Total
253345 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-1756 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 5.0 MEDIUM | N/A |
BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote attackers to spoof other users or servers. | |||||
CVE-1999-0620 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A component service related to NIS is running." | |||||
CVE-2001-0155 | 1 Van Dyke Technologies | 1 Vshell | 2024-02-04 | 7.5 HIGH | N/A |
Format string vulnerability in VShell SSH gateway 1.0.1 and earlier allows remote attackers to execute arbitrary commands via a user name that contains format string specifiers. | |||||
CVE-2000-0488 | 1 Ithouse | 1 Ithouse Mail Server | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in ITHouse mail server 1.04 allows remote attackers to execute arbitrary commands via a long RCPT TO mail command. | |||||
CVE-2002-2376 | 1 Leung | 1 E-guest | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in E-Guest_sign.pl in E-Guest 1.1 allows remote attackers to inject arbitrary SSI directives, web script, and HTML via the (1) full name, (2) email, (3) homepage, and (4) location parameters. NOTE: this issue might overlap CVE-2005-1605. | |||||
CVE-2004-2120 | 1 Reptile Web Server | 1 Reptile Web Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Reptile Web Server allows remote attackers to cause a denial of service (CPU consumption) via multiple incomplete GET requests without the HTTP version. | |||||
CVE-2003-0768 | 1 Microsoft | 1 Asp.net | 2024-02-04 | 6.8 MEDIUM | N/A |
Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name. | |||||
CVE-2002-1711 | 1 Basilix | 1 Basilix Webmail | 2024-02-04 | 2.1 LOW | N/A |
BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments. | |||||
CVE-2001-0405 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 7.5 HIGH | N/A |
ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the firewall. | |||||
CVE-2000-1107 | 1 Suse | 1 Suse Linux | 2024-02-04 | 5.0 MEDIUM | N/A |
in.identd ident server in SuSE Linux 6.x and 7.0 allows remote attackers to cause a denial of service via a long request, which causes the server to access a NULL pointer and crash. | |||||
CVE-2001-0316 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 4.6 MEDIUM | N/A |
Linux kernel 2.4 and 2.2 allows local users to read kernel memory and possibly gain privileges via a negative argument to the sysctl call. | |||||
CVE-2003-1124 | 1 Sun | 1 Management\+center | 2024-02-04 | 4.6 MEDIUM | N/A |
Unknown vulnerability in Sun Management Center (SunMC) 2.1.1, 3.0, and 3.0 Revenue Release (RR), when installed and run by root, allows local users to create or modify arbitrary files. | |||||
CVE-2003-0760 | 1 Optisoft | 1 Blubster | 2024-02-04 | 5.0 MEDIUM | N/A |
Blubster 2.5 allows remote attackers to cause a denial of service (crash) via a flood of connections to UDP port 701. | |||||
CVE-2004-0572 | 1 Microsoft | 1 Grpconv | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe. | |||||
CVE-2000-1158 | 1 Network Associates | 1 Sniffer Agent | 2024-02-04 | 7.5 HIGH | N/A |
NAI Sniffer Agent uses base64 encoding for authentication, which allows attackers to sniff the network and easily decrypt usernames and passwords. | |||||
CVE-2003-0850 | 2 Dug Song, Rafal Wojtczuk | 2 Dsniff, Libnids | 2024-02-04 | 7.5 HIGH | N/A |
The TCP reassembly functionality in libnids before 1.18 allows remote attackers to cause "memory corruption" and possibly execute arbitrary code via "overlarge TCP packets." | |||||
CVE-1999-0859 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 2.1 LOW | N/A |
Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly. | |||||
CVE-2000-0872 | 1 Nathan Purciful | 1 Phpphotoalbum | 2024-02-04 | 5.0 MEDIUM | N/A |
explorer.php in PhotoAlbum 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
CVE-1999-0362 | 1 Ipswitch | 1 Ws Ftp Server | 2024-02-04 | 5.0 MEDIUM | N/A |
WS_FTP server remote denial of service through cwd command. | |||||
CVE-2002-1683 | 1 Working Resources Inc. | 1 Badblue | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition 1.7.3 allows remote attackers to execute arbitrary script as other users by injecting script into the cleanSearchString() function. |