Total
254094 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-1212 | 1 Aktivate | 1 Aktivate | 2024-02-04 | 5.0 MEDIUM | N/A |
Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 allows remote attackers to execute arbitrary Javascript via the desc parameter. | |||||
CVE-2002-0871 | 1 Xinetd | 1 Xinetd | 2024-02-04 | 2.1 LOW | N/A |
xinetd 2.3.4 leaks file descriptors for the signal pipe to services that are launched by xinetd, which could allow those services to cause a denial of service via the pipe. | |||||
CVE-2001-1499 | 1 Checkpoint | 1 Vpn-1 | 2024-02-04 | 5.0 MEDIUM | N/A |
Check Point VPN-1 4.1SP4 using SecuRemote returns different error messages for valid and invalid users, with prompts that vary depending on the authentication method being used, which makes it easier for remote attackers to conduct brute force attacks. | |||||
CVE-2000-0341 | 1 Atrium Software | 1 Cassandra Nntp Server | 2024-02-04 | 5.0 MEDIUM | N/A |
ATRIUM Cassandra NNTP Server 1.10 allows remote attackers to cause a denial of service via a long login name. | |||||
CVE-2000-0848 | 1 Ibm | 1 Websphere Application Server | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in IBM WebSphere web application server (WAS) allows remote attackers to execute arbitrary commands via a long Host: request header. | |||||
CVE-2002-1584 | 2 Sgi, Sun | 3 Irix, Solaris, Sunos | 2024-02-04 | 10.0 HIGH | N/A |
Unknown vulnerability in the AUTH_DES authentication for RPC in Solaris 2.5.1, 2.6, and 7, SGI IRIX 6.5 to 6.5.19f, and possibly other platforms, allows remote attackers to gain privileges. | |||||
CVE-1999-0730 | 1 Debian | 1 Debian Linux | 2024-02-04 | 10.0 HIGH | N/A |
The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack. | |||||
CVE-2003-0910 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-02-04 | 7.2 HIGH | N/A |
The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory. | |||||
CVE-2001-1465 | 1 Surfcontrol | 1 Superscout Web Filter | 2024-02-04 | 4.6 MEDIUM | N/A |
SurfControl SuperScout only filters packets containing both an HTTP GET request and a Host header, which allows local users to bypass filtering by fragmenting packets so that no packet contains both data elements. | |||||
CVE-2002-0342 | 1 Kde | 1 K-mail | 2024-02-04 | 5.0 MEDIUM | N/A |
Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of service (crash) via an email message whose body is approximately 55 K long. | |||||
CVE-1999-1020 | 1 Novell | 1 Netware | 2024-02-04 | 7.5 HIGH | N/A |
The installation of Novell Netware NDS 5.99 provides an unauthenticated client with Read access for the tree, which allows remote attackers to access sensitive information such as users, groups, and readable objects via CX.EXE and NLIST.EXE. | |||||
CVE-1999-1495 | 1 Suse | 1 Suse Linux | 2024-02-04 | 2.1 LOW | N/A |
xtvscreen in SuSE Linux 6.0 allows local users to overwrite arbitrary files via a symlink attack on the pic000.pnm file. | |||||
CVE-2002-1284 | 1 Kgpg | 1 Kgpg | 2024-02-04 | 4.6 MEDIUM | N/A |
The wizard in KGPG 0.6 through 0.8.2 does not properly provide the passphrase to gpg when creating new keys, which causes secret keys to be created with an empty passphrase and allows local attackers to steal the keys if they can be read. | |||||
CVE-2002-2176 | 1 Phpbb Group | 1 Phpbb | 2024-02-04 | 10.0 HIGH | N/A |
SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the user_level parameter in the User Profile page. | |||||
CVE-2001-0904 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 5.0 MEDIUM | N/A |
Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies the HTTP_USER_AGENT (UserAgent) information that indicates that the patch has been installed, which could allow remote malicious web sites to more easily identify and exploit vulnerable clients. | |||||
CVE-2001-0355 | 1 Novell | 1 Groupwise | 2024-02-04 | 5.0 MEDIUM | N/A |
Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access arbitrary files via an implementation error in Groupwise system policies. | |||||
CVE-2000-0876 | 1 Texas Imperial Software | 2 Wftpd, Wftpd Pro | 2024-02-04 | 5.0 MEDIUM | N/A |
WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the full pathname of the server via a "%C" command, which generates an error message that includes the pathname. | |||||
CVE-1999-0371 | 1 University Of Kansas | 1 Lynx | 2024-02-04 | 1.2 LOW | N/A |
Lynx allows a local user to overwrite sensitive files through /tmp symlinks. | |||||
CVE-2004-1876 | 1 Clam Anti-virus | 1 Clamav | 2024-02-04 | 4.6 MEDIUM | N/A |
The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon (clamd) before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name. | |||||
CVE-2002-1583 | 1 Ibm | 1 Db2 Universal Database | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Database 6.0 and 7.0 allows local users to execute arbitrary code via a long username that is read from a file descriptor argument. |