Total
253939 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-1985 | 1 Incognito Software Inc | 1 Ismtp Gateway | 2024-02-04 | 5.0 MEDIUM | N/A |
iSMTP 5.0.1 allows remote attackers to cause a denial of service via a long "MAIL FROM" command, possibly triggering a buffer overflow. | |||||
CVE-2004-0871 | 1 Mozilla | 1 Mozilla | 2024-02-04 | 5.0 MEDIUM | N/A |
Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection." | |||||
CVE-2001-0291 | 2024-02-04 | 10.0 HIGH | N/A | ||
Buffer overflow in post-query sample CGI program allows remote attackers to execute arbitrary commands via an HTTP POST request that contains at least 10001 parameters. | |||||
CVE-2003-0223 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message. | |||||
CVE-2002-0784 | 1 Lysias | 1 Lidik Webserver | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Lysias Lidik web server 0.7b allows remote attackers to list directories via an HTTP request with a ... (modified dot dot). | |||||
CVE-2003-0305 | 1 Cisco | 1 Ios | 2024-02-04 | 5.0 MEDIUM | N/A |
The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967. | |||||
CVE-2002-1568 | 1 Openssl | 1 Openssl | 2024-02-04 | 5.0 MEDIUM | N/A |
OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY messages, which are not properly handled in s2_srvr.c. | |||||
CVE-2003-1028 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 5.0 MEDIUM | N/A |
The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008. | |||||
CVE-2003-1221 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 5.0 MEDIUM | N/A |
BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions. | |||||
CVE-2002-1669 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 2.1 LOW | N/A |
pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with world-searchable permissions, which may allow local users to modify world-writable parts of the package during installation. | |||||
CVE-2000-0419 | 1 Microsoft | 10 Access, Excel, Frontpage and 7 more | 2024-02-04 | 7.5 HIGH | N/A |
The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability. | |||||
CVE-2003-0486 | 1 Phpbb Group | 1 Phpbb | 2024-02-04 | 5.0 MEDIUM | N/A |
SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter. | |||||
CVE-2000-0766 | 1 Vqsoft | 1 Vqserver | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in vqSoft vqServer 1.4.49 allows remote attackers to cause a denial of service or possibly gain privileges via a long HTTP GET request. | |||||
CVE-2001-0925 | 2 Apache, Debian | 2 Http Server, Debian Linux | 2024-02-04 | 5.0 MEDIUM | N/A |
The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex. | |||||
CVE-2001-1315 | 1 Critical Path | 2 Injoin Directory Server, Livecontent Directory | 2024-02-04 | 7.5 HIGH | N/A |
Critical Path (1) InJoin Directory Server or (2) LiveContent Directory allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed BER encodings, as demonstrated by the PROTOS LDAPv3 test suite. | |||||
CVE-2001-0723 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 6.4 MEDIUM | N/A |
Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript, aka the "Second Cookie Handling Vulnerability." | |||||
CVE-2004-0188 | 1 Calife | 1 Calife | 2024-02-04 | 7.2 HIGH | N/A |
Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local users to execute arbitrary code via a long password. | |||||
CVE-2004-0400 | 1 University Of Cambridge | 1 Exim | 2024-02-04 | 7.5 HIGH | N/A |
Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check. | |||||
CVE-2004-1784 | 1 Webcam Corp | 1 Webcam Watchdog | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the web server of Webcam Watchdog 3.63 allows remote attackers to execute arbitrary code via a long HTTP GET request. | |||||
CVE-2002-1341 | 1 Squirrelmail | 1 Squirrelmail | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters. |