Total
254277 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2000-0393 | 1 Kde | 1 Kde | 2024-02-04 | 7.2 HIGH | N/A |
The KDE kscd program does not drop privileges when executing a program specified in a user's SHELL environmental variable, which allows the user to gain privileges by specifying an alternate program to execute. | |||||
CVE-2002-0645 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands. | |||||
CVE-2002-0270 | 1 Opera Software | 1 Opera Web Browser | 2024-02-04 | 4.3 MEDIUM | N/A |
Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks. | |||||
CVE-2002-0545 | 1 Cisco | 2 Aironet Ap340, Aironet Ap350 | 2024-02-04 | 5.0 MEDIUM | N/A |
Cisco Aironet before 11.21 with Telnet enabled allows remote attackers to cause a denial of service (reboot) via a series of login attempts with invalid usernames and passwords. | |||||
CVE-1999-1524 | 1 Flowpoint | 1 Flowpoint Dsl Router | 2024-02-04 | 5.0 MEDIUM | N/A |
FlowPoint DSL router firmware versions prior to 3.0.8 allows a remote attacker to exploit a password recovery feature from the network and conduct brute force password guessing, instead of limiting the feature to the serial console port. | |||||
CVE-2000-0466 | 1 Ibm | 1 Aix | 2024-02-04 | 7.2 HIGH | N/A |
AIX cdmount allows local users to gain root privileges via shell metacharacters. | |||||
CVE-2002-2394 | 1 Trend Micro | 1 Interscan Viruswall | 2024-02-04 | 5.0 MEDIUM | N/A |
InterScan VirusWall 3.6 for Linux and 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 chunked transfer encoding. | |||||
CVE-2000-0050 | 1 Allaire | 1 Spectra | 2024-02-04 | 4.6 MEDIUM | N/A |
The Allaire Spectra Webtop allows authenticated users to access other Webtop sections by specifying explicit URLs. | |||||
CVE-2002-0641 | 1 Microsoft | 2 Msde, Sql Server | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query. | |||||
CVE-2001-1217 | 1 Oracle | 1 Application Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences. | |||||
CVE-2005-0190 | 1 Realnetworks | 2 Realone Player, Realplayer | 2024-02-04 | 2.6 LOW | N/A |
Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ? (question mark) and an allowed file extension (e.g. .mp3), which bypasses the check for the file extension. | |||||
CVE-2002-0865 | 1 Microsoft | 1 Virtual Machine | 2024-02-04 | 7.5 HIGH | N/A |
A certain class that supports XML (Extensible Markup Language) in Microsoft Virtual Machine (VM) 5.0.3805 and earlier, probably com.ms.osp.ospmrshl, exposes certain unsafe methods, which allows remote attackers to execute unsafe code via a Java applet, aka "Inappropriate Methods Exposed in XML Support Classes." | |||||
CVE-1999-0942 | 1 Sco | 1 Unixware | 2024-02-04 | 7.2 HIGH | N/A |
UnixWare dos7utils allows a local user to gain root privileges by using the STATICMERGE environmental variable to find a script which it executes. | |||||
CVE-2001-1103 | 1 Rhinosoft | 1 Ftp Voyager | 2024-02-04 | 7.5 HIGH | N/A |
FTP Voyager ActiveX control before 8.0, when it is marked as safe for scripting (the default) or if allowed by the IObjectSafety interface, allows remote attackers to execute arbitrary commands. | |||||
CVE-2001-0087 | 1 Michael Glickman | 1 Itetris | 2024-02-04 | 7.2 HIGH | N/A |
itetris/xitetris 1.6.2 and earlier trusts the PATH environmental variable to find and execute the gunzip program, which allows local users to gain root privileges by changing their PATH so that it points to a malicious gunzip program. | |||||
CVE-2002-0050 | 1 Microsoft | 1 Commerce Server | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data. | |||||
CVE-2002-0866 | 1 Microsoft | 1 Virtual Machine | 2024-02-04 | 7.5 HIGH | N/A |
Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote attackers to load and execute DLLs (dynamic link libraries) via a Java applet that calls the constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL terminated by a null string, aka "DLL Execution via JDBC Classes." | |||||
CVE-2002-2419 | 1 Dctc Project | 1 Dctc | 2024-02-04 | 7.8 HIGH | N/A |
Direct connect text client (DCTC) client 0.83.3 allows remote attackers to cause a denial of service (crash) via a string ending with a NULL byte character. | |||||
CVE-2000-0187 | 1 Alex Heiphetz Group | 1 Ezshopper | 2024-02-04 | 7.5 HIGH | N/A |
EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack or execute commands via shell metacharacters. | |||||
CVE-2001-1317 | 1 Teamware | 1 Teamware Office | 2024-02-04 | 7.5 HIGH | N/A |
Teamware Office Enterprise Directory allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, via invalid encodings for certain BER object types, as demonstrated by the PROTOS LDAPv3 test suite. |