Total
254016 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-1523 | 1 Daniel Arenz | 1 Mini Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Daniel Arenz Mini Server 2.1.6 allows remote attackers to read arbitrary files via (1) ../ (dot-dot slash) or (2) ..\ (dot-dot backslash) sequences. | |||||
CVE-2001-0901 | 1 Hypermail Development | 1 Hypermail | 2024-02-04 | 7.5 HIGH | N/A |
Hypermail allows remote attackers to execute arbitrary commands on a server supporting SSI via an attachment with a .shtml extension, which is archived on the server and can then be executed by requesting the URL for the attachment. | |||||
CVE-2003-0483 | 1 Xmb Forum | 1 Xmb | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium allow remote attackers to insert arbitrary script via (1) the member parameter to member.php or (2) the action parameter to buddy.php. | |||||
CVE-2003-0206 | 1 Gkrellm Newsticker | 1 Gkrellm Newsticker | 2024-02-04 | 5.0 MEDIUM | N/A |
gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attackers to cause a denial of service (crash) via (1) link or (2) title elements that contain multiple lines. | |||||
CVE-1999-0331 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in Internet Explorer 4.0(1). | |||||
CVE-2002-0386 | 1 Oracle | 1 Application Server | 2024-02-04 | 5.0 MEDIUM | N/A |
The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a ".." (dot dot) sequence, or (2) a malformed HTTP GET request with a chunked Transfer-Encoding with missing data. | |||||
CVE-2003-1423 | 4 Linux, Microsoft, Petitforum and 1 more | 4 Linux Kernel, All Windows, Petitforum and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords. | |||||
CVE-2004-2042 | 1 E107 | 1 E107 | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php. | |||||
CVE-2002-0769 | 1 Cisco | 1 Ata-186 | 2024-02-04 | 6.4 MEDIUM | N/A |
The web-based configuration interface for the Cisco ATA 186 Analog Telephone Adaptor allows remote attackers to bypass authentication via an HTTP POST request with a single byte, which allows the attackers to (1) obtain the password from the login screen, or (2) reconfigure the adaptor by modifying certain request parameters. | |||||
CVE-2002-1498 | 1 Trevor Lee | 1 Swserver | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in SWServer 2.2 and earlier allows remote attackers to read arbitrary files via a URL containing .. sequences with "/" or "\" characters. | |||||
CVE-2002-1296 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 7.2 HIGH | N/A |
Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences in the pc_clname field of a pcinfo_t structure, which cause priocntl to load a malicious kernel module. | |||||
CVE-2004-1878 | 1 Linbit Technologies | 1 Linbox Officeserver | 2024-02-04 | 5.0 MEDIUM | N/A |
LINBOX LIN:BOX allows remote attackers to bypass authentication, obtain sensitive information, or gain access via a direct request to admin/user.pl preceded by // (double leading slash). | |||||
CVE-1999-0686 | 2 Hp, Netscape | 2 Hp-ux, Enterprise Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Denial of service in Netscape Enterprise Server (NES) in HP Virtual Vault (VVOS) via a long URL. | |||||
CVE-2000-0585 | 1 Isc | 1 Dhcp Client | 2024-02-04 | 10.0 HIGH | N/A |
ISC DHCP client program dhclient allows remote attackers to execute arbitrary commands via shell metacharacters. | |||||
CVE-2002-1519 | 2 Rapidstream, Watchguard | 2 Rapidstream, Firebox | 2024-02-04 | 10.0 HIGH | N/A |
Format string vulnerability in the CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the password parameter. | |||||
CVE-2004-2250 | 1 Goosequill | 1 Audienceconnect Remoteeditor | 2024-02-04 | 7.5 HIGH | N/A |
Unknown vulnerability in the "access code" in RemoteEditor before 0.1.6 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions. | |||||
CVE-2003-1559 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 5.0 MEDIUM | N/A |
Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | |||||
CVE-2001-0618 | 1 Lucent | 1 Orinoco Rg-1000 | 2024-02-04 | 7.5 HIGH | N/A |
Orinoco RG-1000 wireless Residential Gateway uses the last 5 digits of the 'Network Name' or SSID as the default Wired Equivalent Privacy (WEP) encryption key. Since the SSID occurs in the clear during communications, a remote attacker could determine the WEP key and decrypt RG-1000 traffic. | |||||
CVE-2002-1115 | 1 Mantis | 1 Mantis | 2024-02-04 | 5.0 MEDIUM | N/A |
Mantis 0.17.4a and earlier allows remote attackers to view private bugs by modifying the f_id bug ID parameter to (1) bug_update_advanced_page.php, (2) bug_update_page.php, (3) view_bug_advanced_page.php, or (4) view_bug_page.php. | |||||
CVE-2004-1704 | 1 Wire Plastic Design | 1 Wpquiz | 2024-02-04 | 7.5 HIGH | N/A |
WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain privileges via a direct request to adminrestore.php in the extras directory. |