Total
253999 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-1495 | 1 Freshmeat | 2 Network Query Tool, Network Query Tool Phpnuke | 2024-02-04 | 7.5 HIGH | N/A |
network_query.php in Network Query Tool 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the target parameter. | |||||
CVE-1999-1587 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 2.1 LOW | N/A |
/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option. | |||||
CVE-2004-2063 | 1 Antiboard | 1 Antiboard | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to inject arbitrary HTML or web script via the feedback parameter. | |||||
CVE-2004-2158 | 1 S9y | 1 Serendipity | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php. | |||||
CVE-2001-1413 | 1 Ncompress | 1 Ncompress | 2024-02-04 | 7.5 HIGH | N/A |
Stack-based buffer overflow in the comprexx function for ncompress 4.2.4 and earlier, when used in situations that cross security boundaries (such as FTP server), may allow remote attackers to execute arbitrary code via a long filename argument. | |||||
CVE-1999-0836 | 1 Sco | 1 Unixware | 2024-02-04 | 10.0 HIGH | N/A |
UnixWare uidadmin allows local users to modify arbitrary files via a symlink attack. | |||||
CVE-2000-0950 | 1 Tis | 1 Internet Firewall Toolkit | 2024-02-04 | 7.2 HIGH | N/A |
Format string vulnerability in x-gw in TIS Firewall Toolkit (FWTK) allows local users to execute arbitrary commands via a malformed display name. | |||||
CVE-2004-2248 | 1 Goosequill | 1 Remoteeditor | 2024-02-04 | 10.0 HIGH | N/A |
Unknown vulnerability in RemoteEditor before 0.1.1 has unknown impact and attack vectors, related to "oversize submissions." | |||||
CVE-2001-1433 | 1 Cherokee | 1 Cherokee Httpd | 2024-02-04 | 7.5 HIGH | N/A |
Cherokee web server before 0.2.7 does not properly drop root privileges after binding to port 80, which could allow remote attackers to gain privileges via other vulnerabilities. | |||||
CVE-2001-0505 | 1 Microsoft | 1 Services | 2024-02-04 | 5.0 MEDIUM | N/A |
Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service. | |||||
CVE-2004-0386 | 3 Gentoo, Mandrakesoft, Mplayer | 3 Linux, Mandrake Linux, Mplayer | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header. | |||||
CVE-1999-1287 | 1 Stephen Turner | 1 Analog | 2024-02-04 | 5.0 MEDIUM | N/A |
Vulnerability in Analog 3.0 and earlier allows remote attackers to read arbitrary files via the forms interface. | |||||
CVE-2003-1460 | 1 Ralf Hoffmann | 1 Worker Filemanager | 2024-02-04 | 3.6 LOW | N/A |
Worker Filemanager 1.0 through 2.7 sets the permissions on the destination directory to world-readable and executable while copying data, which could allow local users to obtain sensitive information. | |||||
CVE-2003-0391 | 1 Amax Information Technologies | 1 Magic Winmail Server | 2024-02-04 | 7.5 HIGH | N/A |
Format string vulnerability in Magic WinMail Server 2.3, and possibly other 2.x versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the PASS command. | |||||
CVE-2002-1385 | 1 Open Webmail | 1 Open Webmail | 2024-02-04 | 7.2 HIGH | N/A |
openwebmail_init in Open WebMail 1.81 and earlier allows local users to execute arbitrary code via .. (dot dot) sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be executed. | |||||
CVE-2001-0987 | 1 Nathan Neulinger | 1 Cgiwrap | 2024-02-04 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote attackers to execute arbitrary Javascript on other web clients by causing the Javascript to be inserted into error messages that are generated by CGIWrap. | |||||
CVE-2004-0831 | 1 Mcafee | 1 Virusscan | 2024-02-04 | 7.2 HIGH | N/A |
McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing users to browse for files via the "System Scan" properties of the System Tray applet, which could allow local users to gain privileges. | |||||
CVE-2004-2041 | 1 E107 | 1 E107 | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote attackers to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote web server that contains the code. | |||||
CVE-1999-0514 | 2024-02-04 | 5.0 MEDIUM | N/A | ||
UDP messages to broadcast addresses are allowed, allowing for a Fraggle attack that can cause a denial of service by flooding the target. | |||||
CVE-2004-1559 | 1 Wordpress | 1 Wordpress | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php. |