Total
254124 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0695 | 1 Microsoft | 2 Data Access Components, Microsoft Data Access Components | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command. | |||||
CVE-2000-0146 | 1 Novell | 1 Groupwise | 2024-02-04 | 5.0 MEDIUM | N/A |
The Java Server in the Novell GroupWise Web Access Enhancement Pack allows remote attackers to cause a denial of service via a long URL to the servlet. | |||||
CVE-1999-0189 | 1 Sun | 2 Solaris, Sunos | 2024-02-04 | 7.5 HIGH | N/A |
Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111. | |||||
CVE-2003-0470 | 1 Symantec | 1 Security Check | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in the "RuFSI Utility Class" ActiveX control (aka "RuFSI Registry Information Class"), as used for the Symantec Security Check service, allows remote attackers to execute arbitrary code via a long argument to CompareVersionStrings. | |||||
CVE-2003-1007 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 5.0 MEDIUM | N/A |
AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not properly handle certain malformed requests, with unknown impact. | |||||
CVE-2000-0970 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-04 | 7.5 HIGH | N/A |
IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability. | |||||
CVE-2000-0162 | 1 Microsoft | 3 Ie, Internet Explorer, Visual Studio | 2024-02-04 | 5.1 MEDIUM | N/A |
The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability. | |||||
CVE-1999-0159 | 1 Cisco | 1 Ios | 2024-02-04 | 5.0 MEDIUM | N/A |
Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases. | |||||
CVE-2004-1381 | 1 Mozilla | 2 Firefox, Mozilla | 2024-02-04 | 5.0 MEDIUM | N/A |
Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks. | |||||
CVE-2003-0698 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0743. Reason: This candidate is a duplicate of CVE-2003-0743. Notes: All CVE users should reference CVE-2003-0743 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2002-1407 | 1 Adam Megacz | 1 Tinyssl | 2024-02-04 | 7.5 HIGH | N/A |
TinySSL 1.02 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack. | |||||
CVE-2003-1276 | 1 Nettelephone | 1 Nettelephone | 2024-02-04 | 4.6 MEDIUM | N/A |
Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user PIN's and stores user account numbers in plaintext in the HKEY_CURRENT_USER\Software\MediaRing.com\SDK\NetTelephone\settings registry key, which could allow local users to gain unauthorized access to NetTelephone accounts. | |||||
CVE-1999-0639 | 2024-02-04 | N/A | N/A | ||
The chargen service is running. | |||||
CVE-2000-1121 | 1 Ibm | 1 Aix | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long -M argument. | |||||
CVE-2003-1561 | 1 Opera | 1 Opera | 2024-02-04 | 4.3 MEDIUM | N/A |
Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | |||||
CVE-2002-0313 | 1 Essen | 1 Essentia Web Server | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in Essentia Web Server 2.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long URL. | |||||
CVE-1999-0913 | 1 Network Security Wizards | 1 Dragon-fire Ids | 2024-02-04 | 10.0 HIGH | N/A |
dfire.cgi script in Dragon-Fire IDS allows remote users to execute commands via shell metacharacters. | |||||
CVE-2001-1419 | 2 Aol, Cerulean Studios | 2 Instant Messenger, Trillian | 2024-02-04 | 5.0 MEDIUM | N/A |
AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of "<!--" HTML comments. | |||||
CVE-2004-2079 | 1 Red-m | 1 Red-alert | 2024-02-04 | 7.5 HIGH | N/A |
Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication to IP addresses, which allows remote attackers to bypass authentication by connecting from the same IP address as an active authenticated user. | |||||
CVE-2000-0376 | 1 I-drive | 1 Filo | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in the HTTP proxy server for the i-drive Filo software allows remote attackers to execute arbitrary commands via a long HTTP GET request. |