Total
253993 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-1999-1221 | 1 Digital | 1 Unix | 2024-02-04 | 2.1 LOW | N/A |
dxchpwd in Digital Unix (OSF/1) 3.x allows local users to modify arbitrary files via a symlink attack on the dxchpwd.log file. | |||||
CVE-2002-1540 | 1 Symantec | 1 Norton Antivirus | 2024-02-04 | 7.2 HIGH | N/A |
The client for Symantec Norton AntiVirus Corporate Edition 7.5.x before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32 with raised privileges, which allows local users to gain privileges by using certain features of winhlp32. | |||||
CVE-2003-0806 | 1 Microsoft | 3 Windows 2000, Windows Nt, Windows Xp | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code. | |||||
CVE-2001-0758 | 1 Evolvable Corporation | 1 Shambala Server | 2024-02-04 | 7.5 HIGH | N/A |
Directory traversal vulnerability in Shambala 4.5 allows remote attackers to escape the FTP root directory via "CWD ..." command. | |||||
CVE-2001-0108 | 2 Mandrakesoft, Php | 2 Mandrake Linux, Php | 2024-02-04 | 5.0 MEDIUM | N/A |
PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested. | |||||
CVE-1999-0957 | 1 Great Circle Associates | 1 Majorcool | 2024-02-04 | 2.1 LOW | N/A |
MajorCool mj_key_cache program allows local users to modify files via a symlink attack. | |||||
CVE-2001-0528 | 1 Oracle | 1 E-business Suite | 2024-02-04 | 7.2 HIGH | N/A |
Oracle E-Business Suite Release 11i Applications Desktop Integrator (ADI) version 7.x includes a debug version of FNDPUB11I.DLL, which logs the APPS schema password in cleartext in a debug file, which allows local users to obtain the password and gain privileges. | |||||
CVE-2004-0928 | 2 Hitachi, Macromedia | 4 Cosminexus Enterprise, Cosminexus Server, Coldfusion and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm". | |||||
CVE-1999-0364 | 2 Fms Inc., Microsoft | 2 Total Vb Sourcebook, Access | 2024-02-04 | 10.0 HIGH | N/A |
Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data. | |||||
CVE-2004-1806 | 1 Dogpatch Software | 1 Cfwebstore | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.cfm in CFWebstore 5.0 allows remote attackers to execute SQL commands via the (1) category_id, (2) product_id, or (3) feature_id parameters. | |||||
CVE-2004-1886 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-1848. Reason: This candidate is a duplicate of CVE-2004-1848. Notes: All CVE users should reference CVE-2004-1848 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2001-0804 | 1 Valerie Mates | 1 Interactive Story | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in story.pl in Interactive Story 1.3 allows a remote attacker to read arbitrary files via a .. (dot dot) attack on the "next" parameter. | |||||
CVE-2004-1841 | 1 Ms Analysis | 1 Website Traffic Analyzer | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL via the referer field in an HTTP request. | |||||
CVE-2001-0375 | 1 Cisco | 2 Pix Firewall 515, Pix Firewall 520 | 2024-02-04 | 5.0 MEDIUM | N/A |
Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests. | |||||
CVE-2001-0005 | 1 Microsoft | 1 Powerpoint | 2024-02-04 | 6.2 MEDIUM | N/A |
Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands. | |||||
CVE-2003-1320 | 1 Sonicwall | 1 Firmware | 2024-02-04 | 5.1 MEDIUM | N/A |
SonicWALL firmware before 6.4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) a large number of payloads, or (3) a long payload. | |||||
CVE-1999-1317 | 1 Microsoft | 1 Windows Nt | 2024-02-04 | 4.6 MEDIUM | N/A |
Windows NT 4.0 SP4 and earlier allows local users to gain privileges by modifying the symbolic link table in the \?? object folder using a different case letter (upper or lower) to point to a different device. | |||||
CVE-2003-0846 | 1 Suse | 1 Suse Linux | 2024-02-04 | 4.6 MEDIUM | N/A |
SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro allows local users to overwrite arbitrary files via a symlink attack on the .java_wrapper temporary file. | |||||
CVE-1999-0603 | 2024-02-04 | 10.0 HIGH | N/A | ||
In Windows NT, an inappropriate user is a member of a group, e.g. Administrator, Backup Operators, Domain Admins, Domain Guests, Power Users, Print Operators, Replicators, System Operators, etc. | |||||
CVE-2003-1084 | 1 Tildeslash | 1 Monit | 2024-02-04 | 5.0 MEDIUM | N/A |
Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request with a negative Content-Length field. |