Total
254017 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1564 | 1 Hp | 1 Hp-ux | 2024-02-04 | 2.1 LOW | N/A |
| setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 does not properly enforce core file size on processes after setuid or setgid privileges are dropped, which could allow local users to cause a denial of service by exhausting available disk space. | |||||
| CVE-2002-2334 | 1 Joseph Allen | 1 Joe | 2024-02-04 | 3.6 LOW | N/A |
| Joe text editor 2.8 through 2.9.7 does not remove the group and user setuid bits for backup files, which could allow local users to execute arbitrary setuid and setgid root programs when root edits scripts owned by other users. | |||||
| CVE-2002-0061 | 1 Apache | 1 Http Server | 2024-02-04 | 7.5 HIGH | N/A |
| Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe. | |||||
| CVE-2000-0818 | 1 Oracle | 1 Listener | 2024-02-04 | 10.0 HIGH | N/A |
| The default installation for the Oracle listener program 7.3.4, 8.0.6, and 8.1.6 allows an attacker to cause logging information to be appended to arbitrary files and execute commands via the SET TRC_FILE or SET LOG_FILE commands. | |||||
| CVE-1999-1362 | 1 Microsoft | 1 Windows Nt | 2024-02-04 | 2.1 LOW | N/A |
| Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters. | |||||
| CVE-2001-1361 | 1 Twig Development Team | 1 Twig | 2024-02-04 | 7.5 HIGH | N/A |
| Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to incorrect security rights and/or the generation of mailto links. | |||||
| CVE-1999-0108 | 1 Sgi | 1 Irix | 2024-02-04 | 7.2 HIGH | N/A |
| The printers program in IRIX has a buffer overflow that gives root access to local users. | |||||
| CVE-1999-1509 | 1 Etype | 1 Eserv | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Etype Eserv 2.50 web server allows a remote attacker to read any file in the file system via a .. (dot dot) in a URL. | |||||
| CVE-2004-1999 | 1 Francisco Burzi | 1 Php-nuke | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the (1) ttitle or (2) sid parameters to modules.php. | |||||
| CVE-1999-0633 | 2024-02-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The HTTP/WWW service is running." | |||||
| CVE-2000-1139 | 1 Microsoft | 1 Exchange Server | 2024-02-04 | 7.5 HIGH | N/A |
| The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability. | |||||
| CVE-2000-0903 | 1 Qnx | 1 Voyager | 2024-02-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Voyager web server 2.01B in the demo disks for QNX 405 allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
| CVE-1999-0470 | 1 Novell | 1 Netware | 2024-02-04 | 5.0 MEDIUM | N/A |
| A weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted. | |||||
| CVE-2001-1137 | 1 D-link | 1 Dl-704 | 2024-02-04 | 5.0 MEDIUM | N/A |
| D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows remote attackers to cause a denial of service (reboot) via malformed IP datagram fragments. | |||||
| CVE-2004-0290 | 1 Freeform Interactive | 2 Purge, Purge Jihad | 2024-02-04 | 10.0 HIGH | N/A |
| Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote game servers to execute arbitrary code via an information packet that contains large (1) battle type and (2) map name fields. | |||||
| CVE-1999-0425 | 1 Netscape | 1 Communicator | 2024-02-04 | 6.4 MEDIUM | N/A |
| talkback in Netscape 4.5 allows a local user to kill an arbitrary process of another user whose Netscape crashes. | |||||
| CVE-2003-1480 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2024-02-04 | 4.3 MEDIUM | N/A |
| MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods. | |||||
| CVE-2002-1526 | 1 Emumail | 1 Emu Webmail | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU Webmail 5.0 allows remote attackers to inject arbitrary HTML or script via the email address field. | |||||
| CVE-2002-1947 | 1 Webmin | 1 Webmin | 2024-02-04 | 6.4 MEDIUM | N/A |
| Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session. | |||||
| CVE-2000-0981 | 1 Oracle | 1 Mysql | 2024-02-04 | 7.2 HIGH | N/A |
| MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password. | |||||