Total
253999 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-1999-1421 | 1 N-base | 2 Nh208, Nh215 | 2024-02-04 | 6.4 MEDIUM | N/A |
NBase switches NH208 and NH215 run a TFTP server which allows remote attackers to send software updates to modify the switch or cause a denial of service (crash) by guessing the target filenames, which have default names. | |||||
CVE-2000-0456 | 1 Netbsd | 1 Netbsd | 2024-02-04 | 2.1 LOW | N/A |
NetBSD 1.4.2 and earlier allows local users to cause a denial of service by repeatedly running certain system calls in the kernel which do not yield the CPU, aka "cpu-hog". | |||||
CVE-2001-1205 | 1 Matrixs Cgi Vault | 1 Last Lines | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0 allows remote attackers to read arbitrary files via '..' sequences in the $error_log variable. | |||||
CVE-2001-1053 | 1 Adcycle | 1 Adcycle | 2024-02-04 | 10.0 HIGH | N/A |
AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument. | |||||
CVE-2002-0923 | 1 Cgiscript.net | 1 Csnews | 2024-02-04 | 7.5 HIGH | N/A |
CGIScript.net csNews.cgi allows remote authenticated users to read arbitrary files, and possibly gain privileges, via the (1) pheader or (2) pfooter parameters in the "Advanced Settings" capability. | |||||
CVE-2001-1076 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable. | |||||
CVE-2000-0731 | 1 Jeremy Arnold | 1 Worm Webserver | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Worm HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
CVE-2000-0336 | 4 Mandrakesoft, Openldap, Redhat and 1 more | 4 Mandrake Linux, Openldap, Linux and 1 more | 2024-02-04 | 2.1 LOW | N/A |
Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack. | |||||
CVE-2004-2242 | 1 Phorum | 1 Phorum | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in search.php in Phorum, possibly 5.0.7 beta and earlier, allows remote attackers to inject arbitrary HTML or web script via the subject parameter. | |||||
CVE-2002-0598 | 1 Foundstone | 1 Fscan | 2024-02-04 | 7.5 HIGH | N/A |
Format string vulnerability in Foundstone FScan 1.12 with banner grabbing enabled allows remote attackers to execute arbitrary code on the scanning system via format string specifiers in the server banner. | |||||
CVE-1999-0608 | 1 Pdgsoft | 1 Pdg Shopping Cart | 2024-02-04 | 5.0 MEDIUM | N/A |
An incorrect configuration of the PDG Shopping Cart CGI program "shopper.cgi" could disclose private information. | |||||
CVE-2002-0794 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 5.0 MEDIUM | N/A |
The accept_filter mechanism in FreeBSD 4 through 4.5 does not properly remove entries from the incomplete listen queue when adding a syncache, which allows remote attackers to cause a denial of service (network service availability) via a large number of connection attempts, which fills the queue. | |||||
CVE-2003-1432 | 1 Epic Games | 2 Unreal Engine, Unreal Tournament 2003 | 2024-02-04 | 10.0 HIGH | N/A |
Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file. | |||||
CVE-2003-0138 | 1 Mit | 1 Kerberos | 2024-02-04 | 7.5 HIGH | N/A |
Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack. | |||||
CVE-2001-0706 | 1 Maxum Development Corporation | 1 Rumpus Ftp Server | 2024-02-04 | 2.1 LOW | N/A |
Maximum Rumpus FTP Server 2.0.3 dev and before allows an attacker to cause a denial of service (crash) via a mkdir command that specifies a large number of sub-folders. | |||||
CVE-2003-1523 | 1 Dbmail | 1 Dbmail | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows remote attackers to execute arbitrary SQL commands via the (1) login username, (2) mailbox name, and possibly other attack vectors. | |||||
CVE-2004-1239 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2004. Notes: none. | |||||
CVE-2001-0064 | 1 Alt-n | 1 Mdaemon | 2024-02-04 | 5.0 MEDIUM | N/A |
Webconfig, IMAP, and other services in MDaemon 3.5.0 and earlier allows remote attackers to cause a denial of service via a long URL terminated by a "\r\n" string. | |||||
CVE-2001-1409 | 1 Xfree86 Project | 1 Xfree86 X Server | 2024-02-04 | 3.6 LOW | N/A |
dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with insecure permissions (666), which allows local users to replace or create files in the root file system. | |||||
CVE-2004-0535 | 6 Conectiva, Engardelinux, Gentoo and 3 more | 17 Linux, Secure Community, Secure Linux and 14 more | 2024-02-04 | 2.1 LOW | N/A |
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources. |