Total
254181 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-1999-1377 | 1 Matt Wright | 1 Download.cgi | 2024-02-04 | 5.0 MEDIUM | N/A |
Matt Wright's download.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. | |||||
CVE-2003-0318 | 1 Francisco Burzi | 1 Php-nuke | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary web script via the year parameter. | |||||
CVE-2000-0129 | 1 Microsoft | 3 Windows 95, Windows 98, Windows Nt | 2024-02-04 | 2.1 LOW | N/A |
Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP server allows attackers to cause a denial of service by performing a LIST command on a malformed .lnk file. | |||||
CVE-2000-0386 | 1 Filemaker | 1 Filemaker | 2024-02-04 | 7.5 HIGH | N/A |
FileMaker Pro 5 Web Companion allows remote attackers to send anonymous or forged email. | |||||
CVE-2003-0619 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 5.0 MEDIUM | N/A |
Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call. | |||||
CVE-2002-1802 | 1 Xoops | 1 Xoops | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag when submitting news. | |||||
CVE-1999-0616 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The TFTP service is running." | |||||
CVE-1999-0324 | 1 Hp | 1 Hp-ux | 2024-02-04 | 7.2 HIGH | N/A |
ppl program in HP-UX allows local users to create root files through symlinks. | |||||
CVE-2001-1139 | 1 Ascii Nt | 1 Winwrapper Professional | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in ASCII NT WinWrapper Professional allows remote attackers to read arbitrary files via a .. (dot dot) in the server request. | |||||
CVE-2001-0971 | 1 Aci | 1 4d Webserver | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in ACI 4d webserver allows remote attackers to read arbitrary files via a .. (dot dot) or drive letter (e.g., C:) in an HTTP request. | |||||
CVE-2004-1584 | 1 Wordpress | 1 Wordpress | 2024-02-04 | 5.0 MEDIUM | N/A |
CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter. | |||||
CVE-1999-0948 | 3 Sgi, Sun, Turbolinux | 4 Irix, Solaris, Sunos and 1 more | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in uum program for Canna input system allows local users to gain root privileges. | |||||
CVE-2003-0210 | 1 Cisco | 1 Secure Access Control Server | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002. | |||||
CVE-2002-1488 | 1 Cerulean Studios | 1 Trillian | 2024-02-04 | 5.0 MEDIUM | N/A |
The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) via a PART message with (1) a missing channel or (2) a channel that the Trillian user is not in. | |||||
CVE-2000-0763 | 1 David Bagley | 1 Xlock | 2024-02-04 | 7.2 HIGH | N/A |
xlockmore and xlockf do not properly cleanse user-injected format strings, which allows local users to gain root privileges via the -d option. | |||||
CVE-2003-0898 | 1 Ibm | 1 Db2 Universal Database | 2024-02-04 | 4.6 MEDIUM | N/A |
IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on (1) db2job and (2) db2job2. | |||||
CVE-2001-0092 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 2.6 LOW | N/A |
A function in Internet Explorer 5.0 through 5.5 does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a new variant of the "Frame Domain Verification" vulnerability. | |||||
CVE-2004-1694 | 1 Symantec | 2 On Command Ccm, On Icommand | 2024-02-04 | 7.5 HIGH | N/A |
Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default usernames and passwords, one of which is hardcoded, which allows remote attackers to gain unauthorized access. | |||||
CVE-2000-0804 | 1 Checkpoint | 1 Firewall-1 | 2024-02-04 | 7.5 HIGH | N/A |
Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass the directionality check via fragmented TCP connection requests or reopening closed TCP connection requests, aka "One-way Connection Enforcement Bypass." | |||||
CVE-2000-0266 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 2.6 LOW | N/A |
Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL. |