Total
253940 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1489 | 1 Opera | 1 Opera Browser | 2024-02-04 | 2.6 LOW | N/A |
| Opera 7.54 and earlier does not properly limit an applet's access to internal Java packages from Sun, which allows remote attackers to gain sensitive information, such as user names and the installation directory. | |||||
| CVE-2002-0798 | 1 Hp | 1 Hp-ux | 2024-02-04 | 2.1 LOW | N/A |
| Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local users to view obtain data views for files that cannot be directly read by the user, which reportedly can be used to cause a denial of service. | |||||
| CVE-2002-0842 | 1 Oracle | 1 Application Server | 2024-02-04 | 7.5 HIGH | N/A |
| Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code via a destination URI that forces a "502 Bad Gateway" response, which causes the format string specifiers to be returned from dav_lookup_uri() in mod_dav.c, which is then used in a call to ap_log_rerror(). | |||||
| CVE-2002-2085 | 1 Wwwebbb | 1 Wwwebbb Forum | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in page.cgi of WWWeBBB Forum 3.82 beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request. | |||||
| CVE-2003-0247 | 1 Redhat | 1 Linux | 2024-02-04 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service ("kernel oops"). | |||||
| CVE-2002-0557 | 1 Openbsd | 1 Openbsd | 2024-02-04 | 7.5 HIGH | N/A |
| Vulnerability in OpenBSD 3.0, when using YP with netgroups in the password database, causes (1) rexec or (2) rsh to run another user's shell, or (3) atrun to change to a different user's directory, possibly due to memory allocation failures or an incorrect call to auth_approval(). | |||||
| CVE-2003-1422 | 1 Gentoo | 1 Syslinux | 2024-02-04 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the installer for SYSLINUX 2.01, when running setuid root, allow local users to gain privileges via unknown vectors. | |||||
| CVE-1999-0080 | 1 Washington University | 1 Wu-ftpd | 2024-02-04 | 10.0 HIGH | N/A |
| Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command. | |||||
| CVE-2000-0537 | 1 Tolis Group | 1 Bru | 2024-02-04 | 7.2 HIGH | N/A |
| BRU backup software allows local users to append data to arbitrary files by specifying an alternate configuration file with the BRUEXECLOG environmental variable. | |||||
| CVE-2000-1082 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-02-04 | 4.6 MEDIUM | N/A |
| The xp_enumresultset function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | |||||
| CVE-2002-0601 | 1 Information Security Systems | 1 Realsecure Network Sensor | 2024-02-04 | 5.0 MEDIUM | N/A |
| ISS RealSecure Network Sensor 5.x through 6.5 allows remote attackers to cause a denial of service (crash) via malformed DHCP packets that cause RealSecure to dereference a null pointer. | |||||
| CVE-1999-0990 | 1 Gnome | 1 Gdm | 2024-02-04 | 2.1 LOW | N/A |
| Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system. | |||||
| CVE-1999-1547 | 1 Oracle | 1 Web Listener | 2024-02-04 | 7.5 HIGH | N/A |
| Oracle Web Listener 2.1 allows remote attackers to bypass access restrictions by replacing a character in the URL with its HTTP-encoded (hex) equivalent. | |||||
| CVE-2003-1481 | 1 Stalker | 1 Communigate Pro | 2024-02-04 | 5.8 MEDIUM | N/A |
| CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer. | |||||
| CVE-2002-0838 | 3 Ggv, Ghostview, Gv | 3 Ggv, Ghostview, Gv | 2024-02-04 | 4.6 MEDIUM | N/A |
| Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf. | |||||
| CVE-2004-0310 | 1 Livejournal | 1 Livejournal | 2024-02-04 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1 allows remote attackers to execute Javascript as other users via the stylesheet, which does not strip the semicolon or parentheses, as demonstrated using a background:url. | |||||
| CVE-2002-2375 | 1 Stalker | 1 Communigate Pro | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in CommuniGate Pro 4.0b4 and possibly earlier versions allows remote attackers to list the contents of the WebUser directory and its parent directory via a (1) .. (dot dot) or (2) . (dot) in a URL. NOTE: it is not clear whether this issue reveals any more information regarding directory structure than is already available to any CommuniGate Pro user, although there is a possibility that it could be used to infer product version information. | |||||
| CVE-2003-0736 | 1 Phpwebsite | 1 Phpwebsite | 2024-02-04 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via (1) the day parameter in the calendar module, (2) the fatcat_id parameter in the fatcat module, (3) the PAGE_id parameter in the pagemaster module, (4) the PDA_limit parameter in the search, and (5) possibly other parameters in the calendar, fatcat, and pagemaster modules. | |||||
| CVE-2003-0013 | 1 Mozilla | 1 Bugzilla | 2024-02-04 | 7.5 HIGH | N/A |
| The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file. | |||||
| CVE-1999-0249 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-02-04 | 7.2 HIGH | N/A |
| Windows NT RSHSVC program allows remote users to execute arbitrary commands. | |||||