Total
253847 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2000-1055 | 1 Cisco | 1 Secure Access Control Server | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large TACACS+ packet. | |||||
CVE-2002-0643 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-02-04 | 4.6 MEDIUM | N/A |
The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System." | |||||
CVE-1999-0194 | 2024-02-04 | 5.0 MEDIUM | N/A | ||
Denial of service in in.comsat allows attackers to generate messages. | |||||
CVE-2002-0786 | 1 Critical Path | 1 Injoin Directory Server | 2024-02-04 | 5.0 MEDIUM | N/A |
iCon administrative web server for Critical Path inJoin Directory Server 4.0 allows authenticated inJoin administrators to read arbitrary files by specifying the target file in the LOG parameter. | |||||
CVE-2002-1308 | 2 Mozilla, Netscape | 2 Mozilla, Navigator | 2024-02-04 | 7.5 HIGH | N/A |
Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression. | |||||
CVE-2002-1295 | 1 Microsoft | 1 Java Virtual Machine | 2024-02-04 | 7.5 HIGH | N/A |
The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service (crash) and possibly conduct other unauthorized activities via applet tags in HTML that bypass Java class restrictions (such as private constructors) by providing the class name in the code parameter, aka "Incomplete Java Object Instantiation Vulnerability." | |||||
CVE-2000-0955 | 1 Cisco | 1 Virtual Central Office 4000 | 2024-02-04 | 7.5 HIGH | N/A |
Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to store usernames and passwords in the SNMP MIB, which allows an attacker who knows the community name to crack the password and gain privileges. | |||||
CVE-2002-1292 | 1 Microsoft | 1 Java Virtual Machine | 2024-02-04 | 7.5 HIGH | N/A |
The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as used in Internet Explorer, allows remote attackers to extend the Standard Security Manager (SSM) class (com.ms.security.StandardSecurityManager) and bypass intended StandardSecurityManager restrictions by modifying the (1) deniedDefinitionPackages or (2) deniedAccessPackages settings, causing a denial of service by adding Java applets to the list of applets that are prevented from running. | |||||
CVE-2004-1874 | 1 Alan Ward | 1 A-cart | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp and (2) billing.asp in A-CART Pro and A-CART 2.0 allow remote attackers to inject arbitrary web script or HTML via the user information forms. | |||||
CVE-2001-1538 | 1 Speedxess | 1 Ha-120 Dsl Router | 2024-02-04 | 7.5 HIGH | N/A |
SpeedXess HA-120 DSL router has a default administrative password of "speedxess", which allows remote attackers to gain access. | |||||
CVE-2000-1187 | 1 Netscape | 2 Communicator, Navigator | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field. | |||||
CVE-2002-2265 | 2 Hp, Open Source Internet Solutions | 2 Tru64, Open Source Internet Solutions | 2024-02-04 | 6.4 MEDIUM | N/A |
Unspecified vulnerability in LDAP Module in System Authentication of Open Source Internet Solutions (OSIS) 5.4 running on Tru64 UNIX 4.0G and 4.0F allows remote attackers to gain access to arbitrary files or gain privileges via unknown attack vectors. | |||||
CVE-2004-1675 | 1 Solarwinds | 1 Serv-u File Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX. | |||||
CVE-2002-2189 | 2 Activxperts Software, Microsoft | 2 Activwebserver, Windows 2003 Server | 2024-02-04 | 5.1 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in ActiveXperts Software ActiveWebserver allows remote attackers to execute arbitrary web script via a link. | |||||
CVE-2001-1135 | 1 Zyxel | 1 Prestige | 2024-02-04 | 7.5 HIGH | N/A |
ZyXEL Prestige 642R and 642R-I routers do not filter the routers' Telnet and FTP ports on the external WAN interface from inside access, allowing someone on an internal computer to reconfigure the router, if the password is known. | |||||
CVE-2002-1489 | 1 Planetdns | 1 Planetweb | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long URL or (2) a request with a long method name. | |||||
CVE-2001-0720 | 1 Apple | 1 Mac Os X | 2024-02-04 | 7.5 HIGH | N/A |
Internet Explorer 5.1 for Macintosh on Mac OS X allows remote attackers to execute arbitrary commands by causing a BinHex or MacBinary file type to be downloaded, which causes the files to be executed if automatic decoding is enabled. | |||||
CVE-2001-0321 | 1 Francisco Burzi | 1 Php-nuke | 2024-02-04 | 5.0 MEDIUM | N/A |
opendir.php script in PHP-Nuke allows remote attackers to read arbitrary files by specifying the filename as an argument to the requesturl parameter. | |||||
CVE-2004-2178 | 1 Devoybb | 1 Devoybb Web Forum | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
CVE-2003-0657 | 1 Phpgroupware | 1 Phpgroupware | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and earlier could allow remote attackers to conduct unauthorized database actions. |