Total
254009 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-1999-0061 | 4 Bsdi, Freebsd, Linux and 1 more | 4 Bsd Os, Freebsd, Linux Kernel and 1 more | 2024-02-04 | 5.1 MEDIUM | N/A |
File creation and deletion, and remote execution, in the BSD line printer daemon (lpd). | |||||
CVE-2002-1518 | 1 Sgi | 1 Irix | 2024-02-04 | 3.6 LOW | N/A |
mv in IRIX 6.5 creates a directory with world-writable permissions while moving a directory, which could allow local users to modify files and directories. | |||||
CVE-2004-1427 | 1 Korweblog | 1 Korweblog | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in main.inc in KorWeblog 1.6.2-cvs and earlier allows remote attackers to execute arbitrary PHP code by modifying the G_PATH parameter to reference a URL on a remote web server that contains the code, as demonstrated in index.php when using .. (dot dot) sequences in the lng parameter to cause main.inc to be loaded. | |||||
CVE-2004-1388 | 1 Berlios | 1 Gps Daemon | 2024-02-04 | 7.5 HIGH | N/A |
Format string vulnerability in the gpsd_report function for BerliOS GPD daemon (gpsd, formerly pygps) 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests containing format string specifiers that are not properly handled in syslog calls. | |||||
CVE-2002-0609 | 1 Hp | 1 Mpe Ix | 2024-02-04 | 5.0 MEDIUM | N/A |
Vulnerability in HP MPE/iX 6.0 through 7.0 allows attackers to cause a denial of service (system failure with "SA1457 out of i_port_timeout.fix_up_message_frame") via malformed IP packets. | |||||
CVE-2003-1532 | 1 Julien Desaunay | 1 Phpmyshop | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in compte.php in PhpMyShop 1.00 allows remote attackers to execute arbitrary SQL commands via the (1) identifiant and (2) password parameters. | |||||
CVE-2002-2287 | 1 Phpbb | 1 Advanced Quick Reply Hack | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in quick_reply.php for phpBB Advanced Quick Reply Hack 1.0.0 and 1.1.0 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. | |||||
CVE-2001-0938 | 1 Persits | 1 Aspupload | 2024-02-04 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in AspUpload 2.1, in certain configurations, allows remote attackers to upload and read arbitrary files, and list arbitrary directories, via a .. (dot dot) in the Filename parameter in (1) UploadScript11.asp or (2) DirectoryListing.asp. | |||||
CVE-2004-2064 | 1 Verylost | 1 Lostbook | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in lostBook 1.1 and earlier allows remote attackers to inject arbitrary web script via the (1) Email or (2) Website fields. | |||||
CVE-2001-0834 | 4 Conectiva, Debian, Htdig and 1 more | 4 Linux, Debian Linux, Htdig and 1 more | 2024-02-04 | 6.4 MEDIUM | N/A |
htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file. | |||||
CVE-2001-1350 | 1 Namazu | 1 Namazu | 2024-02-04 | 7.5 HIGH | N/A |
Cross-site scripting vulnerability in namazu.cgi for Namazu 2.0.7 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the lang parameter. | |||||
CVE-1999-0067 | 2 Apache, Ncsa | 2 Http Server, Ncsa Httpd | 2024-02-04 | 10.0 HIGH | N/A |
phf CGI program allows remote command execution through shell metacharacters. | |||||
CVE-2002-1702 | 1 Deltascripts | 1 Php Classifieds | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting vulnerability (XSS) in DeltaScripts PHP Classifieds 6.0.5 allows remote attackers to execute arbitrary script as other users via the URL parameter. | |||||
CVE-2004-0459 | 1 Ieee | 1 802.11 Wireless Protocol | 2024-02-04 | 5.0 MEDIUM | N/A |
The Clear Channel Assessment (CCA) algorithm in the IEEE 802.11 wireless protocol, when using DSSS transmission encoding, allows remote attackers to cause a denial of service via a certain RF signal that causes a channel to appear busy (aka "jabber"), which prevents devices from transmitting data. | |||||
CVE-1999-0826 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 4.6 MEDIUM | N/A |
Buffer overflow in FreeBSD angband allows local users to gain privileges. | |||||
CVE-1999-0637 | 2024-02-04 | N/A | N/A | ||
The systat service is running. | |||||
CVE-2004-0560 | 1 University Of Minnesota | 1 Gopherd | 2024-02-04 | 7.5 HIGH | N/A |
Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted content of a certain size that triggers the overflow. | |||||
CVE-2002-0949 | 1 Telindus | 1 Adsl Router | 2024-02-04 | 7.5 HIGH | N/A |
Telindus 1100 series ADSL router allows remote attackers to gain privileges to the device via a certain packet to UDP port 9833, which generates a reply that includes the router's password and other sensitive information in cleartext. | |||||
CVE-2001-0243 | 1 Microsoft | 1 Windows Media Player | 2024-02-04 | 5.0 MEDIUM | N/A |
Windows Media Player 7 and earlier stores Internet shortcuts in a user's Temporary Files folder with a fixed filename instead of in the Internet Explorer cache, which causes the HTML in those shortcuts to run in the Local Computer Zone instead of the Internet Zone, which allows remote attackers to read certain files. | |||||
CVE-2002-0920 | 1 Cgiscript.net | 1 Cspassword | 2024-02-04 | 5.1 MEDIUM | N/A |
CGIScript.net csPassword.cgi stores usernames and unencrypted passwords in the password.cgi.tmp temporary file while modifying data, which could allow local users (and possibly remote attackers) to gain privileges by stealing the file before it has been processed. |