Total
254041 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-0905 | 5 Conectiva, Mozilla, Netscape and 2 more | 10 Linux, Firefox, Mozilla and 7 more | 2024-02-04 | 4.6 MEDIUM | N/A |
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain. | |||||
CVE-2004-0251 | 1 Rxgoogle.cgi | 1 Rxgoogle.cgi | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in rxgoogle.cgi allows remote attackers to execute arbitrary script as other users via the query parameter. | |||||
CVE-1999-1115 | 1 Hp | 1 Apollo Domain Os | 2024-02-04 | 7.2 HIGH | N/A |
Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS sr10.2 and sr10.3 beta, related to the Korn Shell (ksh). | |||||
CVE-1999-0338 | 1 Ibm | 1 Aix | 2024-02-04 | 7.2 HIGH | N/A |
AIX Licensed Program Product performance tools allow local users to gain root access. | |||||
CVE-1999-1116 | 1 Sgi | 1 Irix | 2024-02-04 | 7.2 HIGH | N/A |
Vulnerability in runpriv in Indigo Magic System Administration subsystem of SGI IRIX 6.3 and 6.4 allows local users to gain root privileges. | |||||
CVE-2003-0526 | 1 Microsoft | 1 Isa Server | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found." | |||||
CVE-2000-0076 | 2 Berkeley, Debian | 2 Nvi, Debian Linux | 2024-02-04 | 2.1 LOW | N/A |
nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover. | |||||
CVE-2002-2045 | 1 Xqus | 1 X-stat | 2024-02-04 | 6.4 MEDIUM | N/A |
x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to (1) execute PHP commands such as phpinfo or (2) obtain the full path of the web server via an invalid action parameter, which leaks the pathname in an error message. | |||||
CVE-2003-0094 | 1 Andries Brouwer | 1 Util-linux | 2024-02-04 | 5.0 MEDIUM | N/A |
A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed. | |||||
CVE-2001-0571 | 1 Elron | 2 Im Anti Virus, Im Message Inspector | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the web server for (1) Elron Internet Manager (IM) Message Inspector and (2) Anti-Virus before 3.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the requested URL. | |||||
CVE-1999-0816 | 1 Motorola | 1 Motorola Cablerouter | 2024-02-04 | 10.0 HIGH | N/A |
The Motorola CableRouter allows any remote user to connect to and configure the router on port 1024. | |||||
CVE-2000-0504 | 3 Gnome, Open Group, Xfree86 Project | 3 Gdm, X, X11r6 | 2024-02-04 | 5.0 MEDIUM | N/A |
libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro. | |||||
CVE-2000-0074 | 1 Powerscripts | 1 Plusmail | 2024-02-04 | 7.5 HIGH | N/A |
PowerScripts PlusMail CGI program allows remote attackers to execute commands via a password file with improper permissions. | |||||
CVE-2004-0777 | 1 Inter7 | 1 Courier-imap | 2024-02-04 | 7.5 HIGH | N/A |
Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote attackers to execute arbitrary code. | |||||
CVE-2002-0805 | 1 Mozilla | 1 Bugzilla | 2024-02-04 | 4.6 MEDIUM | N/A |
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code. | |||||
CVE-2002-1744 | 1 Microsoft | 1 Internet Information Services | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 allows remote attackers to view source code and determine the existence of arbitrary files via a hex-encoded "%c0%ae%c0%ae" string, which is the Unicode representation for ".." (dot dot). | |||||
CVE-2004-0716 | 1 Hp | 1 Hp-ux | 2024-02-04 | 10.0 HIGH | N/A |
Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper (epmap) on HP-UX 11 allows remote attackers to execute arbitrary code via a request with a small fragment length and a large amount of data. | |||||
CVE-2003-1389 | 1 Research Triangle Software | 1 Cryptobuddy | 2024-02-04 | 7.5 HIGH | N/A |
RTS CryptoBuddy 1.2 and earlier truncates long passphrases without warning the user, which may make it easier to conduct certain brute force guessing attacks. | |||||
CVE-1999-1528 | 1 Prosoft Engineering | 1 Netware Client | 2024-02-04 | 4.6 MEDIUM | N/A |
ProSoft Netware Client 5.12 on Macintosh MacOS 9 does not automatically log a user out of the NDS tree when the user logs off the system, which allows other users of the same system access to the unprotected NDS session. | |||||
CVE-2001-0221 | 1 Freebsd | 1 Ja-xklock | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in ja-xklock 2.7.1 and earlier allows local users to gain root privileges. |