Total
253952 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-0867 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0662. Reason: This candidate is a duplicate of CVE-2003-0662. Notes: All CVE users should reference CVE-2003-0662 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2001-1572 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 7.5 HIGH | N/A |
The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when configured to filter based on MAC addresses, allows remote attackers to bypass packet filters via small packets. | |||||
CVE-2002-1069 | 1 D-link | 1 Di-804 | 2024-02-04 | 5.0 MEDIUM | N/A |
The remote administration capability for the D-Link DI-804 router 4.68 allows remote attackers to bypass authentication and release DHCP addresses or obtain sensitive information via a direct web request to the pages (1) release.htm, (2) Device Status, or (3) Device Information. | |||||
CVE-2002-2301 | 1 Lawson Software | 1 Lawson Financials | 2024-02-04 | 3.3 LOW | N/A |
Lawson Financials 8.0, when configured to use a third party relational database, stores usernames and passwords in a world-readable file, which allows local users to read the passwords and log onto the database. | |||||
CVE-2003-1018 | 1 Ibm | 1 Aix | 2024-02-04 | 7.2 HIGH | N/A |
Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 allows local users with rintq group privileges to gain privileges via unknown attack vectors. | |||||
CVE-2004-1600 | 1 Coolphp | 1 Coolphp | 2024-02-04 | 5.0 MEDIUM | N/A |
index.php in CoolPHP 1.0-stable allows remote attackers to gain sensitive information via an invalid op parameter, which reveals the path in an error message. | |||||
CVE-2004-0713 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 6.4 MEDIUM | N/A |
The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remove EJB objects from remote views before the security exception is thrown. | |||||
CVE-2003-1361 | 2 Ibm, Veritas | 2 Tivoli Storage Manager, Bare Metal Restore | 2024-02-04 | 10.0 HIGH | N/A |
Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli Storage Manager (TSM) 3.1.0 through 3.2.1 allows remote attackers to gain root privileges on the BMR Main Server. | |||||
CVE-2004-1535 | 1 Phpbb Group | 1 Phpbb | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_path parameter to reference a URL on a remote web server that contains the code. | |||||
CVE-2003-0804 | 3 Apple, Freebsd, Openbsd | 4 Mac Os X, Mac Os X Server, Freebsd and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests. | |||||
CVE-2000-0155 | 1 Microsoft | 3 Windows 95, Windows 98, Windows Nt | 2024-02-04 | 7.2 HIGH | N/A |
Windows NT Autorun executes the autorun.inf file on non-removable media, which allows local attackers to specify an alternate program to execute when other users access a drive. | |||||
CVE-2000-0056 | 1 Ipswitch | 1 Imail | 2024-02-04 | 5.0 MEDIUM | N/A |
IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi. | |||||
CVE-2002-1405 | 3 Elinks, Links, University Of Kansas | 3 Elinks, Links, Lynx | 2024-02-04 | 5.0 MEDIUM | N/A |
CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters. | |||||
CVE-2003-1427 | 1 Netgear | 1 Fm114p | 2024-02-04 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in the web configuration interface in Netgear FM114P 1.4 allows remote attackers to read arbitrary files, such as the netgear.cfg configuration file, via a hex-encoded (%2e%2e%2f) ../ (dot dot slash) in the port parameter. | |||||
CVE-2003-1500 | 1 Cpcommerce | 1 Cpcommerce | 2024-02-04 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in _functions.php in cpCommerce 0.5f allows remote attackers to execute arbitrary code via the prefix parameter. | |||||
CVE-1999-0213 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 10.0 HIGH | N/A |
libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind. | |||||
CVE-2002-1078 | 1 Aprelium Technologies | 1 Abyss Web Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Abyss Web Server 1.0.3 allows remote attackers to list directory contents via an HTTP GET request that ends in a large number of / (slash) characters. | |||||
CVE-2002-1836 | 1 Xerox | 2 Docutech 6110, Docutech 6115 | 2024-02-04 | 5.0 MEDIUM | N/A |
The default configuration of Xerox DocuTech 6110 and DocuTech 6115 exports certain NFS shares to the world with world writable permissions, which may allow remote attackers to modify sensitive files. | |||||
CVE-2002-0166 | 1 Stephen Turner | 1 Analog | 2024-02-04 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascript via an HTTP request containing the script, which is entered into a web logfile and not properly filtered by analog during display. | |||||
CVE-2000-0027 | 1 Ibm | 1 Network Station Manager | 2024-02-04 | 6.2 MEDIUM | N/A |
IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack. |