Total
254017 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-0307 | 1 Cisco | 1 Optical Networking Systems Software | 2024-02-04 | 5.0 MEDIUM | N/A |
Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), and ONS 15454 SD before 4.1(3) allows remote attackers to cause a denial of service (reset) by not sending the ACK portion of the TCP three-way handshake and sending an invalid response instead. | |||||
CVE-2003-0696 | 1 Ibm | 1 Aix | 2024-02-04 | 5.0 MEDIUM | N/A |
The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close sockets, which allows attackers to cause a denial of service (resource exhaustion). | |||||
CVE-2002-0522 | 1 Asp-nuke | 1 Asp-nuke | 2024-02-04 | 7.5 HIGH | N/A |
ASP-Nuke RC2 and earlier allows remote attackers to bypass authentication and gain privileges by modifying the "pseudo" cookie. | |||||
CVE-2002-2132 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2024-02-04 | 2.1 LOW | N/A |
Windows File Protection (WFP) in Windows 2000 and XP does not remove old security catalog .CAT files, which could allow local users to replace new files with vulnerable old files that have valid hash codes. | |||||
CVE-2000-0397 | 1 Seattle Lab Software | 1 Emurl | 2024-02-04 | 5.0 MEDIUM | N/A |
The EMURL web-based email account software encodes predictable identifiers in user session URLs, which allows a remote attacker to access a user's email account. | |||||
CVE-2001-0224 | 1 Brightstation | 1 Muscat Empower | 2024-02-04 | 5.0 MEDIUM | N/A |
Muscat Empower CGI program allows remote attackers to obtain the absolute pathname of the server via an invalid request in the DB parameter. | |||||
CVE-2004-1892 | 1 Emule | 1 Emule | 2024-02-04 | 7.5 HIGH | N/A |
Stack-based buffer overflow in DecodeBase16 function, as used in the (1) IRC module and (2) web server in eMule 0.42d, allows remote attackers to execute arbitrary code via a long string. | |||||
CVE-2000-1014 | 1 Sco | 1 Unixware | 2024-02-04 | 7.5 HIGH | N/A |
Format string vulnerability in the search97.cgi CGI script in SCO help http server for Unixware 7 allows remote attackers to execute arbitrary commands via format characters in the queryText parameter. | |||||
CVE-2001-1202 | 1 Delegate | 1 Delegate | 2024-02-04 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does not quote scripting commands within a "403 Forbidden" error page, which allows remote attackers to execute arbitrary Javascript on other clients via a URL that generates an error. | |||||
CVE-2002-0255 | 1 Arescom | 1 Netdsl | 2024-02-04 | 10.0 HIGH | N/A |
The default configuration of Arescom NetDSL 800 does not require authentication, which allows remote attackers to cause a denial of service or reconfigure the router. | |||||
CVE-2001-1583 | 1 Sun | 1 Sunos | 2024-02-04 | 10.0 HIGH | N/A |
lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220. | |||||
CVE-2001-0822 | 1 Packet Knights | 1 Fpf Linux Kernel Module | 2024-02-04 | 5.0 MEDIUM | N/A |
FPF kernel module 1.0 allows a remote attacker to cause a denial of service via fragmented packets. | |||||
CVE-2002-0682 | 1 Apache | 1 Tomcat | 2024-02-04 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet. | |||||
CVE-2002-1360 | 7 Cisco, Fissh, Intersoft and 4 more | 7 Ios, Ssh Client, Securenetterm and 4 more | 2024-02-04 | 10.0 HIGH | N/A |
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite. | |||||
CVE-2004-0192 | 1 Symantec | 1 Gateway Security 5400 | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Management Service for Symantec Gateway Security 2.0 allows remote attackers to steal cookies and hijack a management session via a /sgmi URL that contains malicious script, which is not quoted in the resulting error page. | |||||
CVE-1999-0510 | 2024-02-04 | 7.5 HIGH | N/A | ||
A router or firewall allows source routed packets from arbitrary hosts. | |||||
CVE-2002-0971 | 3 Att, Tightvnc, Tridia | 3 Winvnc Server, Tightvnc, Tridiavnc | 2024-02-04 | 4.6 MEDIUM | N/A |
Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the "Add new clients" dialogue box. | |||||
CVE-2000-0073 | 1 Microsoft | 3 Windows 2000, Windows 98, Windows Nt | 2024-02-04 | 5.0 MEDIUM | N/A |
Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word. | |||||
CVE-2004-0186 | 2 Linux, Samba | 2 Linux Kernel, Samba | 2024-02-04 | 7.2 HIGH | N/A |
smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted. | |||||
CVE-2004-0095 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-02-04 | 5.0 MEDIUM | N/A |
McAfee ePolicy Orchestrator agent allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute arbitrary code via an HTTP POST request with an invalid Content-Length value, possibly triggering a buffer overflow. |