Total
254020 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-1999-1320 | 1 Novell | 1 Netware | 2024-02-04 | 4.6 MEDIUM | N/A |
Vulnerability in Novell NetWare 3.x and earlier allows local users to gain privileges via packet spoofing. | |||||
CVE-1999-0166 | 1 Sun | 1 Nfs | 2024-02-04 | 5.0 MEDIUM | N/A |
NFS allows users to use a "cd .." command to access other directories besides the exported file system. | |||||
CVE-1999-0517 | 2 Hp, Sun | 2 Hp-ux, Sunos | 2024-02-04 | 7.5 HIGH | N/A |
An SNMP community name is the default (e.g. public), null, or missing. | |||||
CVE-2003-0105 | 1 Port80 Software | 1 Servermask | 2024-02-04 | 5.0 MEDIUM | N/A |
ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP Status Message, or (3) Allow HTTP responses, which could tell remote attackers that the web server is an IIS server. | |||||
CVE-2000-0424 | 1 George Burgyan | 1 Cgi Counter | 2024-02-04 | 7.5 HIGH | N/A |
The CGI counter 4.0.7 by George Burgyan allows remote attackers to execute arbitrary commands via shell metacharacters. | |||||
CVE-2002-0845 | 1 Iplanet | 1 Iplanet Web Server | 2024-02-04 | 7.5 HIGH | N/A |
Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows remote attackers to execute arbitrary code via an HTTP request using chunked transfer encoding. | |||||
CVE-2004-1699 | 1 Pinnacle Systems | 1 Showcenter | 2024-02-04 | 5.0 MEDIUM | N/A |
SettingsBase.php in Pinnacle ShowCenter 1.51 allows remote attackers to cause a denial of service (web interface errors) via an invalid Skin parameter. | |||||
CVE-2001-0495 | 1 Datawizard | 1 Webxq | 2024-02-04 | 5.0 MEDIUM | N/A |
Directory traversal in DataWizard WebXQ server 1.204 allows remote attackers to view files outside of the web root via a .. (dot dot) attack. | |||||
CVE-2001-1342 | 1 Apache | 1 Http Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer. | |||||
CVE-2003-0621 | 1 Bea | 2 Tuxedo, Weblogic Server | 2024-02-04 | 5.0 MEDIUM | N/A |
The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument. | |||||
CVE-2003-0777 | 1 Sane | 2 Sane, Sane-backend | 2024-02-04 | 5.0 MEDIUM | N/A |
saned in sane-backends 1.0.7 and earlier, when debug messages are enabled, does not properly handle dropped connections, which can prevent strings from being null terminated and cause a denial of service (segmentation fault). | |||||
CVE-2004-1789 | 1 Zyxel | 1 Zywall10 | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the web management interface in ZyWALL 10 4.07 allows remote attackers to inject arbitrary web script or HTML via the rpAuth_1 page. | |||||
CVE-1999-1507 | 1 Sun | 1 Sunos | 2024-02-04 | 7.2 HIGH | N/A |
Sun SunOS 4.1 through 4.1.3 allows local attackers to gain root access via insecure permissions on files and directories such as crash. | |||||
CVE-2003-1242 | 1 Sage | 1 Sage | 2024-02-04 | 5.0 MEDIUM | N/A |
Sage 1.0 b3 allows remote attackers to obtain the root web server path via a URL request for a non-existent module, which returns the path in an error message. | |||||
CVE-2000-0059 | 1 Php | 1 Php | 2024-02-04 | 10.0 HIGH | N/A |
PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands. | |||||
CVE-2003-0341 | 1 Owl | 1 Owl Intranet Engine | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 and earlier allows remote attackers to insert arbitrary script via the Search field. | |||||
CVE-2003-1548 | 1 Myabracadaweb | 1 Myabracadaweb | 2024-02-04 | 5.0 MEDIUM | N/A |
MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to obtain sensitive information via an invalid IDAdmin or other parameter, which reveals the installation path in an error message. | |||||
CVE-2000-0654 | 1 Microsoft | 1 Sql Server | 2024-02-04 | 4.6 MEDIUM | N/A |
Microsoft Enterprise Manager allows local users to obtain database passwords via the Data Transformation Service (DTS) package Registered Servers Dialog dialog, aka a variant of the "DTS Password" vulnerability. | |||||
CVE-2004-1677 | 1 Logicnow | 1 Perldesk | 2024-02-04 | 5.0 MEDIUM | N/A |
pdesk.cgi in PerlDesk allows remote attackers to gain sensitive information via an invalid lang parameter, which includes pathname information in an error message. | |||||
CVE-1999-1160 | 1 Hp | 1 Hp-ux | 2024-02-04 | 10.0 HIGH | N/A |
Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and possibly remote users to gain root privileges. |