Total
254124 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-2171 | 1 Andrey Cherezov | 1 Acweb | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in acWEB 1.8 and 1.14 allows remote attackers to insert arbitrary HTML and web script via a URL, possibly via a "%db" request in a URL. | |||||
CVE-2004-0783 | 1 Gnome | 2 Gdkpixbuf, Gtk | 2024-02-04 | 7.5 HIGH | N/A |
Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688). | |||||
CVE-2000-0787 | 1 Xchat | 1 Xchat | 2024-02-04 | 7.5 HIGH | N/A |
IRC Xchat client versions 1.4.2 and earlier allows remote attackers to execute arbitrary commands by encoding shell metacharacters into a URL which XChat uses to launch a web browser. | |||||
CVE-1999-0867 | 1 Microsoft | 3 Commercial Internet System, Internet Information Server, Site Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers. | |||||
CVE-2002-2422 | 1 Compaq | 1 Insight Management Agent | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Compaq Insight Management Agents 2.0, 2.1, 3.6.0, 4.2 and 4.3.7 allows remote attackers to inject arbitrary web script or HTML via a URL, which inserts the script into the resulting error message. | |||||
CVE-1999-0749 | 1 Microsoft | 2 Windows 95, Windows 98 | 2024-02-04 | 2.6 LOW | N/A |
Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument. | |||||
CVE-2000-0031 | 1 Redhat | 1 Linux | 2024-02-04 | 6.2 MEDIUM | N/A |
The initscripts package in Red Hat Linux allows local users to gain privileges via a symlink attack. | |||||
CVE-2000-0032 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 10.0 HIGH | N/A |
Solaris dmi_cmd allows local users to crash the dmispd daemon by adding a malformed file to the /var/dmi/db database. | |||||
CVE-1999-0374 | 1 Debian | 1 Debian Linux | 2024-02-04 | 2.1 LOW | N/A |
Debian GNU/Linux cfengine package is susceptible to a symlink attack. | |||||
CVE-2000-1137 | 1 Gnu | 1 Ed | 2024-02-04 | 4.6 MEDIUM | N/A |
GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack. | |||||
CVE-2001-1327 | 1 Berkeley Softworks | 1 Pmake | 2024-02-04 | 4.6 MEDIUM | N/A |
pmake before 2.1.35 in Turbolinux 6.05 and earlier is installed with setuid root privileges, which could allow local users to gain privileges by exploiting vulnerabilities in pmake or programs that are used by pmake. | |||||
CVE-2001-1270 | 1 Pkware | 1 Pkzip | 2024-02-04 | 2.1 LOW | N/A |
Directory traversal vulnerability in the console version of PKZip (pkzipc) 4.00 and earlier allows attackers to overwrite arbitrary files during archive extraction with the -rec (recursive) option via a .. (dot dot) attack on the archived files. | |||||
CVE-1999-0883 | 1 Zeus Technologies | 1 Zeus Web Server | 2024-02-04 | 10.0 HIGH | N/A |
Zeus web server allows remote attackers to read arbitrary files by specifying the file name in an option to the search engine. | |||||
CVE-2002-1106 | 1 Cisco | 1 Vpn Client | 2024-02-04 | 7.5 HIGH | N/A |
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks. | |||||
CVE-2002-0535 | 2 Postboard, Postnuke Software Foundation | 2 Postboard, Postnuke | 2024-02-04 | 5.0 MEDIUM | N/A |
Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier allows remote attackers to execute script as other users via (1) an [IMG] tag when BBCode is enabled, or (2) in a topic title. | |||||
CVE-1999-1057 | 1 Digital | 1 Vms | 2024-02-04 | 4.6 MEDIUM | N/A |
VMS 4.0 through 5.3 allows local users to gain privileges via the ANALYZE/PROCESS_DUMP dcl command. | |||||
CVE-2002-2167 | 1 Thorsten Korner | 1 123tkshop | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in function_foot_1.inc.php for Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences terminated by a null character in the $designNo variable, which is part of an "include" function call. | |||||
CVE-2001-1061 | 1 Ibm | 1 Aix | 2024-02-04 | 10.0 HIGH | N/A |
Vulnerability in lsmcode in unknown versions of AIX, possibly related to a usage error. | |||||
CVE-2004-2165 | 1 Impressions Games | 1 Lords Of The Realm Iii | 2024-02-04 | 5.0 MEDIUM | N/A |
Lords of the Realm III 1.01 and earlier, when in the lobby stage, allows remote attackers to cause a denial of service (crash from unallocated memory write) via a long user nickname. | |||||
CVE-1999-0225 | 1 Microsoft | 1 Windows Nt | 2024-02-04 | 5.0 MEDIUM | N/A |
Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed SMB logon request in which the actual data size does not match the specified size. |