Total
253968 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0993 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2024-02-04 | 7.2 HIGH | N/A |
| Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd. | |||||
| CVE-2004-0391 | 1 Cisco | 2 Hosting Solution Engine, Wireless Lan Solution Engine | 2024-02-04 | 10.0 HIGH | N/A |
| Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting Solution Engine (HSE) 1.7 through 1.7.3 have a hardcoded username and password, which allows remote attackers to add new users, modify existing users, and change configuration. | |||||
| CVE-2003-1249 | 1 Businessobjects | 1 Webintelligence | 2024-02-04 | 7.5 HIGH | N/A |
| WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions. | |||||
| CVE-2001-0433 | 1 Micheal Lamont | 1 Savant Webserver | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in Savant 3.0 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Host HTTP header. | |||||
| CVE-2004-0094 | 1 Xfree86 Project | 1 X11r6 | 2024-02-04 | 7.5 HIGH | N/A |
| Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI). | |||||
| CVE-2000-0480 | 1 Shadow Op Software | 1 Dragon Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| Dragon telnet server allows remote attackers to cause a denial of service via a long username. | |||||
| CVE-2002-1949 | 1 Iomega | 2 Nas A300u, Nas A300u Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password. | |||||
| CVE-2002-1276 | 1 Squirrelmail | 1 Squirrelmail | 2024-02-04 | 4.3 MEDIUM | N/A |
| An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks. | |||||
| CVE-2000-0594 | 3 Caldera, Freebsd, Mandrakesoft | 6 Openlinux Desktop, Openlinux Ebuilder, Openlinux Edesktop and 3 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters. | |||||
| CVE-2003-0111 | 1 Microsoft | 3 Virtual Machine, Windows 2000, Windows 2000 Terminal Services | 2024-02-04 | 7.5 HIGH | N/A |
| The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise." | |||||
| CVE-2002-1167 | 1 Ibm | 1 Websphere Caching Proxy Server | 2024-02-04 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request. | |||||
| CVE-2003-0280 | 1 Youngzsoft | 1 Cmailserver | 2024-02-04 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the SMTP Service for ESMTP CMailServer 4.0.2003.03.27 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands. | |||||
| CVE-1999-1413 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 4.6 MEDIUM | N/A |
| Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to overwrite or create files at higher privileges by causing a core dump, e.g. through dmesg. | |||||
| CVE-2002-0097 | 1 Geeklog | 1 Geeklog | 2024-02-04 | 7.5 HIGH | N/A |
| Geeklog 1.3 allows remote attackers to hijack user accounts, including the administrator account, by modifying the UID of a user's permanent cookie to the target account. | |||||
| CVE-1999-0471 | 1 Winroute | 1 Winroute | 2024-02-04 | 5.0 MEDIUM | N/A |
| The remote proxy server in Winroute allows a remote attacker to reconfigure the proxy without authentication through the "cancel" button. | |||||
| CVE-2002-1851 | 1 Ipswitch | 1 Ws Ftp Pro | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute code on a client system via unknown attack vectors. | |||||
| CVE-2000-0434 | 1 Matthew Redman | 1 Allmanage | 2024-02-04 | 7.5 HIGH | N/A |
| The administrative password for the Allmanage web site administration software is stored in plaintext in a file which could be accessed by remote attackers. | |||||
| CVE-2001-1106 | 1 Sambar | 1 Sambar Server | 2024-02-04 | 7.5 HIGH | N/A |
| The default configuration of Sambar Server 5 and earlier uses a symmetric key that is compiled into the binary program for encrypting passwords, which could allow local users to break all user passwords by cracking the key or modifying a copy of the sambar program to call the decryption procedure. | |||||
| CVE-1999-1200 | 1 Vintra Systems | 1 Smtp Mailserver | 2024-02-04 | 5.0 MEDIUM | N/A |
| Vintra SMTP MailServer allows remote attackers to cause a denial of service via a malformed "EXPN *@" command. | |||||
| CVE-2004-1820 | 1 Warpspeed | 1 4nalbum Module | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in displaycategory.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary PHP code by modifying the basepath parameter to reference a URL on a remote web server that contains fileFunctions.php. | |||||