Total
253940 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-0654 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 2.1 LOW | N/A |
Unknown vulnerability in the Basic Security Module (BSM), when configured to audit either the Administrative (ad) or the System-Wide Administration (as) audit class in Solaris 7, 8, and 9, allows local users to cause a denial of service (kernel panic). | |||||
CVE-2002-2116 | 1 Netgear | 2 Rm356, Rt338 | 2024-02-04 | 5.0 MEDIUM | N/A |
Netgear RM-356 and RT-338 series SOHO routers allow remote attackers to cause a denial of service (crash) via a UDP port scan, as demonstrated using nmap. | |||||
CVE-2001-0615 | 1 Faust Informatics | 1 Freestyle Chat | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a remote attacker to read arbitrary files via a specially crafted URL which includes variations of a '..' (dot dot) attack such as '...' or '....'. | |||||
CVE-1999-1562 | 1 Gftp | 1 Ftp Client | 2024-02-04 | 4.6 MEDIUM | N/A |
gFTP FTP client 1.13, and other versions before 2.0.0, records a password in plaintext in (1) the log window, or (2) in a log file. | |||||
CVE-2002-2322 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2024-02-04 | 5.0 MEDIUM | N/A |
Ultimate PHP Board (UPB) 1.0b stores the users.dat data file under the web root with insufficient access control, which allows remote attackers to obtain usernames and passwords. | |||||
CVE-1999-0655 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is not about any specific product, protocol, or design, so it is out of scope of CVE. Notes: the former description is: "A service may include useful information in its banner or help function (such as the name and version), making it useful for information gathering activities." | |||||
CVE-2003-1172 | 1 Apache | 1 Cocoon | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter. | |||||
CVE-1999-1418 | 1 Mirabilis | 1 Icq Web Front | 2024-02-04 | 5.0 MEDIUM | N/A |
ICQ99 ICQ web server build 1701 with "Active Homepage" enabled generates allows remote attackers to determine the existence of files on the server by comparing server responses when a file exists ("404 Forbidden") versus when a file does not exist ("404 not found"). | |||||
CVE-2003-1551 | 1 Novell | 1 Groupwise | 2024-02-04 | 10.0 HIGH | N/A |
Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before Revision F has unknown impact and attack vectors related to "malicious script." | |||||
CVE-2004-1865 | 1 Bblog | 1 Bblog | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name ($blogname). NOTE: if administrators are normally allowed to add HTML by other means, e.g. through Smarty templates, then this issue would not give any additional privileges, and thus would not be considered a vulnerability. | |||||
CVE-2004-0999 | 1 Zgv | 1 Zgv Image Viewer | 2024-02-04 | 2.6 LOW | N/A |
zgv 5.5.3 allows remote attackers to cause a denial of service (application crash via segmentation fault) via crafted multiple-image (animated) GIF images. | |||||
CVE-2000-1125 | 1 Redhat | 1 Linux | 2024-02-04 | 7.2 HIGH | N/A |
restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program. | |||||
CVE-2004-0190 | 1 Symantec | 3 Firewall Vpn Appliance 100, Firewall Vpn Appliance 200, Firewall Vpn Appliance 200r | 2024-02-04 | 7.5 HIGH | N/A |
Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges. | |||||
CVE-2003-0268 | 1 Bvrp Software | 1 Slwebmail | 2024-02-04 | 5.0 MEDIUM | N/A |
SLWebMail 3 on Windows systems allows remote attackers to identify the full path of the server via invalid requests to DLLs such as WebMailReq.dll, which reveals the path in an error message. | |||||
CVE-1999-1204 | 1 Checkpoint | 1 Firewall-1 | 2024-02-04 | 7.5 HIGH | N/A |
Check Point Firewall-1 does not properly handle certain restricted keywords (e.g., Mail, auth, time) in user-defined objects, which could produce a rule with a default "ANY" address and result in access to more systems than intended by the administrator. | |||||
CVE-2003-0130 | 1 Ximian | 1 Evolution | 2024-02-04 | 5.0 MEDIUM | N/A |
The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers to inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image. | |||||
CVE-2004-0301 | 1 Ecommerce Corporation Online | 1 Store Kit | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in more.php for Online Store Kit 3.0 allows remote attackers to inject arbitrary HTML via the id parameter. | |||||
CVE-2002-1889 | 1 Logsurfer | 1 Logsurfer | 2024-02-04 | 5.0 MEDIUM | N/A |
Off-by-one buffer overflow in the context_action function in context.c of Logsurfer 1.41 through 1.5a allows remote attackers to cause a denial of service (crash) via a malformed log entry. | |||||
CVE-2002-1601 | 1 Adobe | 1 Photodeluxe | 2024-02-04 | 5.1 MEDIUM | N/A |
The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the Adobe directory to the CLASSPATH environment variable, which allows applets to run with higher privileges and remote attackers to gain privileges via an HTML e-mail message or a web page. | |||||
CVE-2002-0676 | 1 Apple | 1 Mac Os X | 2024-02-04 | 7.5 HIGH | N/A |
SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates. |