Total
253987 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-0373 | 6 Apple, Conectiva, Cyrus and 3 more | 8 Mac Os X, Mac Os X Server, Linux and 5 more | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code. | |||||
CVE-2003-1297 | 1 Efs Software | 1 Efs Web Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Easy File Sharing (EFS) Web Server 1.2 stores the (1) option.ini (aka options.ini) file and (2) log directory under the web root with insufficient access control, which allows remote attackers to obtain sensitive information including an SMTP account username and password hash, the server configuration, and server log files. | |||||
CVE-2004-0714 | 1 Cisco | 3 Ios, Ons 15454e Optical Transport Platform, Optical Networking Systems Software | 2024-02-04 | 5.0 MEDIUM | N/A |
Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts to process SNMP solicited operations on improper ports (UDP 162 and a randomly chosen UDP port), which allows remote attackers to cause a denial of service (device reload and memory corruption). | |||||
CVE-2001-0658 | 1 Microsoft | 1 Isa Server | 2024-02-04 | 7.5 HIGH | N/A |
Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message. | |||||
CVE-2002-0266 | 1 Thunderstone Software | 1 Texis | 2024-02-04 | 5.0 MEDIUM | N/A |
Thunderstone Texis CGI script allows remote attackers to obtain the full path of the web root via a request for a nonexistent file, which generates an error message that includes the full pathname. | |||||
CVE-2004-0478 | 1 Mozilla | 1 Mozilla | 2024-02-04 | 2.6 LOW | N/A |
Unknown versions of Mozilla allow remote attackers to cause a denial of service (high CPU/RAM consumption) using Javascript with an infinite loop that continues to add input to a form, possibly as the result of inserting control characters, as demonstrated using an embedded ctrl-U. | |||||
CVE-2001-1357 | 1 Phpheaven | 1 Phpmychat | 2024-02-04 | 7.5 HIGH | N/A |
Multiple vulnerabilities in phpMyChat before 0.14.5 exist in (1) input.php3, (2) handle_inputH.php3, or (3) index.lib.php3 with unknown consequences, possibly related to user spoofing or improperly initialized variables. | |||||
CVE-2000-0945 | 1 Cisco | 1 Catalyst 3500 Xl | 2024-02-04 | 10.0 HIGH | N/A |
The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory. | |||||
CVE-2000-0508 | 3 Debian, Mandrakesoft, Redhat | 3 Debian Linux, Mandrake Linux, Linux | 2024-02-04 | 5.0 MEDIUM | N/A |
rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to cause a denial of service via a malformed request. | |||||
CVE-2003-1117 | 1 Realnetworks | 2 Realsystem Proxy, Realsystem Server | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in RealSystem Server 6.x, 7.x and 8.x, and RealSystem Proxy 8.x, related to URL error handling, allows remote attackers to cause a denial of service and possibly execute arbitrary code. | |||||
CVE-2001-1314 | 1 Critical Path | 2 Injoin Directory Server, Livecontent Directory | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflows in Critical Path (1) InJoin Directory Server or (2) LiveContent Directory allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. | |||||
CVE-2004-0822 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in The Core Foundation framework (CoreFoundation.framework) in Mac OS X 10.2.8, 10.3.4, and 10.3.5 allows local users to execute arbitrary code via a certain environment variable. | |||||
CVE-2001-1038 | 1 Cisco | 1 Sn 5420 Storage Router Firmware | 2024-02-04 | 5.0 MEDIUM | N/A |
Cisco SN 5420 Storage Router 1.1(3) and earlier allows remote attackers to cause a denial of service (reboot) via a series of connections to TCP port 8023. | |||||
CVE-2000-0839 | 1 Ipswitch | 1 Wincom Lpd | 2024-02-04 | 5.0 MEDIUM | N/A |
WinCOM LPD 1.00.90 allows remote attackers to cause a denial of service via a large number of LPD options to the LPD port (515). | |||||
CVE-2001-0594 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 4.6 MEDIUM | N/A |
kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument. | |||||
CVE-2002-0407 | 1 Lotus | 1 Domino | 2024-02-04 | 5.0 MEDIUM | N/A |
htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message. | |||||
CVE-1999-1074 | 1 Webmin | 1 Webmin | 2024-02-04 | 7.5 HIGH | N/A |
Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking. | |||||
CVE-2003-1136 | 1 Chi Kien Uong | 1 Chi Kien Uong Guestbook | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook 1.51 allows remote attackers to inject arbitrary web script or HTML via (1) HTML in a posted message or (2) Javascript in an onmouseover attribute in an e-mail address or URL. | |||||
CVE-2004-1460 | 1 Cisco | 2 Secure Access Control Server, Secure Acs Solution Engine | 2024-02-04 | 7.5 HIGH | N/A |
Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote attackers to gain unauthorized access to AAA clients via a blank password. | |||||
CVE-1999-0658 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "DCOM is running." |