Total
253987 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2000-0872 | 1 Nathan Purciful | 1 Phpphotoalbum | 2024-02-04 | 5.0 MEDIUM | N/A |
explorer.php in PhotoAlbum 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
CVE-1999-0362 | 1 Ipswitch | 1 Ws Ftp Server | 2024-02-04 | 5.0 MEDIUM | N/A |
WS_FTP server remote denial of service through cwd command. | |||||
CVE-2002-1683 | 1 Working Resources Inc. | 1 Badblue | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition 1.7.3 allows remote attackers to execute arbitrary script as other users by injecting script into the cleanSearchString() function. | |||||
CVE-2002-0226 | 1 Dcscripts | 1 Dcforum | 2024-02-04 | 7.5 HIGH | N/A |
retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID, which allows remote attackers to request a new password on behalf of another user and use the sessionID to calculate the new password for that user. | |||||
CVE-2003-1300 | 1 Pablo Software Solutions | 1 Baby Ftp Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Baby FTP Server (BabyFTP) 1.2, and possibly other versions before May 31, 2003, allows remote attackers to cause a denial of service via a large number of connections from the same IP address, which triggers an access violation. | |||||
CVE-1999-0907 | 1 Steven J. Merrifield | 1 Soundcard Cw | 2024-02-04 | 2.1 LOW | N/A |
sccw allows local users to read arbitrary files. | |||||
CVE-2002-0397 | 1 Red-m | 1 1050ap Lan Acess Point | 2024-02-04 | 5.0 MEDIUM | N/A |
Red-M 1050 (Bluetooth Access Point) publicizes its name, IP address, and other information in UDP packets to a broadcast address, which allows any system on the network to obtain potentially sensitive information about the Access Point device by monitoring UDP port 8887. | |||||
CVE-2004-1104 | 1 Microsoft | 1 Ie | 2024-02-04 | 7.5 HIGH | N/A |
Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty "href" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL. | |||||
CVE-2003-0976 | 1 Novell | 1 Netware | 2024-02-04 | 7.5 HIGH | N/A |
NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce sys:\etc\exports when hostname aliases from sys:etc\hosts file are used, which could allow users to mount file systems when XNFS should deny the host. | |||||
CVE-1999-0370 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 4.6 MEDIUM | N/A |
In Sun Solaris and SunOS, man and catman contain vulnerabilities that allow overwriting arbitrary files. | |||||
CVE-2000-0364 | 1 Redhat | 1 Linux | 2024-02-04 | 4.6 MEDIUM | N/A |
screen and rxvt in Red Hat Linux 6.0 do not properly set the modes of tty devices, which allows local users to write to other ttys. | |||||
CVE-1999-1533 | 1 Trend Micro | 1 Interscan Viruswall | 2024-02-04 | 7.5 HIGH | N/A |
Eicon Technology Diva LAN ISDN modem allows a remote attacker to cause a denial of service (hang) via a long password argument to the login.htm file in its HTTP service. | |||||
CVE-2003-0050 | 1 Apple | 2 Darwin Streaming Server, Quicktime Streaming Server | 2024-02-04 | 7.5 HIGH | N/A |
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters. | |||||
CVE-2002-0074 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-04 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session. | |||||
CVE-2004-0371 | 1 Kth | 1 Heimdal | 2024-02-04 | 5.0 MEDIUM | N/A |
Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the cross-realm trust path. | |||||
CVE-2001-0747 | 1 Iplanet | 1 Iplanet Web Server | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in iPlanet Web Server (iWS) Enterprise Edition 4.1, service packs 3 through 7, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long method name in an HTTP request. | |||||
CVE-2003-0838 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 7.5 HIGH | N/A |
Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a "data" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe). | |||||
CVE-2004-1507 | 1 Webcalendar | 1 Webcalendar | 2024-02-04 | 5.0 MEDIUM | N/A |
CRLF injection vulnerability in login.php in WebCalendar allows remote attackers to inject CRLF sequences via the return_path parameter and perform HTTP Response Splitting attacks to modify expected HTML content from the server. | |||||
CVE-2002-2005 | 1 Sun | 1 Java Web Start | 2024-02-04 | 7.5 HIGH | N/A |
Unknown vulnerability in Java web start 1.0.1_01, 1.0.1, 1.0 and 1.0.1.01 (HP-UX 11.x only) allows attackers to gain access to restricted resources via unknown attack vectors. | |||||
CVE-2001-0404 | 1 Sun | 1 Javaserver Web Dev Kit | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in JavaServer Web Dev Kit (JSWDK) 1.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request to the WEB-INF directory. |