Total
254012 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-2339 | 1 Script Shed | 1 Ssgbook | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in configure.asp in Script-Shed GuestBook 1.0 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in (1) image, (2) img, (3) image=right, (4) img=right, (5) image=left, and (6) img=left tags. | |||||
CVE-2002-0993 | 1 Hp | 1 Instant Support | 2024-02-04 | 4.6 MEDIUM | N/A |
Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) product U2512A for HP-UX 11.00 and 11.11 may allow authenticated users to access restricted files. | |||||
CVE-2002-1076 | 1 Ipswitch | 1 Imail | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the Web Messaging daemon for Ipswitch IMail before 7.12 allows remote attackers to execute arbitrary code via a long HTTP GET request for HTTP/1.0. | |||||
CVE-2003-1169 | 1 Datev | 1 Nutzungskontrolle | 2024-02-04 | 4.6 MEDIUM | N/A |
DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for critical registry keys, which allows local users to bypass access restrictions by importing NukoInfo values in certain DATEV keys, which disables Nutzungskontrolle. | |||||
CVE-1999-1496 | 3 Debian, Redhat, Todd Miller | 3 Debian Linux, Linux, Sudo | 2024-02-04 | 2.1 LOW | N/A |
Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist. | |||||
CVE-2002-0220 | 1 Phpsmssend | 1 Phpsmssend | 2024-02-04 | 7.5 HIGH | N/A |
phpsmssend.php in PhpSmsSend 1.0 allows remote attackers to execute arbitrary commands via an SMS message containing shell metacharacters. | |||||
CVE-2000-0534 | 1 Aps Filter Development Team | 1 Apsfilter | 2024-02-04 | 4.6 MEDIUM | N/A |
The apsfilter software in the FreeBSD ports package does not properly read user filter configurations, which allows local users to execute commands as the lpd user. | |||||
CVE-1999-0598 | 2024-02-04 | 10.0 HIGH | N/A | ||
A network intrusion detection system (IDS) does not properly handle packets that are sent out of order, allowing an attacker to escape detection. | |||||
CVE-2002-1060 | 1 Bluecoat | 1 Cacheos | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Blue Coat Systems (formerly CacheFlow) CacheOS on Client Accelerator 4.1.06, Security Gateway 2.1.02, and Server Accelerator 4.1.06 allows remote attackers to inject arbitrary web script or HTML via a URL to a nonexistent hostname that includes the HTML, which is inserted into the resulting error page. | |||||
CVE-1999-1052 | 1 Microsoft | 1 Frontpage | 2024-02-04 | 5.0 MEDIUM | N/A |
Microsoft FrontPage stores form results in a default location in /_private/form_results.txt, which is world-readable and accessible in the document root, which allows remote attackers to read possibly sensitive information submitted by other users. | |||||
CVE-1999-0420 | 1 Netbsd | 1 Umapfs | 2024-02-04 | 7.2 HIGH | N/A |
umapfs allows local users to gain root privileges by changing their uid through a malicious mount_umap program. | |||||
CVE-2001-0142 | 5 Immunix, Mandrakesoft, National Science Foundation and 2 more | 5 Immunix, Mandrake Linux, Squid Web Proxy and 2 more | 2024-02-04 | 1.2 LOW | N/A |
squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations. | |||||
CVE-2002-1530 | 1 Surfcontrol | 1 Superscout Email Filter | 2024-02-04 | 5.0 MEDIUM | N/A |
The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows users to obtain usernames and plaintext passwords via a request to the userlist.asp program, which includes the passwords in a user editing form. | |||||
CVE-2004-1631 | 1 Openwfe | 1 Work Flow Engine | 2024-02-04 | 5.0 MEDIUM | N/A |
Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to conduct port scans of remote hosts by specifying the target in an rmi:// Worklist URL, then using the response times to infer the results. | |||||
CVE-2001-1293 | 1 3com | 1 3cr29223 | 2024-02-04 | 5.0 MEDIUM | N/A |
Buffer overflow in web server of 3com HomeConnect Cable Modem External with USB (#3CR29223) allows remote attackers to cause a denial of service (crash) via a long HTTP request. | |||||
CVE-2001-0324 | 1 Microsoft | 2 Windows 2000, Windows 98 | 2024-02-04 | 2.6 LOW | N/A |
Windows 98 and Windows 2000 Java clients allow remote attackers to cause a denial of service via a Java applet that opens a large number of UDP sockets, which prevents the host from establishing any additional UDP connections, and possibly causes a crash. | |||||
CVE-2003-0660 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2024-02-04 | 7.5 HIGH | N/A |
The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers to execute arbitrary code without user approval. | |||||
CVE-2003-1142 | 1 Network Instruments | 1 Niprint Lpd-lpr Print Server | 2024-02-04 | 10.0 HIGH | N/A |
Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows Explorer with SYSTEM privileges, which allows local users to gain privileges. | |||||
CVE-2002-2309 | 1 Php | 1 Php | 2024-02-04 | 7.8 HIGH | N/A |
php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments. | |||||
CVE-2003-1489 | 1 Truegalerie | 1 Truegalerie | 2024-02-04 | 5.0 MEDIUM | N/A |
upload.php in Truegalerie 1.0 allows remote attackers to read arbitrary files by specifying the target filename in the file cookie in form.php, then downloading the file from the image gallery. |