Total
254017 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-2071 | 1 Macallan | 1 Mail Solution | 2024-02-04 | 7.5 HIGH | N/A |
Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier versions, allows remote attackers to bypass authentication in the web interface via an HTTP GET request with two slashes ("//") after the server name. | |||||
CVE-2000-1225 | 1 Imatix | 1 Xitami | 2024-02-04 | 5.0 MEDIUM | N/A |
Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin directory, which allows remote attackers to gain sensitive configuration information about the web server by accessing the program. | |||||
CVE-1999-1138 | 1 Sco | 4 Open Desktop, Open Desktop Lite, Openserver and 1 more | 2024-02-04 | 10.0 HIGH | N/A |
SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access to those accounts since /tmp and /usr/tmp are world-writable. | |||||
CVE-2002-1961 | 1 Finjan Software | 1 Surfingate | 2024-02-04 | 7.5 HIGH | N/A |
Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to bypass URL access restrictions via a URL whose hostname portion uses a fully qualified domain name (FQDN) that ends in a "." (dot). | |||||
CVE-2001-0704 | 1 Arcadia | 1 Arcadia Internet Store | 2024-02-04 | 7.5 HIGH | N/A |
tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to discover the full path to the working directory via a URL with a template argument for a file that does not exist. | |||||
CVE-2004-1923 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-02-04 | 5.0 MEDIUM | N/A |
Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to gain sensitive information via a direct request to (1) banner_click.php, (2) categorize.php, (3) tiki-admin_include_directory.php, (4) tiki-directory_search.php, which reveal the web server path in an error message. | |||||
CVE-2002-1878 | 1 W-agora | 1 W-agora | 2024-02-04 | 5.0 MEDIUM | N/A |
PHP remote file inclusion vulnerability in w-Agora 4.1.3 allows remote attackers to execute arbitrary PHP code via the inc_dir parameter. | |||||
CVE-2003-0634 | 1 Oracle | 2 Oracle8i, Oracle9i | 2024-02-04 | 7.5 HIGH | N/A |
Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name. | |||||
CVE-2000-0994 | 1 Openbsd | 1 Openbsd | 2024-02-04 | 7.2 HIGH | N/A |
Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable. | |||||
CVE-2004-1773 | 1 Gnu | 1 Sharutils | 2024-02-04 | 7.5 HIGH | N/A |
Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar. | |||||
CVE-2004-2163 | 1 Openbsd | 1 Openbsd | 2024-02-04 | 7.5 HIGH | N/A |
login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies. | |||||
CVE-2002-1037 | 1 Michael Dean | 1 Double Choco Latte | 2024-02-04 | 5.0 MEDIUM | N/A |
Cross-site scripting vulnerability in Double Choco Latte (DCL) before 20020706 allows remote attackers to inject arbitrary HTML, including script, into web pages via the (1) Ticket# Find, (2) Priorities, (3) Severities, (4) Projects, (5) WO# Find, (6) Departments and (7) Users features. | |||||
CVE-1999-1226 | 1 Netscape | 1 Communicator | 2024-02-04 | 2.6 LOW | N/A |
Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key. | |||||
CVE-2002-1595 | 1 Cisco | 1 Sn 5420 Storage Router Firmware | 2024-02-04 | 5.0 MEDIUM | N/A |
Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to read configuration files without authorization. | |||||
CVE-1999-1472 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 5.0 MEDIUM | N/A |
Internet Explorer 4.0 allows remote attackers to read arbitrary text and HTML files on the user's machine via a small IFRAME that uses Dynamic HTML (DHTML) to send the data to the attacker, aka the Freiburg text-viewing issue. | |||||
CVE-2002-1423 | 1 Ilia Alshanetsky | 1 Fudforum | 2024-02-04 | 5.0 MEDIUM | N/A |
tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter. | |||||
CVE-2001-0563 | 1 Electrosoft | 1 Electrocomm | 2024-02-04 | 5.0 MEDIUM | N/A |
ElectroSystems Engineering Inc. ElectroComm 2.0 and earlier allows a remote attacker to create a denial of service via large (> 160000 character) strings sent to port 23. | |||||
CVE-2002-1132 | 1 Squirrelmail | 1 Squirrelmail | 2024-02-04 | 5.0 MEDIUM | N/A |
SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script. | |||||
CVE-2004-2115 | 1 Oracle | 1 Http Server | 2024-02-04 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request. | |||||
CVE-1999-1527 | 1 Sun | 2 Forte, Netbeans Developer | 2024-02-04 | 7.5 HIGH | N/A |
Internal HTTP server in Sun Netbeans Java IDE in Netbeans Developer 3.0 Beta and Forte Community Edition 1.0 Beta does not properly restrict access to IP addresses as specified in its configuration, which allows arbitrary remote attackers to access the server. |