Total
253943 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-1571 | 1 Aj-fork | 1 Aj-fork | 2024-02-04 | 5.0 MEDIUM | N/A |
AJ-Fork 167 allows remote attackers to gain sensitive information via a direct request to (1) auto-acronyms.php, (2) auto-archive.php, (3) ount-article-views.php, (4) kses.php, (5) custom-quick-tags.php, (6) disable-all-comments.php, (7) easy-date-format.php, (8) enable-disable-comments.php, (9) filter-by-author.php, (10) format-switcher.php, (11) long-to-short.php, (12) prospective-posting.php, or (13) sort-by-xfield.php, which displays the full path in an error message. | |||||
CVE-2000-1005 | 1 Extropia | 1 Extropia Webstore | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in html_web_store.cgi and web_store.cgi CGI programs in eXtropia WebStore allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter. | |||||
CVE-2001-1428 | 1 Beck Ipc Gmbh | 1 Ipc At Chip Embedded-webserver | 2024-02-04 | 7.5 HIGH | N/A |
The (1) FTP and (2) Telnet services in Beck GmbH IPC@Chip are shipped with a default password, which allows remote attackers to gain unauthorized access. | |||||
CVE-2002-0839 | 1 Apache | 1 Http Server | 2024-02-04 | 7.2 HIGH | N/A |
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard. | |||||
CVE-2002-2081 | 1 Microsoft | 2 Site Server, Site Server Commerce | 2024-02-04 | 5.0 MEDIUM | N/A |
cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp. | |||||
CVE-2002-1294 | 1 Microsoft | 1 Java Virtual Machine | 2024-02-04 | 7.5 HIGH | N/A |
The Microsoft Java implementation, as used in Internet Explorer, can provide HTML object references to applets via Javascript, which allows remote attackers to cause a denial of service (crash due to illegal memory accesses) and possibly conduct other unauthorized activities via an applet that uses those references to access proprietary Microsoft methods. | |||||
CVE-2004-2077 | 1 Nadeo | 3 Game Engine, Trackmania, Virtual Skipper | 2024-02-04 | 5.0 MEDIUM | N/A |
Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 allows remote attackers to cause a denial of service (server crash) via malformed data to TCP port 2350, possibly due to long values or incorrect size fields. | |||||
CVE-2002-1265 | 3 Apple, Gnu, Sgi | 4 Mac Os X, Mac Os X Server, Glibc and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang). | |||||
CVE-2003-0120 | 1 Mhc-utils | 1 Mhc-utils | 2024-02-04 | 1.2 LOW | N/A |
adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local users to overwrite arbitrary files via a symlink attack on a default temporary directory with a predictable name. | |||||
CVE-2002-1620 | 1 Ibm | 1 Aix Parallel Systems Support Programs | 2024-02-04 | 5.0 MEDIUM | N/A |
Unknown vulnerability in IBM AIX Parallel Systems Support Programs (PSSP) 3.1.1, 3.2, and 3.4 allows remote attackers to read arbitrary files from a file collection. | |||||
CVE-2001-0857 | 1 Imp | 1 Webmail | 2024-02-04 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter. | |||||
CVE-2000-0678 | 1 Pgp | 1 Pgp | 2024-02-04 | 5.0 MEDIUM | N/A |
PGP 5.5.x through 6.5.3 does not properly check if an Additional Decryption Key (ADK) is stored in the signed portion of a public certificate, which allows an attacker who can modify a victim's public certificate to decrypt any data that has been encrypted with the modified certificate. | |||||
CVE-2004-1579 | 1 Devellion | 1 Cubecart | 2024-02-04 | 5.0 MEDIUM | N/A |
index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive information via an HTTP request with an invalid cat_id parameter, which reveals the full path in a PHP error message. | |||||
CVE-1999-1417 | 1 Inso | 1 Answerbook2 | 2024-02-04 | 7.5 HIGH | N/A |
Format string vulnerability in AnswerBook2 (AB2) web server dwhttpd 3.1a4 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via encoded % characters in an HTTP request, which is improperly logged. | |||||
CVE-2003-1162 | 1 Tritanium Scripts | 1 Tritanium Bulletin Board | 2024-02-04 | 5.0 MEDIUM | N/A |
index.php in Tritanium Bulletin Board 1.2.3 allows remote attackers to read and reply to arbitrary messages by modifying the thread_id, forum_id, and sid parameters. | |||||
CVE-2003-1328 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 7.5 HIGH | N/A |
The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality." | |||||
CVE-2003-0447 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 5.1 MEDIUM | N/A |
The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a "javascript:" link to be generated. | |||||
CVE-2002-0818 | 1 Wwwoffle | 1 Wwwoffle | 2024-02-04 | 7.5 HIGH | N/A |
wwwoffled in World Wide Web Offline Explorer (WWWOFFLE) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative Content-Length value. | |||||
CVE-2001-0230 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 4.6 MEDIUM | N/A |
Buffer overflow in dc20ctrl before 0.4_1 in FreeBSD, and possibly other operating systems, allows local users to gain privileges. | |||||
CVE-2000-1237 | 1 Floosietek | 1 Ftgate | 2024-02-04 | 5.0 MEDIUM | N/A |
The POP3 server in FTGate returns an -ERR code after receiving an invalid USER request, which makes it easier for remote attackers to determine valid usernames and conduct brute force password guessing. |