Total
253999 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1809 | 1 Phpbb Group | 1 Phpbb | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) postdays parameter to viewtopic.php or (2) topicdays parameter to viewforum.php. | |||||
| CVE-2002-1351 | 1 Melange | 1 Melange Chat System | 2024-02-04 | 5.0 MEDIUM | N/A |
| Buffer overflow in Melange Chat System 1.10 allows remote attackers to cause a denial of service (chat server crash) and possibly execute arbitrary code via the msgText buffer in the chat_InterpretData function, as demonstrated via a long Nick (nickname) request. | |||||
| CVE-2004-1935 | 1 Sct Corporation | 1 Campus Pipeline | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via onload, onmouseover, and other Javascript events in an e-mail attachment. | |||||
| CVE-2003-0687 | 2024-02-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate has been revoked by its Candidate Numbering Authority (CNA) because it was internally assigned to a problem that was not reachable (the affected routine was not used by the software). Notes: none. | |||||
| CVE-2000-1041 | 1 Swen Thuemmler | 1 Ypbind | 2024-02-04 | 10.0 HIGH | N/A |
| Buffer overflow in ypbind 3.3 possibly allows an attacker to gain root privileges. | |||||
| CVE-2004-2140 | 1 Yabb | 1 Yabb | 2024-02-04 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote attackers to modify text file contents via the subject variable. | |||||
| CVE-2003-0125 | 1 Multitech | 1 Routefinder 550 Vpn | 2024-02-04 | 5.0 MEDIUM | N/A |
| Buffer overflow in the web interface for SOHO Routefinder 550 before firmware 4.63 allows remote attackers to cause a denial of service (reboot) and execute arbitrary code via a long GET /OPTIONS value. | |||||
| CVE-2003-0974 | 1 Applied Watch Technologies | 1 Applied Watch Command Center | 2024-02-04 | 7.5 HIGH | N/A |
| Applied Watch Command Center allows remote attackers to conduct unauthorized activities without authentication, such as (1) add new users to a console, as demonstrated using appliedsnatch.c, or (2) add spurious IDS rules to sensors, as demonstrated using addrule.c. | |||||
| CVE-2004-1587 | 1 Monolith Productions | 4 Alien Versus Predator, Blood, No One Lives Forever and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| Buffer overflow in Monolith games including (1) Alien versus Predator 2 1.0.9.6 and earlier, (2) Blood 2 2.1 and earlier, (3) No one lives forever 1.004 and earlier and (4) Shogo 2.2 and earlier allows remote attackers to cause a denial of service (application crash) via a long secure Gamespy query. | |||||
| CVE-2000-1086 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-02-04 | 4.6 MEDIUM | N/A |
| The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | |||||
| CVE-2001-0972 | 1 Surf-net | 1 Asp Forum | 2024-02-04 | 10.0 HIGH | N/A |
| Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie (UserID 1), i.e. "0888888." | |||||
| CVE-2002-1708 | 1 Basilix | 1 Basilix Webmail | 2024-02-04 | 6.8 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the (1) subject or (2) message fields. | |||||
| CVE-1999-1140 | 1 Alec Muffet | 1 Cracklib | 2024-02-04 | 7.2 HIGH | N/A |
| Buffer overflow in CrackLib 2.5 may allow local users to gain root privileges via a long GECOS field. | |||||
| CVE-2001-1023 | 1 Xcache Technologies | 1 Xcache | 2024-02-04 | 5.0 MEDIUM | N/A |
| Xcache 2.1 allows remote attackers to determine the absolute path of web server documents by requesting a URL that is not cached by Xcache, which returns the full pathname in the Content-PageName header. | |||||
| CVE-2001-1063 | 1 Caldera | 2 Openunix, Unixware | 2024-02-04 | 7.2 HIGH | N/A |
| Buffer overflow in uidadmin in Caldera Open Unix 8.0.0 and UnixWare 7 allows local users to gain root privileges via a long -S (scheme) command line argument. | |||||
| CVE-2000-0126 | 1 Microsoft | 1 Internet Information Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a .. (dot dot) attack. | |||||
| CVE-2004-0180 | 1 Cvs | 1 Cvs | 2024-02-04 | 2.6 LOW | N/A |
| The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405. | |||||
| CVE-2003-1071 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 2.1 LOW | N/A |
| rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then supplying a spoofed from header. | |||||
| CVE-2001-0288 | 1 Cisco | 1 Ios | 2024-02-04 | 7.5 HIGH | N/A |
| Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. | |||||
| CVE-2004-0155 | 1 Kame | 1 Racoon | 2024-02-04 | 7.5 HIGH | N/A |
| The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509 certificate. | |||||