Total
254017 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-1846 | 1 Yabb | 1 Yabb | 2024-02-04 | 5.0 MEDIUM | N/A |
Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a user to submit the correct password before changing it to a new password, which allows remote attackers to modify passwords by stealing the cookie of another user, modifying the expiretime setting, and submitting the change in a profile2 action to index.php. | |||||
CVE-2004-0671 | 1 Symantec | 1 Brightmail Antispam | 2024-02-04 | 5.0 MEDIUM | N/A |
Brightmail Spamfilter 6.0 and earlier beta releases allows remote attackers to read mail from other users by modifying the id parameter in a viewMsgDetails.do request. | |||||
CVE-2004-1418 | 1 Wirtualna Polska | 1 Wpkontakt | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in WPKontakt 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an e-mail address, which is not quoted when a parsing error is generated. | |||||
CVE-1999-0268 | 1 Metainfo | 1 Metaweb | 2024-02-04 | 10.0 HIGH | N/A |
MetaInfo MetaWeb web server allows users to upload, execute, and read scripts. | |||||
CVE-2000-0884 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-04 | 7.5 HIGH | N/A |
IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability. | |||||
CVE-2001-0664 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 7.5 HIGH | N/A |
Internet Explorer 5.5 and 5.01 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing vulnerability." | |||||
CVE-1999-0518 | 1 Microsoft | 1 Windows 95 | 2024-02-04 | 7.5 HIGH | N/A |
A NETBIOS/SMB share password is guessable. | |||||
CVE-1999-0694 | 1 Ibm | 1 Aix | 2024-02-04 | 2.1 LOW | N/A |
Denial of service in AIX ptrace system call allows local users to crash the system. | |||||
CVE-2004-1551 | 1 Php Arena | 1 Pafiledb | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the (1) email or (2) file modules in paFileDB 3.1 Final allows remote attackers to execute arbitrary web script or HTML via the id parameter. | |||||
CVE-2000-0916 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 7.5 HIGH | N/A |
FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an insufficient random number generator to generate initial TCP sequence numbers (ISN), which allows remote attackers to spoof TCP connections. | |||||
CVE-1999-0299 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 9.3 HIGH | N/A |
Buffer overflow in FreeBSD lpd through long DNS hostnames. | |||||
CVE-2004-0211 | 1 Microsoft | 1 Windows 2003 Server | 2024-02-04 | 2.1 LOW | N/A |
The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program. | |||||
CVE-2001-0782 | 1 Kde | 1 Ktv | 2024-02-04 | 7.2 HIGH | N/A |
KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root privileges via a symlink attack on a user configuration file. | |||||
CVE-2000-0303 | 1 Id Software | 1 Quake 3 Arena | 2024-02-04 | 6.4 MEDIUM | N/A |
Quake3 Arena allows malicious server operators to read or modify files on a client via a dot dot (..) attack. | |||||
CVE-2000-0259 | 1 Microsoft | 2 Terminal Server, Windows Nt | 2024-02-04 | 7.2 HIGH | N/A |
The default permissions for the Cryptography\Offload registry key used by the OffloadModExpo in Windows NT 4.0 allows local users to obtain compromise the cryptographic keys of other users. | |||||
CVE-2003-0376 | 1 Qualcomm | 1 Eudora | 2024-02-04 | 5.0 MEDIUM | N/A |
Buffer overflow in Eudora 5.2.1 allows remote attackers to cause a denial of service (crash and failed restart) and possibly execute arbitrary code via an Attachment Converted argument with a large number of . (dot) characters. | |||||
CVE-2003-0331 | 1 Ttcms | 1 Ttforum | 2024-02-04 | 10.0 HIGH | N/A |
SQL injection vulnerability in ttForum allows remote attackers to execute arbitrary SQL and gain ttForum Administrator privileges via the Ignorelist-Textfield argument in the Preferences page. | |||||
CVE-2003-0531 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 7.5 HIGH | N/A |
Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the "Browser Cache Script Execution in My Computer Zone" vulnerability. | |||||
CVE-2001-0135 | 1 Ultrascripts | 1 Ultraboard | 2024-02-04 | 2.1 LOW | N/A |
The default installation of Ultraboard 2000 2.11 creates the Skins, Database, and Backups directories with world-writeable permissions, which could allow local users to modify sensitive information or possibly insert and execute CGI programs. | |||||
CVE-1999-0680 | 1 Microsoft | 1 Terminal Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service. |