Total
254029 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2000-0236 | 1 Netscape | 1 Enterprise Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Netscape Enterprise Server with Directory Indexing enabled allows remote attackers to list server directories via web publishing tags such as ?wp-ver-info and ?wp-cs-dump. | |||||
CVE-2000-1191 | 1 Htdig Project | 1 Htdig | 2024-02-04 | 5.0 MEDIUM | N/A |
htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path. | |||||
CVE-2002-1862 | 1 Virtualzone | 1 Smartmail Server | 2024-02-04 | 5.0 MEDIUM | N/A |
SmartMail Server 2.0 allows remote attackers to cause a denial of service (crash) by sending data and closing the connection before all the data has been sent. | |||||
CVE-1999-0900 | 1 Linux-nis | 1 Rpc.yppasswdd | 2024-02-04 | 7.2 HIGH | N/A |
Buffer overflow in rpc.yppasswdd allows a local user to gain privileges via MD5 hash generation. | |||||
CVE-2002-1358 | 7 Cisco, Fissh, Intersoft and 4 more | 7 Ios, Ssh Client, Securenetterm and 4 more | 2024-02-04 | 10.0 HIGH | N/A |
Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. | |||||
CVE-1999-0083 | 1 Sgi | 1 Irix | 2024-02-04 | 5.0 MEDIUM | N/A |
getcwd() file descriptor leak in FTP. | |||||
CVE-2003-1365 | 1 Perl | 1 Cgi Lite | 2024-02-04 | 5.0 MEDIUM | N/A |
The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including (1) "\" (backslash), (2) "?", (3) "~" (tilde), (4) "^" (carat), (5) newline, or (6) carriage return, which could allow remote attackers to read or write arbitrary files, or execute arbitrary commands, in shell scripts that rely on CGI::Lite to filter such dangerous inputs. | |||||
CVE-2000-0457 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2024-02-04 | 7.5 HIGH | N/A |
ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability. | |||||
CVE-2003-0763 | 1 Squished Mosquito | 1 Escapade | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine (ESP) allows remote attackers to inject arbitrary script via the method parameter, as demonstrated using the PAGE parameter. | |||||
CVE-1999-0288 | 1 Microsoft | 1 Windows Nt | 2024-02-04 | 5.0 MEDIUM | N/A |
The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets. | |||||
CVE-2001-0255 | 1 Fastream | 2 Fastream Ftp\+\+ Server, Fastream Ftp Server | 2024-02-04 | 5.0 MEDIUM | N/A |
FaSTream FTP++ Server 2.0 allows remote attackers to list arbitrary directories by using the "ls" command and including the drive letter name (e.g. C:) in the requested pathname. | |||||
CVE-2001-1124 | 1 Hp | 1 Hp-ux | 2024-02-04 | 5.0 MEDIUM | N/A |
rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to cause a denial of service (core dump) via a malformed RPC portmap requests, possibly related to a buffer overflow. | |||||
CVE-1999-1017 | 1 Seattle Lab Software | 1 Emurl | 2024-02-04 | 7.5 HIGH | N/A |
Seattle Labs Emurl 2.0, and possibly earlier versions, stores e-mail attachments in a specific directory with scripting enabled, which allows a malicious ASP file attachment to execute when the recipient opens the message. | |||||
CVE-1999-0919 | 1 Motorola | 1 Motorola Cablerouter | 2024-02-04 | 10.0 HIGH | N/A |
A memory leak in a Motorola CableRouter allows remote attackers to conduct a denial of service via a large number of telnet connections. | |||||
CVE-2003-1213 | 1 Maxwebportal | 1 Maxwebportal | 2024-02-04 | 7.5 HIGH | N/A |
The default installation of MaxWebPortal 1.30 stores the portal database under the web document root with insecure access control, which allows remote attackers to obtain sensitive information via a direct request to database/db2000.mdb. | |||||
CVE-2002-0853 | 1 Cisco | 1 Vpn Client | 2024-02-04 | 5.0 MEDIUM | N/A |
Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload. | |||||
CVE-1999-0167 | 1 Sun | 1 Sunos | 2024-02-04 | 4.6 MEDIUM | N/A |
In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system. | |||||
CVE-2002-1097 | 1 Cisco | 2 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client | 2024-02-04 | 7.5 HIGH | N/A |
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows restricted administrators to obtain certificate passwords that are stored in plaintext in the HTML source code for Certificate Management pages. | |||||
CVE-2002-2232 | 1 Mollensoft Software | 1 Enceladus Server Suite | 2024-02-04 | 8.5 HIGH | N/A |
Buffer overflow in Enceladus Server Suite 3.9 allows remote attackers to execute arbitrary code via a long CD (CWD) command. | |||||
CVE-2003-1225 | 1 Bea | 1 Weblogic Server | 2024-02-04 | 2.1 LOW | N/A |
The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords. |