Total
254106 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-1999-0365 | 1 Metainfo | 2 Metaip, Sendmail | 2024-02-04 | 7.5 HIGH | N/A |
The metamail package allows remote command execution using shell metacharacters that are not quoted in a mailcap entry. | |||||
CVE-2004-0470 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 7.5 HIGH | N/A |
BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name tag, which can remove intended access restrictions for the associated web application. | |||||
CVE-2001-0580 | 1 Hughes Technologies | 1 Dsl Vdns | 2024-02-04 | 5.0 MEDIUM | N/A |
Hughes Technologies Virtual DNS (VDNS) Server 1.0 allows a remote attacker to create a denial of service by connecting to port 6070, sending some data, and closing the connection. | |||||
CVE-2000-0112 | 1 Debian | 1 Debian Linux | 2024-02-04 | 7.2 HIGH | N/A |
The default installation of Debian GNU/Linux uses an insecure Master Boot Record (MBR) which allows a local user to boot from a floppy disk during the installation. | |||||
CVE-2004-1373 | 1 Nullsoft | 1 Shoutcast Server | 2024-02-04 | 7.5 HIGH | N/A |
Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via format string specifiers in a content URL, as demonstrated in the filename portion of a .mp3 file. | |||||
CVE-2001-0157 | 1 Palm | 1 Palm Os | 2024-02-04 | 4.6 MEDIUM | N/A |
Debugging utility in the backdoor mode of Palm OS 3.5.2 and earlier allows attackers with physical access to a Palm device to bypass access restrictions and obtain passwords, even if the system lockout mechanism is enabled. | |||||
CVE-2002-2192 | 1 Perception | 1 Liteserve | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Perception LiteServe 2.0.1 allows remote attackers to execute arbitrary web script via (1) a Host: header when DNS wildcards are supported or (2) the query string in a "dir" request to indexed folders. | |||||
CVE-2003-0539 | 3 Ddskk, Redhat, Skk | 4 Ddskk, Daredevil Skk, Ddskk-xemacs and 1 more | 2024-02-04 | 4.6 MEDIUM | N/A |
skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and the ddskk package which is based on skk, creates temporary files insecurely, which allows local users to overwrite arbitrary files. | |||||
CVE-2004-2175 | 1 All Enthusiast Inc | 1 Reviewpost Php Pro | 2024-02-04 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow remote attackers to execute arbitrary SQL commands via the (1) product parameter to showproduct.php or (2) cat parameter to showcat.php. | |||||
CVE-1999-0245 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 4.6 MEDIUM | N/A |
Some configurations of NIS+ in Linux allowed attackers to log in as the user "+". | |||||
CVE-2004-1921 | 1 X-micro | 1 Wlan 11b Broadband Router Firmware | 2024-02-04 | 7.5 HIGH | N/A |
X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded "1502" username and password, which could allow remote attackers to gain access. | |||||
CVE-2001-0387 | 1 Hylafax | 1 Hylafax | 2024-02-04 | 7.2 HIGH | N/A |
Format string vulnerability in hfaxd in HylaFAX before 4.1.b2_2 allows local users to gain privileges via the -q command line argument. | |||||
CVE-2000-0666 | 5 Conectiva, Debian, Redhat and 2 more | 5 Linux, Debian Linux, Linux and 2 more | 2024-02-04 | 10.0 HIGH | N/A |
rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges. | |||||
CVE-2003-0134 | 1 Apache | 1 Http Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names. | |||||
CVE-2001-0287 | 1 Symantec Veritas | 1 Cluster Server | 2024-02-04 | 2.1 LOW | N/A |
VERITAS Cluster Server (VCS) 1.3.0 on Solaris allows local users to cause a denial of service (system panic) via the -L option to the lltstat command. | |||||
CVE-2002-0649 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-02-04 | 7.5 HIGH | N/A |
Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm. | |||||
CVE-2003-0405 | 1 Vignette | 3 Content Suite, Storyserver, Vignette | 2024-02-04 | 5.0 MEDIUM | N/A |
Vignette StoryServer 5 and Vignette V/6 allows remote attackers to execute arbitrary TCL code via (1) an HTTP query or cookie which is processed in the NEEDS command, or (2) an HTTP Referrer that is processed in the VALID_PATHS command. | |||||
CVE-2004-1484 | 1 Socat | 1 Socat | 2024-02-04 | 5.0 MEDIUM | N/A |
Format string vulnerability in the _msg function in error.c in socat 1.4.0.3 and earlier, when used as an HTTP proxy client and run with the -ly option, allows remote attackers or local users to execute arbitrary code via format string specifiers in a syslog message. | |||||
CVE-2003-0839 | 1 Microsoft | 1 Windows 2003 Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link. | |||||
CVE-1999-0918 | 1 Microsoft | 4 Windows 2000, Windows 95, Windows 98 and 1 more | 2024-02-04 | 7.8 HIGH | N/A |
Denial of service in various Windows systems via malformed, fragmented IGMP packets. |