Total
254318 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-0831 | 1 Oracle | 1 Database Server | 2024-02-04 | 4.6 MEDIUM | N/A |
Unknown vulnerability in Oracle Label Security in Oracle 8.1.7 and 9.0.1, when audit functionality, SET_LABEL, or SQL*Predicate is being used, allows local users to gain additional access. | |||||
CVE-2003-0862 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0813. Reason: This candidate is a duplicate of CVE-2003-0813. Notes: All CVE users should reference CVE-2003-0813 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2003-0841 | 1 Oracle | 1 Peopletools | 2024-02-04 | 5.0 MEDIUM | N/A |
The grid option in PeopleSoft 8.42 stores temporary .xls files in guessable directories under the web document root, which allows remote attackers to steal search results by directly accessing the files via a URL request. | |||||
CVE-2004-0698 | 1 4d | 1 Webstar | 2024-02-04 | 3.6 LOW | N/A |
4D WebSTAR 5.3.2 and earlier allows local users to read and modify arbitrary files via a symlink attack. | |||||
CVE-1999-0614 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The FTP service is running." | |||||
CVE-2004-0336 | 1 Software602 | 1 602pro Lan Suite | 2024-02-04 | 5.0 MEDIUM | N/A |
LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive information via the mail login form, which contains the path to the mail directory. | |||||
CVE-1999-0435 | 1 Hp | 1 Hp-ux | 2024-02-04 | 7.2 HIGH | N/A |
MC/ServiceGuard and MC/LockManager in HP-UX allows local users to gain privileges through SAM. | |||||
CVE-2002-2172 | 1 Shana | 2 Informed Designer, Informed Filler | 2024-02-04 | 2.1 LOW | N/A |
Informed (1) Designer and (2) Filler 3.05 does not zero out newly allocated disk blocks as an encrypted file grows in size, which may allow attackers to obtain sensitive information. | |||||
CVE-2002-0058 | 2 Microsoft, Sun | 4 Virtual Machine, Jdk, Jre and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and earlier, (2) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, and possibly other implementations that use vulnerable versions of SDK or JDK. | |||||
CVE-2002-1723 | 1 Powerboards | 1 Powerboards | 2024-02-04 | 5.0 MEDIUM | N/A |
Powerboards 2.2b allows remote attackers to view the full path to the backend database by sending a cookie containing a non-existent username to profiles.php, which displays the full path in the error message. | |||||
CVE-2004-0182 | 1 Gnu | 1 Mailman | 2024-02-04 | 5.0 MEDIUM | N/A |
Mailman before 2.0.13 allows remote attackers to cause a denial of service (crash) via an email message with an empty subject field. | |||||
CVE-2002-0146 | 1 Fetchmail | 1 Fetchmail | 2024-02-04 | 5.0 MEDIUM | N/A |
fetchmail email client before 5.9.10 does not properly limit the maximum number of messages available, which allows a remote IMAP server to overwrite memory via a message count that exceeds the boundaries of an array. | |||||
CVE-2002-1309 | 1 Macromedia | 1 Coldfusion | 2024-02-04 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm file name. | |||||
CVE-2002-2140 | 1 Cisco | 1 Pix Firewall Software | 2024-02-04 | 5.0 MEDIUM | N/A |
Buffer overflow in Cisco PIX Firewall 5.2.x to 5.2.8, 6.0.x to 6.0.3, 6.1.x to 6.1.3, and 6.2.x to 6.2.1 allows remote attackers to cause a denial of service via HTTP traffic authentication using (1) TACACS+ or (2) RADIUS. | |||||
CVE-1999-0917 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 5.1 MEDIUM | N/A |
The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files. | |||||
CVE-2004-0082 | 1 Samba | 1 Samba | 2024-02-04 | 7.5 HIGH | N/A |
The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password. | |||||
CVE-2001-0262 | 1 Netscape | 1 Smartdownload | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers (malicious web pages) to execute arbitrary commands via a long URL. | |||||
CVE-2003-1378 | 1 Microsoft | 2 Outlook, Outlook Express | 2024-02-04 | 8.8 HIGH | N/A |
Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077. | |||||
CVE-2002-1963 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.1 LOW | N/A |
Linux kernel 2.4.1 through 2.4.19 sets root's NR_RESERVED_FILES limit to 10 files, which allows local users to cause a denial of service (resource exhaustion) by opening 10 setuid binaries. | |||||
CVE-2004-0623 | 1 Gnu | 1 Gnats | 2024-02-04 | 10.0 HIGH | N/A |
Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog. |