Total
253999 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0193 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 7.5 HIGH | N/A |
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability. | |||||
CVE-2001-1474 | 1 Ssh | 1 Ssh | 2024-02-04 | 5.0 MEDIUM | N/A |
SSH before 2.0 disables host key checking when connecting to the localhost, which allows remote attackers to silently redirect connections to the localhost by poisoning the client's DNS cache. | |||||
CVE-2004-0652 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 7.2 HIGH | N/A |
BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods. | |||||
CVE-2001-1266 | 1 Doug Neal | 1 Dnhttpd | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Doug Neal's HTTPD Daemon (DNHTTPD) before 0.4.1 allows remote attackers to view arbitrary files via a .. (dot dot) attack using the dot hex code '%2E'. | |||||
CVE-2001-0876 | 1 Microsoft | 4 Windows 98, Windows 98se, Windows Me and 1 more | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to execute arbitrary code via a NOTIFY directive with a long Location URL. | |||||
CVE-1999-1467 | 1 Sun | 1 Sunos | 2024-02-04 | 10.0 HIGH | N/A |
Vulnerability in rcp on SunOS 4.0.x allows remote attackers from trusted hosts to execute arbitrary commands as root, possibly related to the configuration of the nobody user. | |||||
CVE-1999-0934 | 2024-02-04 | 5.0 MEDIUM | N/A | ||
classifieds.cgi allows remote attackers to read arbitrary files via shell metacharacters. | |||||
CVE-1999-0606 | 1 Seaside Enterprises | 1 Ezmall | 2024-02-04 | 5.0 MEDIUM | N/A |
An incorrect configuration of the EZMall 2000 shopping cart CGI program "mall2000.cgi" could disclose private information. | |||||
CVE-2004-1371 | 1 Oracle | 10 Application Server, Collaboration Suite, Database Server and 7 more | 2024-02-04 | 9.0 HIGH | N/A |
Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure. | |||||
CVE-2002-1281 | 1 Kde | 1 Kde | 2024-02-04 | 7.5 HIGH | N/A |
Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of KDE 2.x 2.1 and later, and KDE 3.x 3.0.4 and earlier, allows local and remote attackers to execute arbitrary code via a certain URL. | |||||
CVE-2002-0298 | 1 Nombas | 1 Scriptease Webserver | 2024-02-04 | 5.0 MEDIUM | N/A |
ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a denial of service (crash) via certain HTTP GET requests containing (1) a %2e%2e (encoded dot-dot), (2) several /../ (dot dot) sequences, (3) a missing URI, or (4) several ../ in a URI that does not begin with a / (slash) character. | |||||
CVE-2002-0107 | 1 Cacheflow | 1 Cacheos | 2024-02-04 | 5.0 MEDIUM | N/A |
Web administration interface in CacheFlow CacheOS 4.0.13 and earlier allows remote attackers to obtain sensitive information via a series of GET requests that do not end in with HTTP/1.0 or another version string, which causes the information to be leaked in the error message. | |||||
CVE-2000-0452 | 1 Lotus | 2 Domino Enterprise Server, Domino Mail Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Buffer overflow in the ESMTP service of Lotus Domino Server 5.0.1 allows remote attackers to cause a denial of service via a long MAIL FROM command. | |||||
CVE-2003-0968 | 1 Freeradius | 1 Freeradius | 2024-02-04 | 10.0 HIGH | N/A |
Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribute. | |||||
CVE-2002-0532 | 1 Emumail | 3 Emumail, Emumail Red Hat Linux, Emumail Unix | 2024-02-04 | 7.2 HIGH | N/A |
EMU Webmail allows local users to execute arbitrary programs via a .. (dot dot) in the HTTP Host header that points to a Trojan horse configuration file that contains a pageroot specifier that contains shell metacharacters. | |||||
CVE-2004-0906 | 1 Mozilla | 2 Mozilla, Thunderbird | 2024-02-04 | 4.6 MEDIUM | N/A |
The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code. | |||||
CVE-2002-0433 | 1 Pi3 | 1 Pi3web | 2024-02-04 | 5.0 MEDIUM | N/A |
Pi3Web 2.0.0 allows remote attackers to view restricted files via an HTTP request containing a "*" (wildcard or asterisk) character. | |||||
CVE-2003-0453 | 1 Ehud Gavron | 1 Traceroute-nanog | 2024-02-04 | 10.0 HIGH | N/A |
traceroute-nanog 6.1.1 allows local users to overwrite unauthorized memory and possibly execute arbitrary code via certain "nprobes" and "max_ttl" arguments that cause an integer overflow that is used when allocating memory, which leads to a buffer overflow. | |||||
CVE-2004-1964 | 1 Freshmeat | 1 Network Query Tool | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to inject arbitrary web script or HTML via the portNum parameter. | |||||
CVE-2000-0151 | 1 Gnu | 1 Make | 2024-02-04 | 6.2 MEDIUM | N/A |
GNU make follows symlinks when it reads a Makefile from stdin, which allows other local users to execute commands. |