Total
254008 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2000-1001 | 1 Element N.v | 1 Element Instantshop | 2024-02-04 | 7.5 HIGH | N/A |
add_2_basket.asp in Element InstantShop allows remote attackers to modify price information via the "price" hidden form variable. | |||||
CVE-2004-2107 | 1 Finjan Software | 1 Surfingate | 2024-02-04 | 7.5 HIGH | N/A |
Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not authenticate FHTTP commands on TCP port 3141, which allows remote attackers to use the finjan-parameter-type header to (1) restart the service, (2) use the getlastmsg command to view log information, or (3) use the online command to force a policy update from the database server. | |||||
CVE-2002-1317 | 4 Hp, Sgi, Sun and 1 more | 5 Hp-ux, Irix, Solaris and 2 more | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query. | |||||
CVE-2002-2424 | 1 Ekilat Llc | 1 Php\(reactor\) | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in PHP(Reactor) 1.2.7 pl1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the style attribute of an HTML tag. | |||||
CVE-2001-1073 | 1 Webridge | 1 Px Application Suite | 2024-02-04 | 5.0 MEDIUM | N/A |
Webridge PX Application Suite allows remote attackers to obtain sensitive information via a malformed request that generates a server error message, which includes full pathname or internal IP address information in the variables (1) APPL_PHYSICAL_PATH, (2) PATH_TRANSLATED, and (3) LOCAL_ADDR. | |||||
CVE-2002-1023 | 1 Working Resources Inc. | 1 Badblue | 2024-02-04 | 5.0 MEDIUM | N/A |
BadBlue server allows remote attackers to cause a denial of service (crash) via an HTTP GET request without a URI. | |||||
CVE-2003-0023 | 1 Rxvt | 1 Rxvt | 2024-02-04 | 5.0 MEDIUM | N/A |
The menuBar feature in rxvt 2.7.8 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu. | |||||
CVE-2002-2378 | 1 Nakata | 1 An Httpd | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in AN HTTP 1.41d allows remote attackers to inject arbitrary web script or HTML via a colon (:) in the query string, which is inserted into the resulting error page. | |||||
CVE-2003-1546 | 1 Filebased | 1 Guestbook | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in gbook.php in Filebased guestbook 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the comment section. | |||||
CVE-2000-1163 | 1 Aladdin Enterprises | 1 Ghostscript | 2024-02-04 | 4.6 MEDIUM | N/A |
ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript. | |||||
CVE-1999-0110 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-0315. Reason: This candidate's original description had a typo that delayed it from being detected as a duplicate of CVE-1999-0315. Notes: All CVE users should reference CVE-1999-0315 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2002-1062 | 1 T. Hauck | 1 Jana Web Server | 2024-02-04 | 7.5 HIGH | N/A |
Signedness error in Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allows remote attackers to execute arbitrary code via long (1) Username, (2) Password, or (3) Hostname entries. | |||||
CVE-2002-2139 | 1 Cisco | 1 Pix Firewall Software | 2024-02-04 | 6.4 MEDIUM | N/A |
Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not delete the duplicate ISAKMP SAs for a user's VPN session, which allows local users to hijack a session via a man-in-the-middle attack. | |||||
CVE-2000-0060 | 1 Avirt | 1 Rover | 2024-02-04 | 5.0 MEDIUM | N/A |
Buffer overflow in aVirt Rover POP3 server 1.1 allows remote attackers to cause a denial of service via a long user name. | |||||
CVE-1999-1225 | 5 Digital, Linux, Netbsd and 2 more | 5 Ultrix, Linux Kernel, Netbsd and 2 more | 2024-02-04 | 5.0 MEDIUM | N/A |
rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not. | |||||
CVE-2004-1828 | 1 Belchior Foundry | 1 Vcard | 2024-02-04 | 5.0 MEDIUM | N/A |
Vcard 2.9 and possibly other versions does not require authorization to run uninstall.php, which could allow remote attackers to uninstall Vcard and delete database tables via a direct request to uninstall.php. | |||||
CVE-2003-1359 | 2 Avaya, Hp | 2 Predictive Dialer System, Hp-ux | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows local users to gain privileges via a long command line argument. | |||||
CVE-2002-0375 | 1 Ecometry | 1 Sgdynamo | 2024-02-04 | 5.0 MEDIUM | N/A |
Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows remote attackers to execute arbitrary Javascript via a URL with the script in the HTNAME parameter. | |||||
CVE-2002-0916 | 1 Stellar-x Software | 1 Msntauth | 2024-02-04 | 7.5 HIGH | N/A |
Format string vulnerability in the allowuser code for the Stellar-X msntauth authentication module, as distributed in Squid 2.4.STABLE6 and earlier, allows remote attackers to execute arbitrary code via format strings in the user name, which are not properly handled in a syslog call. | |||||
CVE-2004-0513 | 1 Apple | 1 Mac Os X | 2024-02-04 | 10.0 HIGH | N/A |
Unspecified vulnerability in Mac OS X before 10.3.4 has unknown impact and attack vectors related to "logging when tracing system calls." |