Total
254030 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-1999-0715 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-02-04 | 4.6 MEDIUM | N/A |
Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry. | |||||
CVE-2004-0116 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2024-02-04 | 5.0 MEDIUM | N/A |
An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field. | |||||
CVE-2004-1642 | 1 Texas Imperial Software | 1 Wftpd | 2024-02-04 | 5.0 MEDIUM | N/A |
WFTPD Pro Server 3.21 allows remote authenticated users to cause a denial of service (crash) via a series of long MLIST commands. | |||||
CVE-2004-1760 | 2 Cisco, Ibm | 17 Call Manager, Conference Connection, Emergency Responder and 14 more | 2024-02-04 | 10.0 HIGH | N/A |
The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247. | |||||
CVE-2002-2035 | 1 Realityscape | 1 Mylogin 2000 | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in RealityScape MyLogin 2000 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password in the login form. | |||||
CVE-2001-0787 | 1 Redhat | 1 Linux | 2024-02-04 | 4.6 MEDIUM | N/A |
LPRng in Red Hat Linux 7.0 and 7.1 does not properly drop memberships in supplemental groups when lowering privileges, which could allow a local user to elevate privileges. | |||||
CVE-2003-0908 | 1 Microsoft | 1 Windows 2000 | 2024-02-04 | 7.2 HIGH | N/A |
The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213. | |||||
CVE-2002-1441 | 1 Tomahawk Technologies | 1 Steelarrow | 2024-02-04 | 7.5 HIGH | N/A |
Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow remote attackers to execute arbitrary code via (1) the Steelarrow Service (Steelarrow.exe) using a long UserIdent Cookie header, (2) DLLHOST.EXE (Steelarrow.dll) via a request for a long .aro file, or (3) DLLHOST.EXE via a Chunked Transfer-Encoding request. | |||||
CVE-2000-0326 | 1 On Technology | 1 Meeting Maker | 2024-02-04 | 5.0 MEDIUM | N/A |
Meeting Maker uses weak encryption (a polyalphabetic substitution cipher) for passwords, which allows remote attackers to sniff and decrypt passwords for Meeting Maker accounts. | |||||
CVE-2002-0206 | 1 Francisco Burzi | 1 Php-nuke | 2024-02-04 | 7.5 HIGH | N/A |
index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter. | |||||
CVE-2002-1322 | 1 Rational Software | 1 Clearcase | 2024-02-04 | 5.0 MEDIUM | N/A |
Rational ClearCase 4.1, 2002.05, and possibly other versions allows remote attackers to cause a denial of service (crash) via certain packets to port 371, e.g. via nmap. | |||||
CVE-2004-0565 | 4 Gentoo, Linux, Mandrakesoft and 1 more | 6 Linux, Linux Kernel, Mandrake Linux and 3 more | 2024-02-04 | 2.1 LOW | N/A |
Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit. | |||||
CVE-2003-0940 | 1 Sap | 1 Sap Db | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB before 7.4.03.30 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a URL. | |||||
CVE-2003-1053 | 1 Xshisen | 1 Xshisen | 2024-02-04 | 4.6 MEDIUM | N/A |
Multiple buffer overflows in XShisen allow attackers to execute arbitrary code via a long (1) -KCONV command line option or (2) XSHISENLIB environment variable. | |||||
CVE-2001-0210 | 1 Carey Internet Service | 1 Commerce.cgi | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in commerce.cgi CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack in the page parameter. | |||||
CVE-2001-0908 | 1 Citrix | 1 Metaframe | 2024-02-04 | 7.5 HIGH | N/A |
CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT). | |||||
CVE-2004-0381 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2024-02-04 | 2.1 LOW | N/A |
mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file. | |||||
CVE-2003-0313 | 1 Snowblind.net | 1 Snowblind Web Server | 2024-02-04 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to list arbitrary directory contents via a ... (triple dot) in an HTTP request. | |||||
CVE-2003-0092 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 7.2 HIGH | N/A |
Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Solaris 9 allows local users to gain root privileges via a long HOME environment variable. | |||||
CVE-2003-0194 | 1 Redhat | 2 Linux, Tcpdump | 2024-02-04 | 4.6 MEDIUM | N/A |
tcpdump does not properly drop privileges to the pcap user when starting up. |