Total
254124 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-2275 | 1 Fortres Grand Corporation | 1 Fortres | 2024-02-04 | 2.1 LOW | N/A |
Fortres 101 4.1 allows local users to bypass Fortres by pressing the Windows and "F" key together for 30 seconds, which opens multiple windows and eventually causes explorer.exe to crash, which then opens an unrestricted explorer.exe. | |||||
CVE-2000-1167 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 7.5 HIGH | N/A |
ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict access as specified by the "nat deny_incoming" command, which allows remote attackers to connect to the target system. | |||||
CVE-2001-1316 | 1 Teamware | 1 Teamware Office | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflows in Teamware Office Enterprise Directory allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. | |||||
CVE-2000-1059 | 1 Mandrakesoft | 1 Mandrake Linux | 2024-02-04 | 7.2 HIGH | N/A |
The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges. | |||||
CVE-2001-0535 | 1 Macromedia | 1 Coldfusion Server | 2024-02-04 | 7.5 HIGH | N/A |
Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script. | |||||
CVE-1999-1479 | 1 Matt Wright | 1 Textcounter | 2024-02-04 | 10.0 HIGH | N/A |
The textcounter.pl by Matt Wright allows remote attackers to execute arbitrary commands via shell metacharacters. | |||||
CVE-2003-0646 | 1 Trend Micro | 2 Damage Cleanup Server, Housecall | 2024-02-04 | 7.5 HIGH | N/A |
Multiple buffer overflows in ActiveX controls used by Trend Micro HouseCall 5.5 and 5.7, and Damage Cleanup Server 1.0, allow remote attackers to execute arbitrary code via long parameter strings. | |||||
CVE-2002-2273 | 1 Webster | 1 Webster Http Server | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Webster HTTP Server allows remote attackers to inject arbitrary web script or HTML via the URL. | |||||
CVE-2001-0417 | 1 Mit | 2 Kerberos, Kerberos 5 | 2024-02-04 | 2.1 LOW | N/A |
Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files. | |||||
CVE-2001-1079 | 1 Ibm | 1 Aix | 2024-02-04 | 3.6 LOW | N/A |
create_keyfiles in PSSP 3.2 with DCE 3.1 authentication on AIX creates keyfile directories with world-writable permissions, which could allow a local user to delete key files and cause a denial of service. | |||||
CVE-2004-1724 | 1 Php Fusion | 1 Php Fusion | 2024-02-04 | 7.5 HIGH | N/A |
The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusion_admin/db_backups directory to world read/write/execute (777), which allows remote attackers to download or view database backups, which have easily guessable filenames and contain the administrator username and password. | |||||
CVE-2000-0209 | 1 University Of Kansas | 1 Lynx | 2024-02-04 | 7.6 HIGH | N/A |
Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page. | |||||
CVE-2002-0121 | 1 Php | 1 Php | 2024-02-04 | 2.1 LOW | N/A |
PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections. | |||||
CVE-2000-0507 | 1 Concatus | 1 Imate Webmail Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Imate Webmail Server 2.5 allows remote attackers to cause a denial of service via a long HELO command. | |||||
CVE-1999-0313 | 1 Sgi | 1 Irix | 2024-02-04 | 7.2 HIGH | N/A |
disk_bandwidth on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames. | |||||
CVE-2004-2228 | 1 Mozilla | 1 Firefox | 2024-02-04 | 7.2 HIGH | N/A |
Mozilla Firefox before 1.0 is installed with world-writable permissions on Mac OS X, which allows local users to gain privileges. | |||||
CVE-2003-0628 | 1 Peoplesoft | 1 Peopletools | 2024-02-04 | 5.0 MEDIUM | N/A |
PeopleSoft Gateway Administration servlet (gateway.administration) in PeopleTools 8.43 and earlier allows remote attackers to obtain the full pathnames for server-side include (SSI) files via an HTTP request with an invalid value. | |||||
CVE-1999-0229 | 1 Microsoft | 1 Internet Information Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Denial of service in Windows NT IIS server using ..\.. | |||||
CVE-2003-1138 | 1 Redhat | 1 Interchange | 2024-02-04 | 5.0 MEDIUM | N/A |
The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//). | |||||
CVE-2004-2040 | 1 E107 | 1 E107 | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) "email article to a friend" field, (3) "submit news" field, or (4) avmsg parameter to usersettings.php. |