Total
253345 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0226 | 1 Dcscripts | 1 Dcforum | 2024-02-04 | 7.5 HIGH | N/A |
retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID, which allows remote attackers to request a new password on behalf of another user and use the sessionID to calculate the new password for that user. | |||||
CVE-2003-1300 | 1 Pablo Software Solutions | 1 Baby Ftp Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Baby FTP Server (BabyFTP) 1.2, and possibly other versions before May 31, 2003, allows remote attackers to cause a denial of service via a large number of connections from the same IP address, which triggers an access violation. | |||||
CVE-1999-0907 | 1 Steven J. Merrifield | 1 Soundcard Cw | 2024-02-04 | 2.1 LOW | N/A |
sccw allows local users to read arbitrary files. | |||||
CVE-2002-0397 | 1 Red-m | 1 1050ap Lan Acess Point | 2024-02-04 | 5.0 MEDIUM | N/A |
Red-M 1050 (Bluetooth Access Point) publicizes its name, IP address, and other information in UDP packets to a broadcast address, which allows any system on the network to obtain potentially sensitive information about the Access Point device by monitoring UDP port 8887. | |||||
CVE-2004-1104 | 1 Microsoft | 1 Ie | 2024-02-04 | 7.5 HIGH | N/A |
Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty "href" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL. | |||||
CVE-2003-0976 | 1 Novell | 1 Netware | 2024-02-04 | 7.5 HIGH | N/A |
NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce sys:\etc\exports when hostname aliases from sys:etc\hosts file are used, which could allow users to mount file systems when XNFS should deny the host. | |||||
CVE-1999-0370 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 4.6 MEDIUM | N/A |
In Sun Solaris and SunOS, man and catman contain vulnerabilities that allow overwriting arbitrary files. | |||||
CVE-2000-0364 | 1 Redhat | 1 Linux | 2024-02-04 | 4.6 MEDIUM | N/A |
screen and rxvt in Red Hat Linux 6.0 do not properly set the modes of tty devices, which allows local users to write to other ttys. | |||||
CVE-1999-1533 | 1 Trend Micro | 1 Interscan Viruswall | 2024-02-04 | 7.5 HIGH | N/A |
Eicon Technology Diva LAN ISDN modem allows a remote attacker to cause a denial of service (hang) via a long password argument to the login.htm file in its HTTP service. | |||||
CVE-2003-0050 | 1 Apple | 2 Darwin Streaming Server, Quicktime Streaming Server | 2024-02-04 | 7.5 HIGH | N/A |
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters. | |||||
CVE-2002-0074 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-04 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session. | |||||
CVE-2004-0371 | 1 Kth | 1 Heimdal | 2024-02-04 | 5.0 MEDIUM | N/A |
Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the cross-realm trust path. | |||||
CVE-2001-0747 | 1 Iplanet | 1 Iplanet Web Server | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in iPlanet Web Server (iWS) Enterprise Edition 4.1, service packs 3 through 7, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long method name in an HTTP request. | |||||
CVE-2003-0838 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 7.5 HIGH | N/A |
Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe). | |||||
CVE-2004-1507 | 1 Webcalendar | 1 Webcalendar | 2024-02-04 | 5.0 MEDIUM | N/A |
CRLF injection vulnerability in login.php in WebCalendar allows remote attackers to inject CRLF sequences via the return_path parameter and perform HTTP Response Splitting attacks to modify expected HTML content from the server. | |||||
CVE-2002-2005 | 1 Sun | 1 Java Web Start | 2024-02-04 | 7.5 HIGH | N/A |
Unknown vulnerability in Java web start 1.0.1_01, 1.0.1, 1.0 and 1.0.1.01 (HP-UX 11.x only) allows attackers to gain access to restricted resources via unknown attack vectors. | |||||
CVE-2001-0404 | 1 Sun | 1 Javaserver Web Dev Kit | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in JavaServer Web Dev Kit (JSWDK) 1.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request to the WEB-INF directory. | |||||
CVE-2005-0373 | 6 Apple, Conectiva, Cyrus and 3 more | 8 Mac Os X, Mac Os X Server, Linux and 5 more | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code. | |||||
CVE-2003-1297 | 1 Efs Software | 1 Efs Web Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Easy File Sharing (EFS) Web Server 1.2 stores the (1) option.ini (aka options.ini) file and (2) log directory under the web root with insufficient access control, which allows remote attackers to obtain sensitive information including an SMTP account username and password hash, the server configuration, and server log files. | |||||
CVE-2004-0714 | 1 Cisco | 3 Ios, Ons 15454e Optical Transport Platform, Optical Networking Systems Software | 2024-02-04 | 5.0 MEDIUM | N/A |
Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts to process SNMP solicited operations on improper ports (UDP 162 and a randomly chosen UDP port), which allows remote attackers to cause a denial of service (device reload and memory corruption). |