Total
253940 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-1458 | 1 Leszek Krupinski | 1 L-forum | 2024-02-04 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is on, allows remote attackers to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail, (3) Subject and (4) Body. | |||||
CVE-2002-1015 | 1 Realnetworks | 3 Realjukebox 2, Realjukebox 2 Plus, Realone Player | 2024-02-04 | 7.5 HIGH | N/A |
RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers. | |||||
CVE-1999-1210 | 1 Digital | 1 Unix | 2024-02-04 | 7.2 HIGH | N/A |
xterm in Digital UNIX 4.0B *with* patch kit 5 allows local users to overwrite arbitrary files via a symlink attack on a core dump file, which is created when xterm is called with a DISPLAY environmental variable set to a display that xterm cannot access. | |||||
CVE-2001-0807 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 2.6 LOW | N/A |
Internet Explorer 5.0, and possibly other versions, may allow remote attackers (malicious web pages) to read known text files from a client's hard drive via a SCRIPT tag with a SRC value that points to the text file. | |||||
CVE-2003-0795 | 3 Gnu, Quagga, Sgi | 3 Zebra, Quagga, Propack | 2024-02-04 | 5.0 MEDIUM | N/A |
The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference. | |||||
CVE-2001-0527 | 1 Dcscripts | 2 Dcforum, Dcforum 2000 | 2024-02-04 | 10.0 HIGH | N/A |
DCScripts DCForum versions 2000 and earlier allow a remote attacker to gain additional privileges by inserting pipe symbols (|) and newlines into the last name in the registration form, which will create an extra entry in the registration database. | |||||
CVE-2001-0931 | 1 Cooolsoft | 1 Powerftp | 2024-02-04 | 7.5 HIGH | N/A |
Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03 allows attackers to list or read arbitrary files and directories via a .. (dot dot) in (1) LS or (2) GET. | |||||
CVE-2004-2135 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.1 LOW | N/A |
cryptoloop on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption. | |||||
CVE-2002-0159 | 1 Cisco | 1 Secure Access Control Server | 2024-02-04 | 7.5 HIGH | N/A |
Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002. | |||||
CVE-2000-0542 | 1 Ericsson | 1 Axc Tigris Multiservice Access Platform | 2024-02-04 | 5.0 MEDIUM | N/A |
Tigris remote access server before 11.5.4.22 does not properly record Radius accounting information when a user fails the initial login authentication but subsequently succeeds. | |||||
CVE-2002-0776 | 1 Hosting Controller | 1 Hosting Controller | 2024-02-04 | 7.5 HIGH | N/A |
getuserdesc.asp in Hosting Controller 2002 allows remote attackers to change the passwords of arbitrary users and gain privileges by modifying the username parameter, as addressed by the "UpdateUser" hot fix. | |||||
CVE-2000-0999 | 1 Openbsd | 1 Openssh | 2024-02-04 | 10.0 HIGH | N/A |
Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow attackers to gain root privileges. | |||||
CVE-2003-0950 | 1 Peoplesoft | 1 Peopletools | 2024-02-04 | 7.5 HIGH | N/A |
PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to execute arbitrary commands by uploading a file to the IClient Servlet, guessing the insufficiently random (system time) name of the directory used to store the file, and directly requesting that file. | |||||
CVE-2002-2020 | 1 Netgear | 1 Rp114 | 2024-02-04 | 7.5 HIGH | N/A |
Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default administrator password and accepts admin logins on the external interface, which allows remote attackers to gain privileges if the password is not changed. | |||||
CVE-2001-1054 | 1 Phpadsnew | 1 Phpadsnew | 2024-02-04 | 7.5 HIGH | N/A |
PHPAdsNew PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | |||||
CVE-2003-0202 | 1 Brian Renaud | 1 Metrics | 2024-02-04 | 4.6 MEDIUM | N/A |
The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
CVE-2003-1015 | 3 Clearswift, F-secure, Paul L Daniels | 3 Mailsweeper, Internet Gatekeeper, Ripmime | 2024-02-04 | 7.5 HIGH | N/A |
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use whitespace in an unusual fashion, which may be interpreted differently by mail clients. | |||||
CVE-2004-1850 | 1 Fluidgames | 1 The Rage | 2024-02-04 | 5.0 MEDIUM | N/A |
The Rage 1.01 and earlier allows remote attackers to cause a denial of service (infinite loop) via a TCP packet with the port and IP address set to zero. | |||||
CVE-2001-0611 | 1 Rimarts Inc. | 1 Becky Internet Mail | 2024-02-04 | 7.5 HIGH | N/A |
Becky! 2.00.05 and earlier can allow a remote attacker to gain additional privileges via a buffer overflow attack on long messages without newline characters. | |||||
CVE-2000-0667 | 1 Conectiva | 1 Linux | 2024-02-04 | 3.6 LOW | N/A |
Vulnerability in gpm in Caldera Linux allows local users to delete arbitrary files or conduct a denial of service. |