Total
254014 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-1266 | 1 Apple | 1 Mac Os X | 2024-02-04 | 4.6 MEDIUM | N/A |
Mac OS X 10.2.2 allows local users to gain privileges by mounting a disk image file that was created on another system, aka "Local User Privilege Elevation via Disk Image File." | |||||
CVE-2003-0171 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 7.2 HIGH | N/A |
DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program. | |||||
CVE-2004-2128 | 1 Brs | 1 Webweaver | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows remote attackers to execute arbitrary script as other users via the query string to ISAPISkeleton.dll. | |||||
CVE-2002-0326 | 1 Working Resources Inc. | 1 Badblue | 2024-02-04 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows remote attackers to execute arbitrary script and possibly additional commands via a URL that contains Javascript. | |||||
CVE-2001-1062 | 1 Caldera | 1 Openserver | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in mana in OpenServer 5.0.6a and earlier allows local users to execute arbitrary code. | |||||
CVE-2004-1663 | 5 Broadcom, Brocade, Engenio and 2 more | 6 Fabric Operating System, Silkworm, Silkworm Fiber Channel Switch and 3 more | 2024-02-04 | 5.0 MEDIUM | N/A |
Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets. | |||||
CVE-2002-2209 | 1 Pablo Software Solutions | 1 Baby Ftp Server | 2024-02-04 | 10.0 HIGH | N/A |
Unspecified "security vulnerability" in Baby FTP Server versions before November 7, 2002 has unknown impact and attack vectors. | |||||
CVE-2004-0796 | 1 Spamassassin | 1 Spamassassin | 2024-02-04 | 5.0 MEDIUM | N/A |
SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers to cause a denial of service via certain malformed messages. | |||||
CVE-2001-0226 | 1 Biblioscape | 1 Biblioweb Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in BiblioWeb web server 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) or ... attack in an HTTP GET request. | |||||
CVE-1999-1224 | 1 University Of Washington | 1 Imapd | 2024-02-04 | 3.6 LOW | N/A |
IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information. | |||||
CVE-2004-1532 | 1 Appserv Open Project | 1 Appserv | 2024-02-04 | 7.5 HIGH | N/A |
AppServ 2.5.x and earlier installs a default username and password, which allows remote attackers to gain access. | |||||
CVE-1999-0153 | 2 Microsoft, Sco | 4 Windows 2000, Windows 95, Windows Nt and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke. | |||||
CVE-2003-0949 | 1 Michael Bischoff | 1 Xsok | 2024-02-04 | 4.6 MEDIUM | N/A |
xsok 1.02 does not properly drop privileges before finding and executing the "gunzip" program, which allows local users to execute arbitrary commands. | |||||
CVE-2000-0958 | 1 Sun | 1 Hotjava Browser | 2024-02-04 | 5.0 MEDIUM | N/A |
HotJava Browser 3.0 allows remote attackers to access the DOM of a web page by opening a javascript: URL in a named window. | |||||
CVE-2000-0526 | 1 3r Soft | 1 Mailstudio 2000 | 2024-02-04 | 5.0 MEDIUM | N/A |
mailview.cgi CGI program in MailStudio 2000 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
CVE-2002-1160 | 1 Redhat | 1 Linux | 2024-02-04 | 7.2 HIGH | N/A |
The default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su. | |||||
CVE-2002-0429 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 3.6 LOW | N/A |
The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a a binary compatibility interface (lcall). | |||||
CVE-2002-1454 | 1 Mywebserver | 1 Mywebserver | 2024-02-04 | 5.0 MEDIUM | N/A |
MyWebServer 1.0.2 allows remote attackers to determine the absolute path of the web document root via a request for a directory that does not exist, which leaks the pathname in an error message. | |||||
CVE-2002-0578 | 1 Aci | 1 4d Webserver | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP request with Basic Authentication containing a long (1) user name or (2) password. | |||||
CVE-2004-1575 | 1 Apache | 1 Xerces-c\+\+ | 2024-02-04 | 5.0 MEDIUM | N/A |
The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a denial of service (CPU consumption) via XML attributes in a crafted XML document. |