Total
254124 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-1201 | 1 Ibm | 1 Aix | 2024-02-04 | 5.0 MEDIUM | N/A |
IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a flood of malformed TCP packets without any flags set, which prevents AIX from releasing the associated memory buffers. | |||||
CVE-2004-0841 | 2 Avaya, Microsoft | 7 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 4 more | 2024-02-04 | 5.0 MEDIUM | N/A |
Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability." | |||||
CVE-1999-0901 | 1 Linux-nis | 1 Ypserv | 2024-02-04 | 7.2 HIGH | N/A |
ypserv allows a local user to modify the GECOS and login shells of other users. | |||||
CVE-2002-2089 | 1 Sun | 1 Solaris | 2024-02-04 | 4.6 MEDIUM | N/A |
Buffer overflow in rcp in Solaris 9.0 allows local users to execute arbitrary code via a long command line argument. | |||||
CVE-2004-0526 | 1 Microsoft | 4 Ie, Internet Explorer, Outlook and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. | |||||
CVE-1999-0986 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Linux | 2024-02-04 | 5.0 MEDIUM | N/A |
The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option. | |||||
CVE-2001-1439 | 1 Hp | 1 Hp-ux | 2024-02-04 | 2.1 LOW | N/A |
Buffer overflow in the text editor functionality in HP-UX 10.01 through 11.04 on HP9000 Series 700 and Series 800 allows local users to cause a denial of service ("system availability") via text editors such as (1) e, (2) ex, (3) vi, (4) edit, (5) view, and (6) vedit. | |||||
CVE-2002-0948 | 1 Scripts For Educators | 1 Makebook | 2024-02-04 | 7.5 HIGH | N/A |
Scripts For Educators MakeBook 2.2 CGI program allows remote attackers to execute script as other visitors, or execute server-side includes (SSI) as the web server, via the (1) Name or (2) Email parameters, which are not properly filtered. | |||||
CVE-2002-0138 | 1 Andreas Mueller | 1 Cdrdao | 2024-02-04 | 2.1 LOW | N/A |
CDRDAO 1.1.4 and 1.1.5 allows local users to read arbitrary files via the show-data command. | |||||
CVE-2004-1881 | 1 Cactusoft | 1 Cactushop | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp in CactuShop 5.x allows remote attackers to execute arbitrary SQL commands via the strItems parameter. | |||||
CVE-2003-0026 | 1 Isc | 1 Dhcpd | 2024-02-04 | 7.5 HIGH | N/A |
Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute arbitrary code via a DHCP message containing a long hostname. | |||||
CVE-2000-0858 | 1 Microsoft | 2 Internet Information Server, Windows Nt | 2024-02-04 | 5.0 MEDIUM | N/A |
Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability. | |||||
CVE-2000-0632 | 1 Lsoft | 1 Listserv | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the web archive component of L-Soft Listserv 1.8d and earlier allows remote attackers to execute arbitrary commands via a long query string. | |||||
CVE-2001-0051 | 1 Ibm | 1 Db2 Universal Database | 2024-02-04 | 7.5 HIGH | N/A |
IBM DB2 Universal Database version 6.1 creates an account with a default user name and password, which allows remote attackers to gain access to the database. | |||||
CVE-2004-0520 | 3 Open Webmail, Sgi, Squirrelmail | 3 Open Webmail, Propack, Squirrelmail | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php. | |||||
CVE-1999-1517 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 7.2 HIGH | N/A |
runtar in the Amanda backup system used in various UNIX operating systems executes tar with root privileges, which allows a user to overwrite or read arbitrary files by providing the target files to runtar. | |||||
CVE-1999-1426 | 1 Sun | 1 Solstice Adminsuite | 2024-02-04 | 6.2 MEDIUM | N/A |
Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links when updating an NIS database, which allows local users to overwrite arbitrary files. | |||||
CVE-2002-0757 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2024-02-04 | 7.5 HIGH | N/A |
(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations. | |||||
CVE-2002-1282 | 1 Kde | 1 Kde | 2024-02-04 | 7.5 HIGH | N/A |
Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of KDE 2.x 2.1 and later allows local and remote attackers to execute arbitrary code via a certain URL. | |||||
CVE-1999-1256 | 1 Oracle | 1 Database Assistant | 2024-02-04 | 4.6 MEDIUM | N/A |
Oracle Database Assistant 1.0 in Oracle 8.0.3 Enterprise Edition stores the database master password in plaintext in the spoolmain.log file when a new database is created, which allows local users to obtain the password from that file. |