Total
253990 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-2340 | 1 Phorum | 1 Phorum | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in read.php in Phorum 3.3.2a allows remote attackers to inject arbitrary web script or HTML via (1) the t parameter or (2) the body of an email response. | |||||
CVE-2001-0526 | 1 Sun | 1 Solaris | 2024-02-04 | 4.6 MEDIUM | N/A |
Buffer overflow in the Xview library as used by mailtool in Solaris 8 and earlier allows a local attacker to gain privileges via the OPENWINHOME environment variable. | |||||
CVE-2003-0324 | 1 Epic | 1 Epic4 | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflows in EPIC IRC Client (EPIC4) 1.0.1 allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via long replies that are not properly handled by the (1) userhost_cmd_returned function, or (2) Statusbar capability. | |||||
CVE-2003-0557 | 1 Lagarde | 1 Storefront | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in login.asp for StoreFront 6.0, and possibly earlier versions, allows remote attackers to obtain sensitive user information via SQL statements in the password field. | |||||
CVE-2004-1469 | 1 Peter D. Gray | 1 Sus | 2024-02-04 | 7.2 HIGH | N/A |
Format string vulnerability in the log function in SUS 2.0.2, and other versions before 2.0.6, allows local users to execute arbitrary code via format string specifiers in a command line argument that is passed directly to syslog. | |||||
CVE-2001-0256 | 1 Fastream | 1 Ftp\+\+ Server | 2024-02-04 | 7.5 HIGH | N/A |
FaSTream FTP++ Server 2.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long username. | |||||
CVE-2003-0992 | 1 Gnu | 1 Mailman | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users. | |||||
CVE-2001-0977 | 4 Debian, Mandrakesoft, Openldap and 1 more | 6 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server and 3 more | 2024-02-04 | 5.0 MEDIUM | N/A |
slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field. | |||||
CVE-2001-1017 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 7.2 HIGH | N/A |
rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the master.passwd file with world-readable permissions while updating the original file, which could allow local users to gain privileges by reading the copied file while rmuser is running, obtain the password hashes, and crack the passwords. | |||||
CVE-2004-0453 | 1 Vice | 1 Vice | 2024-02-04 | 7.2 HIGH | N/A |
Format string vulnerability in the monitor "memory dump" command in VICE 1.6 to 1.14 allows local users to cause a denial of service (emulator crash) and possibly execute arbitrary code via format string specifiers in an output string. | |||||
CVE-2004-1750 | 1 Vnc | 1 Realvnc | 2024-02-04 | 5.0 MEDIUM | N/A |
RealVNC 4.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of connections to port 5900. | |||||
CVE-2004-2011 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 2.6 LOW | N/A |
msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to cause a denial of service (crash) via a single & (ampersand) in a <Ref href> link, which triggers a parsing error, possibly due to missing portions of the URI. | |||||
CVE-2002-1110 | 1 Mantis | 1 Mantis | 2024-02-04 | 10.0 HIGH | N/A |
Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magic_quotes_gpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to account_update.php. | |||||
CVE-1999-0534 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-02-04 | 4.6 MEDIUM | N/A |
A Windows NT user has inappropriate rights or privileges, e.g. Act as System, Add Workstation, Backup, Change System Time, Create Pagefile, Create Permanent Object, Create Token Name, Debug, Generate Security Audit, Increase Priority, Increase Quota, Load Driver, Lock Memory, Profile Single Process, Remote Shutdown, Replace Process Token, Restore, System Environment, Take Ownership, or Unsolicited Input. | |||||
CVE-2004-1818 | 1 Warpspeed | 1 4nalbum Module | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in nmimage.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary script as other users by injecting arbitrary script into the z parameter. | |||||
CVE-2002-1983 | 1 Qnx | 1 Rtos | 2024-02-04 | 2.1 LOW | N/A |
The timer implementation in QNX RTOS 6.1.0 allows local users to cause a denial of service (hang) and possibly execute arbitrary code by creating multiple timers with a 1-ms tick. | |||||
CVE-2004-1523 | 1 New Media Generation | 1 Hired Team Trial | 2024-02-04 | 5.0 MEDIUM | N/A |
Format string vulnerability in the game console in Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause a denial of service (application crash) via format string specifiers in a message. | |||||
CVE-2000-0493 | 1 Atrius Trivalie Sn | 1 Time Sync | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in Simple Network Time Sync (SMTS) daemon allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long string. | |||||
CVE-2004-2202 | 1 Duware | 1 Duclassified | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 through 4.2 allows remote attackers to bypass authentication and execute other commands on the server's underlying database via the (1) cat_id or (2) sub_id parameters in adDetail.asp, or (2) the password parameter in the login form. | |||||
CVE-2002-0921 | 1 Cgiscript.net | 1 Csnews | 2024-02-04 | 5.0 MEDIUM | N/A |
CGIScript.net csNews.cgi allows remote attackers to obtain potentially sensitive information, such as the full server pathname and other configuration settings, via the viewnews command with an invalid database, which leaks the information in error messages. |