
CVE-2004-1755 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 7.5 HIGH | N/A |
The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after the first connection, which could allow users to gain privileges. | |||||
CVE-2002-0458 | 1 Linux-sottises | 1 News-tnk | 2024-02-04 | 7.6 HIGH | N/A |
Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter. | |||||
CVE-2004-0554 | 6 Avaya, Conectiva, Gentoo and 3 more | 18 Converged Communications Server, Intuity Audix, Modular Messaging Message Storage Server and 15 more | 2024-02-04 | 2.1 LOW | N/A |
Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program. | |||||
CVE-2001-1278 | 1 Zope | 1 Zope | 2024-02-04 | 7.5 HIGH | N/A |
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags. | |||||
CVE-2000-0176 | 1 Cat Soft | 1 Serv-u | 2024-02-04 | 5.0 MEDIUM | N/A |
The default configuration of Serv-U 2.5d and earlier allows remote attackers to determine the real pathname of the server by requesting a URL for a directory or file that does not exist. | |||||
CVE-2002-0579 | 1 Workforceroi | 1 Xpede | 2024-02-04 | 7.5 HIGH | N/A |
WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as an Xpede administrator via a direct HTTP request to the /admin/adminproc.asp script, which does not prompt for a password. | |||||
CVE-2001-0406 | 1 Samba | 1 Samba | 2024-02-04 | 2.1 LOW | N/A |
Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient. | |||||
CVE-2000-1141 | 1 Recourse Technologies | 1 Mantrap | 2024-02-04 | 2.1 LOW | N/A |
Recourse ManTrap 1.6 modifies the kernel so that ".." does not appear in the /proc listing, which allows attackers to determine that they are in a honeypot system. | |||||
CVE-2003-0057 | 1 Hypermail | 1 Hypermail | 2024-02-04 | 7.5 HIGH | N/A |
Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code (1) via a long attachment filename that is not properly handled by the hypermail executable, or (2) by connecting to the mail CGI program from an IP address that reverse-resolves to a long hostname. |