Total
254308 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0255 | 1 Arescom | 1 Netdsl | 2024-02-04 | 10.0 HIGH | N/A |
The default configuration of Arescom NetDSL 800 does not require authentication, which allows remote attackers to cause a denial of service or reconfigure the router. | |||||
CVE-2001-1583 | 1 Sun | 1 Sunos | 2024-02-04 | 10.0 HIGH | N/A |
lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220. | |||||
CVE-2001-0822 | 1 Packet Knights | 1 Fpf Linux Kernel Module | 2024-02-04 | 5.0 MEDIUM | N/A |
FPF kernel module 1.0 allows a remote attacker to cause a denial of service via fragmented packets. | |||||
CVE-2002-0682 | 1 Apache | 1 Tomcat | 2024-02-04 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet. | |||||
CVE-2002-1360 | 7 Cisco, Fissh, Intersoft and 4 more | 7 Ios, Ssh Client, Securenetterm and 4 more | 2024-02-04 | 10.0 HIGH | N/A |
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite. | |||||
CVE-2004-0192 | 1 Symantec | 1 Gateway Security 5400 | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Management Service for Symantec Gateway Security 2.0 allows remote attackers to steal cookies and hijack a management session via a /sgmi URL that contains malicious script, which is not quoted in the resulting error page. | |||||
CVE-1999-0510 | 2024-02-04 | 7.5 HIGH | N/A | ||
A router or firewall allows source routed packets from arbitrary hosts. | |||||
CVE-2002-0971 | 3 Att, Tightvnc, Tridia | 3 Winvnc Server, Tightvnc, Tridiavnc | 2024-02-04 | 4.6 MEDIUM | N/A |
Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to execute arbitrary code as LocalSystem by using the Win32 Messaging System to bypass the VNC GUI and access the "Add new clients" dialogue box. | |||||
CVE-2000-0073 | 1 Microsoft | 3 Windows 2000, Windows 98, Windows Nt | 2024-02-04 | 5.0 MEDIUM | N/A |
Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word. | |||||
CVE-2004-0186 | 2 Linux, Samba | 2 Linux Kernel, Samba | 2024-02-04 | 7.2 HIGH | N/A |
smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted. | |||||
CVE-2004-0095 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-02-04 | 5.0 MEDIUM | N/A |
McAfee ePolicy Orchestrator agent allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute arbitrary code via an HTTP POST request with an invalid Content-Length value, possibly triggering a buffer overflow. | |||||
CVE-2002-2141 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 7.5 HIGH | N/A |
BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets and Enterprise JavaBeans (EJB) on more than one server, will remove the security constraints and roles on all servers for any Servlets or EJB that are used by an application that is undeployed on one server, which could allow remote attackers to conduct unauthorized activities in violation of the intended restrictions. | |||||
CVE-2001-1348 | 1 Twig Development Team | 1 Twig | 2024-02-04 | 7.5 HIGH | N/A |
TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database operations via a SQL injection attack on the id parameter. | |||||
CVE-2001-1247 | 1 Php | 1 Php | 2024-02-04 | 6.4 MEDIUM | N/A |
PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files. | |||||
CVE-1999-1012 | 1 Lotus | 1 Domino | 2024-02-04 | 5.0 MEDIUM | N/A |
SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other operating systems, allows a remote attacker to crash the mail server via a long string. | |||||
CVE-2004-0239 | 1 Photopost | 1 Photopost Php Pro | 2024-02-04 | 10.0 HIGH | N/A |
SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain unauthorized access via the photo variable. | |||||
CVE-2002-1848 | 1 Tightvnc | 1 Tightvnc | 2024-02-04 | 2.1 LOW | N/A |
TightVNC before 1.2.4 running on Windows stores unencrypted passwords in the password text control of the WinVNC Properties dialog, which could allow local users to access passwords. | |||||
CVE-2004-2025 | 1 Zen Cart | 1 Zen Cart | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 before patch 2 may allow remote attackers to execute arbitrary SQL commands via the products_id parameter. | |||||
CVE-2002-0399 | 1 Gnu | 1 Tar | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267. | |||||
CVE-2000-0616 | 1 Hp | 1 Mpe Ix | 2024-02-04 | 4.6 MEDIUM | N/A |
Vulnerability in HP TurboIMAGE DBUTIL allows local users to gain additional privileges via DBUTIL.PUB.SYS. |