Total
254017 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-0660 | 1 Cutephp | 1 Cutenews | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) show_news.php, and possibly other php files in CuteNews 1.3.1 allows remote attackers to inject arbitrary script or HTML via the id parameter. | |||||
CVE-2004-0718 | 3 Firebirdsql, Mozilla, Netscape | 3 Firebird, Mozilla, Navigator | 2024-02-04 | 7.5 HIGH | N/A |
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | |||||
CVE-2004-0577 | 1 Qbik | 1 Wingate | 2024-02-04 | 5.0 MEDIUM | N/A |
WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files from the root directory via a URL request to the wingate-internal directory. | |||||
CVE-2000-0127 | 1 Progress | 1 Webspeed | 2024-02-04 | 7.5 HIGH | N/A |
The Webspeed configuration program does not properly disable access to the WSMadmin utility, which allows remote attackers to gain privileges via wsisa.dll. | |||||
CVE-2002-1239 | 1 Qnx | 1 Rtos | 2024-02-04 | 7.2 HIGH | N/A |
QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and execute the cp program while operating at raised privileges, which allows local users to gain privileges by modifying the PATH to point to a malicious cp program. | |||||
CVE-2004-1399 | 1 Opentools | 1 Attachment Mod | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the Attachment module 2.3.10 and earlier for phpBB allows remote attackers to read arbitrary files via a .. (dot dot) in the filename. | |||||
CVE-2002-2034 | 1 John Hardin | 1 Procmail Email Sanitizer | 2024-02-04 | 7.5 HIGH | N/A |
The Email Sanitizer before 1.133 for Procmail allows remote attackers to bypass the mail filter and execute arbitrary code via crafted recursive multipart MIME attachments. | |||||
CVE-2000-1214 | 3 Immunix, Iputils, Redhat | 3 Immunix, Iputils, Linux | 2024-02-04 | 4.6 MEDIUM | N/A |
Buffer overflows in the (1) outpack or (2) buf variables of ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, may allow local users to gain privileges. | |||||
CVE-2003-0704 | 1 Kismac | 1 Kismac | 2024-02-04 | 7.2 HIGH | N/A |
KisMAC before 0.05d trusts user-supplied variables when chown'ing files or directories, which allows local users to gain privileges via the $DRIVER_KEXT environment variable in (1) viha_driver.sh, (2) macjack_load.sh, (3) airojack_load.sh, (4) setuid_enable.sh, (5) setuid_disable.sh, and using a "similar technique" for (6) viha_prep.sh and (7) viha_unprep.sh. | |||||
CVE-2000-0479 | 1 Shadow Op Software | 1 Dragon Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Dragon FTP server allows remote attackers to cause a denial of service via a long USER command. | |||||
CVE-2004-1592 | 1 Ocportal | 1 Ocportal | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in index.php in ocPortal 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the req_path parameter to reference a URL on a remote web server that contains a malicious funcs.php script. | |||||
CVE-2000-1186 | 1 Phf | 1 Phf | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in phf CGI program allows remote attackers to execute arbitrary commands by specifying a large number of arguments and including a long MIME header. | |||||
CVE-2000-0380 | 1 Cisco | 1 Ios | 2024-02-04 | 7.1 HIGH | N/A |
The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string. | |||||
CVE-2001-1273 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.1 LOW | N/A |
The "mxcsr P4" vulnerability in the Linux kernel before 2.2.17-14, when running on certain Intel CPUs, allows local users to cause a denial of service (system halt). | |||||
CVE-1999-0155 | 1 Aladdin Enterprises | 1 Ghostscript | 2024-02-04 | 7.5 HIGH | N/A |
The ghostscript command with the -dSAFER option allows remote attackers to execute commands. | |||||
CVE-2001-0756 | 1 Virtualcart | 1 Virtualcatalog | 2024-02-04 | 7.5 HIGH | N/A |
CatalogMgr.pl in VirtualCatalog (incorrectly claimed to be in VirtualCart) allows remote attackers to execute arbitrary code via the template parameter. | |||||
CVE-2000-1183 | 1 Nec | 1 Socks 5 | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in socks5 server on Linux allows attackers to execute arbitrary commands via a long connection request. | |||||
CVE-2003-0090 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2000-0844. Reason: This candidate is a duplicate of CVE-2000-0844. Notes: All CVE users should reference CVE-2000-0844 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-1999-0242 | 1 Slackware | 1 Slackware Linux | 2024-02-04 | 7.5 HIGH | N/A |
Remote attackers can access mail files via POP3 in some Linux systems that are using shadow passwords. | |||||
CVE-2002-0027 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 7.5 HIGH | N/A |
Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874. |