Total
254124 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-1138 | 1 Randy Parker | 1 Power Up Html | 2024-02-04 | 7.5 HIGH | N/A |
Directory traversal vulnerability in r.pl (aka r.cgi) of Randy Parker Power Up HTML 0.8033beta allows remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the FILE parameter. | |||||
CVE-2003-0718 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-04 | 5.0 MEDIUM | N/A |
The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes. | |||||
CVE-2000-0192 | 1 Caldera | 1 Openlinux | 2024-02-04 | 5.0 MEDIUM | N/A |
The default installation of Caldera OpenLinux 2.3 includes the CGI program rpm_query, which allows remote attackers to determine what packages are installed on the system. | |||||
CVE-2002-0162 | 1 Logwatch | 1 Logwatch | 2024-02-04 | 6.2 MEDIUM | N/A |
LogWatch before 2.5 allows local users to execute arbitrary code via a symlink attack on the logwatch temporary directory. | |||||
CVE-2003-1516 | 1 Sun | 1 Java Plug-in | 2024-02-04 | 6.8 MEDIUM | N/A |
The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet. | |||||
CVE-2001-1371 | 1 Oracle | 1 Application Server | 2024-02-04 | 7.5 HIGH | N/A |
The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager. | |||||
CVE-1999-0128 | 5 Digital, Ibm, Linux and 2 more | 9 Osf 1, Aix, Sng and 6 more | 2024-02-04 | 5.0 MEDIUM | N/A |
Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death. | |||||
CVE-2003-0988 | 1 Kde | 1 Kde | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file. | |||||
CVE-1999-1477 | 2 Gnome, Mandrakesoft | 2 Gnome Libs, Mandrake Linux | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in GNOME libraries 1.0.8 allows local user to gain root access via a long --espeaker argument in programs such as nethack. | |||||
CVE-2001-0730 | 1 Apache | 1 Http Server | 2024-02-04 | 5.0 MEDIUM | N/A |
split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header. | |||||
CVE-2004-0703 | 1 Mozilla | 1 Bugzilla | 2024-02-04 | 7.5 HIGH | N/A |
Unknown vulnerability in the administrative controls in Bugzilla 2.17.1 through 2.17.7 allows users with "grant membership" privileges to grant memberships to groups that the user does not control. | |||||
CVE-2000-0194 | 1 Corel | 1 Linux | 2024-02-04 | 7.2 HIGH | N/A |
buildxconf in Corel Linux allows local users to modify or create arbitrary files via the -x or -f parameters. | |||||
CVE-2001-0871 | 2 Alchemy Lab, Dek Software | 2 Alchemy Eye, Alchemy Network Monitor | 2024-02-04 | 7.5 HIGH | N/A |
Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing (1) a .. in versions 2.0 through 2.6.18, or (2) a DOS device name followed by a .. in versions 2.6.19 through 3.0.10. | |||||
CVE-2002-0688 | 1 Zope | 1 Zope | 2024-02-04 | 7.5 HIGH | N/A |
ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes. | |||||
CVE-2000-1161 | 1 Adcycle | 1 Adcycle | 2024-02-04 | 7.5 HIGH | N/A |
The installation of AdCycle banner management system leaves the build.cgi program in a web-accessible directory, which allows remote attackers to execute the program and view passwords or delete databases. | |||||
CVE-2000-0574 | 2 Openbsd, Washington University | 2 Ftpd, Wu-ftpd | 2024-02-04 | 5.0 MEDIUM | N/A |
FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands. | |||||
CVE-1999-0321 | 1 Sun | 1 Solaris | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in Solaris kcms_configure command allows local users to gain root access. | |||||
CVE-2004-1017 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 10.0 HIGH | N/A |
Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x have unknown impact and unknown attack vectors. | |||||
CVE-1999-0698 | 2024-02-04 | 10.0 HIGH | N/A | ||
Denial of service in IP protocol logger (ippl) on Red Hat and Debian Linux. | |||||
CVE-2000-1071 | 1 Netscape | 1 Iplanet Ical | 2024-02-04 | 10.0 HIGH | N/A |
The GUI installation for iCal 2.1 Patch 2 disables access control for the X server using an "xhost +" command, which allows remote attackers to monitor X Windows events and gain privileges. |