Total
253959 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-0061 | 1 Lionmax Software | 1 Www File Share Pro | 2024-02-04 | 7.5 HIGH | N/A |
WWW File Share Pro 2.42 and earlier allows remote attackers to bypass directory access restrictions via (1) a URL with a trailing . (dot), or (2) a URI with a leading slash or backslash character. | |||||
CVE-2004-0537 | 1 Opera | 1 Opera Browser | 2024-02-04 | 5.0 MEDIUM | N/A |
Opera 7.50 and earlier allows remote web sites to provide a "Shortcut Icon" (favicon) that is wider than expected, which could allow the web sites to spoof a trusted domain and facilitate phishing attacks using a wide icon and extra spaces. | |||||
CVE-1999-1177 | 1 Lincoln D. Stein | 1 Nph-publish | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in nph-publish before 1.2 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the pathname for an upload operation. | |||||
CVE-2004-0767 | 1 Ngsec | 1 Stackdefender | 2024-02-04 | 5.0 MEDIUM | N/A |
NGSEC StackDefender 1.10 allows attackers to cause a denial of service (system crash) via an invalid address for the ObjectAttribues parameter to the hooks for the (1) ZwCreateFile or (2) ZwOpenFile functions. | |||||
CVE-2003-0270 | 1 Apple | 1 802.11n | 2024-02-04 | 7.6 HIGH | N/A |
The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections. | |||||
CVE-1999-0509 | 2024-02-04 | 10.0 HIGH | N/A | ||
Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands. | |||||
CVE-2001-0530 | 1 Spearhead | 2 Netgap 200, Netgap 300 | 2024-02-04 | 5.0 MEDIUM | N/A |
Spearhead NetGAP 200 and 300 before build 78 allow a remote attacker to bypass file blocking and content inspection via specially encoded URLs which include '%' characters. | |||||
CVE-2002-1590 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 7.2 HIGH | N/A |
The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) SUNWwbcou, (3) SUNWwbdev and (4) SUNWmgapp packages, when installed using Solaris 8 Update 1/01 or later, install files with world or group write permissions, which allows local users to gain root privileges or cause a denial of service. | |||||
CVE-1999-1170 | 2 Ipswitch, Progress | 2 Imail, Ipswitch Ws Ftp Server | 2024-02-04 | 4.6 MEDIUM | N/A |
IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920. | |||||
CVE-2004-2253 | 1 Netwin | 1 Surgeldap | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command. | |||||
CVE-1999-0384 | 1 Microsoft | 6 Office, Outlook, Project and 3 more | 2024-02-04 | 4.6 MEDIUM | N/A |
The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content. | |||||
CVE-2004-2076 | 1 Jelsoft | 1 Vbulletin | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in search.php for Jelsoft vBulletin 3.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||||
CVE-2004-0228 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 7.2 HIGH | N/A |
Integer signedness error in the cpufreq proc handler (cpufreq_procctl) in Linux kernel 2.6 allows local users to gain privileges. | |||||
CVE-2003-1371 | 1 Nuked-klan | 1 Nuked-klan | 2024-02-04 | 4.3 MEDIUM | N/A |
Nuked-Klan 1.3b, and possibly earlier versions, allows remote attackers to obtain sensitive server information via an op parameter set to phpinfo for the (1) Team, (2) News, or (3) Liens modules. | |||||
CVE-2004-0068 | 1 Phpdig.net | 1 Phpdig | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 and earlier allows remote attackers to execute arbitrary PHP code by modifying the $relative_script_path parameter to reference a URL on a remote web server that contains the code. | |||||
CVE-2002-2245 | 1 Netbsd | 1 Ftpd | 2024-02-04 | 5.0 MEDIUM | N/A |
ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a digit in response to a STAT command for a filename that contains a carriage return followed by a digit, which can cause firewalls and other intermediary devices to lose proper track of the FTP session. | |||||
CVE-2004-1396 | 1 Nullsoft | 1 Winamp | 2024-02-04 | 2.6 LOW | N/A |
Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file. | |||||
CVE-2000-0555 | 1 Lilikoi | 1 Ceilidh | 2024-02-04 | 5.0 MEDIUM | N/A |
Ceilidh allows remote attackers to cause a denial of service via a large number of POST requests. | |||||
CVE-2001-0576 | 1 Sco | 1 Openserver | 2024-02-04 | 4.6 MEDIUM | N/A |
lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a local attacker to gain additional privileges via a buffer overflow attack in the '-u' command line parameter. | |||||
CVE-2004-2031 | 1 E107 | 1 E107 | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) MSN, or (3) AIM fields. |