Total
254074 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-1514 | 1 Macromedia | 1 Coldfusion | 2024-02-04 | 10.0 HIGH | N/A |
ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account. | |||||
CVE-2004-1727 | 1 Working Resources Inc. | 1 Badblue | 2024-02-04 | 5.0 MEDIUM | N/A |
BadBlue 2.5 allows remote attackers to cause a denial of service (refuse HTTP connections) via a large number of connections from the same IP address. | |||||
CVE-1999-1070 | 1 Xylogics | 1 Annex | 2024-02-04 | 5.0 MEDIUM | N/A |
Buffer overflow in ping CGI program in Xylogics Annex terminal service allows remote attackers to cause a denial of service via a long query parameter. | |||||
CVE-2004-0312 | 1 Linksys | 1 Wap55ag | 2024-02-04 | 6.4 MEDIUM | N/A |
Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP read only community string to gain access to read/write communtiy strings via a query for OID 1.3.6.1.4.1.3955.2.1.13.1.2. | |||||
CVE-2002-0405 | 1 Transsoft | 1 Broker Ftp Server | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows remote attackers to cause a denial of service and possibly execute arbitrary code via a CWD command with a large number of . (dot) characters. | |||||
CVE-2001-0329 | 1 Mozilla | 1 Bugzilla | 2024-02-04 | 7.5 HIGH | N/A |
Bugzilla 2.10 allows remote attackers to execute arbitrary commands via shell metacharacters in a username that is then processed by (1) the Bugzilla_login cookie in post_bug.cgi, or (2) the who parameter in process_bug.cgi. | |||||
CVE-2001-0035 | 1 Kth | 1 Kth Kerberos | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in the kdc_reply_cipher function in KTH Kerberos IV allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long authentication request. | |||||
CVE-2003-0173 | 2 Sgi, Xfsdump | 2 Irix, Xfsdump | 2024-02-04 | 7.2 HIGH | N/A |
xfsdq in xfsdump does not create quota information files securely, which allows local users to gain root privileges. | |||||
CVE-2002-0314 | 3 Fasttrack, Grokster, Music City Networks | 3 Kazaa, Grokster, Morpheus | 2024-02-04 | 5.0 MEDIUM | N/A |
fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) morpheus allows remote attackers to cause a denial of service (memory exhaustion) via a series of client-to-client messages, which pops up new windows per message. | |||||
CVE-2002-2307 | 1 Pyramid | 1 Benhur Software Update | 2024-02-04 | 5.0 MEDIUM | N/A |
The default configuration of BenHur Firewall release 3 update 066 fix 2 allows remote attackers to access arbitrary services by connecting from source port 20. | |||||
CVE-2004-1771 | 1 Open Group | 1 Scalable Ogo | 2024-02-04 | 5.0 MEDIUM | N/A |
Scalable OGo (SOGo) 1.0 allows remote authenticated users to bypass intended permissions and view private appointments of other users. | |||||
CVE-2002-0590 | 1 Icredibb | 1 Icredibb | 2024-02-04 | 7.5 HIGH | N/A |
Cross-site scripting (CSS) vulnerability in IcrediBB 1.1 Beta allows remote attackers to execute arbitrary script and steal cookies as other IcrediBB users via the (1) title or (2) body of posts. | |||||
CVE-2001-1344 | 1 Cgicentral | 2 Webstore 400, Webstore 400cs | 2024-02-04 | 7.5 HIGH | N/A |
WSSecurity.pl in WebStore allows remote attackers to bypass authentication by providing the program with a filename that exists, which is made easier by (1) inserting a null character or (2) .. (dot dot). | |||||
CVE-2002-0480 | 1 Iss | 1 Realsecure Nokia | 2024-02-04 | 10.0 HIGH | N/A |
ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is configured to allow a user "skank" on a machine "starscream" to become a key manager when the "first time connection" feature is enabled and before any legitimate administrators have connected, which could allow remote attackers to gain access to the device during installation. | |||||
CVE-2001-0493 | 1 Max Feoktistov | 1 Small Http Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Small HTTP server 2.03 allows remote attackers to cause a denial of service via a URL that contains an MS-DOS device name such as aux. | |||||
CVE-2004-1364 | 1 Oracle | 9 Application Server, Collaboration Suite, E-business Suite and 6 more | 2024-02-04 | 8.5 HIGH | N/A |
Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory. | |||||
CVE-2002-1630 | 1 Oracle | 1 Application Server | 2024-02-04 | 7.5 HIGH | N/A |
The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) allows remote attackers to send arbitrary emails. | |||||
CVE-2000-0549 | 2 Cygnus, Mit | 4 Cygnus Network Security, Kerbnet, Kerberos and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request. | |||||
CVE-2002-0585 | 1 Hp | 1 Hp-ux | 2024-02-04 | 5.0 MEDIUM | N/A |
Unknown vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT patches allows attackers to cause a denial of service. | |||||
CVE-2002-1615 | 1 Hp | 2 Hp-ux, Tru64 | 2024-02-04 | 7.2 HIGH | N/A |
Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to execute arbitrary code via (1) msgchk or (2) .upd..loader. |