Total
254341 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0238 | 1 0verkill | 1 0verkill | 2024-02-04 | 7.2 HIGH | N/A |
| Multiple buffer overflows in Overkill (0verkill) 0.15pre3 might allow local users to execute arbitrary code in the client via a long HOME environment variable in the (1) load_cfg and (2) save_cfg functions; possibly allow remote attackers to execute arbitrary code via long strings to (3) the send_message function; and, in the server, via (4) the parse_command_line function. | |||||
| CVE-2003-0630 | 1 Atari800 | 1 Atari800 | 2024-02-04 | 7.2 HIGH | N/A |
| Multiple buffer overflows in the atari800.svgalib setuid program of the Atari 800 emulator (atari800) before 1.2.2 allow local users to gain privileges via long command line arguments, as demonstrated with the -osa_rom argument. | |||||
| CVE-2004-1315 | 1 Phpbb Group | 1 Phpbb | 2024-02-04 | 7.5 HIGH | N/A |
| viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm. | |||||
| CVE-2004-1548 | 1 Onnuri Infotek | 1 Activepost Standard | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the file server in ActivePost Standard 3.1 allows remote authenticated users to upload arbitrary files via a .. (dot dot) in the filename. | |||||
| CVE-2004-1578 | 1 Invision Power Services | 1 Invision Power Board | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Invision Power Board 2.0.0 allows remote attackers to execute arbitrary web script or HTML via the Referer field in the HTTP header. | |||||
| CVE-2004-1796 | 1 Hotnews | 1 Hotnews | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in HotNews 0.7.2 and earlier allows remote attackers to execute arbitrary PHP code via the (1) config[header] parameter to hotnews-engine.inc.php3 or (2) config[incdir] parameter to hnmain.inc.php3. | |||||
| CVE-2000-0119 | 2 Mcafee, Symantec | 2 Virusscan, Norton Antivirus | 2024-02-04 | 7.2 HIGH | N/A |
| The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection. | |||||
| CVE-2003-1263 | 1 Brown Bear Software | 1 Ical | 2024-02-04 | 5.0 MEDIUM | N/A |
| ICAL.EXE in iCal 3.7 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, possibly due to an invalid method name. | |||||
| CVE-2004-0629 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2024-02-04 | 7.5 HIGH | N/A |
| Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat 5.0.5 and Acrobat Reader, and possibly other versions, allows remote attackers to execute arbitrary code via a URI for a PDF file with a null terminator (%00) followed by a long string. | |||||
| CVE-2004-0530 | 1 Slackware | 1 Slackware Linux | 2024-02-04 | 7.2 HIGH | N/A |
| The PHP package in Slackware 8.1, 9.0, and 9.1, when linked against a static library, includes /tmp in the search path, which allows local users to execute arbitrary code as the PHP user by inserting shared libraries into the appropriate path. | |||||
| CVE-2002-0358 | 1 Sgi | 1 Mediamail | 2024-02-04 | 4.6 MEDIUM | N/A |
| MediaMail and MediaMail Pro in SGI IRIX 6.5.16 and earlier allows local users to force the program to dump core via certain arguments, which could allow the users to read sensitive data or gain privileges. | |||||
| CVE-2002-0325 | 1 Working Resources Inc. | 1 Badblue | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in BadBlue before 1.6.1 allows remote attackers to read arbitrary files via a ... (modified dot dot) in the URL. | |||||
| CVE-1999-0586 | 2024-02-04 | N/A | N/A | ||
| A network service is running on a nonstandard port. | |||||
| CVE-2002-0067 | 2 Redhat, Squid | 2 Linux, Squid | 2024-02-04 | 7.5 HIGH | N/A |
| Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions. | |||||
| CVE-2001-0425 | 1 Adcycle | 1 Adcycle | 2024-02-04 | 7.5 HIGH | N/A |
| AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain privileges to AdCycle via a malformed Agent: header in the HTTP request, which is inserted into a resulting SQL query that is used to verify login information. | |||||
| CVE-2003-0450 | 1 Cistron | 1 Radius Daemon | 2024-02-04 | 7.5 HIGH | N/A |
| Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large value in an NAS-Port attribute, which is interpreted as a negative number and causes a buffer overflow. | |||||
| CVE-2002-0137 | 1 Andreas Mueller | 1 Cdrdao | 2024-02-04 | 7.2 HIGH | N/A |
| CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files via a symlink attack on the $HOME/.cdrdao configuration file. | |||||
| CVE-2004-0173 | 1 Apache | 1 Http Server | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences. | |||||
| CVE-2001-1401 | 1 Mozilla | 1 Bugzilla | 2024-02-04 | 7.5 HIGH | N/A |
| Bugzilla before 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi, (2) show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi, (5) showdependencygraph.cgi, (6) showattachment.cgi, or (7) describecomponents.cgi. | |||||
| CVE-2001-0386 | 1 Analogx | 1 Simpleserver Www | 2024-02-04 | 5.0 MEDIUM | N/A |
| AnalogX SimpleServer:WWW 1.08 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory. | |||||