Total
253993 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2000-0621 | 1 Microsoft | 2 Outlook, Outlook Express | 2024-02-04 | 7.5 HIGH | N/A |
Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability. | |||||
CVE-2002-0465 | 1 Hosting Controller | 1 Hosting Controller | 2024-02-04 | 10.0 HIGH | N/A |
Directory traversal vulnerability in filemanager.asp for Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files, and execute commands, via a .. (dot dot) in the OpenPath parameter. | |||||
CVE-2002-0936 | 1 Apache | 1 Tomcat | 2024-02-04 | 5.0 MEDIUM | N/A |
The Java Server Pages (JSP) engine in Tomcat allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null). | |||||
CVE-2001-0354 | 1 Thenet | 1 Checkbo | 2024-02-04 | 5.0 MEDIUM | N/A |
TheNet CheckBO 1.56 allows remote attackers to cause a denial of service via a flood of characters to the TCP ports which it is listening on. | |||||
CVE-2001-1408 | 1 Cobalt | 2 Qube, Webmail | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in Cobalt Qube 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the mailbox parameter. | |||||
CVE-2000-0206 | 1 Oracle | 1 Oracle8i | 2024-02-04 | 6.2 MEDIUM | N/A |
The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which allows local users to gain privileges. | |||||
CVE-2001-0838 | 1 Network Solutions | 1 Rwhoisd | 2024-02-04 | 7.5 HIGH | N/A |
Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows remote attackers to execute arbitrary code via format string specifiers in the -soa command. | |||||
CVE-2001-1295 | 1 Grant Averett | 1 Cerberus Ftp Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Cerberus FTP Server 1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the CD command. | |||||
CVE-2002-2028 | 1 Microsoft | 3 Windows 2000, Windows Nt, Windows Xp | 2024-02-04 | 2.1 LOW | N/A |
The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing. | |||||
CVE-2004-0738 | 1 Francisco Burzi | 1 Php-nuke | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to execute arbitrary SQL via the (1) min or (2) categ parameters. | |||||
CVE-2000-0054 | 1 Solution Scripts | 1 Home Free | 2024-02-04 | 5.0 MEDIUM | N/A |
search.cgi in the SolutionScripts Home Free package allows remote attackers to view directories via a .. (dot dot) attack. | |||||
CVE-2002-0587 | 1 Aol | 1 Aol Server | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in Ns_PdLog function for the external database driver proxy daemon library (libnspd.a) of AOLServer 3.0 through 3.4.2 allows remote attackers to cause a denial of service or execute arbitrary code via the Error or Notice parameters. | |||||
CVE-2002-1374 | 2 Oracle, Symantec Veritas | 3 Mysql, Netbackup Advanced Reporter, Netbackup Global Data Manager | 2024-02-04 | 7.5 HIGH | N/A |
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password. | |||||
CVE-2002-0656 | 3 Apple, Openssl, Oracle | 5 Mac Os X, Openssl, Application Server and 2 more | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3. | |||||
CVE-2001-0760 | 1 Citrix | 1 Nfuse | 2024-02-04 | 5.0 MEDIUM | N/A |
Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path of the web root via a malformed request to launch.asp that does not provide the session field. | |||||
CVE-2000-0298 | 1 Microsoft | 1 Windows 2000 | 2024-02-04 | 7.2 HIGH | N/A |
The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories. | |||||
CVE-2000-0773 | 1 Bajie | 1 Java Http Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Bajie HTTP web server 0.30a allows remote attackers to read arbitrary files via a URL that contains a "....", a variant of the dot dot directory traversal attack. | |||||
CVE-2002-0758 | 1 Suse | 1 Suse Linux | 2024-02-04 | 7.5 HIGH | N/A |
ifup-dhcp script in the sysconfig package for SuSE 8.0 allows remote attackers to execute arbitrary commands via spoofed DHCP responses, which are stored and executed in a file. | |||||
CVE-2002-2369 | 1 Perception | 1 Liteserve | 2024-02-04 | 5.0 MEDIUM | N/A |
Perception LiteServe 2.0 allows remote attackers to read password protected files via a leading "/./" in a URL. | |||||
CVE-2004-0374 | 1 Interchange Development Group | 1 Interchange | 2024-02-04 | 6.4 MEDIUM | N/A |
Interchange before 5.0.1 allows remote attackers to "expose the content of arbitrary variables" and read or modify sensitive SQL information via an HTTP request ending with the "__SQLUSER__" string. |