Total
253993 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-1959 | 1 Protector System | 1 Protector System | 2024-02-04 | 5.0 MEDIUM | N/A |
blocker_query.php in Protector System 1.15b1 for PHP-Nuke allows remote attackers to gain sensitive information via a string in the portNum parameter, which reveals the full path in an error message. | |||||
CVE-2004-0282 | 1 Crob | 1 Crob Ftp Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Crob FTP daemon 3.5.2 allows remote attackers to cause a denial of service (crash) by repeatedly connecting to and disconnecting from the server. | |||||
CVE-2002-0664 | 1 Granite Software | 1 Zmerge | 2024-02-04 | 7.5 HIGH | N/A |
The default Access Control Lists (ACLs) of the administration database for ZMerge 4.x and 5.x provides arbitrary users (including anonymous users) with Manager level access, which allows the users to read or modify import/export scripts. | |||||
CVE-2004-0885 | 1 Apache | 1 Http Server | 2024-02-04 | 7.5 HIGH | N/A |
The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration. | |||||
CVE-2002-1040 | 1 Ibm | 1 Aix | 2024-02-04 | 5.0 MEDIUM | N/A |
Unknown vulnerability in the WebSecure (DFSWeb) configuration utilities in AIX 4.x, possibly related to relative pathnames. | |||||
CVE-2002-0212 | 1 Hosting Controller | 1 Hosting Controller | 2024-02-04 | 7.5 HIGH | N/A |
The login for Hosting Controller 1.1 through 1.4.1 returns different error messages when a valid or invalid user is provided, which allows remote attackers to determine the existence of valid usernames and makes it easier to conduct a brute force attack. | |||||
CVE-2002-2330 | 1 Uninet | 1 Statsplus | 2024-02-04 | 5.0 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in stat.pl in StatsPlus 1.25 allows remote attackers to inject arbitrary web script or HTML via (1) HTTP_USER_AGENT or (2) HTTP_REFERER, which is written to stats.html and executed in client browsers. | |||||
CVE-2002-2326 | 1 Apple | 1 Mac Os X | 2024-02-04 | 5.0 MEDIUM | N/A |
The default configuration of Mail.app in Mac OS X 10.0 through 10.0.4 and 10.1 through 10.1.5 sends iDisk authentication credentials in cleartext when connecting to Mac.com, which could allow remote attackers to obtain passwords by sniffing network traffic. | |||||
CVE-2000-0969 | 1 Valve Software | 1 Half-life Dedicated Server | 2024-02-04 | 10.0 HIGH | N/A |
Format string vulnerability in Half Life dedicated server build 3104 and earlier allows remote attackers to execute arbitrary commands by injecting format strings into the changelevel command, via the system console or rcon. | |||||
CVE-2002-1929 | 1 Php Arena | 1 Pafiledb | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena paFileDB 1.1.3 through 3.0 allows remote attackers to inject arbitrary web script or HTML via the query string in the (1) rate, (2) email, or (3) download actions. | |||||
CVE-2000-0356 | 1 Redhat | 1 Linux | 2024-02-04 | 4.6 MEDIUM | N/A |
Pluggable Authentication Modules (PAM) in Red Hat Linux 6.1 does not properly lock access to disabled NIS accounts. | |||||
CVE-2001-0235 | 1 Debian | 1 Debian Linux | 2024-02-04 | 2.1 LOW | N/A |
Vulnerability in crontab allows local users to read crontab files of other users by replacing the temporary file that is being edited while crontab is running. | |||||
CVE-2004-1719 | 1 Merak | 1 Mail Server | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) or showlite parameters to address.html, or the (7) spage or (8) autoresponder parameters to settings.html, the (9) folder parameter to readmail.html, or the (10) attachmentpage_text_error parameter to attachment.html, (11) folder, (12) ct, or (13) cv parameters to calendar.html, (14) an <img> tag, or (15) the subject of an e-mail message. | |||||
CVE-2004-0050 | 1 Verity | 1 Ultraseek | 2024-02-04 | 5.0 MEDIUM | N/A |
Verity Ultraseek before 5.2.2 allows remote attackers to obtain the full pathname of the document root via an MS-DOS device name in the web search option, such as (1) NUL, (2) CON, (3) AUX, (4) COM1, (5) COM2, and others. | |||||
CVE-2003-0650 | 1 Gamespy | 1 Arcade | 2024-02-04 | 7.5 HIGH | N/A |
Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, possibly versions before 1.3e, allows remote attackers to overwrite arbitrary files and execute arbitrary code via .. (dot dot) sequences in filenames in a .APK (Zip) file. | |||||
CVE-2004-0784 | 1 Rob Flynn | 1 Gaim | 2024-02-04 | 7.5 HIGH | N/A |
The smiley theme functionality in Gaim before 0.82 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of the tar file that is dragged to the smiley selector. | |||||
CVE-2003-1104 | 1 Ibm | 1 Tivoli Firewall Toolbox | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
CVE-2000-0817 | 1 Microsoft | 1 Network Monitor | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the HTTP protocol parser for Microsoft Network Monitor (Netmon) allows remote attackers to execute arbitrary commands via malformed data, aka the "Netmon Protocol Parsing" vulnerability. | |||||
CVE-2004-0236 | 1 Steelid | 1 Thephototool | 2024-02-04 | 10.0 HIGH | N/A |
SQL injection vulnerability in login.asp in thePHOTOtool allows remote attackers to gain unauthorized access via the password field. | |||||
CVE-2001-0547 | 1 Microsoft | 1 Isa Server | 2024-02-04 | 2.1 LOW | N/A |
Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion). |